- fixed alot of bugs in child_proposal

- near to working state ;-)

3 files changed, 52 insertions, 67 deletions

diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 13d980b57..ad23fa051 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -325,42 +325,34 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo
  */
 static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payload_t *sa_payload)
 {
-	child_proposal_t *proposals, *proposal_chosen;
-	size_t proposal_count;
-	status_t status;
-	
-	/* dummy spis, until we have a child sa to request them */
-	u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
-	u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
-	
-	/* check selected proposal */
-	status = sa_payload->get_child_proposals(sa_payload, &proposals, &proposal_count);
-	if (status != SUCCESS)
+	child_proposal_t *proposal;
+	linked_list_t *proposal_list;
+	/* TODO fix mem allocation */
+	/* TODO child sa stuff */
+	/* get selected proposal */
+	proposal_list = sa_payload->get_child_proposals(sa_payload);
+	/* check count of proposals */
+	if (proposal_list->get_count(proposal_list) == 0)
 	{
-		/* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
-		this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
+		/* no proposal? we accept this, no child sa is built */
+		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD didn't contain any proposals. No CHILD_SA created",
+						  proposal_list->get_count(proposal_list));
 		return SUCCESS;
 	}
-	if (proposal_count > 1)
+	if (proposal_list->get_count(proposal_list) > 1)
 	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD contained more than one proposal. Deleting IKE_SA");
-		allocator_free(proposals);
+		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD contained %d proposal. Deleting IKE_SA",
+						  proposal_list->get_count(proposal_list));
 		return DELETE_ME;
 	}
 	
-	proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
-	if (proposal_chosen == NULL)
+	/* we have to re-check here if other's selection is valid */
+	proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
+	if (proposal == NULL)
 	{
 		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
-		allocator_free(proposals);
 		return DELETE_ME;
 	}
-	else
-	{
-		allocator_free(proposal_chosen);
-	}
-	
-	allocator_free(proposals);
 	
 	return SUCCESS;
 }
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 81b75e780..1bbffa1dd 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -521,20 +521,15 @@ static status_t build_auth_payload (private_ike_sa_init_requested_t *this, id_pa
  */
 static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message_t *request)
 {
-	child_proposal_t *proposals;
+	linked_list_t *proposal_list;
 	sa_payload_t *sa_payload;
-	sa_config_t *sa_config;
-	size_t proposal_count;
-	/*
-	 * TODO: get SPIs from kernel
-	 */
-	u_int8_t esp_spi[4] = {0x01,0x01,0x01,0x01};
-	u_int8_t ah_spi[4] = {0x01,0x01,0x01,0x01};
-
+	sa_config_t *sa_config;	
+	POS;
 	sa_config = this->ike_sa->get_sa_config(this->ike_sa);
-	proposal_count = sa_config->get_proposals(sa_config,ah_spi,esp_spi,&proposals);
-	sa_payload = sa_payload_create_from_child_proposals(proposals, proposal_count);
-	allocator_free(proposals);
+	proposal_list = sa_config->get_proposals(sa_config);
+	sa_payload = sa_payload_create_from_child_proposals(proposal_list);
+	/* TODO: fix mem allocation */
+	/* TODO child sa stuff */
 
 	this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message");
 	request->add_payload(request,(payload_t *) sa_payload);
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 3d8f9e045..fd9835611 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -272,7 +272,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
 	this->ike_sa->build_message(this->ike_sa, IKE_AUTH, FALSE, &response);
 	
 	/* add payloads to it */
-	
 	status = this->build_idr_payload(this, idi_request, idr_request, response,&idr_response);
 	if (status != SUCCESS)
 	{
@@ -387,43 +386,42 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
  */
 static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
 {
-	child_proposal_t *proposals, *proposal_chosen;
-	size_t proposal_count;
-	status_t status;
+	child_proposal_t *proposal;
+	linked_list_t *proposal_list, *dummy_list;
 	sa_payload_t *sa_response;
 	
-	/* dummy spis, until we have a child sa to request them */
-	u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
-	u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
+	POS;
+	/* TODO: fix mem */
+	/* TODO: child sa stuff */
 	
-	status = request->get_child_proposals(request, &proposals, &proposal_count);
-	if (status == SUCCESS)
-	{
-		proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
-		if (proposal_chosen != NULL)
-		{
-			sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
-			response->add_payload(response, (payload_t*)sa_response);
-			allocator_free(proposal_chosen);
-		}
-		else
-		{
-			this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
-			this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-			status = DELETE_ME;	
-		}
-		allocator_free(proposals);
-	}
-	else
+	/* get proposals from request */
+	proposal_list = request->get_child_proposals(request);
+	if (proposal_list->get_count(proposal_list) == 0)
 	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
+		/* if the other side did not offer any proposals, we do not create child sa's */
+		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. No CHILD_SA created");
 		sa_response = sa_payload_create();
 		response->add_payload(response, (payload_t*)sa_response);
-		
-		status = SUCCESS;
+		return SUCCESS;
+	}
+	/* now select a proposal */
+	proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
+	if (proposal == NULL)
+	{
+		POS;
+		this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
+		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
+		return DELETE_ME;	
 	}
 	
-	return status;
+	/* we need a dummy list to build an sa payload from ONE proposal */
+	dummy_list = linked_list_create();
+	dummy_list->insert_last(dummy_list, (void*)proposal);
+	sa_response = sa_payload_create_from_child_proposals(dummy_list);
+	dummy_list->destroy(dummy_list);
+	response->add_payload(response, (payload_t*)sa_response);
+	
+	return SUCCESS;
 }
 
 /**