diff options
| author | Reto Buerki <reet@codelabs.ch> | 2014-10-30 16:16:40 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-10-31 13:49:40 +0100 |
| commit | 1ec7ee65c55ccf9555ccbd7c00b14600f202eee3 (patch) | |
| tree | 11fcee3ce57a7a30a20b21fefe5a96a5d3ec9a93 | |
| parent | a62d03d36b12792a098bf4f410d8db921373e8e4 (diff) | |
| download | strongswan-1ec7ee65c55ccf9555ccbd7c00b14600f202eee3.tar.bz2 strongswan-1ec7ee65c55ccf9555ccbd7c00b14600f202eee3.tar.xz | |
charon-tkm: Properly reset CC context in listener
Make sure that the acquired CC context is correctly reset and the
associated ID released in the authorize() function of the TKM bus
listener.
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_listener.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index b2692a586..bb1218266 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -240,6 +240,8 @@ METHOD(listener_t, authorize, bool, return TRUE; } + *success = FALSE; + keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa); isa_id = keymat->get_isa_id(keymat); DBG1(DBG_IKE, "TKM authorize listener called for ISA context %llu", isa_id); @@ -248,28 +250,26 @@ METHOD(listener_t, authorize, bool, if (!cc_id) { DBG1(DBG_IKE, "unable to acquire CC context id"); - *success = FALSE; return TRUE; } if (!build_cert_chain(ike_sa, cc_id)) { DBG1(DBG_IKE, "unable to build certificate chain"); - *success = FALSE; - return TRUE; + goto cc_reset; } auth = keymat->get_auth_payload(keymat); if (!auth->ptr) { DBG1(DBG_IKE, "no AUTHENTICATION data available"); - *success = FALSE; + goto cc_reset; } other_init_msg = keymat->get_peer_init_msg(keymat); if (!other_init_msg->ptr) { DBG1(DBG_IKE, "no peer init message available"); - *success = FALSE; + goto cc_reset; } chunk_to_sequence(auth, &signature, sizeof(signature_type)); @@ -279,7 +279,7 @@ METHOD(listener_t, authorize, bool, { DBG1(DBG_IKE, "TKM based authentication failed" " for ISA context %llu", isa_id); - *success = FALSE; + goto cc_reset; } else { @@ -288,7 +288,13 @@ METHOD(listener_t, authorize, bool, *success = TRUE; } - return TRUE; +cc_reset: + if (ike_cc_reset(cc_id) != TKM_OK) + { + DBG1(DBG_IKE, "unable to reset CC context %llu", cc_id); + } + tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_CC, cc_id); + return TRUE; /* stay registered */ } METHOD(listener_t, message, bool, |