identification_t.matches() supports multiple wildcard counts
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 11 Jul 2006 06:12:45 +0000 (06:12 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 11 Jul 2006 06:12:45 +0000 (06:12 -0000)
src/charon/config/policies/local_policy_store.c
src/charon/sa/transactions/ike_auth.c

index 8ba65d2..2054b9d 100644 (file)
@@ -72,10 +72,9 @@ static void add_policy(private_local_policy_store_t *this, policy_t *policy)
 static policy_t *get_policy_by_ids(private_local_policy_store_t *this, identification_t *my_id, identification_t *other_id)
 {
        typedef enum {
-               PRIO_UNDEFINED =        0x00,
+               PRIO_UNDEFINED =        0x00,
                PRIO_ID_ANY =           0x01,
-               PRIO_ID_WILDCARD =  0x02,
-               PRIO_ID_MATCH =         0x04,
+               PRIO_ID_MATCH =         PRIO_ID_ANY + MAX_WILDCARDS,
        } prio_t;
 
        prio_t best_prio = PRIO_UNDEFINED;
@@ -89,36 +88,28 @@ static policy_t *get_policy_by_ids(private_local_policy_store_t *this, identific
 
        pthread_mutex_lock(&(this->mutex));
        iterator = this->policies->create_iterator(this->policies, TRUE);
+
        /* determine closest matching policy */
        while (iterator->has_next(iterator))
        {
                identification_t *candidate_my_id;
                identification_t *candidate_other_id;
+               int wildcards;
                
                iterator->current(iterator, (void**)&candidate);
 
                candidate_my_id = candidate->get_my_id(candidate);
                candidate_other_id = candidate->get_other_id(candidate);
 
-               /* my_id must match, or may be %any */
-               if (candidate_my_id->belongs_to(candidate_my_id, my_id))
+               /* my_id is either %any or if set must match exactly */
+               if (candidate_my_id->matches(candidate_my_id, my_id, &wildcards))
                {
                        prio_t prio = PRIO_UNDEFINED;
 
-                       /* exact match of id? */
-                       if (other_id->equals(other_id, candidate_other_id))
-                       {
-                               prio = PRIO_ID_MATCH;
-                       }
-                       /* match against any? */
-                       else if (candidate_other_id->get_type(candidate_other_id) == ID_ANY)
+                       /* wildcard match for other_id */
+                       if (other_id->matches(other_id, candidate_other_id, &wildcards))
                        {
-                               prio = PRIO_ID_ANY;
-                       }
-                       /* wildcard match? */
-                       else if (other_id->belongs_to(other_id, candidate_other_id))
-                       {
-                               prio = PRIO_ID_WILDCARD;
+                               prio = PRIO_ID_MATCH - wildcards;
                        }
 
                        this->logger->log(this->logger, CONTROL|LEVEL2,
@@ -133,11 +124,6 @@ static policy_t *get_policy_by_ids(private_local_policy_store_t *this, identific
                                found = candidate;
                                best_prio = prio;
                        }
-                       if (prio == PRIO_ID_MATCH)
-                       {
-                               /* won't get better, stop searching */
-                               break;
-                       }
                }
        }
        iterator->destroy(iterator);
index 7a18adc..a4812e6 100644 (file)
@@ -224,7 +224,7 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
                else
                {
                        this->logger->log(this->logger, ERROR, 
-                                                         "could not find my certificate, certificate payload ommited");
+                                                         "could not find my certificate, certificate payload omitted");
                }
        }
        
@@ -299,9 +299,9 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
 }
 
 /**
- * Handle all kind of notifys
+ * Handle all kind of notifies
  */
-static status_t process_notifys(private_ike_auth_t *this, notify_payload_t *notify_payload)
+static status_t process_notifies(private_ike_auth_t *this, notify_payload_t *notify_payload)
 {
        notify_type_t notify_type = notify_payload->get_notify_type(notify_payload);
        
@@ -310,7 +310,7 @@ static status_t process_notifys(private_ike_auth_t *this, notify_payload_t *noti
 
        switch (notify_type)
        {
-               /* these notifys are not critical. no child_sa is built, but IKE stays alive */
+               /* these notifies are not critical. no child_sa is built, but IKE stays alive */
                case SINGLE_PAIR_REQUIRED:
                {
                        this->logger->log(this->logger, AUDIT, 
@@ -471,6 +471,7 @@ static void destroy_ts_list(linked_list_t *list)
        if (list)
        {
                traffic_selector_t *ts;
+
                while (list->remove_last(list, (void**)&ts) == SUCCESS)
                {
                        ts->destroy(ts);
@@ -560,7 +561,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                                break;
                        case NOTIFY:
                        {
-                               status = process_notifys(this, (notify_payload_t*)payload);
+                               status = process_notifies(this, (notify_payload_t*)payload);
                                if (status == FAILED)
                                {
                                        payloads->destroy(payloads);
@@ -641,7 +642,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                if (cert == NULL)
                {
                        this->logger->log(this->logger, ERROR,
-                                                         "could not find my certificate, cert payload ommited");
+                                                         "could not find my certificate, cert payload omitted");
                }
                cert_payload = cert_payload_create_from_x509(cert);
                response->add_payload(response, (payload_t *)cert_payload);
@@ -822,7 +823,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                                break;
                        case NOTIFY:
                        {
-                               status = process_notifys(this, (notify_payload_t*)payload);
+                               status = process_notifies(this, (notify_payload_t*)payload);
                                if (status == FAILED)
                                {
                                        payloads->destroy(payloads);
@@ -855,11 +856,12 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
        
        {       /* process idr payload */
                identification_t *configured_other_id;
+               int wildcards;
                
                other_id = idr_payload->get_identification(idr_payload);
                configured_other_id = this->policy->get_other_id(this->policy);
                
-               if (!other_id->belongs_to(other_id, configured_other_id))
+               if (!other_id->matches(other_id, configured_other_id, &wildcards))
                {
                        other_id->destroy(other_id);
                        this->logger->log(this->logger, AUDIT,