Accept NULL identities passed to peer config enumeration
[strongswan.git] / src / libcharon / sa / tasks / main_mode.c
index adf9142..dbdc0c0 100755 (executable)
@@ -29,6 +29,7 @@
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/hash_payload.h>
 #include <sa/tasks/xauth.h>
+#include <sa/tasks/mode_config.h>
 
 typedef struct private_main_mode_t private_main_mode_t;
 
@@ -307,7 +308,7 @@ static auth_method_t get_auth_method(private_main_mode_t *this,
                        return AUTH_XAUTH_RESP_RSA;
                }
        }
-       if (i1 == AUTH_CLASS_PSK && r2 == AUTH_CLASS_PSK)
+       if (i1 == AUTH_CLASS_PSK && r1 == AUTH_CLASS_PSK)
        {
                if (i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
                {
@@ -332,13 +333,11 @@ static auth_method_t get_auth_method(private_main_mode_t *this,
 static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id)
 {
        enumerator_t *enumerator;
-       identification_t *any;
        peer_cfg_t *current, *found = NULL;
 
-       any = identification_create_from_encoding(ID_ANY, chunk_empty);
        enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends,
                                                this->ike_sa->get_my_host(this->ike_sa),
-                                               this->ike_sa->get_other_host(this->ike_sa), any, id);
+                                               this->ike_sa->get_other_host(this->ike_sa), NULL, id);
        while (enumerator->enumerate(enumerator, &current))
        {
                if (get_auth_method(this, current) == this->auth_method)
@@ -348,7 +347,6 @@ static peer_cfg_t *select_config(private_main_mode_t *this, identification_t *id
                }
        }
        enumerator->destroy(enumerator);
-       any->destroy(any);
 
        return found;
 }
@@ -757,6 +755,23 @@ static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
        return TRUE;
 }
 
+/**
+ * Set IKE_SA to established state
+ */
+static void establish(private_main_mode_t *this)
+{
+       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
+                this->ike_sa->get_name(this->ike_sa),
+                this->ike_sa->get_unique_id(this->ike_sa),
+                this->ike_sa->get_my_host(this->ike_sa),
+                this->ike_sa->get_my_id(this->ike_sa),
+                this->ike_sa->get_other_host(this->ike_sa),
+                this->ike_sa->get_other_id(this->ike_sa));
+
+       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
+}
+
 METHOD(task_t, build_r, status_t,
        private_main_mode_t *this, message_t *message)
 {
@@ -807,6 +822,12 @@ METHOD(task_t, build_r, status_t,
                                return FAILED;
                        }
 
+                       if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
+                       {
+                               this->ike_sa->queue_task(this->ike_sa,
+                                                       (task_t*)mode_config_create(this->ike_sa, TRUE));
+                       }
+
                        switch (this->auth_method)
                        {
                                case AUTH_XAUTH_INIT_PSK:
@@ -819,21 +840,9 @@ METHOD(task_t, build_r, status_t,
                                        /* TODO-IKEv1: not yet supported */
                                        return FAILED;
                                default:
-                                       break;
+                                       establish(this);
+                                       return SUCCESS;
                        }
-
-                       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
-                                this->ike_sa->get_name(this->ike_sa),
-                                this->ike_sa->get_unique_id(this->ike_sa),
-                                this->ike_sa->get_my_host(this->ike_sa),
-                                this->ike_sa->get_my_id(this->ike_sa),
-                                this->ike_sa->get_other_host(this->ike_sa),
-                                this->ike_sa->get_other_id(this->ike_sa));
-
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
-
-                       return SUCCESS;
                }
                default:
                        return FAILED;
@@ -928,28 +937,16 @@ METHOD(task_t, process_i, status_t,
                        {
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
-                                       /* TODO-IKEv1: wait for XAUTH request */
+                                       /* wait for XAUTH request */
                                        return SUCCESS;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                        /* TODO-IKEv1: not yet */
                                        return FAILED;
                                default:
-                                       break;
+                                       establish(this);
+                                       return SUCCESS;
                        }
-
-                       DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
-                                this->ike_sa->get_name(this->ike_sa),
-                                this->ike_sa->get_unique_id(this->ike_sa),
-                                this->ike_sa->get_my_host(this->ike_sa),
-                                this->ike_sa->get_my_id(this->ike_sa),
-                                this->ike_sa->get_other_host(this->ike_sa),
-                                this->ike_sa->get_other_id(this->ike_sa));
-
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
-
-                       return SUCCESS;
                }
                default:
                        return FAILED;