diff options
| -rw-r--r-- | src/charon/encoding/payloads/notify_payload.c | 5 | ||||
| -rw-r--r-- | src/charon/encoding/payloads/notify_payload.h | 5 | ||||
| -rw-r--r-- | src/charon/sa/connect_manager.c | 28 |
3 files changed, 21 insertions, 17 deletions
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c index 975cc6d43..a893ab42a 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/charon/encoding/payloads/notify_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -85,6 +85,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, "ME_CALLBACK", "ME_CONNECTID", "ME_CONNECTKEY", + "ME_CONNECTAUTH", "ME_RESPONSE"); ENUM_END(notify_type_names, ME_RESPONSE); @@ -148,6 +149,7 @@ ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, "ME_CB", "ME_CID", "ME_CKEY", + "ME_CAUTH", "ME_R"); ENUM_END(notify_type_short_names, ME_RESPONSE); @@ -288,6 +290,7 @@ static status_t verify(private_notify_payload_t *this) } case NAT_DETECTION_SOURCE_IP: case NAT_DETECTION_DESTINATION_IP: + case ME_CONNECTAUTH: { if (this->notification_data.len != HASH_SIZE_SHA1) { diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index 5677bb563..c2287dd2f 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -99,7 +99,8 @@ enum notify_type_t { ME_CALLBACK = 40964, ME_CONNECTID = 40965, ME_CONNECTKEY = 40966, - ME_RESPONSE = 40967 + ME_CONNECTAUTH = 40967, + ME_RESPONSE = 40968 }; /** diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c index c0f49713e..be6fed745 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/charon/sa/connect_manager.c @@ -344,8 +344,8 @@ struct check_t { /** raw endpoint payload (to verify the signature) */ chunk_t endpoint_raw; - /** cookie */ - chunk_t cookie; + /** connect auth */ + chunk_t auth; }; /** @@ -355,7 +355,7 @@ static void check_destroy(check_t *this) { chunk_free(&this->connect_id); chunk_free(&this->endpoint_raw); - chunk_free(&this->cookie); + chunk_free(&this->auth); DESTROY_IF(this->endpoint); free(this); } @@ -368,7 +368,7 @@ static check_t *check_create() check_t *this = malloc_thing(check_t); this->connect_id = chunk_empty; - this->cookie = chunk_empty; + this->auth = chunk_empty; this->endpoint_raw = chunk_empty; this->endpoint = NULL; @@ -863,15 +863,15 @@ static status_t process_payloads(message_t *message, check_t *check) DBG2(DBG_IKE, "received ME_CONNECTID %#B", &check->connect_id); break; } - case COOKIE: + case ME_CONNECTAUTH: { - if (check->cookie.ptr) + if (check->auth.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple COOKIE notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTAUTH notifies"); break; } - check->cookie = chunk_clone(notify->get_notification_data(notify)); - DBG2(DBG_IKE, "received COOKIE %#B", &check->cookie); + check->auth = chunk_clone(notify->get_notification_data(notify)); + DBG2(DBG_IKE, "received ME_CONNECTAUTH %#B", &check->auth); break; } default: @@ -880,7 +880,7 @@ static status_t process_payloads(message_t *message, check_t *check) } iterator->destroy(iterator); - if (!check->connect_id.ptr || !check->endpoint || !check->cookie.ptr) + if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr) { DBG1(DBG_IKE, "at least one payload was missing from the connectivity check"); return FAILED; @@ -1014,9 +1014,9 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, message->add_payload(message, (payload_t*)endpoint); DBG2(DBG_IKE, "send ME_ENDPOINT notify"); - check->cookie = build_signature(this, checklist, check, TRUE); - message->add_notify(message, FALSE, COOKIE, check->cookie); - DBG2(DBG_IKE, "send COOKIE %#B", &check->cookie); + check->auth = build_signature(this, checklist, check, TRUE); + message->add_notify(message, FALSE, ME_CONNECTAUTH, check->auth); + DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth); packet_t *packet; if (message->generate(message, NULL, NULL, &packet) == SUCCESS) @@ -1334,7 +1334,7 @@ static void process_check(private_connect_manager_t *this, message_t *message) } chunk_t sig = build_signature(this, checklist, check, FALSE); - if (!chunk_equals(sig, check->cookie)) + if (!chunk_equals(sig, check->auth)) { DBG1(DBG_IKE, "connectivity check verification failed"); check_destroy(check); |