IKEv1 XAuth: Moving the state change to IKE_CONNECTED until after XAuth exchanges...
authorClavister OpenSource <opensource@clavister.com>
Wed, 30 Nov 2011 09:43:38 +0000 (10:43 +0100)
committerClavister OpenSource <opensource@clavister.com>
Tue, 20 Mar 2012 16:31:10 +0000 (17:31 +0100)
src/libcharon/sa/task_manager_v1.c
src/libcharon/sa/tasks/main_mode.c
src/libcharon/sa/tasks/xauth_request.c

index 915644b..9008b60 100644 (file)
@@ -269,16 +269,17 @@ METHOD(task_manager_t, initiate, status_t,
                                        exchange = ID_PROT;
                                }
                                break;
-                       case IKE_ESTABLISHED:
-                               if (activate_task(this, TASK_QUICK_MODE))
+                       case IKE_CONNECTING:
+                               if (activate_task(this, TASK_XAUTH_REQUEST))
                                {
-                                       exchange = QUICK_MODE;
+                                       exchange = TRANSACTION;
                                        new_mid = TRUE;
-                                       break;
                                }
-                               if (activate_task(this, TASK_XAUTH_REQUEST))
+                               break;
+                       case IKE_ESTABLISHED:
+                               if (activate_task(this, TASK_QUICK_MODE))
                                {
-                                       exchange = TRANSACTION;
+                                       exchange = QUICK_MODE;
                                        new_mid = TRUE;
                                        break;
                                }
@@ -508,6 +509,10 @@ static status_t process_request(private_task_manager_t *this,
                        case INFORMATIONAL_V1:
                                /* TODO-IKEv1: informational */
                                return FAILED;
+                       case TRANSACTION:
+                               task = (task_t *)xauth_request_create(this->ike_sa, FALSE);
+                               this->passive_tasks->insert_last(this->passive_tasks, task);
+                               break;
                        default:
                                return FAILED;
                }
index 4efcf0d..a88f7a4 100644 (file)
@@ -660,8 +660,6 @@ METHOD(task_t, build_r, status_t,
                                 this->ike_sa->get_my_id(this->ike_sa),
                                 this->ike_sa->get_other_host(this->ike_sa),
                                 this->ike_sa->get_other_id(this->ike_sa));
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
 
                        switch (this->auth_method)
                        {
@@ -672,8 +670,17 @@ METHOD(task_t, build_r, status_t,
                                        lib->processor->queue_job(lib->processor, job);
                                        break;
                                }
+                               case AUTH_XAUTH_RESP_PSK:
+                               case AUTH_XAUTH_RESP_RSA: /* There should be more RESP cases here once added */
+                               {
+                                       break;
+                               }
                                default:
+                               {
+                                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+                                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
                                        break;
+                               }
                        }
                        return SUCCESS;
                }
@@ -774,20 +781,26 @@ METHOD(task_t, process_i, status_t,
                                 this->ike_sa->get_my_id(this->ike_sa),
                                 this->ike_sa->get_other_host(this->ike_sa),
                                 this->ike_sa->get_other_id(this->ike_sa));
-                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
-                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
 
                        switch (this->auth_method)
                        {
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA: /* There should be more RESP cases here once added */
                                {
-                                       job_t *job = (job_t *) initiate_xauth_job_create(this->ike_sa->get_id(this->ike_sa));
-                                       lib->processor->queue_job(lib->processor, job);
+                                       this->ike_sa->initiate_xauth(this->ike_sa, FALSE);
+                                       break;
+                               }
+                               case AUTH_XAUTH_INIT_PSK:
+                               case AUTH_XAUTH_INIT_RSA: /* There should be more INIT cases here once added */
+                               {
                                        break;
                                }
                                default:
+                               {
+                                       this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+                                       charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
                                        break;
+                               }
                        }
 
                        return SUCCESS;
index bf2a534..8e4489e 100644 (file)
@@ -364,11 +364,6 @@ METHOD(task_t, build_i, status_t,
        version = this->ike_sa->get_version(this->ike_sa);
        if(version == IKEV1)
        {
-               if(this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
-               {
-                       return NEED_MORE;
-               }
-
                if(!this->auth_cfg)
                {
                        this->auth_cfg = get_auth_cfg(this, TRUE);
@@ -476,10 +471,6 @@ METHOD(task_t, process_r, status_t,
        version = this->ike_sa->get_version(this->ike_sa);
        if(version == IKEV1)
        {
-               if(this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
-               {
-                       return NEED_MORE;
-               }
                if(!this->auth_cfg)
                {
                        this->auth_cfg = get_auth_cfg(this, TRUE);
@@ -488,10 +479,11 @@ METHOD(task_t, process_r, status_t,
                {
                        case AUTH_CLASS_XAUTH_PSK:
                        case AUTH_CLASS_XAUTH_PUBKEY:
+                               this->state = TASK_XAUTH_INIT;
                                break;
                        default:
                                /* We aren't XAuth, so do we should expect ConfigMode stuff */
-                               return SUCCESS;
+                               this->state = TASK_XAUTH_COMPLETE;
                }
                cp_type = CONFIGURATION_V1;
        }
@@ -620,6 +612,11 @@ METHOD(task_t, build_r, status_t,
                default:
                        return FAILED;
        }
+       if(status == SUCCESS)
+       {
+               this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+               charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
+       }
        return status;
 }
 
@@ -627,7 +624,9 @@ METHOD(task_t, process_i, status_t,
        private_xauth_request_t *this, message_t *message)
 {
        status_t status;
-       if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
+       if (((this->ike_sa->get_version(this->ike_sa) == IKEV2) &&
+                       (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)) ||
+                       (this->ike_sa->get_version(this->ike_sa) == IKEV1))
        {       /* in last IKE_AUTH exchange */
 
                status = process_payloads(this, message);
@@ -638,7 +637,15 @@ METHOD(task_t, process_i, status_t,
                        this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, this->virtual_ip);
                }
                if(this->state == TASK_XAUTH_COMPLETE)
+               {
+                       if(this->status == SUCCESS)
+                       {
+                               this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
+                               charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE);
+                       }
+
                        return this->status;
+               }
                return status;
        }
        return NEED_MORE;