From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 19 Aug 2013 07:52:12 +0000 (+0200)
Subject: Process PB-TNC batches received via PT-TLS asynchronously
X-Git-Tag: 5.1.1dr1~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e92d5f1145db47b1eb6a2edbfcf421d60460f2b;p=thirdparty%2Fstrongswan.git

Process PB-TNC batches received via PT-TLS asynchronously
---

diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 2e9c339674..f4b1ba9ce2 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -587,8 +587,7 @@ static bool pt_tls_receive_more(pt_tls_server_t *this, int fd,
 	switch (this->handle(this))
 	{
 		case NEED_MORE:
-			DBG1(DBG_TNC, "PT-TLS connection needs more");
-			break;
+			return TRUE;
 		case FAILED:
 		case SUCCESS:
 		default:
@@ -597,8 +596,6 @@ static bool pt_tls_receive_more(pt_tls_server_t *this, int fd,
 			close(fd);
 			return FALSE;
 	}
-
-	return TRUE;
 }
 
 /**
diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c
index 69dcdc08bd..9af00e7c26 100644
--- a/src/libpttls/pt_tls_server.c
+++ b/src/libpttls/pt_tls_server.c
@@ -400,75 +400,66 @@ static bool authenticate(private_pt_tls_server_t *this)
 /**
  * Perform assessment
  */
-static bool assess(private_pt_tls_server_t *this, tls_t *tnccs)
+static status_t assess(private_pt_tls_server_t *this, tls_t *tnccs)
 {
-	while (TRUE)
+	size_t msglen;
+	size_t buflen = PT_TLS_MAX_MESSAGE_LEN;
+	char buf[buflen];
+	bio_reader_t *reader;
+	u_int32_t vendor, type, identifier;
+	chunk_t data;
+	status_t status;
+
+	reader = pt_tls_read(this->tls, &vendor, &type, &identifier);
+	if (!reader)
 	{
-		size_t msglen;
-		size_t buflen = PT_TLS_MAX_MESSAGE_LEN;
-		char buf[buflen];
-		bio_reader_t *reader;
-		u_int32_t vendor, type, identifier;
-		chunk_t data;
-
-		switch (tnccs->build(tnccs, buf, &buflen, &msglen))
+		return FAILED;
+	}
+	if (vendor == 0)
+	{
+		if (type == PT_TLS_ERROR)
 		{
-			case SUCCESS:
-				return tnccs->is_complete(tnccs);
-			case ALREADY_DONE:
-				data = chunk_create(buf, buflen);
-				if (!pt_tls_write(this->tls, PT_TLS_PB_TNC_BATCH,
-								  this->identifier++, data))
-				{
-					return FALSE;
-				}
-				break;
-			case INVALID_STATE:
-				break;
-			case FAILED:
-			default:
-				return FALSE;
+			DBG1(DBG_TNC, "received PT-TLS error");
+			reader->destroy(reader);
+			return FAILED;
 		}
-
-		reader = pt_tls_read(this->tls, &vendor, &type, &identifier);
-		if (!reader)
+		if (type != PT_TLS_PB_TNC_BATCH)
 		{
-			return FALSE;
+			DBG1(DBG_TNC, "unexpected PT-TLS message: %d", type);
+			reader->destroy(reader);
+			return FAILED;
 		}
-		if (vendor == 0)
+		data = reader->peek(reader);
+		switch (tnccs->process(tnccs, data.ptr, data.len))
 		{
-			if (type == PT_TLS_ERROR)
-			{
-				DBG1(DBG_TNC, "received PT-TLS error");
+			case SUCCESS:
 				reader->destroy(reader);
-				return FALSE;
-			}
-			if (type != PT_TLS_PB_TNC_BATCH)
-			{
-				DBG1(DBG_TNC, "unexpected PT-TLS message: %d", type);
+				return tnccs->is_complete(tnccs) ? SUCCESS : FAILED;
+			case FAILED:
+			default:
 				reader->destroy(reader);
 				return FALSE;
-			}
-			data = reader->peek(reader);
-			switch (tnccs->process(tnccs, data.ptr, data.len))
-			{
-				case SUCCESS:
-					reader->destroy(reader);
-					return tnccs->is_complete(tnccs);
-				case FAILED:
-				default:
-					reader->destroy(reader);
-					return FALSE;
-				case NEED_MORE:
-					break;
-			}
+			case NEED_MORE:
+				break;
 		}
-		else
+	}
+	else
+	{
+		DBG1(DBG_TNC, "ignoring vendor specific PT-TLS message");
+	}
+	reader->destroy(reader);
+
+	status = tnccs->build(tnccs, buf, &buflen, &msglen);
+	if (status == ALREADY_DONE)
+	{
+		data = chunk_create(buf, buflen);
+		if (!pt_tls_write(this->tls, PT_TLS_PB_TNC_BATCH,
+						  this->identifier++, data))
 		{
-			DBG1(DBG_TNC, "ignoring vendor specific PT-TLS message");
+			return FAILED;
 		}
-		reader->destroy(reader);
 	}
+	return status;
 }
 
 METHOD(pt_tls_server_t, handle, status_t,
@@ -492,15 +483,20 @@ METHOD(pt_tls_server_t, handle, status_t,
 				return FAILED;
 			}
 			this->state = PT_TLS_SERVER_TNCCS;
+			DBG1(DBG_TNC, "entering PT-TLS data transport phase");
 			break;
 		case PT_TLS_SERVER_TNCCS:
-			DBG1(DBG_TNC, "entering PT-TLS data transport phase");
-			if (!assess(this, (tls_t*)this->tnccs))
+			switch (assess(this, (tls_t*)this->tnccs))
 			{
-				return FAILED;
+				case SUCCESS:
+					this->state = PT_TLS_SERVER_END;
+					return SUCCESS;
+				case FAILED:
+					return FAILED;
+				default:
+					break;
 			}
-			this->state = PT_TLS_SERVER_END;
-			return SUCCESS;
+			break;
 		default:
 			return FAILED;
 	}