Imported Upstream version 5.1.2

4 files changed, 67 insertions, 20 deletions

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 7cfa537a9..df7bc96d6 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -293,7 +293,7 @@ static void schedule_inactivity_timeout(private_child_create_t *this)
 	if (timeout)
 	{
 		close_ike = lib->settings->get_bool(lib->settings,
-								"%s.inactivity_close_ike", FALSE, charon->name);
+									"%s.inactivity_close_ike", FALSE, lib->ns);
 		lib->scheduler->schedule_job(lib->scheduler, (job_t*)
 				inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
 									  timeout, close_ike), timeout);
@@ -1072,7 +1072,7 @@ static void handle_child_sa_failure(private_child_create_t *this,
 {
 	if (message->get_exchange_type(message) == IKE_AUTH &&
 		lib->settings->get_bool(lib->settings,
-								"%s.close_ike_on_child_failure", FALSE, charon->name))
+								"%s.close_ike_on_child_failure", FALSE, lib->ns))
 	{
 		/* we delay the delete for 100ms, as the IKE_AUTH response must arrive
 		 * first */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 8f83c4884..800dab07e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -120,7 +120,7 @@ struct private_ike_auth_t {
 static bool multiple_auth_enabled()
 {
 	return lib->settings->get_bool(lib->settings,
-							"%s.multiple_authentication", TRUE, charon->name);
+								   "%s.multiple_authentication", TRUE, lib->ns);
 }
 
 /**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index 2cbe8f8c5..bd28b29d7 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -428,7 +428,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
 		message->add_payload(message, (payload_t*)req);
 
 		if (lib->settings->get_bool(lib->settings,
-									"%s.hash_and_url", FALSE, charon->name))
+									"%s.hash_and_url", FALSE, lib->ns))
 		{
 			message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED,
 								chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 2730f5876..16ac16673 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -42,24 +42,60 @@ struct private_ike_vendor_t {
 };
 
 /**
- * strongSwan specific vendor ID without version, MD5("strongSwan")
+ * Vendor ID database entry
  */
-static chunk_t strongswan_vid = chunk_from_chars(
-	0x88,0x2f,0xe5,0x6d,0x6f,0xd2,0x0d,0xbc,
-	0x22,0x51,0x61,0x3b,0x2e,0xbe,0x5b,0xeb
-);
+typedef struct {
+	/* Description */
+	char *desc;
+	/* extension flag negotiated with vendor ID, if any */
+	ike_extension_t extension;
+	/* length of vendor ID string, 0 for NULL terminated */
+	int len;
+	/* vendor ID string */
+	char *id;
+} vid_data_t;
+
+/**
+ * Get the data of a vendor ID as a chunk
+ */
+static chunk_t get_vid_data(vid_data_t *data)
+{
+	return chunk_create(data->id, data->len ?: strlen(data->id));
+}
+
+/**
+ * IKEv2 Vendor ID database entry
+ */
+static vid_data_t vids[] = {
+	/* strongSwan MD5("strongSwan") */
+	{ "strongSwan", EXT_STRONGSWAN, 16,
+	  "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
+	{ "Cisco Delete Reason", 0, 0,
+	  "CISCO-DELETE-REASON" },
+	{ "Cisco Copyright (c) 2009", 0, 0,
+	  "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
+	{ "FRAGMENTATION", 0, 16,
+	  "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"},
+};
 
 METHOD(task_t, build, status_t,
 	private_ike_vendor_t *this, message_t *message)
 {
-	if (lib->settings->get_bool(lib->settings,
-								"%s.send_vendor_id", FALSE, charon->name))
-	{
-		vendor_id_payload_t *vid;
+	vendor_id_payload_t *vid;
+	bool strongswan;
+	int i;
 
-		vid = vendor_id_payload_create_data(VENDOR_ID,
-											chunk_clone(strongswan_vid));
-		message->add_payload(message, &vid->payload_interface);
+	strongswan = lib->settings->get_bool(lib->settings,
+							"%s.send_vendor_id", FALSE, lib->ns);
+	for (i = 0; i < countof(vids); i++)
+	{
+		if (vids[i].extension == EXT_STRONGSWAN && strongswan)
+		{
+			DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
+			vid = vendor_id_payload_create_data(VENDOR_ID,
+										chunk_clone(get_vid_data(&vids[i])));
+			message->add_payload(message, &vid->payload_interface);
+		}
 	}
 
 	return this->initiator ? NEED_MORE : SUCCESS;
@@ -70,6 +106,7 @@ METHOD(task_t, process, status_t,
 {
 	enumerator_t *enumerator;
 	payload_t *payload;
+	int i;
 
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
@@ -78,16 +115,26 @@ METHOD(task_t, process, status_t,
 		{
 			vendor_id_payload_t *vid;
 			chunk_t data;
+			bool found = FALSE;
 
 			vid = (vendor_id_payload_t*)payload;
 			data = vid->get_data(vid);
 
-			if (chunk_equals(data, strongswan_vid))
+			for (i = 0; i < countof(vids); i++)
 			{
-				DBG1(DBG_IKE, "received strongSwan vendor ID");
-				this->ike_sa->enable_extension(this->ike_sa, EXT_STRONGSWAN);
+				if (chunk_equals(get_vid_data(&vids[i]), data))
+				{
+					DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc);
+					if (vids[i].extension)
+					{
+						this->ike_sa->enable_extension(this->ike_sa,
+													   vids[i].extension);
+					}
+					found = TRUE;
+					break;
+				}
 			}
-			else
+			if (!found)
 			{
 				DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
 			}