*/
auth_method_t auth_method;
- /**
- * Authenticator to use
- */
- authenticator_t *authenticator;
-
/** states of main mode */
enum {
MM_INIT,
return cfg;
}
+/**
+ * Create an authenticator, if supported
+ */
+static authenticator_t *create_authenticator(private_main_mode_t *this)
+{
+ authenticator_t *authenticator;
+ authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
+ this->auth_method, this->dh,
+ this->dh_value, this->sa_payload);
+ if (!authenticator)
+ {
+ DBG1(DBG_IKE, "negotiated authentication method %N not supported",
+ auth_method_names, this->auth_method);
+ }
+ return authenticator;
+}
+
/**
* Save the encoded SA payload of a message
*/
}
case MM_KE:
{
+ authenticator_t *authenticator;
id_payload_t *id_payload;
identification_t *id;
id_payload = id_payload_create_from_identification(ID_V1, id);
message->add_payload(message, &id_payload->payload_interface);
- if (this->authenticator->build(this->authenticator,
- message) != SUCCESS)
+ authenticator = create_authenticator(this);
+ if (!authenticator || authenticator->build(authenticator,
+ message) != SUCCESS)
{
+ DESTROY_IF(authenticator);
return FAILED;
}
+ authenticator->destroy(authenticator);
+
this->state = MM_AUTH;
return NEED_MORE;
}
}
case MM_KE:
{
+ authenticator_t *authenticator;
id_payload_t *id_payload;
identification_t *id;
return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
}
- if (this->authenticator->process(this->authenticator,
- message) != SUCCESS)
+ authenticator = create_authenticator(this);
+ if (!authenticator || authenticator->process(authenticator,
+ message) != SUCCESS)
{
+ DESTROY_IF(authenticator);
return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
}
- this->state = MM_AUTH;
+ authenticator->destroy(authenticator);
+ this->state = MM_AUTH;
if (has_notify_errors(this, message))
{
return FAILED;
charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, nonce_i, nonce_r,
NULL);
- this->authenticator = authenticator_create_v1(this->ike_sa, this->initiator,
- this->auth_method, this->dh,
- this->dh_value, this->sa_payload);
- if (!this->authenticator)
- {
- DBG1(DBG_IKE, "negotiated authentication method %N not supported",
- auth_method_names, this->auth_method);
- return FALSE;
- }
return TRUE;
}
}
case MM_AUTH:
{
+ authenticator_t *authenticator;
id_payload_t *id_payload;
identification_t *id;
id_payload = id_payload_create_from_identification(ID_V1, id);
message->add_payload(message, &id_payload->payload_interface);
- if (this->authenticator->build(this->authenticator,
- message) != SUCCESS)
+ authenticator = create_authenticator(this);
+ if (!authenticator || authenticator->build(authenticator,
+ message) != SUCCESS)
{
+ DESTROY_IF(authenticator);
return FAILED;
}
+ authenticator->destroy(authenticator);
if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
{
}
case MM_AUTH:
{
+ authenticator_t *authenticator;
id_payload_t *id_payload;
identification_t *id;
}
this->ike_sa->set_other_id(this->ike_sa, id);
- if (this->authenticator->process(this->authenticator,
- message) != SUCCESS)
+ authenticator = create_authenticator(this);
+ if (!authenticator || authenticator->process(authenticator,
+ message) != SUCCESS)
{
+ DESTROY_IF(authenticator);
return FAILED;
}
+ authenticator->destroy(authenticator);
switch (this->auth_method)
{
DESTROY_IF(this->peer_cfg);
DESTROY_IF(this->proposal);
DESTROY_IF(this->dh);
- DESTROY_IF(this->authenticator);
free(this->dh_value.ptr);
free(this->nonce_i.ptr);
free(this->nonce_r.ptr);
projects / thirdparty / strongswan.git / commitdiff
