projects / strongswan.git / blob
? search:


969e21c2bd7a27cbc5886fac1942061523e85372
[strongswan.git] / src / charon / sa / tasks / ike_auth_lifetime.c
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "ike_auth_lifetime.h"
19
20 #include <daemon.h>
21 #include <encoding/payloads/notify_payload.h>
22
23
24 typedef struct private_ike_auth_lifetime_t private_ike_auth_lifetime_t;
25
26 /**
27 * Private members of a ike_auth_lifetime_t task.
28 */
29 struct private_ike_auth_lifetime_t {
30
31 /**
32 * Public methods and task_t interface.
33 */
34 ike_auth_lifetime_t public;
35
36 /**
37 * Assigned IKE_SA.
38 */
39 ike_sa_t *ike_sa;
40 };
41
42 /**
43 * add the AUTH_LIFETIME notify to the message
44 */
45 static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *message)
46 {
47 chunk_t chunk;
48 u_int32_t lifetime;
49
50 lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH_TIME);
51 if (lifetime)
52 {
53 chunk = chunk_from_thing(lifetime);
54 *(u_int32_t*)chunk.ptr = htonl(lifetime);
55 message->add_notify(message, FALSE, AUTH_LIFETIME, chunk);
56 }
57 }
58
59 /**
60 * read notifys from message and evaluate them
61 */
62 static void process_payloads(private_ike_auth_lifetime_t *this, message_t *message)
63 {
64 iterator_t *iterator;
65 payload_t *payload;
66 notify_payload_t *notify;
67
68 iterator = message->get_payload_iterator(message);
69 while (iterator->iterate(iterator, (void**)&payload))
70 {
71 if (payload->get_type(payload) == NOTIFY)
72 {
73 notify = (notify_payload_t*)payload;
74 switch (notify->get_notify_type(notify))
75 {
76 case AUTH_LIFETIME:
77 {
78 chunk_t data = notify->get_notification_data(notify);
79 u_int32_t lifetime = ntohl(*(u_int32_t*)data.ptr);
80 this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime);
81 break;
82 }
83 default:
84 break;
85 }
86 }
87 }
88 iterator->destroy(iterator);
89 }
90
91 /**
92 * Implementation of task_t.process for initiator
93 */
94 static status_t build_i(private_ike_auth_lifetime_t *this, message_t *message)
95 {
96 if (message->get_exchange_type(message) == INFORMATIONAL)
97 {
98 add_auth_lifetime(this, message);
99 return SUCCESS;
100 }
101 return NEED_MORE;
102 }
103
104 /**
105 * Implementation of task_t.process for responder
106 */
107 static status_t process_r(private_ike_auth_lifetime_t *this, message_t *message)
108 {
109 if (message->get_exchange_type(message) == INFORMATIONAL)
110 {
111 process_payloads(this, message);
112 return SUCCESS;
113 }
114 return NEED_MORE;
115 }
116
117 /**
118 * Implementation of task_t.build for responder
119 */
120 static status_t build_r(private_ike_auth_lifetime_t *this, message_t *message)
121 {
122 if (message->get_exchange_type(message) == IKE_AUTH &&
123 this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
124 {
125 add_auth_lifetime(this, message);
126 return SUCCESS;
127 }
128 return NEED_MORE;
129 }
130
131 /**
132 * Implementation of task_t.process for initiator
133 */
134 static status_t process_i(private_ike_auth_lifetime_t *this, message_t *message)
135 {
136 if (message->get_exchange_type(message) == IKE_AUTH &&
137 this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
138 {
139 process_payloads(this, message);
140 return SUCCESS;
141 }
142 return NEED_MORE;
143 }
144
145 /**
146 * Implementation of task_t.get_type
147 */
148 static task_type_t get_type(private_ike_auth_lifetime_t *this)
149 {
150 return IKE_AUTH_LIFETIME;
151 }
152
153 /**
154 * Implementation of task_t.migrate
155 */
156 static void migrate(private_ike_auth_lifetime_t *this, ike_sa_t *ike_sa)
157 {
158 this->ike_sa = ike_sa;
159 }
160
161 /**
162 * Implementation of task_t.destroy
163 */
164 static void destroy(private_ike_auth_lifetime_t *this)
165 {
166 free(this);
167 }
168
169 /*
170 * Described in header.
171 */
172 ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator)
173 {
174 private_ike_auth_lifetime_t *this = malloc_thing(private_ike_auth_lifetime_t);
175
176 this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
177 this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
178 this->public.task.destroy = (void(*)(task_t*))destroy;
179
180 if (initiator)
181 {
182 this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
183 this->public.task.process = (status_t(*)(task_t*,message_t*))process_i;
184 }
185 else
186 {
187 this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
188 this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
189 }
190
191 this->ike_sa = ike_sa;
192
193 return &this->public;
194 }
195
strongSwan - IPsec VPN