- fixed bug
[strongswan.git] / Source / charon / sa / states / ike_sa_established.c
1 /**
2 * @file ike_sa_established.c
3 *
4 * @brief Implementation of ike_sa_established_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "ike_sa_established.h"
24
25 #include <utils/allocator.h>
26 #include <encoding/payloads/delete_payload.h>
27
28
29 typedef struct private_ike_sa_established_t private_ike_sa_established_t;
30
31 /**
32 * Private data of a ike_sa_established_t object.
33 */
34 struct private_ike_sa_established_t {
35 /**
36 * methods of the state_t interface
37 */
38 ike_sa_established_t public;
39
40 /**
41 * Assigned IKE_SA.
42 */
43 protected_ike_sa_t *ike_sa;
44
45 /**
46 * Assigned logger. Use logger of IKE_SA.
47 */
48 logger_t *logger;
49
50 /**
51 * Process received DELETE payload and build DELETE payload for INFORMATIONAL response.
52 *
53 * @param this calling object
54 * @param request DELETE payload received in INFORMATIONAL request
55 * @param response The created DELETE payload is added to this message_t object
56 */
57 status_t (*build_delete_payload) (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response);
58
59 /**
60 * Process a notify payload
61 *
62 * @param this calling object
63 * @param notify_payload notify payload
64 * @param response response message of type INFORMATIONAL
65 *
66 * - SUCCESS
67 * - FAILED
68 * - DELETE_ME
69 */
70 status_t (*process_notify_payload) (private_ike_sa_established_t *this, notify_payload_t *notify_payload,message_t *response);
71 };
72
73 /**
74 * Implements state_t.get_state
75 */
76 static status_t process_message(private_ike_sa_established_t *this, message_t *message)
77 {
78 delete_payload_t *delete_request = NULL;
79 ike_sa_id_t *ike_sa_id;
80 iterator_t *payloads;
81 message_t *response;
82 crypter_t *crypter;
83 signer_t *signer;
84 status_t status;
85
86 if (message->get_exchange_type(message) != INFORMATIONAL)
87 {
88 this->logger->log(this->logger, ERROR | LEVEL1, "Message of type %s not supported in state ike_sa_established",
89 mapping_find(exchange_type_m,message->get_exchange_type(message)));
90 return FAILED;
91 }
92
93 if (!message->get_request(message))
94 {
95 this->logger->log(this->logger, ERROR | LEVEL1, "INFORMATIONAL responses not handled in state ike_sa_established");
96 return FAILED;
97 }
98
99 ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
100
101 /* get signer for verification and crypter for decryption */
102 if (!ike_sa_id->is_initiator(ike_sa_id))
103 {
104 crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
105 signer = this->ike_sa->get_signer_initiator(this->ike_sa);
106 }
107 else
108 {
109 crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
110 signer = this->ike_sa->get_signer_responder(this->ike_sa);
111 }
112
113 /* parse incoming message */
114 status = message->parse_body(message, crypter, signer);
115 if (status != SUCCESS)
116 {
117 this->logger->log(this->logger, AUDIT, "INFORMATIONAL request decryption failed. Ignoring message");
118 return status;
119 }
120
121 /* build empty INFORMATIONAL message */
122 this->ike_sa->build_message(this->ike_sa, INFORMATIONAL, FALSE, &response);
123
124 payloads = message->get_payload_iterator(message);
125
126 while (payloads->has_next(payloads))
127 {
128 payload_t *payload;
129 payloads->current(payloads, (void**)&payload);
130
131 switch (payload->get_type(payload))
132 {
133 case NOTIFY:
134 {
135 notify_payload_t *notify_payload = (notify_payload_t *) payload;
136 /* handle the notify directly, abort if no further processing required */
137 status = this->process_notify_payload(this, notify_payload,response);
138 if (status != SUCCESS)
139 {
140 payloads->destroy(payloads);
141 response->destroy(response);
142 return status;
143 }
144 }
145 case DELETE:
146 {
147 delete_request = (delete_payload_t *) payload;
148 }
149 default:
150 {
151 this->logger->log(this->logger, ERROR|LEVEL1, "Ignoring Payload %s (%d)",
152 mapping_find(payload_type_m, payload->get_type(payload)), payload->get_type(payload));
153 break;
154 }
155 }
156 }
157 /* iterator can be destroyed */
158 payloads->destroy(payloads);
159
160 if (delete_request)
161 {
162 status = this->build_delete_payload(this, delete_request, response);
163 if (status == DELETE_ME)
164 {
165 status = this->ike_sa->send_response(this->ike_sa, response);
166 if (status != SUCCESS)
167 {
168 this->logger->log(this->logger, AUDIT, "Unable to send INFORMATIONAL reply");
169 response->destroy(response);
170 return FAILED;
171 }
172 response->destroy(response);
173 return status;
174 }
175 }
176
177
178 status = this->ike_sa->send_response(this->ike_sa, response);
179 /* message can now be sent (must not be destroyed) */
180 if (status != SUCCESS)
181 {
182 this->logger->log(this->logger, AUDIT, "Unable to send INFORMATIONAL reply");
183 response->destroy(response);
184 return FAILED;
185 }
186
187 return SUCCESS;
188 }
189
190 /**
191 * Implementation of private_ike_sa_established_t.build_sa_payload;
192 */
193 static status_t build_delete_payload (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response_message)
194 {
195 delete_payload_t *response;
196 if (request->get_protocol_id(request) == IKE)
197 {
198 this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received. Create delete reply.");
199
200 response = delete_payload_create();
201 response->set_protocol_id(response,IKE);
202
203 response_message->add_payload(response_message,(payload_t *)response);
204 /* IKE_SA has to get deleted */
205 return DELETE_ME;
206 }
207
208 this->logger->log(this->logger, AUDIT, "DELETE payload for CHILD_SAs not supported and handled.");
209
210 return SUCCESS;
211 }
212
213 /**
214 * Implementation of private_ike_sa_established_t.process_notify_payload;
215 */
216 static status_t process_notify_payload (private_ike_sa_established_t *this, notify_payload_t *notify_payload, message_t *response)
217 {
218 notify_message_type_t notify_message_type = notify_payload->get_notify_message_type(notify_payload);
219
220 this->logger->log(this->logger, CONTROL|LEVEL1, "Process notify type %s for protocol %s",
221 mapping_find(notify_message_type_m, notify_message_type),
222 mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
223
224 switch (notify_message_type)
225 {
226 default:
227 {
228 this->logger->log(this->logger, AUDIT, "INFORMATIONAL request contained an unknown notify (%d), ignored.", notify_message_type);
229 }
230 }
231
232
233 return SUCCESS;
234 }
235
236 /**
237 * Implementation of state_t.get_state.
238 */
239 static ike_sa_state_t get_state(private_ike_sa_established_t *this)
240 {
241 return IKE_SA_ESTABLISHED;
242 }
243
244 /**
245 * Implementation of state_t.get_state
246 */
247 static void destroy(private_ike_sa_established_t *this)
248 {
249 allocator_free(this);
250 }
251
252 /*
253 * Described in header.
254 */
255 ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
256 {
257 private_ike_sa_established_t *this = allocator_alloc_thing(private_ike_sa_established_t);
258
259 /* interface functions */
260 this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
261 this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
262 this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
263
264 /* private functions */
265 this->process_notify_payload = process_notify_payload;
266 this->build_delete_payload = build_delete_payload;
267
268 /* private data */
269 this->ike_sa = ike_sa;
270 this->logger = ike_sa->get_logger(ike_sa);
271
272 return &(this->public);
273 }