ikev1: Defer Mode Config push after CHILD adoption when using XAuth
authorMartin Willi <martin@revosec.ch>
Mon, 7 Jul 2014 09:10:43 +0000 (11:10 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 25 Aug 2014 07:55:44 +0000 (09:55 +0200)
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
src/libcharon/sa/ikev1/tasks/main_mode.c
src/libcharon/sa/ikev1/tasks/xauth.c
src/libcharon/sa/ikev1/tasks/xauth.h

index 3101ab6..710bf1c 100644 (file)
@@ -476,6 +476,7 @@ METHOD(task_t, process_r, status_t,
                case AM_AUTH:
                {
                        adopt_children_job_t *job = NULL;
+                       xauth_t *xauth = NULL;
 
                        while (TRUE)
                        {
@@ -506,8 +507,8 @@ METHOD(task_t, process_r, status_t,
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
                                case AUTH_HYBRID_INIT_RSA:
-                                       this->ike_sa->queue_task(this->ike_sa,
-                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       xauth = xauth_create(this->ike_sa, TRUE);
+                                       this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
                                        break;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
@@ -548,6 +549,10 @@ METHOD(task_t, process_r, status_t,
                                                job->queue_task(job, (task_t*)
                                                                mode_config_create(this->ike_sa, TRUE, FALSE));
                                        }
+                                       else if (xauth)
+                                       {
+                                               xauth->queue_mode_config_push(xauth);
+                                       }
                                        else
                                        {
                                                this->ike_sa->queue_task(this->ike_sa, (task_t*)
index c264dd4..2fb4c69 100644 (file)
@@ -480,6 +480,7 @@ METHOD(task_t, build_r, status_t,
                        id_payload_t *id_payload;
                        identification_t *id;
                        adopt_children_job_t *job = NULL;
+                       xauth_t *xauth = NULL;
 
                        id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
                        if (!id)
@@ -503,8 +504,8 @@ METHOD(task_t, build_r, status_t,
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
                                case AUTH_HYBRID_INIT_RSA:
-                                       this->ike_sa->queue_task(this->ike_sa,
-                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       xauth = xauth_create(this->ike_sa, TRUE);
+                                       this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
                                        break;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
@@ -544,6 +545,10 @@ METHOD(task_t, build_r, status_t,
                                                job->queue_task(job, (task_t*)
                                                                mode_config_create(this->ike_sa, TRUE, FALSE));
                                        }
+                                       else if (xauth)
+                                       {
+                                               xauth->queue_mode_config_push(xauth);
+                                       }
                                        else
                                        {
                                                this->ike_sa->queue_task(this->ike_sa, (task_t*)
index bdc5d67..a770e90 100644 (file)
@@ -19,6 +19,7 @@
 #include <hydra.h>
 #include <encoding/payloads/cp_payload.h>
 #include <processing/jobs/adopt_children_job.h>
+#include <sa/ikev1/tasks/mode_config.h>
 
 typedef struct private_xauth_t private_xauth_t;
 
@@ -74,6 +75,11 @@ struct private_xauth_t {
         * status of Xauth exchange
         */
        xauth_status_t status;
+
+       /**
+        * Queue a Mode Config Push mode after completing XAuth?
+        */
+       bool mode_config_push;
 };
 
 /**
@@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t,
        private_xauth_t *this, message_t *message)
 {
        cp_payload_t *cp;
+       adopt_children_job_t *job;
 
        cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION);
        if (!cp || cp->get_type(cp) != CFG_ACK)
@@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t,
                return FAILED;
        }
        this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
-       lib->processor->queue_job(lib->processor, (job_t*)
-                               adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
+       job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa));
+       if (this->mode_config_push)
+       {
+               job->queue_task(job,
+                               (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+       }
+       lib->processor->queue_job(lib->processor, (job_t*)job);
        return SUCCESS;
 }
 
@@ -511,6 +523,12 @@ METHOD(task_t, migrate, void,
        }
 }
 
+METHOD(xauth_t, queue_mode_config_push, void,
+       private_xauth_t *this)
+{
+       this->mode_config_push = TRUE;
+}
+
 METHOD(task_t, destroy, void,
        private_xauth_t *this)
 {
@@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator)
                                .migrate = _migrate,
                                .destroy = _destroy,
                        },
+                       .queue_mode_config_push = _queue_mode_config_push,
                },
                .initiator = initiator,
                .ike_sa = ike_sa,
index 303eb31..ffaf32a 100644 (file)
@@ -36,6 +36,11 @@ struct xauth_t {
         * Implements the task_t interface
         */
        task_t task;
+
+       /**
+        * Queue a Mode Config in Push mode after completing XAuth.
+        */
+       void (*queue_mode_config_push)(xauth_t *this);
 };
 
 /**