ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

enabling reauthentication on mediation connections

This commit is contained in:
Tobias Brunner 2008-04-10 08:42:27 +00:00
parent 4a03518112
commit 78abba428f
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/charon/sa/ike_sa.c
View File

@ -2011,7 +2011,12 @@ static status_t reestablish(private_ike_sa_t *this)
{
DBG1(DBG_IKE, "initiator did not reauthenticate as requested");
if (this->other_virtual_ip != NULL ||
has_condition(this, COND_EAP_AUTHENTICATED))
has_condition(this, COND_EAP_AUTHENTICATED)
#ifdef ME
/* if we are mediation server we too cannot reauth the IKE_SA */
|| this->is_mediation_server
#endif /* ME */
)
{
time_t now = time(NULL);

26
src/charon/sa/tasks/ike_reauth.c
View File

@ -61,13 +61,21 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
host_t *host;
iterator_t *iterator;
child_sa_t *child_sa;
peer_cfg_t *peer_cfg;
/* process delete response first */
this->ike_delete->task.process(&this->ike_delete->task, message);
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
/* reestablish only if we have children */
iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa);
if (iterator->get_count(iterator) == 0)
if (iterator->get_count(iterator) == 0
#ifdef ME
/* we allow a peer to reauth a mediation connection (without CHILD_SA) */
&& !peer_cfg->is_mediation(peer_cfg)
#endif /* ME */
)
{
DBG1(DBG_IKE, "unable to reestablish IKE_SA, no CHILD_SA to recreate");
iterator->destroy(iterator);
@ -76,7 +84,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE);
new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
new->set_peer_cfg(new, peer_cfg);
host = this->ike_sa->get_other_host(this->ike_sa);
new->set_other_host(new, host->clone(host));
host = this->ike_sa->get_my_host(this->ike_sa);
@ -88,6 +96,20 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
new->set_virtual_ip(new, TRUE, host);
}
#ifdef ME
/* we initiate the new IKE_SA of the mediation connection without CHILD_SA */
if (peer_cfg->is_mediation(peer_cfg))
{
if (new->initiate(new, NULL) == DESTROY_ME)
{
charon->ike_sa_manager->checkin_and_destroy(
charon->ike_sa_manager, new);
DBG1(DBG_IKE, "reestablishing IKE_SA failed");
return FAILED;
}
}
#endif /* ME */
while (iterator->iterate(iterator, (void**)&child_sa))
{
switch (child_sa->get_state(child_sa))