Support multiple virtual IPs on peer_cfg and ike_sa classes
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / aggressive_mode.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2012 Martin Willi
6 * Copyright (C) 2012 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "aggressive_mode.h"
20
21 #include <string.h>
22
23 #include <daemon.h>
24 #include <sa/ikev1/phase1.h>
25 #include <encoding/payloads/sa_payload.h>
26 #include <encoding/payloads/id_payload.h>
27 #include <encoding/payloads/hash_payload.h>
28 #include <sa/ikev1/tasks/xauth.h>
29 #include <sa/ikev1/tasks/mode_config.h>
30 #include <sa/ikev1/tasks/informational.h>
31 #include <sa/ikev1/tasks/isakmp_delete.h>
32 #include <processing/jobs/adopt_children_job.h>
33
34 typedef struct private_aggressive_mode_t private_aggressive_mode_t;
35
36 /**
37 * Private members of a aggressive_mode_t task.
38 */
39 struct private_aggressive_mode_t {
40
41 /**
42 * Public methods and task_t interface.
43 */
44 aggressive_mode_t public;
45
46 /**
47 * Assigned IKE_SA.
48 */
49 ike_sa_t *ike_sa;
50
51 /**
52 * Are we the initiator?
53 */
54 bool initiator;
55
56 /**
57 * Common phase 1 helper class
58 */
59 phase1_t *ph1;
60
61 /**
62 * IKE config to establish
63 */
64 ike_cfg_t *ike_cfg;
65
66 /**
67 * Peer config to use
68 */
69 peer_cfg_t *peer_cfg;
70
71 /**
72 * selected IKE proposal
73 */
74 proposal_t *proposal;
75
76 /**
77 * Negotiated SA lifetime
78 */
79 u_int32_t lifetime;
80
81 /**
82 * Negotiated authentication method
83 */
84 auth_method_t method;
85
86 /**
87 * Encoded ID payload, without fixed header
88 */
89 chunk_t id_data;
90
91 /** states of aggressive mode */
92 enum {
93 AM_INIT,
94 AM_AUTH,
95 } state;
96 };
97
98 /**
99 * Set IKE_SA to established state
100 */
101 static bool establish(private_aggressive_mode_t *this)
102 {
103 if (!charon->bus->authorize(charon->bus, TRUE))
104 {
105 DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
106 return FALSE;
107 }
108
109 DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
110 this->ike_sa->get_name(this->ike_sa),
111 this->ike_sa->get_unique_id(this->ike_sa),
112 this->ike_sa->get_my_host(this->ike_sa),
113 this->ike_sa->get_my_id(this->ike_sa),
114 this->ike_sa->get_other_host(this->ike_sa),
115 this->ike_sa->get_other_id(this->ike_sa));
116
117 this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
118 charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
119
120 return TRUE;
121 }
122
123 /**
124 * Check for notify errors, return TRUE if error found
125 */
126 static bool has_notify_errors(private_aggressive_mode_t *this, message_t *message)
127 {
128 enumerator_t *enumerator;
129 payload_t *payload;
130 bool err = FALSE;
131
132 enumerator = message->create_payload_enumerator(message);
133 while (enumerator->enumerate(enumerator, &payload))
134 {
135 if (payload->get_type(payload) == NOTIFY_V1)
136 {
137 notify_payload_t *notify;
138 notify_type_t type;
139
140 notify = (notify_payload_t*)payload;
141 type = notify->get_notify_type(notify);
142 if (type < 16384)
143 {
144 DBG1(DBG_IKE, "received %N error notify",
145 notify_type_names, type);
146 err = TRUE;
147 }
148 else
149 {
150 DBG1(DBG_IKE, "received %N notify", notify_type_names, type);
151 }
152 }
153 }
154 enumerator->destroy(enumerator);
155
156 return err;
157 }
158
159 /**
160 * Queue a task sending a notify in an INFORMATIONAL exchange
161 */
162 static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type)
163 {
164 notify_payload_t *notify;
165 ike_sa_id_t *ike_sa_id;
166 u_int64_t spi_i, spi_r;
167 chunk_t spi;
168
169 notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
170 PROTO_IKE, type);
171 ike_sa_id = this->ike_sa->get_id(this->ike_sa);
172 spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
173 spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
174 spi = chunk_cata("cc", chunk_from_thing(spi_i), chunk_from_thing(spi_r));
175 notify->set_spi_data(notify, spi);
176
177 this->ike_sa->queue_task(this->ike_sa,
178 (task_t*)informational_create(this->ike_sa, notify));
179 /* cancel all active/passive tasks in favour of informational */
180 this->ike_sa->flush_queue(this->ike_sa,
181 this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
182 return ALREADY_DONE;
183 }
184
185 /**
186 * Queue a delete task if authentication failed as initiator
187 */
188 static status_t send_delete(private_aggressive_mode_t *this)
189 {
190 this->ike_sa->queue_task(this->ike_sa,
191 (task_t*)isakmp_delete_create(this->ike_sa, TRUE));
192 /* cancel all active tasks in favour of informational */
193 this->ike_sa->flush_queue(this->ike_sa,
194 this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
195 return ALREADY_DONE;
196 }
197
198 METHOD(task_t, build_i, status_t,
199 private_aggressive_mode_t *this, message_t *message)
200 {
201 switch (this->state)
202 {
203 case AM_INIT:
204 {
205 sa_payload_t *sa_payload;
206 id_payload_t *id_payload;
207 linked_list_t *proposals;
208 identification_t *id;
209 packet_t *packet;
210 u_int16_t group;
211
212 DBG0(DBG_IKE, "initiating Aggressive Mode IKE_SA %s[%d] to %H",
213 this->ike_sa->get_name(this->ike_sa),
214 this->ike_sa->get_unique_id(this->ike_sa),
215 this->ike_sa->get_other_host(this->ike_sa));
216 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
217
218 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
219 this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
220 this->peer_cfg->get_ref(this->peer_cfg);
221
222 this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg);
223 if (this->method == AUTH_NONE)
224 {
225 DBG1(DBG_CFG, "configuration uses unsupported authentication");
226 return FAILED;
227 }
228 this->lifetime = this->peer_cfg->get_reauth_time(this->peer_cfg,
229 FALSE);
230 if (!this->lifetime)
231 { /* fall back to rekey time of no rekey time configured */
232 this->lifetime = this->peer_cfg->get_rekey_time(this->peer_cfg,
233 FALSE);
234 }
235 this->lifetime += this->peer_cfg->get_over_time(this->peer_cfg);
236 proposals = this->ike_cfg->get_proposals(this->ike_cfg);
237 sa_payload = sa_payload_create_from_proposals_v1(proposals,
238 this->lifetime, 0, this->method, MODE_NONE, FALSE, 0);
239 proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
240
241 message->add_payload(message, &sa_payload->payload_interface);
242
243 group = this->ike_cfg->get_dh_group(this->ike_cfg);
244 if (group == MODP_NONE)
245 {
246 DBG1(DBG_IKE, "DH group selection failed");
247 return FAILED;
248 }
249 if (!this->ph1->create_dh(this->ph1, group))
250 {
251 DBG1(DBG_IKE, "DH group %N not supported",
252 diffie_hellman_group_names, group);
253 return FAILED;
254 }
255 if (!this->ph1->add_nonce_ke(this->ph1, message))
256 {
257 return FAILED;
258 }
259 id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
260 if (!id)
261 {
262 DBG1(DBG_CFG, "own identity not known");
263 return FAILED;
264 }
265 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
266 id_payload = id_payload_create_from_identification(ID_V1, id);
267 this->id_data = id_payload->get_encoded(id_payload);
268 message->add_payload(message, &id_payload->payload_interface);
269
270 /* pregenerate message to store SA payload */
271 if (this->ike_sa->generate_message(this->ike_sa, message,
272 &packet) != SUCCESS)
273 {
274 DBG1(DBG_IKE, "pregenerating SA payload failed");
275 return FAILED;
276 }
277 packet->destroy(packet);
278 if (!this->ph1->save_sa_payload(this->ph1, message))
279 {
280 DBG1(DBG_IKE, "SA payload invalid");
281 return FAILED;
282 }
283 this->state = AM_AUTH;
284 return NEED_MORE;
285 }
286 case AM_AUTH:
287 {
288 if (!this->ph1->build_auth(this->ph1, this->method, message,
289 this->id_data))
290 {
291 this->id_data = chunk_empty;
292 return send_notify(this, AUTHENTICATION_FAILED);
293 }
294 this->id_data = chunk_empty;
295
296 switch (this->method)
297 {
298 case AUTH_XAUTH_INIT_PSK:
299 case AUTH_XAUTH_INIT_RSA:
300 case AUTH_HYBRID_INIT_RSA:
301 /* wait for XAUTH request */
302 break;
303 case AUTH_XAUTH_RESP_PSK:
304 case AUTH_XAUTH_RESP_RSA:
305 case AUTH_HYBRID_RESP_RSA:
306 this->ike_sa->queue_task(this->ike_sa,
307 (task_t*)xauth_create(this->ike_sa, TRUE));
308 return SUCCESS;
309 default:
310 if (charon->ike_sa_manager->check_uniqueness(
311 charon->ike_sa_manager, this->ike_sa, FALSE))
312 {
313 DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
314 "uniqueness policy");
315 return send_notify(this, AUTHENTICATION_FAILED);
316 }
317 if (!establish(this))
318 {
319 return send_notify(this, AUTHENTICATION_FAILED);
320 }
321 break;
322 }
323 if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
324 {
325 this->ike_sa->queue_task(this->ike_sa,
326 (task_t*)mode_config_create(this->ike_sa, TRUE));
327 }
328 return SUCCESS;
329 }
330 default:
331 return FAILED;
332 }
333 }
334
335 METHOD(task_t, process_r, status_t,
336 private_aggressive_mode_t *this, message_t *message)
337 {
338 switch (this->state)
339 {
340 case AM_INIT:
341 {
342 sa_payload_t *sa_payload;
343 id_payload_t *id_payload;
344 identification_t *id;
345 linked_list_t *list;
346 u_int16_t group;
347
348 this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
349 DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA",
350 message->get_source(message));
351 this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
352
353 this->ike_sa->update_hosts(this->ike_sa,
354 message->get_destination(message),
355 message->get_source(message), TRUE);
356
357 sa_payload = (sa_payload_t*)message->get_payload(message,
358 SECURITY_ASSOCIATION_V1);
359 if (!sa_payload)
360 {
361 DBG1(DBG_IKE, "SA payload missing");
362 return send_notify(this, INVALID_PAYLOAD_TYPE);
363 }
364 if (!this->ph1->save_sa_payload(this->ph1, message))
365 {
366 return send_notify(this, INVALID_PAYLOAD_TYPE);
367 }
368
369 list = sa_payload->get_proposals(sa_payload);
370 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
371 list, FALSE);
372 list->destroy_offset(list, offsetof(proposal_t, destroy));
373 if (!this->proposal)
374 {
375 DBG1(DBG_IKE, "no proposal found");
376 return send_notify(this, NO_PROPOSAL_CHOSEN);
377 }
378 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
379
380 this->method = sa_payload->get_auth_method(sa_payload);
381 this->lifetime = sa_payload->get_lifetime(sa_payload);
382
383 switch (this->method)
384 {
385 case AUTH_XAUTH_INIT_PSK:
386 case AUTH_XAUTH_RESP_PSK:
387 case AUTH_PSK:
388 if (!lib->settings->get_bool(lib->settings, "%s.i_dont_care"
389 "_about_security_and_use_aggressive_mode_psk",
390 FALSE, charon->name))
391 {
392 DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
393 "security reasons");
394 return send_notify(this, AUTHENTICATION_FAILED);
395 }
396 break;
397 default:
398 break;
399 }
400
401 if (!this->proposal->get_algorithm(this->proposal,
402 DIFFIE_HELLMAN_GROUP, &group, NULL))
403 {
404 DBG1(DBG_IKE, "DH group selection failed");
405 return send_notify(this, INVALID_KEY_INFORMATION);
406 }
407 if (!this->ph1->create_dh(this->ph1, group))
408 {
409 DBG1(DBG_IKE, "negotiated DH group not supported");
410 return send_notify(this, INVALID_KEY_INFORMATION);
411 }
412 if (!this->ph1->get_nonce_ke(this->ph1, message))
413 {
414 return send_notify(this, INVALID_PAYLOAD_TYPE);
415 }
416
417 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
418 if (!id_payload)
419 {
420 DBG1(DBG_IKE, "IDii payload missing");
421 return send_notify(this, INVALID_PAYLOAD_TYPE);
422 }
423
424 id = id_payload->get_identification(id_payload);
425 this->id_data = id_payload->get_encoded(id_payload);
426 this->ike_sa->set_other_id(this->ike_sa, id);
427 this->peer_cfg = this->ph1->select_config(this->ph1,
428 this->method, TRUE, id);
429 if (!this->peer_cfg)
430 {
431 return send_notify(this, AUTHENTICATION_FAILED);
432 }
433 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
434
435 this->state = AM_AUTH;
436 if (has_notify_errors(this, message))
437 {
438 return FAILED;
439 }
440 return NEED_MORE;
441 }
442 case AM_AUTH:
443 {
444 while (TRUE)
445 {
446 if (this->ph1->verify_auth(this->ph1, this->method, message,
447 this->id_data))
448 {
449 break;
450 }
451 this->peer_cfg->destroy(this->peer_cfg);
452 this->peer_cfg = this->ph1->select_config(this->ph1,
453 this->method, TRUE, NULL);
454 if (!this->peer_cfg)
455 {
456 this->id_data = chunk_empty;
457 return send_delete(this);
458 }
459 this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
460 }
461 this->id_data = chunk_empty;
462
463 if (!charon->bus->authorize(charon->bus, FALSE))
464 {
465 DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids "
466 "IKE_SA, cancelling");
467 return send_delete(this);
468 }
469
470 switch (this->method)
471 {
472 case AUTH_XAUTH_INIT_PSK:
473 case AUTH_XAUTH_INIT_RSA:
474 case AUTH_HYBRID_INIT_RSA:
475 this->ike_sa->queue_task(this->ike_sa,
476 (task_t*)xauth_create(this->ike_sa, TRUE));
477 return SUCCESS;
478 case AUTH_XAUTH_RESP_PSK:
479 case AUTH_XAUTH_RESP_RSA:
480 case AUTH_HYBRID_RESP_RSA:
481 /* wait for XAUTH request */
482 break;
483 default:
484 if (charon->ike_sa_manager->check_uniqueness(
485 charon->ike_sa_manager, this->ike_sa, FALSE))
486 {
487 DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
488 "uniqueness policy");
489 return send_delete(this);
490 }
491 if (!establish(this))
492 {
493 return send_delete(this);
494 }
495 lib->processor->queue_job(lib->processor, (job_t*)
496 adopt_children_job_create(
497 this->ike_sa->get_id(this->ike_sa)));
498 break;
499 }
500 if (this->peer_cfg->get_pool(this->peer_cfg) == NULL &&
501 this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
502 {
503 this->ike_sa->queue_task(this->ike_sa,
504 (task_t*)mode_config_create(this->ike_sa, TRUE));
505 }
506 return SUCCESS;
507 }
508 default:
509 return FAILED;
510 }
511 }
512
513 METHOD(task_t, build_r, status_t,
514 private_aggressive_mode_t *this, message_t *message)
515 {
516 if (this->state == AM_AUTH)
517 {
518 sa_payload_t *sa_payload;
519 id_payload_t *id_payload;
520 identification_t *id;
521
522 sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
523 this->lifetime, 0, this->method, MODE_NONE, FALSE, 0);
524 message->add_payload(message, &sa_payload->payload_interface);
525
526 if (!this->ph1->add_nonce_ke(this->ph1, message))
527 {
528 return send_notify(this, INVALID_KEY_INFORMATION);
529 }
530 if (!this->ph1->create_hasher(this->ph1))
531 {
532 return send_notify(this, NO_PROPOSAL_CHOSEN);
533 }
534 if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
535 {
536 return send_notify(this, INVALID_KEY_INFORMATION);
537 }
538
539 id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
540 if (!id)
541 {
542 DBG1(DBG_CFG, "own identity not known");
543 return send_notify(this, INVALID_ID_INFORMATION);
544 }
545 this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
546
547 id_payload = id_payload_create_from_identification(ID_V1, id);
548 message->add_payload(message, &id_payload->payload_interface);
549
550 if (!this->ph1->build_auth(this->ph1, this->method, message,
551 id_payload->get_encoded(id_payload)))
552 {
553 return send_notify(this, AUTHENTICATION_FAILED);
554 }
555 return NEED_MORE;
556 }
557 return FAILED;
558 }
559
560 METHOD(task_t, process_i, status_t,
561 private_aggressive_mode_t *this, message_t *message)
562 {
563 if (this->state == AM_AUTH)
564 {
565 auth_method_t method;
566 sa_payload_t *sa_payload;
567 id_payload_t *id_payload;
568 identification_t *id, *cid;
569 linked_list_t *list;
570 u_int32_t lifetime;
571
572 sa_payload = (sa_payload_t*)message->get_payload(message,
573 SECURITY_ASSOCIATION_V1);
574 if (!sa_payload)
575 {
576 DBG1(DBG_IKE, "SA payload missing");
577 return send_notify(this, INVALID_PAYLOAD_TYPE);
578 }
579 list = sa_payload->get_proposals(sa_payload);
580 this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
581 list, FALSE);
582 list->destroy_offset(list, offsetof(proposal_t, destroy));
583 if (!this->proposal)
584 {
585 DBG1(DBG_IKE, "no proposal found");
586 return send_notify(this, NO_PROPOSAL_CHOSEN);
587 }
588 this->ike_sa->set_proposal(this->ike_sa, this->proposal);
589
590 lifetime = sa_payload->get_lifetime(sa_payload);
591 if (lifetime != this->lifetime)
592 {
593 DBG1(DBG_IKE, "received lifetime %us does not match configured "
594 "lifetime %us", lifetime, this->lifetime);
595 }
596 this->lifetime = lifetime;
597 method = sa_payload->get_auth_method(sa_payload);
598 if (method != this->method)
599 {
600 DBG1(DBG_IKE, "received %N authentication, but configured %N, "
601 "continue with configured", auth_method_names, method,
602 auth_method_names, this->method);
603 }
604 if (!this->ph1->get_nonce_ke(this->ph1, message))
605 {
606 return send_notify(this, INVALID_PAYLOAD_TYPE);
607 }
608 if (!this->ph1->create_hasher(this->ph1))
609 {
610 return send_notify(this, NO_PROPOSAL_CHOSEN);
611 }
612
613 id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
614 if (!id_payload)
615 {
616 DBG1(DBG_IKE, "IDir payload missing");
617 return send_delete(this);
618 }
619 id = id_payload->get_identification(id_payload);
620 cid = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
621 if (cid && !id->matches(id, cid))
622 {
623 DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
624 id->destroy(id);
625 return send_notify(this, INVALID_ID_INFORMATION);
626 }
627 this->ike_sa->set_other_id(this->ike_sa, id);
628
629 if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
630 {
631 return send_notify(this, INVALID_KEY_INFORMATION);
632 }
633 if (!this->ph1->verify_auth(this->ph1, this->method, message,
634 id_payload->get_encoded(id_payload)))
635 {
636 return send_notify(this, AUTHENTICATION_FAILED);
637 }
638 if (!charon->bus->authorize(charon->bus, FALSE))
639 {
640 DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids IKE_SA, "
641 "cancelling");
642 return send_notify(this, AUTHENTICATION_FAILED);
643 }
644
645 return NEED_MORE;
646 }
647 return FAILED;
648 }
649
650 METHOD(task_t, get_type, task_type_t,
651 private_aggressive_mode_t *this)
652 {
653 return TASK_AGGRESSIVE_MODE;
654 }
655
656 METHOD(task_t, migrate, void,
657 private_aggressive_mode_t *this, ike_sa_t *ike_sa)
658 {
659 DESTROY_IF(this->peer_cfg);
660 DESTROY_IF(this->proposal);
661 this->ph1->destroy(this->ph1);
662 chunk_free(&this->id_data);
663
664 this->ike_sa = ike_sa;
665 this->state = AM_INIT;
666 this->peer_cfg = NULL;
667 this->proposal = NULL;
668 this->ph1 = phase1_create(ike_sa, this->initiator);
669 }
670
671 METHOD(task_t, destroy, void,
672 private_aggressive_mode_t *this)
673 {
674 DESTROY_IF(this->peer_cfg);
675 DESTROY_IF(this->proposal);
676 this->ph1->destroy(this->ph1);
677 chunk_free(&this->id_data);
678 free(this);
679 }
680
681 /*
682 * Described in header.
683 */
684 aggressive_mode_t *aggressive_mode_create(ike_sa_t *ike_sa, bool initiator)
685 {
686 private_aggressive_mode_t *this;
687
688 INIT(this,
689 .public = {
690 .task = {
691 .get_type = _get_type,
692 .migrate = _migrate,
693 .destroy = _destroy,
694 },
695 },
696 .ike_sa = ike_sa,
697 .ph1 = phase1_create(ike_sa, initiator),
698 .initiator = initiator,
699 .state = AM_INIT,
700 );
701
702 if (initiator)
703 {
704 this->public.task.build = _build_i;
705 this->public.task.process = _process_i;
706 }
707 else
708 {
709 this->public.task.build = _build_r;
710 this->public.task.process = _process_r;
711 }
712
713 return &this->public;
714 }