diff options
Diffstat (limited to 'src/libcharon/sa/tasks')
24 files changed, 558 insertions, 781 deletions
diff --git a/src/libcharon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index fc02a334b..67c29d31f 100644 --- a/src/libcharon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -213,13 +213,13 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host) { traffic_selector_t *ts; bool is_host = TRUE; - iterator_t *iterator = list->create_iterator(list, TRUE); + enumerator_t *enumerator = list->create_enumerator(list); - while (is_host && iterator->iterate(iterator, (void**)&ts)) + while (is_host && enumerator->enumerate(enumerator, (void**)&ts)) { is_host = is_host && ts->is_host(ts, host); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return is_host; } @@ -886,6 +886,10 @@ static void handle_child_sa_failure(private_child_create_t *this, delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), 100); } + else + { + DBG1(DBG_IKE, "failed to establish CHILD_SA, keeping IKE_SA"); + } } METHOD(task_t, build_r, status_t, diff --git a/src/libcharon/sa/tasks/child_delete.c b/src/libcharon/sa/tasks/child_delete.c index e6834a93c..dc4b30dd3 100644 --- a/src/libcharon/sa/tasks/child_delete.c +++ b/src/libcharon/sa/tasks/child_delete.c @@ -73,11 +73,11 @@ struct private_child_delete_t { static void build_payloads(private_child_delete_t *this, message_t *message) { delete_payload_t *ah = NULL, *esp = NULL; - iterator_t *iterator; + enumerator_t *enumerator; child_sa_t *child_sa; - iterator = this->child_sas->create_iterator(this->child_sas, TRUE); - while (iterator->iterate(iterator, (void**)&child_sa)) + enumerator = this->child_sas->create_enumerator(this->child_sas); + while (enumerator->enumerate(enumerator, (void**)&child_sa)) { protocol_id_t protocol = child_sa->get_protocol(child_sa); u_int32_t spi = child_sa->get_spi(child_sa, TRUE); @@ -109,7 +109,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) } child_sa->set_state(child_sa, CHILD_DELETING); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } /** @@ -186,7 +186,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) */ static status_t destroy_and_reestablish(private_child_delete_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; child_sa_t *child_sa; child_cfg_t *child_cfg; protocol_id_t protocol; @@ -194,8 +194,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) action_t action; status_t status = SUCCESS; - iterator = this->child_sas->create_iterator(this->child_sas, TRUE); - while (iterator->iterate(iterator, (void**)&child_sa)) + enumerator = this->child_sas->create_enumerator(this->child_sas); + while (enumerator->enumerate(enumerator, (void**)&child_sa)) { /* signal child down event if we are not rekeying */ if (!this->rekeyed) @@ -231,7 +231,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) break; } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return status; } @@ -240,12 +240,12 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) */ static void log_children(private_child_delete_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; child_sa_t *child_sa; u_int64_t bytes_in, bytes_out; - iterator = this->child_sas->create_iterator(this->child_sas, TRUE); - while (iterator->iterate(iterator, (void**)&child_sa)) + enumerator = this->child_sas->create_enumerator(this->child_sas); + while (enumerator->enumerate(enumerator, (void**)&child_sa)) { child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in); child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out); @@ -258,13 +258,11 @@ static void log_children(private_child_delete_t *this) child_sa->get_traffic_selectors(child_sa, TRUE), child_sa->get_traffic_selectors(child_sa, FALSE)); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_child_delete_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_child_delete_t *this, message_t *message) { child_sa_t *child_sa; @@ -291,10 +289,8 @@ static status_t build_i(private_child_delete_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_child_delete_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_child_delete_t *this, message_t *message) { /* flush the list before adding new SAs */ this->child_sas->destroy(this->child_sas); @@ -305,20 +301,16 @@ static status_t process_i(private_child_delete_t *this, message_t *message) return destroy_and_reestablish(this); } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_r(private_child_delete_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_child_delete_t *this, message_t *message) { process_payloads(this, message); log_children(this); return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_child_delete_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_child_delete_t *this, message_t *message) { /* if we are rekeying, we send an empty informational */ if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) @@ -329,28 +321,22 @@ static status_t build_r(private_child_delete_t *this, message_t *message) return destroy_and_reestablish(this); } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_child_delete_t *this) +METHOD(task_t, get_type, task_type_t, + private_child_delete_t *this) { return CHILD_DELETE; } -/** - * Implementation of child_delete_t.get_child - */ -static child_sa_t* get_child(private_child_delete_t *this) +METHOD(child_delete_t , get_child, child_sa_t*, + private_child_delete_t *this) { child_sa_t *child_sa = NULL; this->child_sas->get_first(this->child_sas, (void**)&child_sa); return child_sa; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_child_delete_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_child_delete_t *this, ike_sa_t *ike_sa) { this->check_delete_action = FALSE; this->ike_sa = ike_sa; @@ -359,10 +345,8 @@ static void migrate(private_child_delete_t *this, ike_sa_t *ike_sa) this->child_sas = linked_list_create(); } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_child_delete_t *this) +METHOD(task_t, destroy, void, + private_child_delete_t *this) { this->child_sas->destroy(this->child_sas); free(this); @@ -374,30 +358,33 @@ static void destroy(private_child_delete_t *this) child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi) { - private_child_delete_t *this = malloc_thing(private_child_delete_t); - - this->public.get_child = (child_sa_t*(*)(child_delete_t*))get_child; - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; - - this->ike_sa = ike_sa; - this->check_delete_action = FALSE; - this->child_sas = linked_list_create(); - this->protocol = protocol; - this->spi = spi; - this->rekeyed = FALSE; + private_child_delete_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + .get_child = _get_child, + }, + .ike_sa = ike_sa, + .child_sas = linked_list_create(), + .protocol = protocol, + .spi = spi, + ); if (protocol != PROTO_NONE) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; this->initiator = TRUE; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; this->initiator = FALSE; } return &this->public; diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c index b39a5fc67..76d185590 100644 --- a/src/libcharon/sa/tasks/child_rekey.c +++ b/src/libcharon/sa/tasks/child_rekey.c @@ -128,10 +128,8 @@ static void find_child(private_child_rekey_t *this, message_t *message) } } -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_child_rekey_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_child_rekey_t *this, message_t *message) { notify_payload_t *notify; u_int32_t reqid; @@ -175,10 +173,8 @@ static status_t build_i(private_child_rekey_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_r(private_child_rekey_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_child_rekey_t *this, message_t *message) { /* let the CHILD_CREATE task process the message */ this->child_create->task.process(&this->child_create->task, message); @@ -188,10 +184,8 @@ static status_t process_r(private_child_rekey_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_child_rekey_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_child_rekey_t *this, message_t *message) { u_int32_t reqid; @@ -252,7 +246,10 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) { /* disable close action for the redundand child */ child_sa = other->child_create->get_child(other->child_create); - child_sa->set_close_action(child_sa, ACTION_NONE); + if (child_sa) + { + child_sa->set_close_action(child_sa, ACTION_NONE); + } } } else @@ -284,10 +281,8 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) return to_delete; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_child_rekey_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_child_rekey_t *this, message_t *message) { protocol_id_t protocol; u_int32_t spi; @@ -314,7 +309,7 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) { /* establishing new child failed, reuse old. but not when we - * recieved a delete in the meantime */ + * received a delete in the meantime */ if (!(this->collision && this->collision->get_type(this->collision) == CHILD_DELETE)) { @@ -364,18 +359,14 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_child_rekey_t *this) +METHOD(task_t, get_type, task_type_t, + private_child_rekey_t *this) { return CHILD_REKEY; } -/** - * Implementation of child_rekey_t.collide - */ -static void collide(private_child_rekey_t *this, task_t *other) +METHOD(child_rekey_t, collide, void, + private_child_rekey_t *this, task_t *other) { /* the task manager only detects exchange collision, but not if * the collision is for the same child. we check it here. */ @@ -418,10 +409,8 @@ static void collide(private_child_rekey_t *this, task_t *other) this->collision = other; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_child_rekey_t *this, ike_sa_t *ike_sa) { if (this->child_create) { @@ -437,10 +426,8 @@ static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) this->collision = NULL; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_child_rekey_t *this) +METHOD(task_t, destroy, void, + private_child_rekey_t *this) { if (this->child_create) { @@ -460,34 +447,36 @@ static void destroy(private_child_rekey_t *this) child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi) { - private_child_rekey_t *this = malloc_thing(private_child_rekey_t); - - this->public.collide = (void (*)(child_rekey_t*,task_t*))collide; - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_child_rekey_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + .collide = _collide, + }, + .ike_sa = ike_sa, + .protocol = protocol, + .spi = spi, + ); + if (protocol != PROTO_NONE) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; this->initiator = TRUE; this->child_create = NULL; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; this->initiator = FALSE; this->child_create = child_create_create(ike_sa, NULL, TRUE, NULL, NULL); } - this->ike_sa = ike_sa; - this->child_sa = NULL; - this->protocol = protocol; - this->spi = spi; - this->collision = NULL; - this->child_delete = NULL; - this->other_child_destroyed = FALSE; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index 0756c7d60..665468fe8 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -417,10 +418,14 @@ METHOD(task_t, build_i, status_t, cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->merge(cfg, get_auth_cfg(this, TRUE), TRUE); idi = cfg->get(cfg, AUTH_RULE_IDENTITY); - if (!idi) - { - DBG1(DBG_CFG, "configuration misses IDi"); - return FAILED; + if (!idi || idi->get_type(idi) == ID_ANY) + { /* ID_ANY is invalid as IDi, use local IP address instead */ + host_t *me; + + DBG1(DBG_CFG, "no IDi configured, fall back on IP address"); + me = this->ike_sa->get_my_host(this->ike_sa); + idi = identification_create_from_sockaddr(me->get_sockaddr(me)); + cfg->add(cfg, AUTH_RULE_IDENTITY, idi); } this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi)); id_payload = id_payload_create_from_identification(ID_INITIATOR, idi); @@ -669,8 +674,7 @@ METHOD(task_t, build_r, status_t, if (this->authentication_failed || this->peer_cfg == NULL) { - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); - return FAILED; + goto peer_auth_failed; } if (this->my_auth == NULL && this->do_another_auth) @@ -688,11 +692,14 @@ METHOD(task_t, build_r, status_t, if (id->get_type(id) == ID_ANY) { /* no IDr received, apply configured ID */ if (!id_cfg || id_cfg->contains_wildcards(id_cfg)) - { - DBG1(DBG_CFG, "IDr not configured and negotiation failed"); - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); - return FAILED; + { /* no ID configured, use local IP address */ + host_t *me; + + DBG1(DBG_CFG, "no IDr configured, fall back on IP address"); + me = this->ike_sa->get_my_host(this->ike_sa); + id_cfg = identification_create_from_sockaddr( + me->get_sockaddr(me)); + cfg->add(cfg, AUTH_RULE_IDENTITY, id_cfg); } this->ike_sa->set_my_id(this->ike_sa, id_cfg->clone(id_cfg)); id = id_cfg; @@ -702,9 +709,7 @@ METHOD(task_t, build_r, status_t, if (id_cfg && !id->matches(id, id_cfg)) { DBG1(DBG_CFG, "received IDr %Y, but require %Y", id, id_cfg); - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); - return FAILED; + goto peer_auth_failed; } } @@ -726,9 +731,7 @@ METHOD(task_t, build_r, status_t, { DBG1(DBG_IKE, "configured EAP-only authentication, but peer " "does not support it"); - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); - return FAILED; + goto peer_auth_failed; } } else @@ -741,9 +744,7 @@ METHOD(task_t, build_r, status_t, this->reserved); if (!this->my_auth) { - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); - return FAILED; + goto peer_auth_failed; } } } @@ -759,12 +760,11 @@ METHOD(task_t, build_r, status_t, case NEED_MORE: break; default: - if (!message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) + if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) { /* skip AUTHENTICATION_FAILED if we have EAP_FAILURE */ - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); + goto peer_auth_failed_no_notify; } - return FAILED; + goto peer_auth_failed; } } if (this->my_auth) @@ -802,7 +802,7 @@ METHOD(task_t, build_r, status_t, if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, this->ike_sa, FALSE)) { - DBG1(DBG_IKE, "cancelling IKE_SA setup due uniqueness policy"); + DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy"); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED; @@ -810,9 +810,7 @@ METHOD(task_t, build_r, status_t, if (!charon->bus->authorize(charon->bus, TRUE)) { DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling"); - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, - chunk_empty); - return FAILED; + goto peer_auth_failed; } DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->ike_sa->get_name(this->ike_sa), @@ -826,6 +824,13 @@ METHOD(task_t, build_r, status_t, return SUCCESS; } return NEED_MORE; + +peer_auth_failed: + message->add_notify(message, TRUE, AUTHENTICATION_FAILED, + chunk_empty); +peer_auth_failed_no_notify: + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); + return FAILED; } METHOD(task_t, process_i, status_t, @@ -908,7 +913,7 @@ METHOD(task_t, process_i, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDr payload missing"); - return FAILED; + goto peer_auth_failed; } id = id_payload->get_identification(id_payload); get_reserved_id_bytes(this, id_payload); @@ -926,7 +931,7 @@ METHOD(task_t, process_i, status_t, this->reserved); if (!this->other_auth) { - return FAILED; + goto peer_auth_failed; } } else @@ -944,7 +949,7 @@ METHOD(task_t, process_i, status_t, case NEED_MORE: return NEED_MORE; default: - return FAILED; + goto peer_auth_failed; } this->other_auth->destroy(this->other_auth); this->other_auth = NULL; @@ -953,7 +958,7 @@ METHOD(task_t, process_i, status_t, if (!charon->bus->authorize(charon->bus, FALSE)) { DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling"); - return FAILED; + goto peer_auth_failed; } /* store authentication information, reset authenticator */ @@ -986,7 +991,7 @@ METHOD(task_t, process_i, status_t, if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth)) { DBG1(DBG_IKE, "do not allow non-mutual EAP-only authentication"); - return FAILED; + goto peer_auth_failed; } DBG1(DBG_IKE, "allow mutual EAP-only authentication"); } @@ -999,12 +1004,13 @@ METHOD(task_t, process_i, status_t, { if (!update_cfg_candidates(this, TRUE)) { - return FAILED; + goto peer_auth_failed; } if (!charon->bus->authorize(charon->bus, TRUE)) { - DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling"); - return FAILED; + DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, " + "cancelling"); + goto peer_auth_failed; } DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->ike_sa->get_name(this->ike_sa), @@ -1018,6 +1024,10 @@ METHOD(task_t, process_i, status_t, return SUCCESS; } return NEED_MORE; + +peer_auth_failed: + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); + return FAILED; } METHOD(task_t, get_type, task_type_t, diff --git a/src/libcharon/sa/tasks/ike_auth.h b/src/libcharon/sa/tasks/ike_auth.h index bba46d961..132907941 100644 --- a/src/libcharon/sa/tasks/ike_auth.h +++ b/src/libcharon/sa/tasks/ike_auth.h @@ -49,7 +49,7 @@ struct ike_auth_t { * Create a new task of type IKE_AUTHENTICATE. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if thask is the initator of an exchange + * @param initiator TRUE if task is the initiator of an exchange * @return ike_auth task to handle by the task_manager */ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/tasks/ike_auth_lifetime.c b/src/libcharon/sa/tasks/ike_auth_lifetime.c index 75ff35168..a57cfd075 100644 --- a/src/libcharon/sa/tasks/ike_auth_lifetime.c +++ b/src/libcharon/sa/tasks/ike_auth_lifetime.c @@ -75,10 +75,8 @@ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *messa } } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_auth_lifetime_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_auth_lifetime_t *this, message_t *message) { if (message->get_exchange_type(message) == INFORMATIONAL) { @@ -88,10 +86,8 @@ static status_t build_i(private_ike_auth_lifetime_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_auth_lifetime_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_auth_lifetime_t *this, message_t *message) { if (message->get_exchange_type(message) == INFORMATIONAL) { @@ -101,10 +97,8 @@ static status_t process_r(private_ike_auth_lifetime_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_auth_lifetime_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_auth_lifetime_t *this, message_t *message) { if (message->get_exchange_type(message) == IKE_AUTH && this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) @@ -115,10 +109,8 @@ static status_t build_r(private_ike_auth_lifetime_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_auth_lifetime_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_auth_lifetime_t *this, message_t *message) { if (message->get_exchange_type(message) == IKE_AUTH && this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) @@ -129,26 +121,20 @@ static status_t process_i(private_ike_auth_lifetime_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_auth_lifetime_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_auth_lifetime_t *this) { return IKE_AUTH_LIFETIME; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_auth_lifetime_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_auth_lifetime_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_auth_lifetime_t *this) +METHOD(task_t, destroy, void, + private_ike_auth_lifetime_t *this) { free(this); } @@ -158,25 +144,30 @@ static void destroy(private_ike_auth_lifetime_t *this) */ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_auth_lifetime_t *this = malloc_thing(private_ike_auth_lifetime_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_auth_lifetime_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->ike_sa = ike_sa; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c index cc810a49a..94af50eae 100644 --- a/src/libcharon/sa/tasks/ike_cert_post.c +++ b/src/libcharon/sa/tasks/ike_cert_post.c @@ -87,6 +87,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, if (enumerator->enumerate(enumerator, &url)) { payload = cert_payload_create_from_hash_and_url(hash, url); + DBG1(DBG_IKE, "sending hash-and-url \"%s\"", url); } else { @@ -167,28 +168,22 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) } } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_cert_post_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_cert_post_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_cert_post_t *this, message_t *message) { return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_cert_post_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); @@ -199,10 +194,8 @@ static status_t build_r(private_ike_cert_post_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_cert_post_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_cert_post_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED) { /* stay alive, we might have additional rounds with CERTS */ @@ -211,26 +204,20 @@ static status_t process_i(private_ike_cert_post_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_cert_post_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_cert_post_t *this) { return IKE_CERT_POST; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_cert_post_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_cert_post_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_cert_post_t *this) +METHOD(task_t, destroy, void, + private_ike_cert_post_t *this) { free(this); } @@ -240,26 +227,31 @@ static void destroy(private_ike_cert_post_t *this) */ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_cert_post_t *this = malloc_thing(private_ike_cert_post_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_cert_post_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .initiator = initiator, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->ike_sa = ike_sa; - this->initiator = initiator; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_cert_post.h b/src/libcharon/sa/tasks/ike_cert_post.h index a21f45927..b3881a01a 100644 --- a/src/libcharon/sa/tasks/ike_cert_post.h +++ b/src/libcharon/sa/tasks/ike_cert_post.h @@ -45,7 +45,7 @@ struct ike_cert_post_t { * of the certificate request. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator * @return ike_cert_post task to handle by the task_manager */ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index a59b8dcce..b33aebe46 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c @@ -51,7 +51,7 @@ struct private_ike_cert_pre_t { bool do_http_lookup; /** - * wheter this is the final authentication round + * whether this is the final authentication round */ bool final; }; @@ -424,10 +424,8 @@ static bool final_auth(message_t *message) return TRUE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_cert_pre_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_cert_pre_t *this, message_t *message) { if (message->get_message_id(message) == 1) { /* initiator sends CERTREQs in first IKE_AUTH */ @@ -436,10 +434,8 @@ static status_t build_i(private_ike_cert_pre_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_cert_pre_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_cert_pre_t *this, message_t *message) { if (message->get_exchange_type(message) != IKE_SA_INIT) { /* handle certreqs/certs in any IKE_AUTH, just in case */ @@ -450,10 +446,8 @@ static status_t process_r(private_ike_cert_pre_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_cert_pre_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_cert_pre_t *this, message_t *message) { if (message->get_exchange_type(message) == IKE_SA_INIT) { @@ -466,10 +460,8 @@ static status_t build_r(private_ike_cert_pre_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_cert_pre_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_cert_pre_t *this, message_t *message) { if (message->get_exchange_type(message) == IKE_SA_INIT) { @@ -484,26 +476,20 @@ static status_t process_i(private_ike_cert_pre_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_cert_pre_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_cert_pre_t *this) { return IKE_CERT_PRE; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_cert_pre_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_cert_pre_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_cert_pre_t *this) +METHOD(task_t, destroy, void, + private_ike_cert_pre_t *this) { free(this); } @@ -513,27 +499,30 @@ static void destroy(private_ike_cert_pre_t *this) */ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_cert_pre_t *this = malloc_thing(private_ike_cert_pre_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_cert_pre_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .initiator = initiator, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->ike_sa = ike_sa; - this->initiator = initiator; - this->do_http_lookup = FALSE; - this->final = FALSE; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_cert_pre.h b/src/libcharon/sa/tasks/ike_cert_pre.h index 1541b80e5..4b2d0d470 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.h +++ b/src/libcharon/sa/tasks/ike_cert_pre.h @@ -45,7 +45,7 @@ struct ike_cert_pre_t { * of the certificate request. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator * @return ike_cert_pre task to handle by the task_manager */ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c index a61663c48..4ef9c56a5 100644 --- a/src/libcharon/sa/tasks/ike_config.c +++ b/src/libcharon/sa/tasks/ike_config.c @@ -174,6 +174,11 @@ static void process_attribute(private_ike_config_t *this, } break; } + case INTERNAL_IP4_SERVER: + case INTERNAL_IP6_SERVER: + /* assume it's a Windows client if we see proprietary attributes */ + this->ike_sa->enable_extension(this->ike_sa, EXT_MS_WINDOWS); + /* fall */ default: { if (this->initiator) @@ -225,10 +230,8 @@ static void process_payloads(private_ike_config_t *this, message_t *message) enumerator->destroy(enumerator); } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_config_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_config_t *this, message_t *message) { if (message->get_message_id(message) == 1) { /* in first IKE_AUTH only */ @@ -287,10 +290,8 @@ static status_t build_i(private_ike_config_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_config_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_config_t *this, message_t *message) { if (message->get_message_id(message) == 1) { /* in first IKE_AUTH only */ @@ -299,10 +300,8 @@ static status_t process_r(private_ike_config_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_config_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_config_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ @@ -366,10 +365,8 @@ static status_t build_r(private_ike_config_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_config_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_config_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ @@ -385,18 +382,14 @@ static status_t process_i(private_ike_config_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_config_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_config_t *this) { return IKE_CONFIG; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_config_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->virtual_ip); @@ -406,10 +399,8 @@ static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa) this->requested = linked_list_create(); } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_config_t *this) +METHOD(task_t, destroy, void, + private_ike_config_t *this) { DESTROY_IF(this->virtual_ip); this->requested->destroy_function(this->requested, free); @@ -421,26 +412,30 @@ static void destroy(private_ike_config_t *this) */ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_config_t *this = malloc_thing(private_ike_config_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; - - this->initiator = initiator; - this->ike_sa = ike_sa; - this->virtual_ip = NULL; - this->requested = linked_list_create(); + private_ike_config_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .initiator = initiator, + .ike_sa = ike_sa, + .requested = linked_list_create(), + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } return &this->public; diff --git a/src/libcharon/sa/tasks/ike_delete.c b/src/libcharon/sa/tasks/ike_delete.c index 130948836..d79674fe4 100644 --- a/src/libcharon/sa/tasks/ike_delete.c +++ b/src/libcharon/sa/tasks/ike_delete.c @@ -52,10 +52,8 @@ struct private_ike_delete_t { bool simultaneous; }; -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_ike_delete_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_delete_t *this, message_t *message) { delete_payload_t *delete_payload; @@ -83,10 +81,8 @@ static status_t build_i(private_ike_delete_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_delete_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_delete_t *this, message_t *message) { DBG0(DBG_IKE, "IKE_SA deleted"); if (!this->rekeyed) @@ -97,10 +93,8 @@ static status_t process_i(private_ike_delete_t *this, message_t *message) return DESTROY_ME; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_delete_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_delete_t *this, message_t *message) { /* we don't even scan the payloads, as the message wouldn't have * come so far without being correct */ @@ -134,16 +128,14 @@ static status_t process_r(private_ike_delete_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_delete_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_delete_t *this, message_t *message) { DBG0(DBG_IKE, "IKE_SA deleted"); if (this->simultaneous) { - /* wait for peer's response for our delete request, but set a timeout */ + /* wait for peer's response for our delete request */ return SUCCESS; } if (!this->rekeyed) @@ -154,27 +146,21 @@ static status_t build_r(private_ike_delete_t *this, message_t *message) return DESTROY_ME; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_delete_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_delete_t *this) { return IKE_DELETE; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_delete_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_delete_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; this->simultaneous = FALSE; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_delete_t *this) +METHOD(task_t, destroy, void, + private_ike_delete_t *this) { free(this); } @@ -184,27 +170,30 @@ static void destroy(private_ike_delete_t *this) */ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_delete_t *this = malloc_thing(private_ike_delete_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_delete_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .initiator = initiator, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->ike_sa = ike_sa; - this->initiator = initiator; - this->rekeyed = FALSE; - this->simultaneous = FALSE; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_dpd.c b/src/libcharon/sa/tasks/ike_dpd.c index 4c6ba7662..106eff87c 100644 --- a/src/libcharon/sa/tasks/ike_dpd.c +++ b/src/libcharon/sa/tasks/ike_dpd.c @@ -31,44 +31,33 @@ struct private_ike_dpd_t { ike_dpd_t public; }; -/** - * Implementation of task_t.build for initiator - * Implementation of task_t.process for responder - */ -static status_t return_need_more(private_ike_dpd_t *this, message_t *message) +METHOD(task_t, return_need_more, status_t, + private_ike_dpd_t *this, message_t *message) { return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - * Implementation of task_t.build for responder - */ -static status_t return_success(private_ike_dpd_t *this, message_t *message) +METHOD(task_t, return_success, status_t, + private_ike_dpd_t *this, message_t *message) { return SUCCESS; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_dpd_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_dpd_t *this) { return IKE_DPD; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_dpd_t *this, ike_sa_t *ike_sa) + +METHOD(task_t, migrate, void, + private_ike_dpd_t *this, ike_sa_t *ike_sa) { } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_dpd_t *this) +METHOD(task_t, destroy, void, + private_ike_dpd_t *this) { free(this); } @@ -78,21 +67,27 @@ static void destroy(private_ike_dpd_t *this) */ ike_dpd_t *ike_dpd_create(bool initiator) { - private_ike_dpd_t *this = malloc_thing(private_ike_dpd_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_dpd_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))return_need_more; - this->public.task.process = (status_t(*)(task_t*,message_t*))return_success; + this->public.task.build = _return_need_more; + this->public.task.process = _return_success; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))return_success; - this->public.task.process = (status_t(*)(task_t*,message_t*))return_need_more; + this->public.task.build = _return_success; + this->public.task.process = _return_need_more; } return &this->public; diff --git a/src/libcharon/sa/tasks/ike_dpd.h b/src/libcharon/sa/tasks/ike_dpd.h index 36388d15b..a9f68c31c 100644 --- a/src/libcharon/sa/tasks/ike_dpd.h +++ b/src/libcharon/sa/tasks/ike_dpd.h @@ -43,7 +43,7 @@ struct ike_dpd_t { /** * Create a new ike_dpd task. * - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator * @return ike_dpd task to handle by the task_manager */ ike_dpd_t *ike_dpd_create(bool initiator); diff --git a/src/libcharon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c index dd4a5f5c0..dd8a4b086 100644 --- a/src/libcharon/sa/tasks/ike_init.c +++ b/src/libcharon/sa/tasks/ike_init.c @@ -112,7 +112,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message) linked_list_t *proposal_list; ike_sa_id_t *id; proposal_t *proposal; - iterator_t *iterator; + enumerator_t *enumerator; id = this->ike_sa->get_id(this->ike_sa); @@ -124,12 +124,12 @@ static void build_payloads(private_ike_init_t *this, message_t *message) if (this->old_sa) { /* include SPI of new IKE_SA when we are rekeying */ - iterator = proposal_list->create_iterator(proposal_list, TRUE); - while (iterator->iterate(iterator, (void**)&proposal)) + enumerator = proposal_list->create_enumerator(proposal_list); + while (enumerator->enumerate(enumerator, (void**)&proposal)) { proposal->set_spi(proposal, id->get_initiator_spi(id)); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } sa_payload = sa_payload_create_from_proposal_list(proposal_list); @@ -221,10 +221,8 @@ static void process_payloads(private_ike_init_t *this, message_t *message) enumerator->destroy(enumerator); } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_init_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_init_t *this, message_t *message) { rng_t *rng; @@ -287,10 +285,8 @@ static status_t build_i(private_ike_init_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_init_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_init_t *this, message_t *message) { rng_t *rng; @@ -361,10 +357,8 @@ static bool derive_keys(private_ike_init_t *this, return TRUE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_init_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_init_t *this, message_t *message) { /* check if we have everything we need */ if (this->proposal == NULL || @@ -409,10 +403,8 @@ static status_t build_r(private_ike_init_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_init_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_init_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; @@ -510,34 +502,14 @@ static status_t process_i(private_ike_init_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_init_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_init_t *this) { return IKE_INIT; } -/** - * Implementation of task_t.get_type - */ -static chunk_t get_lower_nonce(private_ike_init_t *this) -{ - if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, - min(this->my_nonce.len, this->other_nonce.len)) < 0) - { - return this->my_nonce; - } - else - { - return this->other_nonce; - } -} - -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_init_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->proposal); chunk_free(&this->other_nonce); @@ -545,14 +517,15 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa) this->ike_sa = ike_sa; this->keymat = ike_sa->get_keymat(ike_sa); this->proposal = NULL; - DESTROY_IF(this->dh); - this->dh = this->keymat->create_dh(this->keymat, this->dh_group); + if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group) + { /* reset DH value only if group changed (INVALID_KE_PAYLOAD) */ + this->dh->destroy(this->dh); + this->dh = this->keymat->create_dh(this->keymat, this->dh_group); + } } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_init_t *this) +METHOD(task_t, destroy, void, + private_ike_init_t *this) { DESTROY_IF(this->dh); DESTROY_IF(this->proposal); @@ -562,40 +535,53 @@ static void destroy(private_ike_init_t *this) free(this); } +METHOD(ike_init_t, get_lower_nonce, chunk_t, + private_ike_init_t *this) +{ + if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, + min(this->my_nonce.len, this->other_nonce.len)) < 0) + { + return this->my_nonce; + } + else + { + return this->other_nonce; + } +} + /* * Described in header. */ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) { - private_ike_init_t *this = malloc_thing(private_ike_init_t); + private_ike_init_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + .get_lower_nonce = _get_lower_nonce, + }, + .ike_sa = ike_sa, + .initiator = initiator, + .dh_group = MODP_NONE, + .keymat = ike_sa->get_keymat(ike_sa), + .old_sa = old_sa, + ); - this->public.get_lower_nonce = (chunk_t(*)(ike_init_t*))get_lower_nonce; - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->ike_sa = ike_sa; - this->initiator = initiator; - this->dh_group = MODP_NONE; - this->dh = NULL; - this->keymat = ike_sa->get_keymat(ike_sa); - this->my_nonce = chunk_empty; - this->other_nonce = chunk_empty; - this->cookie = chunk_empty; - this->proposal = NULL; - this->config = NULL; - this->old_sa = old_sa; - this->retry = 0; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_init.h b/src/libcharon/sa/tasks/ike_init.h index 7bd784cff..4b7f60416 100644 --- a/src/libcharon/sa/tasks/ike_init.h +++ b/src/libcharon/sa/tasks/ike_init.h @@ -51,7 +51,7 @@ struct ike_init_t { * Create a new IKE_INIT task. * * @param ike_sa IKE_SA this task works for (new one when rekeying) - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator * @param old_sa old IKE_SA when we are rekeying * @return ike_init task to handle by the task_manager */ diff --git a/src/libcharon/sa/tasks/ike_me.c b/src/libcharon/sa/tasks/ike_me.c index 1de6ae8fc..8f90efcc3 100644 --- a/src/libcharon/sa/tasks/ike_me.c +++ b/src/libcharon/sa/tasks/ike_me.c @@ -111,15 +111,15 @@ struct private_ike_me_t { */ static void add_endpoints_to_message(message_t *message, linked_list_t *endpoints) { - iterator_t *iterator; + enumerator_t *enumerator; endpoint_notify_t *endpoint; - iterator = endpoints->create_iterator(endpoints, TRUE); - while (iterator->iterate(iterator, (void**)&endpoint)) + enumerator = endpoints->create_enumerator(endpoints); + while (enumerator->enumerate(enumerator, (void**)&endpoint)) { message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } /** @@ -242,10 +242,8 @@ static void process_payloads(private_ike_me_t *this, message_t *message) enumerator->destroy(enumerator); } -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_ike_me_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -321,10 +319,8 @@ static status_t build_i(private_ike_me_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_me_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -381,10 +377,8 @@ static status_t process_r(private_ike_me_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_me_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -440,10 +434,8 @@ static status_t build_r(private_ike_me_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_me_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -520,9 +512,10 @@ static status_t process_i(private_ike_me_t *this, message_t *message) } /** - * Implementation of task_t.build for initiator (mediation server) + * For mediation server */ -static status_t build_i_ms(private_ike_me_t *this, message_t *message) +METHOD(task_t, build_i_ms, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -559,9 +552,10 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) } /** - * Implementation of task_t.process for responder (mediation server) + * For mediation server */ -static status_t process_r_ms(private_ike_me_t *this, message_t *message) +METHOD(task_t, process_r_ms, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -632,9 +626,10 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) } /** - * Implementation of task_t.build for responder (mediation server) + * For mediation server */ -static status_t build_r_ms(private_ike_me_t *this, message_t *message) +METHOD(task_t, build_r_ms, status_t, + private_ike_me_t *this, message_t *message) { switch(message->get_exchange_type(message)) { @@ -703,9 +698,10 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) } /** - * Implementation of task_t.process for initiator (mediation server) + * For mediation server */ -static status_t process_i_ms(private_ike_me_t *this, message_t *message) +METHOD(task_t, process_i_ms, status_t, + private_ike_me_t *this, message_t *message) { /* FIXME: theoretically we should be prepared to receive a ME_CONNECT_FAILED * here if the responding peer is not able to proceed. in this case we shall @@ -714,40 +710,30 @@ static status_t process_i_ms(private_ike_me_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of ike_me.connect - */ -static void me_connect(private_ike_me_t *this, identification_t *peer_id) +METHOD(ike_me_t, me_connect, void, + private_ike_me_t *this, identification_t *peer_id) { this->peer_id = peer_id->clone(peer_id); } -/** - * Implementation of ike_me.respond - */ -static void me_respond(private_ike_me_t *this, identification_t *peer_id, - chunk_t connect_id) +METHOD(ike_me_t, me_respond, void, + private_ike_me_t *this, identification_t *peer_id, chunk_t connect_id) { this->peer_id = peer_id->clone(peer_id); this->connect_id = chunk_clone(connect_id); this->response = TRUE; } -/** - * Implementation of ike_me.callback - */ -static void me_callback(private_ike_me_t *this, identification_t *peer_id) +METHOD(ike_me_t, me_callback, void, + private_ike_me_t *this, identification_t *peer_id) { this->peer_id = peer_id->clone(peer_id); this->callback = TRUE; } -/** - * Implementation of ike_me.relay - */ -static void relay(private_ike_me_t *this, identification_t *requester, - chunk_t connect_id, chunk_t connect_key, - linked_list_t *endpoints, bool response) +METHOD(ike_me_t, relay, void, + private_ike_me_t *this, identification_t *requester, chunk_t connect_id, + chunk_t connect_key, linked_list_t *endpoints, bool response) { this->peer_id = requester->clone(requester); this->connect_id = chunk_clone(connect_id); @@ -761,26 +747,20 @@ static void relay(private_ike_me_t *this, identification_t *requester, this->response = response; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_me_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_me_t *this) { return IKE_ME; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_me_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_me_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_me_t *this) +METHOD(task_t, destroy, void, + private_ike_me_t *this) { DESTROY_IF(this->peer_id); @@ -801,23 +781,37 @@ static void destroy(private_ike_me_t *this) */ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_me_t *this = malloc_thing(private_ike_me_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_me_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + .connect = _me_connect, + .respond = _me_respond, + .callback = _me_callback, + .relay = _relay, + }, + .ike_sa = ike_sa, + .initiator = initiator, + .local_endpoints = linked_list_create(), + .remote_endpoints = linked_list_create(), + ); if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) { if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } } else @@ -825,36 +819,15 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) /* mediation server */ if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_ms; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_ms; + this->public.task.build = _build_i_ms; + this->public.task.process = _process_i_ms; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r_ms; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r_ms; + this->public.task.build = _build_r_ms; + this->public.task.process = _process_r_ms; } } - this->public.connect = (void(*)(ike_me_t*,identification_t*))me_connect; - this->public.respond = (void(*)(ike_me_t*,identification_t*,chunk_t))me_respond; - this->public.callback = (void(*)(ike_me_t*,identification_t*))me_callback; - this->public.relay = (void(*)(ike_me_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool))relay; - - this->ike_sa = ike_sa; - this->initiator = initiator; - - this->peer_id = NULL; - this->connect_id = chunk_empty; - this->connect_key = chunk_empty; - this->local_endpoints = linked_list_create(); - this->remote_endpoints = linked_list_create(); - this->mediation = FALSE; - this->response = FALSE; - this->callback = FALSE; - this->failed = FALSE; - this->invalid_syntax = FALSE; - - this->mediated_cfg = NULL; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c index 5b12eaaac..fb1100028 100644 --- a/src/libcharon/sa/tasks/ike_mobike.c +++ b/src/libcharon/sa/tasks/ike_mobike.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010-2012 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -79,24 +80,6 @@ struct private_ike_mobike_t { }; /** - * flush the IKE_SAs list of additional addresses - */ -static void flush_additional_addresses(private_ike_mobike_t *this) -{ - iterator_t *iterator; - host_t *host; - - iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); - while (iterator->iterate(iterator, (void**)&host)) - { - iterator->remove(iterator); - host->destroy(host); - } - iterator->destroy(iterator); -} - - -/** * read notifys from message and evaluate them */ static void process_payloads(private_ike_mobike_t *this, message_t *message) @@ -152,13 +135,17 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) { if (first) { /* an ADDITIONAL_*_ADDRESS means replace, so flush once */ - flush_additional_addresses(this); + this->ike_sa->clear_peer_addresses(this->ike_sa); first = FALSE; + /* add the peer's current address to the list */ + host = message->get_source(message); + this->ike_sa->add_peer_address(this->ike_sa, + host->clone(host)); } data = notify->get_notification_data(notify); host = host_create_from_chunk(family, data, 0); DBG2(DBG_IKE, "got additional MOBIKE peer address: %H", host); - this->ike_sa->add_additional_address(this->ike_sa, host); + this->ike_sa->add_peer_address(this->ike_sa, host); this->addresses_updated = TRUE; break; } @@ -169,7 +156,10 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) } case NO_ADDITIONAL_ADDRESSES: { - flush_additional_addresses(this); + this->ike_sa->clear_peer_addresses(this->ike_sa); + /* add the peer's current address to the list */ + host = message->get_source(message); + this->ike_sa->add_peer_address(this->ike_sa, host->clone(host)); this->addresses_updated = TRUE; break; } @@ -256,11 +246,11 @@ static void build_cookie(private_ike_mobike_t *this, message_t *message) */ static void update_children(private_ike_mobike_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; child_sa_t *child_sa; - iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); - while (iterator->iterate(iterator, (void**)&child_sa)) + enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); + while (enumerator->enumerate(enumerator, (void**)&child_sa)) { if (child_sa->update(child_sa, this->ike_sa->get_my_host(this->ike_sa), @@ -273,7 +263,7 @@ static void update_children(private_ike_mobike_t *this) child_sa->get_spi(child_sa, TRUE)); } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } /** @@ -296,7 +286,7 @@ METHOD(ike_mobike_t, transmit, void, private_ike_mobike_t *this, packet_t *packet) { host_t *me, *other, *me_old, *other_old; - iterator_t *iterator; + enumerator_t *enumerator; ike_cfg_t *ike_cfg; packet_t *copy; @@ -309,19 +299,8 @@ METHOD(ike_mobike_t, transmit, void, other_old = this->ike_sa->get_other_host(this->ike_sa); ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); - me = hydra->kernel_interface->get_source_addr( - hydra->kernel_interface, other_old, NULL); - if (me) - { - apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); - DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old); - copy = packet->clone(packet); - copy->set_source(copy, me); - charon->sender->send(charon->sender, copy); - } - - iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); - while (iterator->iterate(iterator, (void**)&other)) + enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa); + while (enumerator->enumerate(enumerator, (void**)&other)) { me = hydra->kernel_interface->get_source_addr( hydra->kernel_interface, other, NULL); @@ -343,7 +322,7 @@ METHOD(ike_mobike_t, transmit, void, charon->sender->send(charon->sender, copy); } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } METHOD(task_t, build_i, status_t, diff --git a/src/libcharon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c index 7839b52eb..f06a518fa 100644 --- a/src/libcharon/sa/tasks/ike_natd.c +++ b/src/libcharon/sa/tasks/ike_natd.c @@ -256,10 +256,8 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) } } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_natd_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_natd_t *this, message_t *message) { process_payloads(this, message); @@ -281,10 +279,8 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.process for initiator - */ -static status_t build_i(private_ike_natd_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_natd_t *this, message_t *message) { notify_payload_t *notify; enumerator_t *enumerator; @@ -345,15 +341,13 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_natd_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_natd_t *this, message_t *message) { notify_payload_t *notify; host_t *me, *other; - /* only add notifies on successfull responses. */ + /* only add notifies on successful responses. */ if (message->get_exchange_type(message) == IKE_SA_INIT && message->get_payload(message, SECURITY_ASSOCIATION) == NULL) { @@ -380,28 +374,22 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_natd_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_natd_t *this, message_t *message) { process_payloads(this, message); return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_natd_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_natd_t *this) { return IKE_NATD; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_natd_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_natd_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; this->src_seen = FALSE; @@ -411,21 +399,17 @@ static void migrate(private_ike_natd_t *this, ike_sa_t *ike_sa) this->mapping_changed = FALSE; } -/** - * Implementation of ike_natd_t.has_mapping_changed - */ -static bool has_mapping_changed(private_ike_natd_t *this) +METHOD(task_t, destroy, void, + private_ike_natd_t *this) { - return this->mapping_changed; + DESTROY_IF(this->hasher); + free(this); } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_natd_t *this) +METHOD(ike_natd_t, has_mapping_changed, bool, + private_ike_natd_t *this) { - DESTROY_IF(this->hasher); - free(this); + return this->mapping_changed; } /* @@ -433,33 +417,32 @@ static void destroy(private_ike_natd_t *this) */ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_natd_t *this = malloc_thing(private_ike_natd_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_natd_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + .has_mapping_changed = _has_mapping_changed, + }, + .ike_sa = ike_sa, + .initiator = initiator, + .hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1), + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } else { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->public.task.build = _build_r; + this->public.task.process = _process_r; } - this->public.has_mapping_changed = (bool(*)(ike_natd_t*))has_mapping_changed; - - this->ike_sa = ike_sa; - this->initiator = initiator; - this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - this->src_seen = FALSE; - this->dst_seen = FALSE; - this->src_matched = FALSE; - this->dst_matched = FALSE; - this->mapping_changed = FALSE; - return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_natd.h b/src/libcharon/sa/tasks/ike_natd.h index 97b652ead..68114af42 100644 --- a/src/libcharon/sa/tasks/ike_natd.h +++ b/src/libcharon/sa/tasks/ike_natd.h @@ -51,7 +51,7 @@ struct ike_natd_t { * Create a new ike_natd task. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator * @return ike_natd task to handle by the task_manager */ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c index ac89c358b..48002d81c 100644 --- a/src/libcharon/sa/tasks/ike_reauth.c +++ b/src/libcharon/sa/tasks/ike_reauth.c @@ -42,134 +42,44 @@ struct private_ike_reauth_t { ike_delete_t *ike_delete; }; -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_ike_reauth_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_reauth_t *this, message_t *message) { return this->ike_delete->task.build(&this->ike_delete->task, message); } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_reauth_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_reauth_t *this, message_t *message) { - ike_sa_t *new; - host_t *host; - iterator_t *iterator; - child_sa_t *child_sa; - peer_cfg_t *peer_cfg; - /* process delete response first */ this->ike_delete->task.process(&this->ike_delete->task, message); - peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - - /* reauthenticate only if we have children */ - iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); - if (iterator->get_count(iterator) == 0 -#ifdef ME - /* we allow peers to reauth mediation connections (without children) */ - && !peer_cfg->is_mediation(peer_cfg) -#endif /* ME */ - ) + /* reestablish the IKE_SA with all children */ + if (this->ike_sa->reestablish(this->ike_sa) != SUCCESS) { - DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA to recreate"); - iterator->destroy(iterator); + DBG1(DBG_IKE, "reauthenticating IKE_SA failed"); return FAILED; } - new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); - - new->set_peer_cfg(new, peer_cfg); - host = this->ike_sa->get_other_host(this->ike_sa); - new->set_other_host(new, host->clone(host)); - host = this->ike_sa->get_my_host(this->ike_sa); - new->set_my_host(new, host->clone(host)); - /* if we already have a virtual IP, we reuse it */ - host = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); - if (host) - { - new->set_virtual_ip(new, TRUE, host); - } - -#ifdef ME - /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */ - if (peer_cfg->is_mediation(peer_cfg)) - { - if (new->initiate(new, NULL, 0, NULL, NULL) == DESTROY_ME) - { - charon->ike_sa_manager->checkin_and_destroy( - charon->ike_sa_manager, new); - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - DBG1(DBG_IKE, "reauthenticating IKE_SA failed"); - return FAILED; - } - } -#endif /* ME */ - - while (iterator->iterate(iterator, (void**)&child_sa)) - { - switch (child_sa->get_state(child_sa)) - { - case CHILD_ROUTED: - { - /* move routed child directly */ - iterator->remove(iterator); - new->add_child_sa(new, child_sa); - break; - } - default: - { - /* initiate/queue all child SAs */ - child_cfg_t *child_cfg = child_sa->get_config(child_sa); - child_cfg->get_ref(child_cfg); - if (new->initiate(new, child_cfg, 0, NULL, NULL) == DESTROY_ME) - { - iterator->destroy(iterator); - charon->ike_sa_manager->checkin_and_destroy( - charon->ike_sa_manager, new); - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - DBG1(DBG_IKE, "reauthenticating IKE_SA failed"); - return FAILED; - } - break; - } - } - } - iterator->destroy(iterator); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - - /* we always return failed to delete the obsolete IKE_SA */ - return FAILED; + /* we always destroy the obsolete IKE_SA */ + return DESTROY_ME; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_reauth_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_reauth_t *this) { return IKE_REAUTH; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_reauth_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_reauth_t *this, ike_sa_t *ike_sa) { this->ike_delete->task.migrate(&this->ike_delete->task, ike_sa); this->ike_sa = ike_sa; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_reauth_t *this) +METHOD(task_t, destroy, void, + private_ike_reauth_t *this) { this->ike_delete->task.destroy(&this->ike_delete->task); free(this); @@ -180,16 +90,21 @@ static void destroy(private_ike_reauth_t *this) */ ike_reauth_t *ike_reauth_create(ike_sa_t *ike_sa) { - private_ike_reauth_t *this = malloc_thing(private_ike_reauth_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; - - this->ike_sa = ike_sa; - this->ike_delete = ike_delete_create(ike_sa, TRUE); + private_ike_reauth_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .migrate = _migrate, + .build = _build_i, + .process = _process_i, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .ike_delete = ike_delete_create(ike_sa, TRUE), + ); return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c index c055dabc1..826d6e192 100644 --- a/src/libcharon/sa/tasks/ike_rekey.c +++ b/src/libcharon/sa/tasks/ike_rekey.c @@ -147,8 +147,8 @@ METHOD(task_t, build_i, status_t, METHOD(task_t, process_r, status_t, private_ike_rekey_t *this, message_t *message) { + enumerator_t *enumerator; peer_cfg_t *peer_cfg; - iterator_t *iterator; child_sa_t *child_sa; if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) @@ -157,8 +157,8 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } - iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); - while (iterator->iterate(iterator, (void**)&child_sa)) + enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); + while (enumerator->enumerate(enumerator, (void**)&child_sa)) { switch (child_sa->get_state(child_sa)) { @@ -167,13 +167,13 @@ METHOD(task_t, process_r, status_t, case CHILD_DELETING: /* we do not allow rekeying while we have children in-progress */ DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); - iterator->destroy(iterator); + enumerator->destroy(enumerator); return NEED_MORE; default: break; } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, FALSE); diff --git a/src/libcharon/sa/tasks/ike_vendor.h b/src/libcharon/sa/tasks/ike_vendor.h index dcdd37424..6c353c447 100644 --- a/src/libcharon/sa/tasks/ike_vendor.h +++ b/src/libcharon/sa/tasks/ike_vendor.h @@ -42,7 +42,7 @@ struct ike_vendor_t { * Create a ike_vendor instance. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if thask is the original initator + * @param initiator TRUE if task is the original initiator */ ike_vendor_t *ike_vendor_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/tasks/task.h b/src/libcharon/sa/tasks/task.h index 4468f2ebe..d57085954 100644 --- a/src/libcharon/sa/tasks/task.h +++ b/src/libcharon/sa/tasks/task.h @@ -89,7 +89,7 @@ extern enum_name_t *task_type_names; * A responder does the opposite; it calls process() first to handle an incoming * request and secondly calls build() to build an appropriate response. * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates - * that the task completed, even when the task completed unsuccesfully. The + * that the task completed, even when the task completed unsuccessfully. The * manager then removes the task from the list. A NEED_MORE is returned when * the task needs further build()/process() calls to complete, the manager * leaves the taks in the queue. A returned FAILED indicates a critical failure. @@ -102,7 +102,7 @@ struct task_t { * * @param message message to add payloads to * @return - * - FAILED if a critical error occured + * - FAILED if a critical error occurred * - DESTROY_ME if IKE_SA has been properly deleted * - NEED_MORE if another call to build/process needed * - SUCCESS if task completed @@ -114,7 +114,7 @@ struct task_t { * * @param message message to read payloads from * @return - * - FAILED if a critical error occured + * - FAILED if a critical error occurred * - DESTROY_ME if IKE_SA has been properly deleted * - NEED_MORE if another call to build/process needed * - SUCCESS if task completed |