attribute-manager: Pass the full IKE_SA to provider methods
authorMartin Willi <martin@revosec.ch>
Tue, 4 Nov 2014 14:11:42 +0000 (15:11 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:56 +0000 (13:34 +0100)
src/libcharon/attributes/attribute_manager.c
src/libcharon/attributes/attribute_manager.h
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev1/tasks/mode_config.c
src/libcharon/sa/ikev2/tasks/ike_config.c

index d166663..8b97492 100644 (file)
@@ -53,20 +53,23 @@ struct private_attribute_manager_t {
 typedef struct {
        /** attribute group pools */
        linked_list_t *pools;
-       /** server/peer identity */
-       identification_t *id;
+       /** associated IKE_SA */
+       ike_sa_t *ike_sa;
        /** requesting/assigned virtual IPs */
        linked_list_t *vips;
 } enum_data_t;
 
 METHOD(attribute_manager_t, acquire_address, host_t*,
        private_attribute_manager_t *this, linked_list_t *pools,
-       identification_t *id, host_t *requested)
+       ike_sa_t *ike_sa, host_t *requested)
 {
        enumerator_t *enumerator;
        attribute_provider_t *current;
+       identification_t *id;
        host_t *host = NULL;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->lock->read_lock(this->lock);
        enumerator = this->providers->create_enumerator(this->providers);
        while (enumerator->enumerate(enumerator, &current))
@@ -85,12 +88,15 @@ METHOD(attribute_manager_t, acquire_address, host_t*,
 
 METHOD(attribute_manager_t, release_address, bool,
        private_attribute_manager_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
        attribute_provider_t *current;
+       identification_t *id;
        bool found = FALSE;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->lock->read_lock(this->lock);
        enumerator = this->providers->create_enumerator(this->providers);
        while (enumerator->enumerate(enumerator, &current))
@@ -113,19 +119,22 @@ METHOD(attribute_manager_t, release_address, bool,
 static enumerator_t *responder_enum_create(attribute_provider_t *provider,
                                                                                   enum_data_t *data)
 {
+       identification_t *id;
+
+       id = data->ike_sa->get_other_eap_id(data->ike_sa);
        return provider->create_attribute_enumerator(provider, data->pools,
-                                                                                                data->id, data->vips);
+                                                                                                id, data->vips);
 }
 
 METHOD(attribute_manager_t, create_responder_enumerator, enumerator_t*,
        private_attribute_manager_t *this, linked_list_t *pools,
-       identification_t *id, linked_list_t *vips)
+       ike_sa_t *ike_sa, linked_list_t *vips)
 {
        enum_data_t *data;
 
        INIT(data,
                .pools = pools,
-               .id = id,
+               .ike_sa = ike_sa,
                .vips = vips,
        );
        this->lock->read_lock(this->lock);
index 99f4177..b1827ba 100644 (file)
@@ -24,6 +24,8 @@
 #include "attribute_provider.h"
 #include "attribute_handler.h"
 
+#include <sa/ike_sa.h>
+
 typedef struct attribute_manager_t attribute_manager_t;
 
 /**
@@ -40,12 +42,12 @@ struct attribute_manager_t {
         * Acquire a virtual IP address to assign to a peer.
         *
         * @param pools                 list of pool names (char*) to acquire from
-        * @param id                    peer identity to get address forua
+        * @param ike_sa                associated IKE_SA for which an address is requested
         * @param requested             IP in configuration request
         * @return                              allocated address, NULL to serve none
         */
        host_t* (*acquire_address)(attribute_manager_t *this,
-                                                          linked_list_t *pool, identification_t *id,
+                                                          linked_list_t *pool, ike_sa_t *ike_sa,
                                                           host_t *requested);
 
        /**
@@ -53,23 +55,23 @@ struct attribute_manager_t {
         *
         * @param pools                 list of pool names (char*) to release to
         * @param address               address to release
-        * @param id                    peer identity to get address for
+        * @param ike_sa                associated IKE_SA for which an address is released
         * @return                              TRUE if address released to pool
         */
        bool (*release_address)(attribute_manager_t *this,
                                                        linked_list_t *pools, host_t *address,
-                                                       identification_t *id);
+                                                       ike_sa_t *ike_sa);
 
        /**
         * Create an enumerator over attributes to hand out to a peer.
         *
         * @param pool                  list of pools names (char*) to query attributes from
-        * @param id                    peer identity to hand out attributes to
+        * @param ike_sa                associated IKE_SA for which attributes are requested
         * @param vip                   list of virtual IPs (host_t*) to assign to peer
         * @return                              enumerator (configuration_attribute_type_t, chunk_t)
         */
        enumerator_t* (*create_responder_enumerator)(attribute_manager_t *this,
-                                                                       linked_list_t *pool, identification_t *id,
+                                                                       linked_list_t *pool, ike_sa_t *ike_sa,
                                                                        linked_list_t *vips);
 
        /**
index 6392c19..955d291 100644 (file)
@@ -2372,13 +2372,11 @@ METHOD(ike_sa_t, destroy, void,
                if (this->peer_cfg)
                {
                        linked_list_t *pools;
-                       identification_t *id;
 
-                       id = get_other_eap_id(this);
                        pools = linked_list_create_from_enumerator(
                                                this->peer_cfg->create_pool_enumerator(this->peer_cfg));
                        charon->attributes->release_address(charon->attributes,
-                                                                                               pools, vip, id);
+                                                                                               pools, vip, &this->public);
                        pools->destroy(pools);
                }
                vip->destroy(vip);
index 66ae695..b7f5542 100644 (file)
@@ -372,11 +372,11 @@ static status_t build_set(private_mode_config_t *this, message_t *message)
                pools = linked_list_create_with_items(name, NULL);
                /* try IPv4, then IPv6 */
                found = charon->attributes->acquire_address(charon->attributes,
-                                                                                                       pools, id, any4);
+                                                                                                       pools, this->ike_sa, any4);
                if (!found)
                {
                        found = charon->attributes->acquire_address(charon->attributes,
-                                                                                                               pools, id, any6);
+                                                                                                       pools, this->ike_sa, any6);
                }
                pools->destroy(pools);
                if (found)
@@ -398,7 +398,7 @@ static status_t build_set(private_mode_config_t *this, message_t *message)
        pools = linked_list_create_from_enumerator(
                                                                        config->create_pool_enumerator(config));
        enumerator = charon->attributes->create_responder_enumerator(
-                                                                       charon->attributes, pools, id, this->vips);
+                                               charon->attributes, pools, this->ike_sa, this->vips);
        while (enumerator->enumerate(enumerator, &type, &value))
        {
                add_attribute(this, cp, type, value, NULL);
@@ -489,7 +489,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message)
                DBG1(DBG_IKE, "peer requested virtual IP %H", requested);
 
                found = charon->attributes->acquire_address(charon->attributes,
-                                                                                                       pools, id, requested);
+                                                                                       pools, this->ike_sa, requested);
                if (found)
                {
                        DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id);
@@ -509,7 +509,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message)
 
        /* query registered providers for additional attributes to include */
        enumerator = charon->attributes->create_responder_enumerator(
-                                                                                       charon->attributes, pools, id, vips);
+                                                               charon->attributes, pools, this->ike_sa, vips);
        while (enumerator->enumerate(enumerator, &type, &value))
        {
                cp->add_attribute(cp,
index e060201..ed937b5 100644 (file)
@@ -352,7 +352,7 @@ METHOD(task_t, build_r, status_t,
                        DBG1(DBG_IKE, "peer requested virtual IP %H", requested);
 
                        found = charon->attributes->acquire_address(charon->attributes,
-                                                                                                               pools, id, requested);
+                                                                                               pools, this->ike_sa, requested);
                        if (found)
                        {
                                DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id);
@@ -398,7 +398,7 @@ METHOD(task_t, build_r, status_t,
 
                /* query registered providers for additional attributes to include */
                enumerator = charon->attributes->create_responder_enumerator(
-                                                                                       charon->attributes, pools, id, vips);
+                                                               charon->attributes, pools, this->ike_sa, vips);
                while (enumerator->enumerate(enumerator, &type, &value))
                {
                        if (!cp)