diff options
| -rw-r--r-- | src/libcharon/processing/jobs/adopt_children_job.c | 40 | ||||
| -rw-r--r-- | src/libcharon/processing/jobs/adopt_children_job.h | 8 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 32 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/main_mode.c | 31 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/xauth.c | 23 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/xauth.h | 5 |
6 files changed, 123 insertions, 16 deletions
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c index f99c0b932..fb480eee2 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.c +++ b/src/libcharon/processing/jobs/adopt_children_job.c @@ -17,6 +17,7 @@ #include <daemon.h> #include <hydra.h> +#include <collections/array.h> typedef struct private_adopt_children_job_t private_adopt_children_job_t; @@ -34,11 +35,17 @@ struct private_adopt_children_job_t { * IKE_SA id to adopt children from */ ike_sa_id_t *id; + + /** + * Tasks queued for execution + */ + array_t *tasks; }; METHOD(job_t, destroy, void, private_adopt_children_job_t *this) { + array_destroy_offset(this->tasks, offsetof(task_t, destroy)); this->id->destroy(this->id); free(this); } @@ -149,6 +156,32 @@ METHOD(job_t, execute, job_requeue_t, } } children->destroy_offset(children, offsetof(child_sa_t, destroy)); + + if (array_count(this->tasks)) + { + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->id); + if (ike_sa) + { + task_t *task; + + while (array_remove(this->tasks, ARRAY_HEAD, &task)) + { + task->migrate(task, ike_sa); + ike_sa->queue_task(ike_sa, task); + } + if (ike_sa->initiate(ike_sa, NULL, 0, NULL, NULL) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + ike_sa); + } + } + } } return JOB_REQUEUE_NONE; } @@ -159,6 +192,12 @@ METHOD(job_t, get_priority, job_priority_t, return JOB_PRIO_HIGH; } +METHOD(adopt_children_job_t, queue_task, void, + private_adopt_children_job_t *this, task_t *task) +{ + array_insert_create(&this->tasks, ARRAY_TAIL, task); +} + /** * See header */ @@ -173,6 +212,7 @@ adopt_children_job_t *adopt_children_job_create(ike_sa_id_t *id) .get_priority = _get_priority, .destroy = _destroy, }, + .queue_task = _queue_task, }, .id = id->clone(id), ); diff --git a/src/libcharon/processing/jobs/adopt_children_job.h b/src/libcharon/processing/jobs/adopt_children_job.h index 073504abd..ee99ee4e5 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.h +++ b/src/libcharon/processing/jobs/adopt_children_job.h @@ -24,6 +24,7 @@ #include <library.h> #include <processing/jobs/job.h> #include <sa/ike_sa_id.h> +#include <sa/task.h> typedef struct adopt_children_job_t adopt_children_job_t; @@ -36,6 +37,13 @@ struct adopt_children_job_t { * Implements job_t. */ job_t job_interface; + + /** + * Queue a job for execution after completing migration. + * + * @param task task to queue for execution + */ + void (*queue_task)(adopt_children_job_t *this, task_t *task); }; /** diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 7009ae95d..710bf1cd2 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -475,6 +475,9 @@ METHOD(task_t, process_r, status_t, } case AM_AUTH: { + adopt_children_job_t *job = NULL; + xauth_t *xauth = NULL; + while (TRUE) { if (this->ph1->verify_auth(this->ph1, this->method, message, @@ -504,8 +507,8 @@ METHOD(task_t, process_r, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - this->ike_sa->queue_task(this->ike_sa, - (task_t*)xauth_create(this->ike_sa, TRUE)); + xauth = xauth_create(this->ike_sa, TRUE); + this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth); break; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: @@ -524,9 +527,8 @@ METHOD(task_t, process_r, status_t, { return send_delete(this); } - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create( - this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create( + this->ike_sa->get_id(this->ike_sa)); break; } /* check for and prepare mode config push/pull */ @@ -542,10 +544,26 @@ METHOD(task_t, process_r, status_t, { if (!this->peer_cfg->use_pull_mode(this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + if (job) + { + job->queue_task(job, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } + else if (xauth) + { + xauth->queue_mode_config_push(xauth); + } + else + { + this->ike_sa->queue_task(this->ike_sa, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } } } + if (job) + { + lib->processor->queue_job(lib->processor, (job_t*)job); + } return SUCCESS; } default: diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 8a5d9ae16..2fb4c6935 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -479,6 +479,8 @@ METHOD(task_t, build_r, status_t, { id_payload_t *id_payload; identification_t *id; + adopt_children_job_t *job = NULL; + xauth_t *xauth = NULL; id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); if (!id) @@ -502,8 +504,8 @@ METHOD(task_t, build_r, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - this->ike_sa->queue_task(this->ike_sa, - (task_t*)xauth_create(this->ike_sa, TRUE)); + xauth = xauth_create(this->ike_sa, TRUE); + this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth); break; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: @@ -522,9 +524,8 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, AUTHENTICATION_FAILED); } - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create( - this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create( + this->ike_sa->get_id(this->ike_sa)); break; } if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) @@ -539,10 +540,26 @@ METHOD(task_t, build_r, status_t, { if (!this->peer_cfg->use_pull_mode(this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + if (job) + { + job->queue_task(job, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } + else if (xauth) + { + xauth->queue_mode_config_push(xauth); + } + else + { + this->ike_sa->queue_task(this->ike_sa, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } } } + if (job) + { + lib->processor->queue_job(lib->processor, (job_t*)job); + } return SUCCESS; } default: diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index bdc5d67f7..a770e90ff 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -19,6 +19,7 @@ #include <hydra.h> #include <encoding/payloads/cp_payload.h> #include <processing/jobs/adopt_children_job.h> +#include <sa/ikev1/tasks/mode_config.h> typedef struct private_xauth_t private_xauth_t; @@ -74,6 +75,11 @@ struct private_xauth_t { * status of Xauth exchange */ xauth_status_t status; + + /** + * Queue a Mode Config Push mode after completing XAuth? + */ + bool mode_config_push; }; /** @@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t, private_xauth_t *this, message_t *message) { cp_payload_t *cp; + adopt_children_job_t *job; cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp || cp->get_type(cp) != CFG_ACK) @@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t, return FAILED; } this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE); - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create(this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)); + if (this->mode_config_push) + { + job->queue_task(job, + (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + } + lib->processor->queue_job(lib->processor, (job_t*)job); return SUCCESS; } @@ -511,6 +523,12 @@ METHOD(task_t, migrate, void, } } +METHOD(xauth_t, queue_mode_config_push, void, + private_xauth_t *this) +{ + this->mode_config_push = TRUE; +} + METHOD(task_t, destroy, void, private_xauth_t *this) { @@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator) .migrate = _migrate, .destroy = _destroy, }, + .queue_mode_config_push = _queue_mode_config_push, }, .initiator = initiator, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev1/tasks/xauth.h b/src/libcharon/sa/ikev1/tasks/xauth.h index 303eb31ce..ffaf32a32 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.h +++ b/src/libcharon/sa/ikev1/tasks/xauth.h @@ -36,6 +36,11 @@ struct xauth_t { * Implements the task_t interface */ task_t task; + + /** + * Queue a Mode Config in Push mode after completing XAuth. + */ + void (*queue_mode_config_push)(xauth_t *this); }; /** |