Removed auth_cfg_t.replace_value() and replaced usages with add().

replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.

5 files changed, 39 insertions, 93 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 6b7481988..5a6c22fb3 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -1039,11 +1039,7 @@ METHOD(stroke_config_t, set_user_credentials, void,
 		auth_class = (uintptr_t)auth_cfg->get(auth_cfg, AUTH_RULE_AUTH_CLASS);
 		if (auth_class == AUTH_CLASS_EAP)
 		{
-			identity = id->clone(id);
-			if (!auth_cfg->replace_value(auth_cfg, AUTH_RULE_EAP_IDENTITY, identity))
-			{
-				auth_cfg->add(auth_cfg, AUTH_RULE_EAP_IDENTITY, identity);
-			}
+			auth_cfg->add(auth_cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
 			/* if aaa_identity is specified use that as remote ID */
 			identity = auth_cfg->get(auth_cfg, AUTH_RULE_AAA_IDENTITY);
 			if (identity && identity->get_type(identity) != ID_ANY)
diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c
index 7284dfc8a..5c8f0b6ce 100644
--- a/src/libcharon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -223,10 +223,7 @@ static void replace_eap_identity(private_eap_authenticator_t *this)
 
 	eap_identity = this->eap_identity->clone(this->eap_identity);
 	cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
-	if (!cfg->replace_value(cfg, AUTH_RULE_EAP_IDENTITY, eap_identity))
-	{
-		eap_identity->destroy(eap_identity);
-	}
+	cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, eap_identity);
 }
 
 /**
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index 7552097f9..665468fe8 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -425,10 +425,7 @@ METHOD(task_t, build_i, status_t,
 			DBG1(DBG_CFG, "no IDi configured, fall back on IP address");
 			me = this->ike_sa->get_my_host(this->ike_sa);
 			idi = identification_create_from_sockaddr(me->get_sockaddr(me));
-			if (!cfg->replace_value(cfg, AUTH_RULE_IDENTITY, idi))
-			{
-				cfg->add(cfg, AUTH_RULE_IDENTITY, idi);
-			}
+			cfg->add(cfg, AUTH_RULE_IDENTITY, idi);
 		}
 		this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi));
 		id_payload = id_payload_create_from_identification(ID_INITIATOR, idi);
@@ -702,10 +699,7 @@ METHOD(task_t, build_r, status_t,
 				me = this->ike_sa->get_my_host(this->ike_sa);
 				id_cfg = identification_create_from_sockaddr(
 														me->get_sockaddr(me));
-				if (!cfg->replace_value(cfg, AUTH_RULE_IDENTITY, id_cfg))
-				{
-					cfg->add(cfg, AUTH_RULE_IDENTITY, id_cfg);
-				}
+				cfg->add(cfg, AUTH_RULE_IDENTITY, id_cfg);
 			}
 			this->ike_sa->set_my_id(this->ike_sa, id_cfg->clone(id_cfg));
 			id = id_cfg;
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index a06a028d7..12f75b240 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -329,47 +329,6 @@ static void destroy_entry_value(entry_t *entry)
 }
 
 /**
- * Replace the type and value of the given entry.
- */
-static void replace_entry(entry_t *entry, auth_rule_t type, va_list args)
-{
-	destroy_entry_value(entry);
-	entry->type = type;
-	switch (type)
-	{
-		case AUTH_RULE_AUTH_CLASS:
-		case AUTH_RULE_EAP_TYPE:
-		case AUTH_RULE_EAP_VENDOR:
-		case AUTH_RULE_CRL_VALIDATION:
-		case AUTH_RULE_OCSP_VALIDATION:
-		case AUTH_RULE_RSA_STRENGTH:
-		case AUTH_RULE_ECDSA_STRENGTH:
-			/* integer type */
-			entry->value = (void*)(uintptr_t)va_arg(args, u_int);
-			break;
-		case AUTH_RULE_IDENTITY:
-		case AUTH_RULE_EAP_IDENTITY:
-		case AUTH_RULE_AAA_IDENTITY:
-		case AUTH_RULE_GROUP:
-		case AUTH_RULE_CA_CERT:
-		case AUTH_RULE_IM_CERT:
-		case AUTH_RULE_SUBJECT_CERT:
-		case AUTH_RULE_CERT_POLICY:
-		case AUTH_HELPER_IM_CERT:
-		case AUTH_HELPER_SUBJECT_CERT:
-		case AUTH_HELPER_IM_HASH_URL:
-		case AUTH_HELPER_SUBJECT_HASH_URL:
-		case AUTH_HELPER_REVOCATION_CERT:
-			/* pointer type */
-			entry->value = va_arg(args, void*);
-			break;
-		case AUTH_RULE_MAX:
-			entry->value = NULL;
-			break;
-	}
-}
-
-/**
  * Implementation of auth_cfg_t.replace.
  */
 static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
@@ -377,37 +336,47 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
 {
 	if (enumerator->current)
 	{
+		entry_t *entry;
 		va_list args;
 
 		va_start(args, type);
-		replace_entry(enumerator->current, type, args);
-		va_end(args);
-	}
-}
-
-METHOD(auth_cfg_t, replace_value, bool,
-	private_auth_cfg_t *this, auth_rule_t type, ...)
-{
-	enumerator_t *enumerator;
-	entry_t *entry;
-	bool found = FALSE;
-
-	enumerator = this->entries->create_enumerator(this->entries);
-	while (enumerator->enumerate(enumerator, &entry))
-	{
-		if (type == entry->type)
+		entry = enumerator->current;
+		destroy_entry_value(entry);
+		entry->type = type;
+		switch (type)
 		{
-			va_list args;
-
-			va_start(args, type);
-			replace_entry(entry, type, args);
-			va_end(args);
-			found = TRUE;
-			break;
+			case AUTH_RULE_AUTH_CLASS:
+			case AUTH_RULE_EAP_TYPE:
+			case AUTH_RULE_EAP_VENDOR:
+			case AUTH_RULE_CRL_VALIDATION:
+			case AUTH_RULE_OCSP_VALIDATION:
+			case AUTH_RULE_RSA_STRENGTH:
+			case AUTH_RULE_ECDSA_STRENGTH:
+				/* integer type */
+				entry->value = (void*)(uintptr_t)va_arg(args, u_int);
+				break;
+			case AUTH_RULE_IDENTITY:
+			case AUTH_RULE_EAP_IDENTITY:
+			case AUTH_RULE_AAA_IDENTITY:
+			case AUTH_RULE_GROUP:
+			case AUTH_RULE_CA_CERT:
+			case AUTH_RULE_IM_CERT:
+			case AUTH_RULE_SUBJECT_CERT:
+			case AUTH_RULE_CERT_POLICY:
+			case AUTH_HELPER_IM_CERT:
+			case AUTH_HELPER_SUBJECT_CERT:
+			case AUTH_HELPER_IM_HASH_URL:
+			case AUTH_HELPER_SUBJECT_HASH_URL:
+			case AUTH_HELPER_REVOCATION_CERT:
+				/* pointer type */
+				entry->value = va_arg(args, void*);
+				break;
+			case AUTH_RULE_MAX:
+				entry->value = NULL;
+				break;
 		}
+		va_end(args);
 	}
-	enumerator->destroy(enumerator);
-	return found;
 }
 
 METHOD(auth_cfg_t, get, void*,
@@ -996,7 +965,6 @@ auth_cfg_t *auth_cfg_create()
 			.get = _get,
 			.create_enumerator = _create_enumerator,
 			.replace = (void(*)(auth_cfg_t*,enumerator_t*,auth_rule_t,...))replace,
-			.replace_value = _replace_value,
 			.complies = _complies,
 			.merge = (void(*)(auth_cfg_t*,auth_cfg_t*,bool))merge,
 			.purge = _purge,
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 7a484c5cc..4d12a9c14 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -197,15 +197,6 @@ struct auth_cfg_t {
 					auth_rule_t rule, ...);
 
 	/**
-	 * Replace the value of the first rule with the given type.
-	 *
-	 * @param rule		rule type
-	 * @param ...		associated value to rule
-	 * @return			TRUE if the rule was found and the value replaced
-	 */
-	bool (*replace_value)(auth_cfg_t *this, auth_rule_t rule, ...);
-
-	/**
 	 * Check if a used config fulfills a set of configured constraints.
 	 *
 	 * @param constraints	required authorization rules