Revision e1fa02bc
| b/src/charon/sa/tasks/ike_cert_pre.c | ||
|---|---|---|
| 49 | 49 |
* Do we accept HTTP certificate lookup requests |
| 50 | 50 |
*/ |
| 51 | 51 |
bool do_http_lookup; |
| 52 |
|
|
| 53 |
/** |
|
| 54 |
* wheter this is the final authentication round |
|
| 55 |
*/ |
|
| 56 |
bool final; |
|
| 52 | 57 |
}; |
| 53 | 58 |
|
| 54 | 59 |
/** |
| ... | ... | |
| 387 | 392 |
} |
| 388 | 393 |
|
| 389 | 394 |
/** |
| 395 |
* Check if this is the final authentication round |
|
| 396 |
*/ |
|
| 397 |
static bool final_auth(message_t *message) |
|
| 398 |
{
|
|
| 399 |
enumerator_t *enumerator; |
|
| 400 |
payload_t *payload; |
|
| 401 |
notify_payload_t *notify; |
|
| 402 |
|
|
| 403 |
/* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ |
|
| 404 |
if (message->get_payload(message, AUTHENTICATION) == NULL) |
|
| 405 |
{
|
|
| 406 |
return FALSE; |
|
| 407 |
} |
|
| 408 |
enumerator = message->create_payload_enumerator(message); |
|
| 409 |
while (enumerator->enumerate(enumerator, &payload)) |
|
| 410 |
{
|
|
| 411 |
if (payload->get_type(payload) == NOTIFY) |
|
| 412 |
{
|
|
| 413 |
notify = (notify_payload_t*)payload; |
|
| 414 |
if (notify->get_notify_type(notify) == ANOTHER_AUTH_FOLLOWS) |
|
| 415 |
{
|
|
| 416 |
enumerator->destroy(enumerator); |
|
| 417 |
return FALSE; |
|
| 418 |
} |
|
| 419 |
} |
|
| 420 |
} |
|
| 421 |
enumerator->destroy(enumerator); |
|
| 422 |
return TRUE; |
|
| 423 |
} |
|
| 424 |
|
|
| 425 |
/** |
|
| 390 | 426 |
* Implementation of task_t.process for initiator |
| 391 | 427 |
*/ |
| 392 | 428 |
static status_t build_i(private_ike_cert_pre_t *this, message_t *message) |
| ... | ... | |
| 408 | 444 |
process_certreqs(this, message); |
| 409 | 445 |
process_certs(this, message); |
| 410 | 446 |
} |
| 447 |
this->final = final_auth(message); |
|
| 411 | 448 |
return NEED_MORE; |
| 412 | 449 |
} |
| 413 | 450 |
|
| ... | ... | |
| 420 | 457 |
{
|
| 421 | 458 |
build_certreqs(this, message); |
| 422 | 459 |
} |
| 423 |
if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) |
|
| 460 |
if (this->final) |
|
| 424 | 461 |
{
|
| 425 | 462 |
return SUCCESS; |
| 426 | 463 |
} |
| ... | ... | |
| 438 | 475 |
} |
| 439 | 476 |
process_certs(this, message); |
| 440 | 477 |
|
| 441 |
/* as ike_auth is not processed yet, we don't know if authentication |
|
| 442 |
* is complete (and we can return SUCCESS). Therefore we check for |
|
| 443 |
* an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify. */ |
|
| 444 |
if (message->get_payload(message, AUTHENTICATION)) |
|
| 478 |
if (final_auth(message)) |
|
| 445 | 479 |
{
|
| 446 |
enumerator_t *enumerator; |
|
| 447 |
payload_t *payload; |
|
| 448 |
notify_payload_t *notify; |
|
| 449 |
bool done = TRUE; |
|
| 450 |
|
|
| 451 |
enumerator = message->create_payload_enumerator(message); |
|
| 452 |
while (enumerator->enumerate(enumerator, &payload)) |
|
| 453 |
{
|
|
| 454 |
if (payload->get_type(payload) == NOTIFY) |
|
| 455 |
{
|
|
| 456 |
notify = (notify_payload_t*)payload; |
|
| 457 |
if (notify->get_notify_type(notify) == ANOTHER_AUTH_FOLLOWS) |
|
| 458 |
{
|
|
| 459 |
done = FALSE; |
|
| 460 |
} |
|
| 461 |
} |
|
| 462 |
} |
|
| 463 |
enumerator->destroy(enumerator); |
|
| 464 |
if (done) |
|
| 465 |
{
|
|
| 466 |
return SUCCESS; |
|
| 467 |
} |
|
| 480 |
return SUCCESS; |
|
| 468 | 481 |
} |
| 469 | 482 |
return NEED_MORE; |
| 470 | 483 |
} |
| ... | ... | |
| 518 | 531 |
this->ike_sa = ike_sa; |
| 519 | 532 |
this->initiator = initiator; |
| 520 | 533 |
this->do_http_lookup = FALSE; |
| 534 |
this->final = FALSE; |
|
| 521 | 535 |
|
| 522 | 536 |
return &this->public; |
| 523 | 537 |
} |
Also available in: Unified diff