diff options
Diffstat (limited to 'src')
31 files changed, 359 insertions, 522 deletions
diff --git a/src/charon/config/connections/connection.c b/src/charon/config/connections/connection.c index dcc433c9f..a3acf2609 100644 --- a/src/charon/config/connections/connection.c +++ b/src/charon/config/connections/connection.c @@ -196,14 +196,12 @@ static proposal_t *select_proposal(private_connection_t *this, linked_list_t *pr supplied_iter = proposals->create_iterator(proposals, TRUE); /* compare all stored proposals with all supplied. Stored ones are preferred. */ - while (stored_iter->has_next(stored_iter)) + while (stored_iter->iterate(stored_iter, (void**)&stored)) { supplied_iter->reset(supplied_iter); - stored_iter->current(stored_iter, (void**)&stored); - while (supplied_iter->has_next(supplied_iter)) + while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) { - supplied_iter->current(supplied_iter, (void**)&supplied); selected = stored->select(stored, supplied); if (selected) { @@ -256,9 +254,8 @@ static diffie_hellman_group_t get_dh_group(private_connection_t *this) diffie_hellman_group_t dh_group = MODP_NONE; iterator = this->proposals->create_iterator(this->proposals, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&proposal)) { - iterator->current(iterator, (void**)&proposal); if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo)) { dh_group = algo->algorithm; @@ -279,13 +276,11 @@ static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh algorithm_t *algo; prop_iter = this->proposals->create_iterator(this->proposals, TRUE); - while (prop_iter->has_next(prop_iter)) + while (prop_iter->iterate(prop_iter, (void**)&proposal)) { - prop_iter->current(prop_iter, (void**)&proposal); alg_iter = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP); - while (alg_iter->has_next(alg_iter)) + while (alg_iter->iterate(alg_iter, (void**)&algo)) { - alg_iter->current(alg_iter, (void**)&algo); if (algo->algorithm == dh_group) { prop_iter->destroy(prop_iter); diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c index 30e7e9c8a..4a6224f1d 100644 --- a/src/charon/config/connections/local_connection_store.c +++ b/src/charon/config/connections/local_connection_store.c @@ -75,14 +75,12 @@ static connection_t *get_connection_by_hosts(private_local_connection_store_t *t pthread_mutex_lock(&(this->mutex)); iterator = this->connections->create_iterator(this->connections, TRUE); /* determine closest matching connection */ - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&candidate)) { host_t *candidate_my_host; host_t *candidate_other_host; - - iterator->current(iterator, (void**)&candidate); - candidate_my_host = candidate->get_my_host(candidate); + candidate_my_host = candidate->get_my_host(candidate); candidate_other_host = candidate->get_other_host(candidate); /* my_host addresses must match*/ @@ -138,9 +136,8 @@ static connection_t *get_connection_by_name(private_local_connection_store_t *th pthread_mutex_lock(&(this->mutex)); iterator = this->connections->create_iterator(this->connections, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t)) { - iterator->current(iterator, (void**)¤t); if (strcmp(name, current->get_name(current)) == 0) { found = current; @@ -169,9 +166,8 @@ static status_t delete_connection(private_local_connection_store_t *this, char * pthread_mutex_lock(&(this->mutex)); iterator = this->connections->create_iterator(this->connections, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)¤t)) { - iterator->current(iterator, (void **)¤t); if (strcmp(current->get_name(current), name) == 0) { /* remove connection from list, and destroy it */ diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index 309f4a2fe..bddd38859 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -140,7 +140,9 @@ struct private_local_credential_store_t { /** * Implementation of local_credential_store_t.get_shared_key. */ -static status_t get_shared_key(private_local_credential_store_t *this, identification_t *my_id, identification_t *other_id, chunk_t *secret) +static status_t get_shared_key(private_local_credential_store_t *this, + identification_t *my_id, + identification_t *other_id, chunk_t *secret) { typedef enum { PRIO_UNDEFINED= 0x00, @@ -151,18 +153,16 @@ static status_t get_shared_key(private_local_credential_store_t *this, identific prio_t best_prio = PRIO_UNDEFINED; chunk_t found = CHUNK_INITIALIZER; + shared_key_t *shared_key; iterator_t *iterator = this->shared_keys->create_iterator(this->shared_keys, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&shared_key)) { - shared_key_t *shared_key; iterator_t *peer_iterator; - + identification_t *peer_id; prio_t prio = PRIO_UNDEFINED; - iterator->current(iterator, (void**)&shared_key); - peer_iterator = shared_key->peers->create_iterator(shared_key->peers, TRUE); if (peer_iterator->get_count(peer_iterator) == 0) @@ -172,12 +172,8 @@ static status_t get_shared_key(private_local_credential_store_t *this, identific } else { - while (peer_iterator->has_next(peer_iterator)) + while (peer_iterator->iterate(peer_iterator, (void**)&peer_id)) { - identification_t *peer_id; - - peer_iterator->current(peer_iterator, (void**)&peer_id); - if (my_id->equals(my_id, peer_id)) { prio |= PRIO_MY_MATCH; @@ -212,19 +208,17 @@ static status_t get_shared_key(private_local_credential_store_t *this, identific /** * Implementation of credential_store_t.get_certificate. */ -static x509_t* get_certificate(private_local_credential_store_t *this, identification_t * id) +static x509_t* get_certificate(private_local_credential_store_t *this, + identification_t * id) { - x509_t *found = NULL; + x509_t *found = NULL, *cert; iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&cert)) { - x509_t *cert; - - iterator->current(iterator, (void**)&cert); - - if (id->equals(id, cert->get_subject(cert)) || cert->equals_subjectAltName(cert, id)) + if (id->equals(id, cert->get_subject(cert)) || + cert->equals_subjectAltName(cert, id)) { found = cert; break; @@ -237,7 +231,8 @@ static x509_t* get_certificate(private_local_credential_store_t *this, identific /** * Implementation of local_credential_store_t.get_rsa_public_key. */ -static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *this, identification_t *id) +static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *this, + identification_t *id) { x509_t *cert = get_certificate(this, id); @@ -247,7 +242,8 @@ static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *th /** * Implementation of local_credential_store_t.get_trusted_public_key. */ -static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t *this, identification_t *id) +static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t *this, + identification_t *id) { cert_status_t status; err_t ugh; @@ -282,17 +278,15 @@ static rsa_public_key_t *get_trusted_public_key(private_local_credential_store_t /** * Implementation of local_credential_store_t.get_rsa_private_key. */ -static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey) +static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *this, + rsa_public_key_t *pubkey) { - rsa_private_key_t *found = NULL; - rsa_private_key_t *current; + rsa_private_key_t *found = NULL, *current; iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t)) { - iterator->current(iterator, (void**)¤t); - if (current->belongs_to(current, pubkey)) { found = current->clone(current); @@ -313,10 +307,8 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t)) { - iterator->current(iterator, (void**)¤t); - if (current->belongs_to(current, pubkey)) { found = TRUE; @@ -330,17 +322,14 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ /** * Implementation of credential_store_t.get_issuer_certificate. */ -static x509_t* get_issuer_certificate(private_local_credential_store_t *this, const x509_t *cert) +static x509_t* get_issuer_certificate(private_local_credential_store_t *this, + const x509_t *cert) { - x509_t *issuer_cert = NULL; + x509_t *issuer_cert = NULL, *current_cert;; iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE); - - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_cert)) { - x509_t *current_cert; - - iterator->current(iterator, (void**)¤t_cert); if (cert->is_issuer(cert, current_cert)) { issuer_cert = current_cert; @@ -357,15 +346,12 @@ static x509_t* get_issuer_certificate(private_local_credential_store_t *this, co */ static crl_t* get_crl(private_local_credential_store_t *this, const x509_t *issuer) { - crl_t *crl = NULL; + crl_t *crl = NULL, *current_crl; iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_crl)) { - crl_t *current_crl; - - iterator->current(iterator, (void**)¤t_crl); if (current_crl->is_issuer(current_crl, issuer)) { crl = current_crl; @@ -430,15 +416,12 @@ static cert_status_t verify_by_ocsp(private_local_credential_store_t* this, */ static x509_t* find_certificate_copy(linked_list_t *certs, x509_t *cert) { - x509_t *found_cert = NULL; + x509_t *found_cert = NULL, *current_cert; iterator_t *iterator = certs->create_iterator(certs, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_cert)) { - x509_t *current_cert; - - iterator->current(iterator, (void**)¤t_cert); if (cert->equals(cert, current_cert)) { found_cert = current_cert; @@ -733,21 +716,19 @@ static void load_ca_certificates(private_local_credential_store_t *this) static crl_t* add_crl(linked_list_t *crls, crl_t *crl) { bool found = FALSE; + crl_t *current_crl; iterator_t *iterator = crls->create_iterator(crls, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_crl)) { - crl_t *current_crl; - - iterator->current(iterator, (void**)¤t_crl); if (crl->equals_issuer(crl, current_crl)) { found = TRUE; if (crl->is_newer(crl, current_crl)) { crl_t *old_crl = NULL; - + iterator->replace(iterator, (void**)&old_crl, (void*)crl); if (old_crl != NULL) { diff --git a/src/charon/config/policies/local_policy_store.c b/src/charon/config/policies/local_policy_store.c index 1fca08107..dd4e7ebb0 100644 --- a/src/charon/config/policies/local_policy_store.c +++ b/src/charon/config/policies/local_policy_store.c @@ -112,13 +112,11 @@ static policy_t *get_policy(private_local_policy_store_t *this, iterator = this->policies->create_iterator(this->policies, TRUE); /* determine closest matching policy */ - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&candidate)) { identification_t *candidate_my_id; identification_t *candidate_other_id; int wildcards; - - iterator->current(iterator, (void**)&candidate); candidate_my_id = candidate->get_my_id(candidate); candidate_other_id = candidate->get_other_id(candidate); @@ -182,9 +180,8 @@ static policy_t *get_policy_by_name(private_local_policy_store_t *this, char *na pthread_mutex_lock(&(this->mutex)); iterator = this->policies->create_iterator(this->policies, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)¤t)) { - iterator->current(iterator, (void **)¤t); if (strcmp(current->get_name(current), name) == 0) { found = current; @@ -209,9 +206,8 @@ static status_t delete_policy(private_local_policy_store_t *this, char *name) pthread_mutex_lock(&(this->mutex)); iterator = this->policies->create_iterator(this->policies, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)¤t)) { - iterator->current(iterator, (void **)¤t); if (strcmp(current->get_name(current), name) == 0) { /* remove policy from list, and destroy it */ diff --git a/src/charon/config/policies/policy.c b/src/charon/config/policies/policy.c index c9ac7884b..55f8debe5 100644 --- a/src/charon/config/policies/policy.c +++ b/src/charon/config/policies/policy.c @@ -313,14 +313,11 @@ static proposal_t *select_proposal(private_policy_t *this, linked_list_t *propos supplied_iter = proposals->create_iterator(proposals, TRUE); /* compare all stored proposals with all supplied. Stored ones are preferred. */ - while (stored_iter->has_next(stored_iter)) + while (stored_iter->iterate(stored_iter, (void**)&stored)) { supplied_iter->reset(supplied_iter); - stored_iter->current(stored_iter, (void**)&stored); - - while (supplied_iter->has_next(supplied_iter)) + while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) { - supplied_iter->current(supplied_iter, (void**)&supplied); selected = stored->select(stored, supplied); if (selected) { diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index 6b45d48bf..e6a4a4d7d 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -216,13 +216,11 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, first_iter = first->create_iterator(first, TRUE); second_iter = second->create_iterator(second, TRUE); /* compare algs, order of algs in "first" is preferred */ - while (first_iter->has_next(first_iter)) + while (first_iter->iterate(first_iter, (void**)&first_alg)) { - first_iter->current(first_iter, (void**)&first_alg); second_iter->reset(second_iter); - while (second_iter->has_next(second_iter)) + while (second_iter->iterate(second_iter, (void**)&second_alg)) { - second_iter->current(second_iter, (void**)&second_alg); if (first_alg->algorithm == second_alg->algorithm && first_alg->key_size == second_alg->key_size) { @@ -364,9 +362,8 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list) { algorithm_t *algo, *clone_algo; iterator_t *iterator = list->create_iterator(list, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - iterator->current(iterator, (void**)&algo); clone_algo = malloc_thing(algorithm_t); memcpy(clone_algo, algo, sizeof(algorithm_t)); clone_list->insert_last(clone_list, (void*)clone_algo); diff --git a/src/charon/encoding/generator.c b/src/charon/encoding/generator.c index 392a4602d..6eb3c5d66 100644 --- a/src/charon/encoding/generator.c +++ b/src/charon/encoding/generator.c @@ -803,19 +803,17 @@ static void generate_payload (private_generator_t *this,payload_t *payload) u_int16_t int16_val; /* proposals are stored in a linked list and so accessed */ linked_list_t *proposals = *((linked_list_t **)(this->data_struct + rules[i].offset)); - iterator_t *iterator; + payload_t *current_proposal; + /* create forward iterator */ iterator = proposals->create_iterator(proposals,TRUE); /* every proposal is processed (iterative call )*/ - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_proposal)) { - payload_t *current_proposal; u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - iterator->current(iterator,(void **)¤t_proposal); - before_generate_position_offset = this->get_current_buffer_offset(this); this->public.generate_payload(&(this->public),current_proposal); after_generate_position_offset = this->get_current_buffer_offset(this); @@ -828,26 +826,24 @@ static void generate_payload (private_generator_t *this,payload_t *payload) int16_val = htons(length_of_sa_payload); this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset); break; - } + } case TRANSFORMS: - { + { /* before iterative generate the transforms, store the current length position */ u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; u_int16_t length_of_proposal = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; u_int16_t int16_val; linked_list_t *transforms = *((linked_list_t **)(this->data_struct + rules[i].offset)); iterator_t *iterator; - + payload_t *current_transform; + /* create forward iterator */ iterator = transforms->create_iterator(transforms,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_transform)) { - payload_t *current_transform; u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - iterator->current(iterator,(void **)¤t_transform); - before_generate_position_offset = this->get_current_buffer_offset(this); this->public.generate_payload(&(this->public),current_transform); after_generate_position_offset = this->get_current_buffer_offset(this); @@ -857,7 +853,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } iterator->destroy(iterator); - + int16_val = htons(length_of_proposal); this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset); @@ -867,22 +863,19 @@ static void generate_payload (private_generator_t *this,payload_t *payload) { /* before iterative generate the transform attributes, store the current length position */ u_int32_t transform_length_position_offset = this->last_payload_length_position_offset; - u_int16_t length_of_transform = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; u_int16_t int16_val; linked_list_t *transform_attributes =*((linked_list_t **)(this->data_struct + rules[i].offset)); - iterator_t *iterator; + payload_t *current_attribute; + /* create forward iterator */ iterator = transform_attributes->create_iterator(transform_attributes,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_attribute)) { - payload_t *current_attribute; u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - iterator->current(iterator,(void **)¤t_attribute); - before_generate_position_offset = this->get_current_buffer_offset(this); this->public.generate_payload(&(this->public),current_attribute); after_generate_position_offset = this->get_current_buffer_offset(this); @@ -902,22 +895,19 @@ static void generate_payload (private_generator_t *this,payload_t *payload) { /* before iterative generate the configuration attributes, store the current length position */ u_int32_t configurations_length_position_offset = this->last_payload_length_position_offset; - u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; u_int16_t int16_val; linked_list_t *configuration_attributes =*((linked_list_t **)(this->data_struct + rules[i].offset)); - iterator_t *iterator; + payload_t *current_attribute; + /* create forward iterator */ iterator = configuration_attributes->create_iterator(configuration_attributes,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_attribute)) { - payload_t *current_attribute; u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - iterator->current(iterator,(void **)¤t_attribute); - before_generate_position_offset = this->get_current_buffer_offset(this); this->public.generate_payload(&(this->public),current_attribute); after_generate_position_offset = this->get_current_buffer_offset(this); @@ -974,18 +964,16 @@ static void generate_payload (private_generator_t *this,payload_t *payload) u_int16_t int16_val; /* traffic selectors are stored in a linked list and so accessed */ linked_list_t *traffic_selectors = *((linked_list_t **)(this->data_struct + rules[i].offset)); - iterator_t *iterator; + payload_t *current_traffic_selector_substructure; + /* create forward iterator */ iterator = traffic_selectors->create_iterator(traffic_selectors,TRUE); /* every proposal is processed (iterative call )*/ - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)¤t_traffic_selector_substructure)) { - payload_t *current_traffic_selector_substructure; u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - - iterator->current(iterator,(void **)¤t_traffic_selector_substructure); before_generate_position_offset = this->get_current_buffer_offset(this); this->public.generate_payload(&(this->public),current_traffic_selector_substructure); diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c index 65e4729b3..44850313c 100644 --- a/src/charon/encoding/message.c +++ b/src/charon/encoding/message.c @@ -751,9 +751,8 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* /* generate every payload expect last one, this is doen later*/ iterator = this->payloads->create_iterator(this->payloads, TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)&next_payload)) { - iterator->current(iterator, (void**)&next_payload); payload->set_next_type(payload, next_payload->get_type(next_payload)); generator->generate_payload(generator, payload); payload = next_payload; @@ -878,19 +877,16 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig payload_t *previous_payload = NULL; int payload_number = 1; iterator_t *iterator; + payload_t *current_payload; status_t status; iterator = this->payloads->create_iterator(this->payloads,TRUE); /* process each payload and decrypt a encryption payload */ - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_payload)) { payload_rule_t *payload_rule; payload_type_t current_payload_type; - payload_t *current_payload; - - /* get current payload */ - iterator->current(iterator,(void **)¤t_payload); /* needed to check */ current_payload_type = current_payload->get_type(current_payload); @@ -1020,6 +1016,7 @@ static status_t verify(private_message_t *this) { int i; iterator_t *iterator; + payload_t *current_payload; size_t total_found_payloads = 0; DBG2(SIG_DBG_ENC, "verifying message structure"); @@ -1033,14 +1030,11 @@ static status_t verify(private_message_t *this) /* check all payloads for specific rule */ iterator->reset(iterator); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator,(void **)¤t_payload)) { - payload_t *current_payload; payload_type_t current_payload_type; - iterator->current(iterator,(void **)¤t_payload); current_payload_type = current_payload->get_type(current_payload); - if (current_payload_type == UNKNOWN_PAYLOAD) { /* unknown payloads are ignored, IF they are not critical */ @@ -1177,26 +1171,10 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t */ static void destroy (private_message_t *this) { - iterator_t *iterator; - + DESTROY_IF(this->ike_sa_id); + this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy)); this->packet->destroy(this->packet); - - if (this->ike_sa_id != NULL) - { - this->ike_sa_id->destroy(this->ike_sa_id); - } - - iterator = this->payloads->create_iterator(this->payloads, TRUE); - while (iterator->has_next(iterator)) - { - payload_t *payload; - iterator->current(iterator, (void**)&payload); - payload->destroy(payload); - } - iterator->destroy(iterator); - this->payloads->destroy(this->payloads); this->parser->destroy(this->parser); - free(this); } diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/charon/encoding/payloads/cp_payload.c index 580a0c64a..bd16abc22 100644 --- a/src/charon/encoding/payloads/cp_payload.c +++ b/src/charon/encoding/payloads/cp_payload.c @@ -125,20 +125,17 @@ static status_t verify(private_cp_payload_t *this) { status_t status = SUCCESS; iterator_t *iterator; - - iterator = this->attributes->create_iterator(this->attributes,TRUE); + configuration_attribute_t *attribute; - while(iterator->has_next(iterator)) + iterator = this->attributes->create_iterator(this->attributes,TRUE); + while(iterator->iterate(iterator, (void**)&attribute)) { - configuration_attribute_t *attribute; - iterator->current(iterator,(void **)&attribute); - status = attribute->payload_interface.verify(&(attribute->payload_interface)); + status = attribute->payload_interface.verify(&attribute->payload_interface); if (status != SUCCESS) { break; } } - iterator->destroy(iterator); return status; } @@ -182,12 +179,12 @@ static void set_next_type(private_cp_payload_t *this,payload_type_t type) static void compute_length(private_cp_payload_t *this) { iterator_t *iterator; + payload_t *current_attribute; size_t length = CP_PAYLOAD_HEADER_LENGTH; + iterator = this->attributes->create_iterator(this->attributes,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_attribute)) { - payload_t *current_attribute; - iterator->current(iterator,(void **) ¤t_attribute); length += current_attribute->get_length(current_attribute); } iterator->destroy(iterator); diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c index c33bea781..bec94d620 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/charon/encoding/payloads/encryption_payload.c @@ -188,14 +188,13 @@ static void set_next_type(private_encryption_payload_t *this, payload_type_t typ static void compute_length(private_encryption_payload_t *this) { iterator_t *iterator; + payload_t *current_payload; size_t block_size, length = 0; iterator = this->payloads->create_iterator(this->payloads, TRUE); /* count payload length */ - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **) ¤t_payload)) { - payload_t *current_payload; - iterator->current(iterator, (void **) ¤t_payload); length += current_payload->get_length(current_payload); } iterator->destroy(iterator); @@ -285,9 +284,8 @@ static void generate(private_encryption_payload_t *this) iterator = this->payloads->create_iterator(this->payloads, TRUE); /* get first payload */ - if (iterator->has_next(iterator)) + if (iterator->iterate(iterator, (void**)¤t_payload)) { - iterator->current(iterator, (void**)¤t_payload); this->next_payload = current_payload->get_type(current_payload); } else @@ -303,9 +301,8 @@ static void generate(private_encryption_payload_t *this) generator = generator_create(); /* build all payload, except last */ - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)&next_payload)) { - iterator->current(iterator, (void**)&next_payload); current_payload->set_next_type(current_payload, next_payload->get_type(next_payload)); generator->generate_payload(generator, current_payload); current_payload = next_payload; diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c index 5842f6e8b..3351c8a14 100644 --- a/src/charon/encoding/payloads/proposal_substructure.c +++ b/src/charon/encoding/payloads/proposal_substructure.c @@ -142,6 +142,7 @@ static status_t verify(private_proposal_substructure_t *this) { status_t status = SUCCESS; iterator_t *iterator; + payload_t *current_transform; if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2)) { @@ -186,11 +187,8 @@ static status_t verify(private_proposal_substructure_t *this) } iterator = this->transforms->create_iterator(this->transforms,TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_transform)) { - payload_t *current_transform; - iterator->current(iterator,(void **)¤t_transform); - status = current_transform->verify(current_transform); if (status != SUCCESS) { @@ -242,13 +240,13 @@ static void set_next_type(private_proposal_substructure_t *this,payload_type_t t static void compute_length(private_proposal_substructure_t *this) { iterator_t *iterator; + payload_t *current_transform; size_t transforms_count = 0; size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; + iterator = this->transforms->create_iterator(this->transforms,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_transform)) { - payload_t * current_transform; - iterator->current(iterator,(void **) ¤t_transform); length += current_transform->get_length(current_transform); transforms_count++; } @@ -390,21 +388,19 @@ static size_t get_spi_size (private_proposal_substructure_t *this) proposal_t* get_proposal(private_proposal_substructure_t *this) { iterator_t *iterator; + transform_substructure_t *transform; proposal_t *proposal; u_int64_t spi; proposal = proposal_create(this->protocol_id); iterator = this->transforms->create_iterator(this->transforms, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&transform)) { - transform_substructure_t *transform; transform_type_t transform_type; u_int16_t transform_id; u_int16_t key_length = 0; - iterator->current(iterator, (void**)&transform); - transform_type = transform->get_transform_type(transform); transform_id = transform->get_transform_id(transform); transform->get_key_length(transform, &key_length); @@ -434,38 +430,30 @@ proposal_t* get_proposal(private_proposal_substructure_t *this) */ static private_proposal_substructure_t* clone_(private_proposal_substructure_t *this) { - private_proposal_substructure_t * new_clone; + private_proposal_substructure_t *clone; iterator_t *transforms; + transform_substructure_t *current_transform; - new_clone = (private_proposal_substructure_t *) proposal_substructure_create(); - - new_clone->next_payload = this->next_payload; - new_clone->proposal_number = this->proposal_number; - new_clone->protocol_id = this->protocol_id; - new_clone->spi_size = this->spi_size; + clone = (private_proposal_substructure_t *) proposal_substructure_create(); + clone->next_payload = this->next_payload; + clone->proposal_number = this->proposal_number; + clone->protocol_id = this->protocol_id; + clone->spi_size = this->spi_size; if (this->spi.ptr != NULL) { - new_clone->spi.ptr = clalloc(this->spi.ptr,this->spi.len); - new_clone->spi.len = this->spi.len; + clone->spi.ptr = clalloc(this->spi.ptr,this->spi.len); + clone->spi.len = this->spi.len; } transforms = this->transforms->create_iterator(this->transforms,FALSE); - - while (transforms->has_next(transforms)) + while (transforms->iterate(transforms, (void**)¤t_transform)) { - transform_substructure_t *current_transform; - transform_substructure_t *current_transform_clone; - - transforms->current(transforms,(void **) ¤t_transform); - - current_transform_clone = current_transform->clone(current_transform); - - new_clone->public.add_transform_substructure(&(new_clone->public),current_transform_clone); + current_transform = current_transform->clone(current_transform); + clone->public.add_transform_substructure(&clone->public, current_transform); } - transforms->destroy(transforms); - return new_clone; + return clone; } /** @@ -533,49 +521,46 @@ proposal_substructure_t *proposal_substructure_create() */ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal) { - private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create(); + private_proposal_substructure_t *this = (private_proposal_substructure_t*) + proposal_substructure_create(); iterator_t *iterator; algorithm_t *algo; transform_substructure_t *transform; /* encryption algorithm is only availble in ESP */ iterator = proposal->create_algorithm_iterator(proposal, ENCRYPTION_ALGORITHM); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - iterator->current(iterator, (void**)&algo); - transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size); + transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, + algo->algorithm, algo->key_size); this->public.add_transform_substructure(&(this->public), transform); } iterator->destroy(iterator); /* integrity algorithms */ iterator = proposal->create_algorithm_iterator(proposal, INTEGRITY_ALGORITHM); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - algorithm_t *algo; - iterator->current(iterator, (void**)&algo); - transform = transform_substructure_create_type(INTEGRITY_ALGORITHM, algo->algorithm, algo->key_size); + transform = transform_substructure_create_type(INTEGRITY_ALGORITHM, + algo->algorithm, algo->key_size); this->public.add_transform_substructure(&(this->public), transform); } iterator->destroy(iterator); /* prf algorithms */ iterator = proposal->create_algorithm_iterator(proposal, PSEUDO_RANDOM_FUNCTION); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - algorithm_t *algo; - iterator->current(iterator, (void**)&algo); - transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION, algo->algorithm, algo->key_size); + transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION, + algo->algorithm, algo->key_size); this->public.add_transform_substructure(&(this->public), transform); } iterator->destroy(iterator); /* dh groups */ iterator = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - algorithm_t *algo; - iterator->current(iterator, (void**)&algo); transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, algo->algorithm, 0); this->public.add_transform_substructure(&(this->public), transform); } @@ -583,11 +568,10 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * /* extended sequence numbers */ iterator = proposal->create_algorithm_iterator(proposal, EXTENDED_SEQUENCE_NUMBERS); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&algo)) { - algorithm_t *algo; - iterator->current(iterator, (void**)&algo); - transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS, algo->algorithm, 0); + transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS, + algo->algorithm, 0); this->public.add_transform_substructure(&(this->public), transform); } iterator->destroy(iterator); diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c index f0a13eb58..751e83297 100644 --- a/src/charon/encoding/payloads/sa_payload.c +++ b/src/charon/encoding/payloads/sa_payload.c @@ -110,19 +110,18 @@ static status_t verify(private_sa_payload_t *this) int expected_number = 1, current_number; status_t status = SUCCESS; iterator_t *iterator; + proposal_substructure_t *current_proposal; bool first = TRUE; - /* check proposal numbering */ + /* check proposal numbering */ iterator = this->proposals->create_iterator(this->proposals,TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_proposal)) { - proposal_substructure_t *current_proposal; - iterator->current(iterator,(void **)¤t_proposal); current_number = current_proposal->get_proposal_number(current_proposal); if (current_number > expected_number) { - if (first) + if (first) { DBG1(SIG_DBG_ENC, "first proposal is not proposal #1"); status = FAILED; @@ -210,12 +209,12 @@ static void set_next_type(private_sa_payload_t *this,payload_type_t type) static void compute_length (private_sa_payload_t *this) { iterator_t *iterator; + payload_t *current_proposal; size_t length = SA_PAYLOAD_HEADER_LENGTH; + iterator = this->proposals->create_iterator(this->proposals,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)¤t_proposal)) { - payload_t *current_proposal; - iterator->current(iterator,(void **) ¤t_proposal); length += current_proposal->get_length(current_proposal); } iterator->destroy(iterator); @@ -280,6 +279,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) int struct_number = 0; int ignore_struct_number = 0; iterator_t *iterator; + proposal_substructure_t *proposal_struct; linked_list_t *proposal_list; /* this list will hold our proposals */ @@ -291,12 +291,10 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) * protocols. */ iterator = this->proposals->create_iterator(this->proposals, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void **)&proposal_struct)) { proposal_t *proposal; - proposal_substructure_t *proposal_struct; - iterator->current(iterator, (void **)&proposal_struct); /* check if a proposal has a single protocol */ if (proposal_struct->get_proposal_number(proposal_struct) == struct_number) { @@ -362,9 +360,8 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) /* add every payload from the list */ iterator = proposals->create_iterator(proposals, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&proposal)) { - iterator->current(iterator, (void**)&proposal); add_proposal((private_sa_payload_t*)sa_payload, proposal); } iterator->destroy(iterator); diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c index 944336cc7..f165507df 100644 --- a/src/charon/encoding/payloads/transform_substructure.c +++ b/src/charon/encoding/payloads/transform_substructure.c @@ -120,6 +120,7 @@ static status_t verify(private_transform_substructure_t *this) { status_t status = SUCCESS; iterator_t *iterator; + payload_t *current_attributes; if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) { @@ -146,11 +147,8 @@ static status_t verify(private_transform_substructure_t *this) } iterator = this->attributes->create_iterator(this->attributes,TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_attributes)) { - payload_t *current_attributes; - iterator->current(iterator,(void **)¤t_attributes); - status = current_attributes->verify(current_attributes); if (status != SUCCESS) { @@ -194,12 +192,12 @@ static payload_type_t get_next_type(private_transform_substructure_t *this) static void compute_length (private_transform_substructure_t *this) { iterator_t *iterator; + payload_t *current_attribute; size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; + iterator = this->attributes->create_iterator(this->attributes,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_attribute)) { - payload_t * current_attribute; - iterator->current(iterator,(void **) ¤t_attribute); length += current_attribute->get_length(current_attribute); } iterator->destroy(iterator); @@ -293,31 +291,24 @@ static u_int16_t get_transform_id (private_transform_substructure_t *this) */ static transform_substructure_t *clone_(private_transform_substructure_t *this) { - private_transform_substructure_t *new_clone; + private_transform_substructure_t *clone; iterator_t *attributes; + transform_attribute_t *current_attribute; - new_clone = (private_transform_substructure_t *) transform_substructure_create(); + clone = (private_transform_substructure_t *) transform_substructure_create(); + clone->next_payload = this->next_payload; + clone->transform_type = this->transform_type; + clone->transform_id = this->transform_id; - new_clone->next_payload = this->next_payload; - new_clone->transform_type = this->transform_type; - new_clone->transform_id = this->transform_id; - - attributes = this->attributes->create_iterator(this->attributes,FALSE); - - while (attributes->has_next(attributes)) + attributes = this->attributes->create_iterator(this->attributes, FALSE); + while (attributes->iterate(attributes, (void**)¤t_attribute)) { - transform_attribute_t *current_attribute; - transform_attribute_t *current_attribute_clone; - attributes->current(attributes,(void **) ¤t_attribute); - - current_attribute_clone = current_attribute->clone(current_attribute); - - new_clone->public.add_transform_attribute(&(new_clone->public),current_attribute_clone); + current_attribute = current_attribute->clone(current_attribute); + clone->public.add_transform_attribute(&clone->public, current_attribute); } - attributes->destroy(attributes); - return &(new_clone->public); + return &clone->public; } @@ -327,24 +318,19 @@ static transform_substructure_t *clone_(private_transform_substructure_t *this) static status_t get_key_length(private_transform_substructure_t *this, u_int16_t *key_length) { iterator_t *attributes; + transform_attribute_t *current_attribute; - attributes = this->attributes->create_iterator(this->attributes,TRUE); - - while (attributes->has_next(attributes)) + attributes = this->attributes->create_iterator(this->attributes, TRUE); + while (attributes->iterate(attributes, (void**)¤t_attribute)) { - transform_attribute_t *current_attribute; - attributes->current(attributes,(void **) ¤t_attribute); - if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) { *key_length = current_attribute->get_value(current_attribute); attributes->destroy(attributes); return SUCCESS; } - } attributes->destroy(attributes); - return FAILED; } diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/charon/encoding/payloads/ts_payload.c index cce2fc282..ae89919f6 100644 --- a/src/charon/encoding/payloads/ts_payload.c +++ b/src/charon/encoding/payloads/ts_payload.c @@ -123,6 +123,7 @@ encoding_rule_t ts_payload_encodings[] = { static status_t verify(private_ts_payload_t *this) { iterator_t *iterator; + payload_t *current_traffic_selector; status_t status = SUCCESS; if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) @@ -132,11 +133,8 @@ static status_t verify(private_ts_payload_t *this) } iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_traffic_selector)) { - payload_t *current_traffic_selector; - iterator->current(iterator,(void **)¤t_traffic_selector); - status = current_traffic_selector->verify(current_traffic_selector); if (status != SUCCESS) { @@ -196,11 +194,11 @@ static void compute_length (private_ts_payload_t *this) iterator_t *iterator; size_t ts_count = 0; size_t length = TS_PAYLOAD_HEADER_LENGTH; + payload_t *current_traffic_selector; + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t_traffic_selector)) { - payload_t * current_traffic_selector; - iterator->current(iterator,(void **) ¤t_traffic_selector); length += current_traffic_selector->get_length(current_traffic_selector); ts_count++; } @@ -208,7 +206,6 @@ static void compute_length (private_ts_payload_t *this) this->number_of_traffic_selectors= ts_count; this->payload_length = length; - } /** @@ -260,13 +257,12 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) { traffic_selector_t *ts; iterator_t *iterator; + traffic_selector_substructure_t *ts_substructure; linked_list_t *ts_list = linked_list_create(); iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&ts_substructure)) { - traffic_selector_substructure_t *ts_substructure; - iterator->current(iterator, (void**)&ts_substructure); ts = ts_substructure->get_traffic_selector(ts_substructure); ts_list->insert_last(ts_list, (void*)ts); } @@ -333,9 +329,8 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked this = (private_ts_payload_t*)ts_payload_create(is_initiator); iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&ts)) { - iterator->current(iterator, (void**)&ts); ts_substructure = traffic_selector_substructure_create_from_traffic_selector(ts); this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); } diff --git a/src/charon/queues/event_queue.c b/src/charon/queues/event_queue.c index 3a5b21039..df5284f80 100644 --- a/src/charon/queues/event_queue.c +++ b/src/charon/queues/event_queue.c @@ -182,7 +182,7 @@ static void add_absolute(private_event_queue_t *this, job_t *job, timeval_t time { event_t *event; event_t *current_event; - status_t status; + iterator_t *iterator; /* create event */ event = malloc_thing(event_t); @@ -192,7 +192,7 @@ static void add_absolute(private_event_queue_t *this, job_t *job, timeval_t time pthread_mutex_lock(&(this->mutex)); /* while just used to break out */ - while(1) + while(TRUE) { if (this->list->get_count(this->list) == 0) { @@ -219,18 +219,12 @@ static void add_absolute(private_event_queue_t *this, job_t *job, timeval_t time this->list->insert_first(this->list,event); break; } - - iterator_t * iterator; - + iterator = this->list->create_iterator(this->list,TRUE); - - iterator->has_next(iterator); + iterator->iterate(iterator, (void**)¤t_event); /* first element has not to be checked (already done) */ - - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)¤t_event)) { - status = iterator->current(iterator,(void **) ¤t_event); - if (time_difference(&(event->time), &(current_event->time)) <= 0) { /* my event has to be fired before the current event in list */ diff --git a/src/charon/sa/authenticator.c b/src/charon/sa/authenticator.c index d7b994e66..7a78b60f3 100644 --- a/src/charon/sa/authenticator.c +++ b/src/charon/sa/authenticator.c @@ -213,9 +213,12 @@ static status_t verify_auth_data (private_authenticator_t *this, } } - DBG1(SIG_DBG_IKE, "authentication of '%D' with %N %s", - other_id, auth_method_names, auth_method, - (status == SUCCESS)? "successful":"failed"); + if (status == SUCCESS) + { + DBG1(SIG_DBG_IKE, "authentication of '%D' with %N successful", + other_id, auth_method_names, auth_method); + } + return status; } diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index f1c62bd80..8c75a2f74 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -233,6 +233,7 @@ static child_sa_state_t get_state(private_child_sa_t *this) */ static void updown(private_child_sa_t *this, bool up) { + sa_policy_t *policy; iterator_t *iterator; if (this->script == NULL) @@ -241,18 +242,14 @@ static void updown(private_child_sa_t *this, bool up) } iterator = this->policies->create_iterator(this->policies, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&policy)) { - sa_policy_t *policy; char command[1024]; char *ifname = NULL; char *my_client, *other_client, *my_client_mask, *other_client_mask; char *pos; FILE *shell; - /* get ts strings */ - iterator->current(iterator, (void**)&policy); - /* get subnet/bits from string */ asprintf(&my_client, "%R", policy->my_ts); pos = strchr(my_client, '/'); @@ -430,9 +427,8 @@ static status_t alloc(private_child_sa_t *this, linked_list_t *proposals) /* iterator through proposals to update spis */ iterator = proposals->create_iterator(proposals, TRUE); - while(iterator->has_next(iterator)) + while(iterator->iterate(iterator, (void**)&proposal)) { - iterator->current(iterator, (void**)&proposal); if (alloc_proposal(this, proposal) != SUCCESS) { iterator->destroy(iterator); @@ -614,18 +610,15 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list /* iterate over both lists */ my_iter = my_ts_list->create_iterator(my_ts_list, TRUE); other_iter = other_ts_list->create_iterator(other_ts_list, TRUE); - while (my_iter->has_next(my_iter)) + while (my_iter->iterate(my_iter, (void**)&my_ts)) { - my_iter->current(my_iter, (void**)&my_ts); other_iter->reset(other_iter); - while (other_iter->has_next(other_iter)) + while (other_iter->iterate(other_iter, (void**)&other_ts)) { /* set up policies for every entry in my_ts_list to every entry in other_ts_list */ status_t status; sa_policy_t *policy; - other_iter->current(other_iter, (void**)&other_ts); - if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts)) { DBG2(SIG_DBG_CHD, diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 105285be7..7c77411bc 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -1056,6 +1056,11 @@ static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2) iterator_t *i1, *i2; traffic_selector_t *t1, *t2; + if (l1->get_count(l1) != l2->get_count(l2)) + { + return FALSE; + } + i1 = l1->create_iterator(l1, TRUE); i2 = l2->create_iterator(l2, TRUE); while (i1->iterate(i1, (void**)&t1) && i2->iterate(i2, (void**)&t2)) @@ -1066,11 +1071,6 @@ static bool ts_list_equals(linked_list_t *l1, linked_list_t *l2) break; } } - /* check if one iterator is not at the end */ - if (i1->has_next(i1) || i2->has_next(i2)) - { - equals = FALSE; - } i1->destroy(i1); i2->destroy(i2); return equals; @@ -1623,11 +1623,10 @@ static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol, child_sa_t *current, *found = NULL; iterator = this->child_sas->create_iterator(this->child_sas, TRUE); - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)¤t); + while (iterator->iterate(iterator, (void**)¤t)) + {; if (current->get_spi(current, inbound) == spi && - current->get_protocol(current) == protocol) + current->get_protocol(current) == protocol) { found = current; } diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index 0945b6b72..05e13fefe 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -191,6 +191,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa { linked_list_t *list = this->ike_sa_list; iterator_t *iterator; + entry_t *current; status_t status; iterator = list->create_iterator(list, TRUE); @@ -198,10 +199,8 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_t *ike_sa /* default status */ status = NOT_FOUND; - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t)) { - entry_t *current; - iterator->current(iterator, (void**)¤t); /* only pointers are compared */ if (current->ike_sa == ike_sa) { @@ -223,17 +222,16 @@ static status_t delete_entry(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list = this->ike_sa_list; iterator_t *iterator; + entry_t *current; status_t status; iterator = list->create_iterator(list, TRUE); status = NOT_FOUND; - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)¤t)) { - entry_t *current; - iterator->current(iterator, (void**)¤t); - if (current == entry) + if (current == entry) { /* mark it, so now new threads can get this entry */ entry->driveout_new_threads = TRUE; @@ -308,19 +306,18 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, identification_t *other_id) { iterator_t *iterator; + entry_t *entry; ike_sa_t *ike_sa = NULL; pthread_mutex_lock(&(this->mutex)); iterator = this->ike_sa_list->create_iterator(this->ike_sa_list, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&entry)) { - entry_t *entry; identification_t *found_my_id, *found_other_id; host_t *found_my_host, *found_other_host; int wc; - iterator->current(iterator, (void**)&entry); if (!wait_for_entry(this, entry)) { continue; @@ -496,16 +493,14 @@ static ike_sa_t* checkout_by_child(private_ike_sa_manager_t *this, u_int32_t reqid) { iterator_t *iterator; + entry_t *entry; ike_sa_t *ike_sa = NULL; pthread_mutex_lock(&(this->mutex)); iterator = this->ike_sa_list->create_iterator(this->ike_sa_list, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&entry)) { - entry_t *entry; - - iterator->current(iterator, (void**)&entry); if (wait_for_entry(this, entry)) { /* ok, access is exclusive for us, check for child */ @@ -526,18 +521,11 @@ static ike_sa_t* checkout_by_child(private_ike_sa_manager_t *this, } /** - * Iterator hook for iterate + * Iterator hook for iterate, gets ike_sas instead of entries */ -static bool iterate(iterator_t *iterator, void **value) +static void* iterator_hook(void *value) { - if (iterator->has_next(iterator)) - { - entry_t *entry; - iterator->current(iterator, (void**)&entry); - *value = entry->ike_sa; - return TRUE; - } - return FALSE; + return ((entry_t*)value)->ike_sa; } /** @@ -547,8 +535,8 @@ static iterator_t *create_iterator(private_ike_sa_manager_t* this) { iterator_t *iterator = this->ike_sa_list->create_iterator_locked( this->ike_sa_list, &this->mutex); - /* overload iterator */ - iterator->iterate = iterate; + /* register hook to iterator over ike_sas, not entries */ + iterator->set_iterator_hook(iterator, iterator_hook); return iterator; } @@ -818,9 +806,8 @@ static void destroy(private_ike_sa_manager_t *this) /* Step 1: drive out all waiting threads */ DBG2(SIG_DBG_MGR, "set driveout flags for all stored IKE_SA's"); iterator = list->create_iterator(list, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&entry)) { - iterator->current(iterator, (void**)&entry); /* do not accept new threads, drive out waiting threads */ entry->driveout_new_threads = TRUE; entry->driveout_waiting_threads = TRUE; @@ -828,9 +815,8 @@ static void destroy(private_ike_sa_manager_t *this) DBG2(SIG_DBG_MGR, "wait for all threads to leave IKE_SA's"); /* Step 2: wait until all are gone */ iterator->reset(iterator); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&entry)) { - iterator->current(iterator, (void**)&entry); while (entry->waiting_threads) { /* wake up all */ @@ -842,9 +828,8 @@ static void destroy(private_ike_sa_manager_t *this) DBG2(SIG_DBG_MGR, "delete all IKE_SA's"); /* Step 3: initiate deletion of all IKE_SAs */ iterator->reset(iterator); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&entry)) { - iterator->current(iterator, (void**)&entry); entry->ike_sa->delete(entry->ike_sa); } iterator->destroy(iterator); diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h index 659bdfbb2..d99c6bf52 100644 --- a/src/charon/sa/ike_sa_manager.h +++ b/src/charon/sa/ike_sa_manager.h @@ -106,8 +106,7 @@ struct ike_sa_manager_t { * * The avoid synchronization issues, the iterator locks access * to the manager exclusively, until it gets destroyed. - * Only use the iterate() functions of this iterator!!! Anything other - * is not implemented and causes crashes. + * This iterator is for reading only! Writing will corrupt the manager. * * @param this the manager object * @return iterator over all IKE_SAs. diff --git a/src/charon/sa/transactions/create_child_sa.c b/src/charon/sa/transactions/create_child_sa.c index 69d0d92ae..cc7b4c95e 100644 --- a/src/charon/sa/transactions/create_child_sa.c +++ b/src/charon/sa/transactions/create_child_sa.c @@ -271,7 +271,7 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result) this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy)); if (this->child_sa->alloc(this->child_sa, proposals) != SUCCESS) { - DBG1(SIG_DBG_IKE, "could not install CHILD_SA, CHILD_SA creation aborted"); + SIG(SIG_CHILD_FAILED, "could not install CHILD_SA, CHILD_SA creation aborted"); return FAILED; } sa_payload = sa_payload_create_from_proposal_list(proposals); @@ -285,6 +285,7 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result) if (this->randomizer->allocate_pseudo_random_bytes(this->randomizer, NONCE_SIZE, &this->nonce_i) != SUCCESS) { + SIG(SIG_CHILD_FAILED, "could not create nonce"); return FAILED; } nonce_payload = nonce_payload_create(); @@ -345,17 +346,17 @@ static status_t process_notifys(private_create_child_sa_t *this, notify_payload_ { case SINGLE_PAIR_REQUIRED: { - DBG1(SIG_DBG_IKE, "received a SINGLE_PAIR_REQUIRED notify"); + SIG(SIG_CHILD_FAILED, "received a SINGLE_PAIR_REQUIRED notify"); return FAILED; } case TS_UNACCEPTABLE: { - DBG1(SIG_DBG_IKE, "received TS_UNACCEPTABLE notify"); + SIG(SIG_CHILD_FAILED, "received TS_UNACCEPTABLE notify"); return FAILED; } case NO_PROPOSAL_CHOSEN: { - DBG1(SIG_DBG_IKE, "received NO_PROPOSAL_CHOSEN notify"); + SIG(SIG_CHILD_FAILED, "received NO_PROPOSAL_CHOSEN notify"); return FAILED; } case REKEY_SA: @@ -382,7 +383,7 @@ static status_t process_notifys(private_create_child_sa_t *this, notify_payload_ { if (notify_type < 16383) { - DBG1(SIG_DBG_IKE, "received %N notify error, CHILD_SA " + SIG(SIG_CHILD_FAILED, "received %N notify error, CHILD_SA " "creation failed", notify_type_names, notify_type); return FAILED; } @@ -480,6 +481,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request message_t *response; status_t status; iterator_t *payloads; + payload_t *payload; sa_payload_t *sa_request = NULL; nonce_payload_t *nonce_request = NULL; ts_payload_t *tsi_request = NULL; @@ -513,7 +515,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request /* check message type */ if (request->get_exchange_type(request) != CREATE_CHILD_SA) { - DBG1(SIG_DBG_IKE, "CREATE_CHILD_SA response of invalid type, aborted"); + SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA response of invalid type, aborted"); return FAILED; } @@ -523,16 +525,14 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { build_notify(NO_ADDITIONAL_SAS, CHUNK_INITIALIZER, response, TRUE); - DBG1(SIG_DBG_IKE, "unable to create new CHILD_SAs, as rekeying in progress"); + SIG(SIG_CHILD_FAILED, "unable to create new CHILD_SAs, as rekeying in progress"); return FAILED; } /* Iterate over all payloads. */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: @@ -552,7 +552,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request u_int8_t dh_buffer[] = {0x00, 0x00}; /* MODP_NONE */ chunk_t group = chunk_from_buf(dh_buffer); build_notify(INVALID_KE_PAYLOAD, group, response, TRUE); - DBG1(SIG_DBG_IKE, "CREATE_CHILD_SA used PFS, sending INVALID_KE_PAYLOAD"); + SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA used PFS, sending INVALID_KE_PAYLOAD"); return FAILED; } case NOTIFY: @@ -579,7 +579,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request if (!(sa_request && nonce_request && tsi_request && tsr_request)) { build_notify(INVALID_SYNTAX, CHUNK_INITIALIZER, response, TRUE); - DBG1(SIG_DBG_IKE, "request message incomplete, no CHILD_SA created"); + SIG(SIG_CHILD_FAILED, "request message incomplete, no CHILD_SA created"); return FAILED; } @@ -619,7 +619,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request if (this->policy == NULL) { - DBG1(SIG_DBG_IKE, "no acceptable policy found, adding TS_UNACCEPTABLE notify"); + SIG(SIG_CHILD_FAILED, "no acceptable policy found, sending TS_UNACCEPTABLE notify"); build_notify(TS_UNACCEPTABLE, CHUNK_INITIALIZER, response, TRUE); return FAILED; } @@ -642,14 +642,14 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request /* do we have a proposal? */ if (this->proposal == NULL) { - DBG1(SIG_DBG_IKE, "CHILD_SA proposals unacceptable, adding NO_PROPOSAL_CHOSEN notify"); + SIG(SIG_CHILD_FAILED, "CHILD_SA proposals unacceptable, sending NO_PROPOSAL_CHOSEN notify"); build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE); return FAILED; } /* do we have traffic selectors? */ else if (this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0) { - DBG1(SIG_DBG_IKE, "CHILD_SA traffic selectors unacceptable, adding TS_UNACCEPTABLE notify"); + SIG(SIG_CHILD_FAILED, "CHILD_SA traffic selectors unacceptable, sending TS_UNACCEPTABLE notify"); build_notify(TS_UNACCEPTABLE, CHUNK_INITIALIZER, response, TRUE); return FAILED; } @@ -670,7 +670,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy)); if (install_child_sa(this, FALSE) != SUCCESS) { - DBG1(SIG_DBG_IKE, "installing CHILD_SA failed, adding NO_PROPOSAL_CHOSEN notify"); + SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, sending NO_PROPOSAL_CHOSEN notify"); build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE); return FAILED; } @@ -710,6 +710,10 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request } this->rekeyed_sa->set_state(this->rekeyed_sa, CHILD_REKEYING); } + else + { + SIG(SIG_CHILD_UP, "CHILD_SA created"); + } return SUCCESS; } @@ -720,6 +724,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, transaction_t **next) { iterator_t *payloads; + payload_t *payload; host_t *me, *other; sa_payload_t *sa_payload = NULL; nonce_payload_t *nonce_payload = NULL; @@ -732,7 +737,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, /* check message type */ if (response->get_exchange_type(response) != CREATE_CHILD_SA) { - DBG1(SIG_DBG_IKE, "CREATE_CHILD_SA response of invalid type, aborting"); + SIG(SIG_CHILD_FAILED, "CREATE_CHILD_SA response of invalid type, aborting"); return FAILED; } @@ -741,10 +746,8 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, /* Iterate over all payloads to collect them */ payloads = response->get_payload_iterator(response); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: @@ -781,7 +784,7 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, if (!(sa_payload && nonce_payload && tsi_payload && tsr_payload)) { - DBG1(SIG_DBG_IKE, "response message incomplete, no CHILD_SA built"); + SIG(SIG_CHILD_FAILED, "response message incomplete, no CHILD_SA built"); return FAILED; } @@ -814,15 +817,16 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0) { - DBG1(SIG_DBG_IKE, "CHILD_SA creation failed"); + SIG(SIG_CHILD_FAILED, "CHILD_SA negotiation failed, no CHILD_SA built"); return FAILED; } new_child = this->child_sa; if (install_child_sa(this, TRUE) != SUCCESS) { - DBG1(SIG_DBG_IKE, "installing CHILD_SA failed, no CHILD_SA built"); + SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, no CHILD_SA built"); return FAILED; } + SIG(SIG_CHILD_UP, "CHILD_SA created"); } /* CHILD_SA successfully created. If the other peer initiated rekeying * in the meantime, we detect this by comparing the rekeying_transaction @@ -868,6 +872,10 @@ static status_t conclude(private_create_child_sa_t *this, message_t *response, *next = (transaction_t*)delete_child_sa; } } + else + { + SIG(SIG_CHILD_UP, "CHILD_SA created"); + } if (this->lost) { /* we have lost simlutaneous rekeying, delete the CHILD_SA we just have created */ diff --git a/src/charon/sa/transactions/delete_child_sa.c b/src/charon/sa/transactions/delete_child_sa.c index 96dc67ee8..834d3e1ed 100644 --- a/src/charon/sa/transactions/delete_child_sa.c +++ b/src/charon/sa/transactions/delete_child_sa.c @@ -217,6 +217,7 @@ static status_t get_response(private_delete_child_sa_t *this, message_t *request host_t *me, *other; message_t *response; iterator_t *payloads; + payload_t *payload; /* check if we already have built a response (retransmission) */ if (this->message) @@ -258,11 +259,8 @@ static status_t get_response(private_delete_child_sa_t *this, message_t *request /* iterate over all payloads */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); - switch (payload->get_type(payload)) { case DELETE: @@ -289,6 +287,7 @@ static status_t conclude(private_delete_child_sa_t *this, message_t *response, transaction_t **transaction) { iterator_t *payloads; + payload_t *payload; /* check message type */ if (response->get_exchange_type(response) != INFORMATIONAL) @@ -299,11 +298,8 @@ static status_t conclude(private_delete_child_sa_t *this, message_t *response, /* iterate over all payloads */ payloads = response->get_payload_iterator(response); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); - switch (payload->get_type(payload)) { case DELETE: diff --git a/src/charon/sa/transactions/delete_ike_sa.c b/src/charon/sa/transactions/delete_ike_sa.c index a0a01cdea..37158d3b9 100644 --- a/src/charon/sa/transactions/delete_ike_sa.c +++ b/src/charon/sa/transactions/delete_ike_sa.c @@ -125,6 +125,7 @@ static status_t get_response(private_delete_ike_sa_t *this, message_t *request, host_t *me, *other; message_t *response; iterator_t *payloads; + payload_t *payload; delete_payload_t *delete_request = NULL; /* check if we already have built a response (retransmission) @@ -160,11 +161,8 @@ static status_t get_response(private_delete_ike_sa_t *this, message_t *request, /* iterate over all payloads */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); - switch (payload->get_type(payload)) { case DELETE: diff --git a/src/charon/sa/transactions/ike_auth.c b/src/charon/sa/transactions/ike_auth.c index 44cd8079d..0d8c37166 100644 --- a/src/charon/sa/transactions/ike_auth.c +++ b/src/charon/sa/transactions/ike_auth.c @@ -271,7 +271,7 @@ static status_t get_request(private_ike_auth_t *this, message_t **result) authenticator->destroy(authenticator); if (status != SUCCESS) { - DBG1(SIG_DBG_IKE, "could not generate AUTH data, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "could not generate AUTH data, deleting IKE_SA"); return DESTROY_ME; } request->add_payload(request, (payload_t*)auth_payload); @@ -295,7 +295,7 @@ static status_t get_request(private_ike_auth_t *this, message_t **result) this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy)); if (this->child_sa->alloc(this->child_sa, proposal_list) != SUCCESS) { - DBG1(SIG_DBG_IKE, "could not install CHILD_SA, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "could not install CHILD_SA, deleting IKE_SA"); return DESTROY_ME; } sa_payload = sa_payload_create_from_proposal_list(proposal_list); @@ -364,8 +364,8 @@ static status_t process_notifies(private_ike_auth_t *this, notify_payload_t *not { if (notify_type < 16383) { - DBG1(SIG_DBG_IKE, "received %N notify error, deleting IKE_SA", - notify_type_names, notify_type); + SIG(SIG_IKE_FAILED, "received %N notify error, deleting IKE_SA", + notify_type_names, notify_type); return DESTROY_ME; } else @@ -504,6 +504,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, message_t *response; status_t status; iterator_t *payloads; + payload_t *payload; id_payload_t *idi_request = NULL; id_payload_t *idr_request = NULL; auth_payload_t *auth_request = NULL; @@ -538,16 +539,14 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, /* check message type */ if (request->get_exchange_type(request) != IKE_AUTH) { - DBG1(SIG_DBG_IKE, "IKE_AUTH response of invalid type, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA"); return DESTROY_ME; } /* Iterate over all payloads. */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case ID_INITIATOR: @@ -601,7 +600,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, if (!(idi_request && auth_request && sa_request && tsi_request && tsr_request)) { build_notify(INVALID_SYNTAX, response, TRUE); - DBG1(SIG_DBG_IKE, "request message incomplete, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "request message incomplete, deleting IKE_SA"); return DESTROY_ME; } @@ -639,8 +638,8 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, * traffic selectors. Then we would create a IKE_SA without a CHILD_SA. */ if (this->policy == NULL) { - DBG1(SIG_DBG_IKE, "no acceptable policy for IDs %D - %D found, deleting IKE_SA", - my_id, other_id); + SIG(SIG_IKE_FAILED, "no acceptable policy for IDs %D - %D found, " + "deleting IKE_SA", my_id, other_id); my_id->destroy(my_id); other_id->destroy(other_id); build_notify(AUTHENTICATION_FAILED, response, TRUE); @@ -696,7 +695,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, TRUE); if (status != SUCCESS) { - DBG1(SIG_DBG_IKE, "authentication failed, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "authentication failed, deleting IKE_SA"); build_notify(AUTHENTICATION_FAILED, response, TRUE); authenticator->destroy(authenticator); return DESTROY_ME; @@ -710,7 +709,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, authenticator->destroy(authenticator); if (status != SUCCESS) { - DBG1(SIG_DBG_IKE, "authentication data generation failed, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "authentication data generation failed, deleting IKE_SA"); build_notify(AUTHENTICATION_FAILED, response, TRUE); return DESTROY_ME; } @@ -736,13 +735,15 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, /* do we have a proposal? */ if (this->proposal == NULL) { - DBG1(SIG_DBG_IKE, "CHILD_SA proposals unacceptable, adding NO_PROPOSAL_CHOSEN notify"); + SIG(SIG_CHILD_FAILED, "CHILD_SA proposals unacceptable, no CHILD_SA created"); + DBG1(SIG_DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response"); build_notify(NO_PROPOSAL_CHOSEN, response, FALSE); } /* do we have traffic selectors? */ else if (this->tsi->get_count(this->tsi) == 0 || this->tsr->get_count(this->tsr) == 0) { - DBG1(SIG_DBG_IKE, "CHILD_SA traffic selectors unacceptable, adding TS_UNACCEPTABLE notify"); + SIG(SIG_CHILD_FAILED, "CHILD_SA traffic selectors unacceptable, no CHILD_SA created"); + DBG1(SIG_DBG_IKE, "adding TS_UNACCEPTABLE notify to response"); build_notify(TS_UNACCEPTABLE, response, FALSE); } else @@ -759,11 +760,16 @@ static status_t get_response(private_ike_auth_t *this, message_t *request, this->child_sa->set_name(this->child_sa, this->policy->get_name(this->policy)); if (install_child_sa(this, FALSE) != SUCCESS) { - DBG1(SIG_DBG_IKE, "installing CHILD_SA failed, adding NO_PROPOSAL_CHOSEN notify"); + SIG(SIG_IKE_FAILED, "installing CHILD_SA failed, no CHILD_SA created"); + DBG1(SIG_DBG_IKE, "adding NO_PROPOSAL_CHOSEN notify to response"); build_notify(NO_PROPOSAL_CHOSEN, response, FALSE); } - /* add proposal to sa payload */ - sa_response->add_proposal(sa_response, this->proposal); + else + { + /* add proposal to sa payload */ + sa_response->add_proposal(sa_response, this->proposal); + SIG(SIG_CHILD_UP, "CHILD_SA created"); + } } response->add_payload(response, (payload_t*)sa_response); @@ -786,6 +792,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, transaction_t **transaction) { iterator_t *payloads; + payload_t *payload; host_t *me, *other; identification_t *other_id; ts_payload_t *tsi_payload = NULL; @@ -799,7 +806,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, /* check message type */ if (response->get_exchange_type(response) != IKE_AUTH) { - DBG1(SIG_DBG_IKE, "IKE_AUTH response of invalid type, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "IKE_AUTH response of invalid type, deleting IKE_SA"); return DESTROY_ME; } @@ -808,11 +815,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, /* Iterate over all payloads to collect them */ payloads = response->get_payload_iterator(response); - while (payloads->has_next(payloads)) - { - payload_t *payload; - payloads->current(payloads, (void**)&payload); - + while (payloads->iterate(payloads, (void**)&payload)) + { switch (payload->get_type(payload)) { case ID_RESPONDER: @@ -861,7 +865,7 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, if (!(idr_payload && auth_payload && sa_payload && tsi_payload && tsr_payload)) { - DBG1(SIG_DBG_IKE, "response message incomplete, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "response message incomplete, deleting IKE_SA"); return DESTROY_ME; } @@ -875,8 +879,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, if (!other_id->matches(other_id, configured_other_id, &wildcards)) { other_id->destroy(other_id); - DBG1(SIG_DBG_IKE, "other peer uses unacceptable ID (%D, excepted %D), deleting IKE_SA", - other_id, configured_other_id); + SIG(SIG_IKE_FAILED, "other peer uses unacceptable ID (%D, excepted " + "%D), deleting IKE_SA", other_id, configured_other_id); return DESTROY_ME; } /* update other ID. It was already set, but may contain wildcards */ @@ -908,7 +912,8 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, authenticator->destroy(authenticator); if (status != SUCCESS) { - DBG1(SIG_DBG_IKE, "authentication failed, deleting IKE_SA"); + SIG(SIG_IKE_FAILED, "authentication of '%D' with %N failed, " + "deleting IKE_SA", other_id, auth_method_names, auth_method); return DESTROY_ME; } } @@ -939,13 +944,17 @@ static status_t conclude(private_ike_auth_t *this, message_t *response, this->tsr->get_count(this->tsr) == 0 || !this->build_child) { - DBG1(SIG_DBG_IKE, "CHILD_SA creation failed"); + SIG(SIG_CHILD_FAILED, "CHILD_SA negotiation failed, no CHILD_SA built"); } else { if (install_child_sa(this, TRUE) != SUCCESS) { - DBG1(SIG_DBG_IKE, "installing CHILD_SA failed, no CHILD_SA built"); + SIG(SIG_CHILD_FAILED, "installing CHILD_SA failed, no CHILD_SA built"); + } + else + { + SIG(SIG_CHILD_UP, "CHILD_SA created"); } } } diff --git a/src/charon/sa/transactions/ike_sa_init.c b/src/charon/sa/transactions/ike_sa_init.c index ab1af0c63..02b32c390 100644 --- a/src/charon/sa/transactions/ike_sa_init.c +++ b/src/charon/sa/transactions/ike_sa_init.c @@ -497,6 +497,7 @@ static status_t get_response(private_ike_sa_init_t *this, message_t *response; status_t status; iterator_t *payloads; + payload_t *payload; sa_payload_t *sa_request = NULL; ke_payload_t *ke_request = NULL; nonce_payload_t *nonce_request = NULL; @@ -562,10 +563,8 @@ static status_t get_response(private_ike_sa_init_t *this, /* Iterate over all payloads. */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: @@ -668,9 +667,8 @@ static status_t get_response(private_ike_sa_init_t *this, /* remove already added payloads */ iterator = response->get_payload_iterator(response); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&payload)) { - iterator->current(iterator, (void**)&payload); iterator->remove(iterator); payload->destroy(payload); } @@ -827,6 +825,7 @@ static status_t conclude(private_ike_sa_init_t *this, message_t *response, u_int64_t responder_spi; ike_sa_id_t *ike_sa_id; iterator_t *payloads; + payload_t *payload; host_t *me, *other; sa_payload_t *sa_payload = NULL; ke_payload_t *ke_payload = NULL; @@ -861,11 +860,8 @@ static status_t conclude(private_ike_sa_init_t *this, message_t *response, /* Iterate over all payloads to collect them */ payloads = response->get_payload_iterator(response); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); - switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: diff --git a/src/charon/sa/transactions/rekey_ike_sa.c b/src/charon/sa/transactions/rekey_ike_sa.c index 6bc2f5990..e4b518607 100644 --- a/src/charon/sa/transactions/rekey_ike_sa.c +++ b/src/charon/sa/transactions/rekey_ike_sa.c @@ -406,6 +406,7 @@ static status_t get_response(private_rekey_ike_sa_t *this, message_t *request, message_t *response; status_t status; iterator_t *payloads, *iterator; + payload_t *payload; child_sa_t *child_sa; sa_payload_t *sa_request = NULL; nonce_payload_t *nonce_request = NULL; @@ -488,10 +489,8 @@ static status_t get_response(private_rekey_ike_sa_t *this, message_t *request, /* Iterate over all payloads. */ payloads = request->get_payload_iterator(request); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: @@ -665,6 +664,7 @@ static status_t conclude(private_rekey_ike_sa_t *this, message_t *response, transaction_t **next) { iterator_t *payloads; + payload_t *payload; host_t *me, *other; sa_payload_t *sa_payload = NULL; nonce_payload_t *nonce_payload = NULL; @@ -687,10 +687,8 @@ static status_t conclude(private_rekey_ike_sa_t *this, message_t *response, /* Iterate over all payloads to collect them */ payloads = response->get_payload_iterator(response); - while (payloads->has_next(payloads)) + while (payloads->iterate(payloads, (void**)&payload)) { - payload_t *payload; - payloads->current(payloads, (void**)&payload); switch (payload->get_type(payload)) { case SECURITY_ASSOCIATION: diff --git a/src/charon/threads/kernel_interface.c b/src/charon/threads/kernel_interface.c index 5c220b0c8..b18d9aea2 100644 --- a/src/charon/threads/kernel_interface.c +++ b/src/charon/threads/kernel_interface.c @@ -266,14 +266,14 @@ static status_t send_message(private_kernel_interface_t *this, while (TRUE) { - iterator_t *iterator; + iterator_t *iterator; + struct nlmsghdr *listed_response; bool found = FALSE; + /* search list, break if found */ iterator = this->responses->create_iterator(this->responses, TRUE); - while (iterator->has_next(iterator)) + while (iterator->iterate(iterator, (void**)&listed_response)) { - struct nlmsghdr *listed_response; - iterator->current(iterator, (void**)&listed_response); if (listed_response->nlmsg_seq == request->nlmsg_seq) { /* matches our request, this is the reply */ diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c index f1c21c74b..ea8e5bfdc 100755 --- a/src/libstrongswan/crypto/crl.c +++ b/src/libstrongswan/crypto/crl.c @@ -385,16 +385,15 @@ static bool verify(const private_crl_t *this, const rsa_public_key_t *signer) static void get_status(const private_crl_t *this, certinfo_t *certinfo) { chunk_t serialNumber = certinfo->get_serialNumber(certinfo); - iterator_t *iterator = this->revokedCertificates->create_iterator(this->revokedCertificates, TRUE); - + iterator_t *iterator; + revokedCert_t *revokedCert; + certinfo->set_nextUpdate(certinfo, this->nextUpdate); certinfo->set_status(certinfo, CERT_GOOD); - - while (iterator->has_next(iterator)) + + iterator = this->revokedCertificates->create_iterator(this->revokedCertificates, TRUE); + while (iterator->iterate(iterator, (void**)&revokedCert)) { - revokedCert_t *revokedCert; - - iterator->current(iterator, (void**)&revokedCert); if (chunk_equals(serialNumber, revokedCert->userCertificate)) { certinfo->set_status(certinfo, CERT_REVOKED); diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c index 9f59a0ee4..419d26337 100755 --- a/src/libstrongswan/crypto/x509.c +++ b/src/libstrongswan/crypto/x509.c @@ -930,13 +930,12 @@ static bool is_self_signed(const private_x509_t *this) static bool equals_subjectAltName(const private_x509_t *this, identification_t *id) { bool found = FALSE; - iterator_t *iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE); - - while (iterator->has_next(iterator)) + identification_t *subjectAltName; + iterator_t *iterator; + + iterator = this->subjectAltNames->create_iterator(this->subjectAltNames, TRUE); + while (iterator->iterate(iterator, (void**)&subjectAltName)) { - identification_t *subjectAltName; - - iterator->current(iterator, (void**)&subjectAltName); if (id->equals(id, subjectAltName)) { found = TRUE; diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h index e2fd45d46..668fbb764 100644 --- a/src/libstrongswan/utils/iterator.h +++ b/src/libstrongswan/utils/iterator.h @@ -64,30 +64,20 @@ struct iterator_t { * - FALSE otherwise */ bool (*iterate) (iterator_t *this, void** value); - - /** - * @brief Moves to the next element, if available. - * - * A newly created iterator_t object doesn't point to any item. - * Call iterator_t.has_next first to point it to the first item. - * - * @param this calling object - * @return - * - TRUE, if more elements are available, - * - FALSE otherwise - */ - bool (*has_next) (iterator_t *this); - + /** - * @brief Returns the current value at the iterator position. + * @brief Hook a function into the iterator. + * + * Sometimes it is useful to hook in an iterator. The hook function is + * called before any successful return of iterate(). It takes the + * iterator value, may manipulate it (or the references object), and returns + * the value that the iterate() function returns. + * A value of NULL deactivates the iterator hook. * * @param this calling object - * @param[out] value value is set to the current value at iterator position - * @return - * - SUCCESS - * - FAILED if iterator on an invalid position + * @param hook iterator hook which manipulates the iterated value */ - status_t (*current) (iterator_t *this, void **value); + void (*set_iterator_hook) (iterator_t *this, void*(*hook)(void*)); /** * @brief Inserts a new item before the given iterator position. diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index 5510fe5d5..6ca10515e 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -128,6 +128,11 @@ struct private_iterator_t { * Mutex to use to synchronize access */ pthread_mutex_t *mutex; + + /** + * iteration hook + */ + void* (*hook)(void*); }; /** @@ -139,44 +144,32 @@ static int get_list_count(private_iterator_t *this) } /** - * Implementation of iterator_t.iterate. + * default iterator hook which does nothing */ -static bool iterate(private_iterator_t *this, void** value) +static void *iterator_hook(void *value) { - if (this->list->count == 0) - { - return FALSE; - } - if (this->current == NULL) - { - this->current = (this->forward) ? this->list->first : this->list->last; - *value = this->current->value; - return TRUE; - } - if (this->forward) + return value; +} + +/** + * Implementation of iterator_t.set_iterator_hook. + */ +static void set_iterator_hook(private_iterator_t *this, void*(*hook)(void*)) +{ + if (hook == NULL) { - if (this->current->next == NULL) - { - return FALSE; - } - this->current = this->current->next; - *value = this->current->value; - return TRUE; + this->hook = iterator_hook; } - /* backward */ - if (this->current->previous == NULL) + else { - return FALSE; + this->hook = hook; } - this->current = this->current->previous; - *value = this->current->value; - return TRUE; } /** - * Implementation of iterator_t.has_next. + * Implementation of iterator_t.iterate. */ -static bool iterator_has_next(private_iterator_t *this) +static bool iterate(private_iterator_t *this, void** value) { if (this->list->count == 0) { @@ -185,6 +178,7 @@ static bool iterator_has_next(private_iterator_t *this) if (this->current == NULL) { this->current = (this->forward) ? this->list->first : this->list->last; + *value = this->hook(this->current->value); return TRUE; } if (this->forward) @@ -194,6 +188,7 @@ static bool iterator_has_next(private_iterator_t *this) return FALSE; } this->current = this->current->next; + *value = this->hook(this->current->value); return TRUE; } /* backward */ @@ -202,23 +197,11 @@ static bool iterator_has_next(private_iterator_t *this) return FALSE; } this->current = this->current->previous; + *value = this->hook(this->current->value); return TRUE; } /** - * Implementation of iterator_t.current. - */ -static status_t iterator_current(private_iterator_t *this, void **value) -{ - if (this->current == NULL) - { - return NOT_FOUND; - } - *value = this->current->value; - return SUCCESS; -} - -/** * Implementation of iterator_t.reset. */ static void iterator_reset(private_iterator_t *this) @@ -314,7 +297,7 @@ static void insert_before(private_iterator_t * iterator, void *item) /** * Implementation of iterator_t.replace. */ -static status_t replace (private_iterator_t *this, void **old_item, void *new_item) +static status_t replace(private_iterator_t *this, void **old_item, void *new_item) { if (this->current == NULL) { @@ -322,7 +305,7 @@ static status_t replace (private_iterator_t *this, void **old_item, void *new_it } if (old_item != NULL) { - *old_item = this->current->value; + *old_item = this->hook(this->current->value); } this->current->value = new_item; @@ -332,7 +315,7 @@ static status_t replace (private_iterator_t *this, void **old_item, void *new_it /** * Implementation of iterator_t.insert_after. */ -static void insert_after(private_iterator_t * iterator, void *item) +static void insert_after(private_iterator_t *iterator, void *item) { if (iterator->current == NULL) { @@ -546,53 +529,57 @@ static status_t insert_at_position (private_linked_list_t *this,size_t position, /** * Implementation of linked_list_t.remove_at_position. */ -static status_t remove_at_position (private_linked_list_t *this,size_t position, void **item) +static status_t remove_at_position(private_linked_list_t *this,size_t position, void **item) { iterator_t *iterator; int i; - + if (this->count <= position) { return INVALID_ARG; } iterator = this->public.create_iterator(&(this->public),TRUE); - - iterator->has_next(iterator); - for (i = 0; i < position;i++) + iterator->iterate(iterator, item); + for (i = 0; i < position; i++) { - iterator->has_next(iterator); + if (!iterator->iterate(iterator, item)) + { + iterator->destroy(iterator); + return INVALID_ARG; + } } - iterator->current(iterator,item); iterator->remove(iterator); iterator->destroy(iterator); - + return SUCCESS; } /** * Implementation of linked_list_t.get_at_position. */ -static status_t get_at_position (private_linked_list_t *this,size_t position, void **item) +static status_t get_at_position(private_linked_list_t *this,size_t position, void **item) { int i; iterator_t *iterator; - status_t status; + if (this->count <= position) { return INVALID_ARG; } iterator = this->public.create_iterator(&(this->public),TRUE); - - iterator->has_next(iterator); - for (i = 0; i < position;i++) + iterator->iterate(iterator, item); + for (i = 0; i < position; i++) { - iterator->has_next(iterator); + if (!iterator->iterate(iterator, item)) + { + iterator->destroy(iterator); + return INVALID_ARG; + } } - status = iterator->current(iterator,item); iterator->destroy(iterator); - return status; + return SUCCESS; } /** @@ -684,8 +671,7 @@ static iterator_t *create_iterator(private_linked_list_t *linked_list, bool forw this->public.get_count = (bool (*) (iterator_t *this)) get_list_count; this->public.iterate = (bool (*) (iterator_t *this, void **value)) iterate; - this->public.has_next = (bool (*) (iterator_t *this)) iterator_has_next; - this->public.current = (status_t (*) (iterator_t *this, void **value)) iterator_current; + this->public.set_iterator_hook = (void(*)(iterator_t *this, void*(*)(void*)))set_iterator_hook; this->public.insert_before = (void (*) (iterator_t *this, void *item)) insert_before; this->public.insert_after = (void (*) (iterator_t *this, void *item)) insert_after; this->public.replace = (status_t (*) (iterator_t *, void **, void *)) replace; @@ -697,6 +683,7 @@ static iterator_t *create_iterator(private_linked_list_t *linked_list, bool forw this->current = NULL; this->list = linked_list; this->mutex = NULL; + this->hook = iterator_hook; return &this->public; } |