From: Martin Willi <martin@revosec.ch>
Date: Mon, 7 Jul 2014 09:10:43 +0000 (+0200)
Subject: ikev1: Defer Mode Config push after CHILD adoption when using XAuth
X-Git-Tag: 5.2.1dr1~97^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f243dfaa958b8411f6c74a9058d9875ad242b92;p=thirdparty%2Fstrongswan.git

ikev1: Defer Mode Config push after CHILD adoption when using XAuth
---

diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 3101ab6eeb..710bf1cd2d 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -476,6 +476,7 @@ METHOD(task_t, process_r, status_t,
 		case AM_AUTH:
 		{
 			adopt_children_job_t *job = NULL;
+			xauth_t *xauth = NULL;
 
 			while (TRUE)
 			{
@@ -506,8 +507,8 @@ METHOD(task_t, process_r, status_t,
 				case AUTH_XAUTH_INIT_PSK:
 				case AUTH_XAUTH_INIT_RSA:
 				case AUTH_HYBRID_INIT_RSA:
-					this->ike_sa->queue_task(this->ike_sa,
-									(task_t*)xauth_create(this->ike_sa, TRUE));
+					xauth = xauth_create(this->ike_sa, TRUE);
+					this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
 					break;
 				case AUTH_XAUTH_RESP_PSK:
 				case AUTH_XAUTH_RESP_RSA:
@@ -548,6 +549,10 @@ METHOD(task_t, process_r, status_t,
 						job->queue_task(job, (task_t*)
 								mode_config_create(this->ike_sa, TRUE, FALSE));
 					}
+					else if (xauth)
+					{
+						xauth->queue_mode_config_push(xauth);
+					}
 					else
 					{
 						this->ike_sa->queue_task(this->ike_sa, (task_t*)
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index c264dd44d0..2fb4c6935a 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -480,6 +480,7 @@ METHOD(task_t, build_r, status_t,
 			id_payload_t *id_payload;
 			identification_t *id;
 			adopt_children_job_t *job = NULL;
+			xauth_t *xauth = NULL;
 
 			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
 			if (!id)
@@ -503,8 +504,8 @@ METHOD(task_t, build_r, status_t,
 				case AUTH_XAUTH_INIT_PSK:
 				case AUTH_XAUTH_INIT_RSA:
 				case AUTH_HYBRID_INIT_RSA:
-					this->ike_sa->queue_task(this->ike_sa,
-									(task_t*)xauth_create(this->ike_sa, TRUE));
+					xauth = xauth_create(this->ike_sa, TRUE);
+					this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
 					break;
 				case AUTH_XAUTH_RESP_PSK:
 				case AUTH_XAUTH_RESP_RSA:
@@ -544,6 +545,10 @@ METHOD(task_t, build_r, status_t,
 						job->queue_task(job, (task_t*)
 								mode_config_create(this->ike_sa, TRUE, FALSE));
 					}
+					else if (xauth)
+					{
+						xauth->queue_mode_config_push(xauth);
+					}
 					else
 					{
 						this->ike_sa->queue_task(this->ike_sa, (task_t*)
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index bdc5d67f75..a770e90ffd 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -19,6 +19,7 @@
 #include <hydra.h>
 #include <encoding/payloads/cp_payload.h>
 #include <processing/jobs/adopt_children_job.h>
+#include <sa/ikev1/tasks/mode_config.h>
 
 typedef struct private_xauth_t private_xauth_t;
 
@@ -74,6 +75,11 @@ struct private_xauth_t {
 	 * status of Xauth exchange
 	 */
 	xauth_status_t status;
+
+	/**
+	 * Queue a Mode Config Push mode after completing XAuth?
+	 */
+	bool mode_config_push;
 };
 
 /**
@@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t,
 	private_xauth_t *this, message_t *message)
 {
 	cp_payload_t *cp;
+	adopt_children_job_t *job;
 
 	cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION);
 	if (!cp || cp->get_type(cp) != CFG_ACK)
@@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t,
 		return FAILED;
 	}
 	this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
-	lib->processor->queue_job(lib->processor, (job_t*)
-				adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
+	job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa));
+	if (this->mode_config_push)
+	{
+		job->queue_task(job,
+				(task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+	}
+	lib->processor->queue_job(lib->processor, (job_t*)job);
 	return SUCCESS;
 }
 
@@ -511,6 +523,12 @@ METHOD(task_t, migrate, void,
 	}
 }
 
+METHOD(xauth_t, queue_mode_config_push, void,
+	private_xauth_t *this)
+{
+	this->mode_config_push = TRUE;
+}
+
 METHOD(task_t, destroy, void,
 	private_xauth_t *this)
 {
@@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator)
 				.migrate = _migrate,
 				.destroy = _destroy,
 			},
+			.queue_mode_config_push = _queue_mode_config_push,
 		},
 		.initiator = initiator,
 		.ike_sa = ike_sa,
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.h b/src/libcharon/sa/ikev1/tasks/xauth.h
index 303eb31ce2..ffaf32a32e 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.h
+++ b/src/libcharon/sa/ikev1/tasks/xauth.h
@@ -36,6 +36,11 @@ struct xauth_t {
 	 * Implements the task_t interface
 	 */
 	task_t task;
+
+	/**
+	 * Queue a Mode Config in Push mode after completing XAuth.
+	 */
+	void (*queue_mode_config_push)(xauth_t *this);
 };
 
 /**