diff options
| -rw-r--r-- | src/charon/sa/tasks/child_rekey.c | 62 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_auth_lifetime.c | 28 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_cert_pre.c | 18 | ||||
| -rw-r--r-- | src/charon/sa/tasks/ike_rekey.c | 31 |
4 files changed, 35 insertions, 104 deletions
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c index cbf45b4a7..b08e1a34d 100644 --- a/src/charon/sa/tasks/child_rekey.c +++ b/src/charon/sa/tasks/child_rekey.c @@ -101,35 +101,22 @@ static status_t process_i_delete(private_child_rekey_t *this, message_t *message */ static void find_child(private_child_rekey_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; + notify_payload_t *notify; + protocol_id_t protocol; + u_int32_t spi; - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + notify = message->get_notify(message, REKEY_SA); + if (notify) { - notify_payload_t *notify; - u_int32_t spi; - protocol_id_t protocol; - - if (payload->get_type(payload) != NOTIFY) - { - continue; - } - - notify = (notify_payload_t*)payload; protocol = notify->get_protocol_id(notify); spi = notify->get_spi(notify); - if (protocol != PROTO_ESP && protocol != PROTO_AH) + if (protocol == PROTO_ESP || protocol == PROTO_AH) { - continue; + this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, + spi, FALSE); } - this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, - spi, FALSE); - break; - } - enumerator->destroy(enumerator); } /** @@ -230,33 +217,20 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) protocol_id_t protocol; u_int32_t spi; child_sa_t *to_delete; - enumerator_t *enumerator; - payload_t *payload; - /* handle NO_ADDITIONAL_SAS notify */ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + if (message->get_notify(message, NO_ADDITIONAL_SAS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify_payload_t *notify = (notify_payload_t*)payload; - - if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) - { - DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " - "starting reauthentication"); - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - charon->processor->queue_job(charon->processor, - (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), TRUE)); - enumerator->destroy(enumerator); - return SUCCESS; - } - } + DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " + "starting reauthentication"); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + charon->processor->queue_job(charon->processor, + (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), TRUE)); + return SUCCESS; } - enumerator->destroy(enumerator); - if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) + if (this->child_create->task.process(&this->child_create->task, + message) == NEED_MORE) { /* bad DH group while rekeying, try again */ this->child_create->task.migrate(&this->child_create->task, this->ike_sa); diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/charon/sa/tasks/ike_auth_lifetime.c index 4b926a9f5..819ac47bf 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.c +++ b/src/charon/sa/tasks/ike_auth_lifetime.c @@ -62,31 +62,17 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess */ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; notify_payload_t *notify; + chunk_t data; + u_int32_t lifetime; - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + notify = message->get_notify(message, AUTH_LIFETIME); + if (notify) { - if (payload->get_type(payload) == NOTIFY) - { - notify = (notify_payload_t*)payload; - switch (notify->get_notify_type(notify)) - { - case AUTH_LIFETIME: - { - chunk_t data = notify->get_notification_data(notify); - u_int32_t lifetime = ntohl(*(u_int32_t*)data.ptr); - this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); - break; - } - default: - break; - } - } + data = notify->get_notification_data(notify); + lifetime = ntohl(*(u_int32_t*)data.ptr); + this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); } - enumerator->destroy(enumerator); } /** diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c index 8706b58d8..d7f5f55d1 100644 --- a/src/charon/sa/tasks/ike_cert_pre.c +++ b/src/charon/sa/tasks/ike_cert_pre.c @@ -397,29 +397,15 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) */ static bool final_auth(message_t *message) { - enumerator_t *enumerator; - payload_t *payload; - notify_payload_t *notify; - /* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ if (message->get_payload(message, AUTHENTICATION) == NULL) { return FALSE; } - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify = (notify_payload_t*)payload; - if (notify->get_notify_type(notify) == ANOTHER_AUTH_FOLLOWS) - { - enumerator->destroy(enumerator); - return FALSE; - } - } + return FALSE; } - enumerator->destroy(enumerator); return TRUE; } diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c index 3a049b566..e9f5d5f87 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/charon/sa/tasks/ike_rekey.c @@ -191,31 +191,16 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) */ static status_t process_i(private_ike_rekey_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; - - /* handle NO_ADDITIONAL_SAS notify */ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + if (message->get_notify(message, NO_ADDITIONAL_SAS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify_payload_t *notify = (notify_payload_t*)payload; - - if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) - { - DBG1(DBG_IKE, "peer seems to not support IKE rekeying, " - "starting reauthentication"); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - charon->processor->queue_job(charon->processor, - (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), TRUE)); - enumerator->destroy(enumerator); - return SUCCESS; - } - } + DBG1(DBG_IKE, "peer seems to not support IKE rekeying, " + "starting reauthentication"); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); + charon->processor->queue_job(charon->processor, + (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), TRUE)); + return SUCCESS; } - enumerator->destroy(enumerator); switch (this->ike_init->task.process(&this->ike_init->task, message)) { |