ike-auth: Move packet collection to post_build() method

This way we avoid having to pre-generate the message when it could
theoretically still get modified by a task that follows or from a plugin
via message() hook.

diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index e6256b1266fbd2f553aef286cde5589c66f9bd9e..ec887b9c76bcf2db6eea07c8a441dc0bbef5dd75 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2018 Tobias Brunner
+ * Copyright (C) 2012-2019 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  *
@@ -159,20 +159,15 @@ static status_t collect_my_init_data(private_ike_auth_t *this,
 {
        nonce_payload_t *nonce;
 
-       /* get the nonce that was generated in ike_init */
+       /* get the nonce that was generated in ike_init and a copy of the complete
+        * packet */
        nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
-       if (!nonce)
+       if (!nonce || !message->is_encoded(message))
        {
                return FAILED;
        }
        this->my_nonce = nonce->get_nonce(nonce);
-
-       /* pre-generate the message, keep a copy */
-       if (this->ike_sa->generate_message(this->ike_sa, message,
-                                                                          &this->my_packet) != SUCCESS)
-       {
-               return FAILED;
-       }
+       this->my_packet = message->get_packet(message);
        return NEED_MORE;
 }
 
@@ -597,8 +592,6 @@ METHOD(task_t, build_i, status_t,
 
        switch (message->get_exchange_type(message))
        {
-               case IKE_SA_INIT:
-                       return collect_my_init_data(this, message);
                case IKE_AUTH:
                        if (!this->first_auth)
                        {       /* some special handling for the first IKE_AUTH message below */
@@ -751,6 +744,18 @@ METHOD(task_t, build_i, status_t,
        return NEED_MORE;
 }
 
+METHOD(task_t, post_build_i, status_t,
+       private_ike_auth_t *this, message_t *message)
+{
+       switch (message->get_exchange_type(message))
+       {
+               case IKE_SA_INIT:
+                       return collect_my_init_data(this, message);
+               default:
+                       return NEED_MORE;
+       }
+}
+
 METHOD(task_t, process_r, status_t,
        private_ike_auth_t *this, message_t *message)
 {
@@ -978,7 +983,7 @@ METHOD(task_t, build_r, status_t,
                                message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED,
                                                                        chunk_empty);
                        }
-                       return collect_my_init_data(this, message);
+                       return NEED_MORE;
                case IKE_AUTH:
                        break;
                default:
@@ -1184,6 +1189,18 @@ local_auth_failed:
        return FAILED;
 }
 
+METHOD(task_t, post_build_r, status_t,
+       private_ike_auth_t *this, message_t *message)
+{
+       switch (message->get_exchange_type(message))
+       {
+               case IKE_SA_INIT:
+                       return collect_my_init_data(this, message);
+               default:
+                       return NEED_MORE;
+       }
+}
+
 /**
  * Send an INFORMATIONAL message with an AUTH_FAILED before closing IKE_SA
  */
@@ -1576,6 +1593,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator)
                                .get_type = _get_type,
                                .migrate = _migrate,
                                .build = _build_r,
+                               .post_build = _post_build_r,
                                .process = _process_r,
                                .destroy = _destroy,
                        },
@@ -1589,6 +1607,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator)
        if (initiator)
        {
                this->public.task.build = _build_i;
+               this->public.task.post_build = _post_build_i;
                this->public.task.process = _process_i;
        }
        return &this->public;