164 lines
4.4 KiB
C
164 lines
4.4 KiB
C
/**
|
|
* @file delete_requested.c
|
|
*
|
|
* @brief Implementation of delete_requested_t.
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2006 Martin Willi
|
|
* Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include "delete_requested.h"
|
|
|
|
#include <daemon.h>
|
|
|
|
|
|
typedef struct private_delete_requested_t private_delete_requested_t;
|
|
|
|
/**
|
|
* Private data of a delete_requested_t object.
|
|
*/
|
|
struct private_delete_requested_t {
|
|
|
|
/**
|
|
* methods of the state_t interface
|
|
*/
|
|
delete_requested_t public;
|
|
|
|
/**
|
|
* Assigned IKE_SA.
|
|
*/
|
|
protected_ike_sa_t *ike_sa;
|
|
|
|
/**
|
|
* Assigned logger. Use logger of IKE_SA.
|
|
*/
|
|
logger_t *logger;
|
|
};
|
|
|
|
/**
|
|
* Implements state_t.get_state
|
|
*/
|
|
static status_t process_message(private_delete_requested_t *this, message_t *message)
|
|
{
|
|
ike_sa_id_t *ike_sa_id;
|
|
crypter_t *crypter;
|
|
signer_t *signer;
|
|
status_t status;
|
|
|
|
/* Notation as follows:
|
|
* Mx{D} means: Message, with message ID "x", containing a Delete payload
|
|
*
|
|
* The clarifcation Document says in 5.8, that a IKE_SA delete should not
|
|
* be acknowledged with the same delete. This only makes sense for CHILD_SAs,
|
|
* as they are paired. IKE_SAs are not, there is only one for both ends.
|
|
*
|
|
* Normal case:
|
|
* ----------------
|
|
* Mx{D} -->
|
|
* <-- Mx{}
|
|
* Delete request is sent, and we wait for the acknowledge.
|
|
*
|
|
* Special case 1:
|
|
* ---------------
|
|
* Mx{D} -->
|
|
* <-- My{D}
|
|
* My{} -->
|
|
* <-- Mx{}
|
|
* Both initate a delete at the same time. We ack the delete, but wait for
|
|
* our delete to be acknowledged.
|
|
*/
|
|
|
|
if (message->get_exchange_type(message) != INFORMATIONAL)
|
|
{
|
|
/* anything other than information is ignored. We can an will not handle
|
|
* messages such as CREATE_CHILD_SA */
|
|
this->logger->log(this->logger, ERROR | LEVEL1,
|
|
"%s messages not supported in state delete_requested. Ignored",
|
|
mapping_find(exchange_type_m, message->get_exchange_type(message)));
|
|
return FAILED;
|
|
}
|
|
|
|
if (message->get_request(message))
|
|
{
|
|
/* if it is a request, not a reply to our delete request, we
|
|
* just acknowledge this. We stay in our state, as the other peer
|
|
* has to ACK our request.
|
|
*/
|
|
message_t *acknowledge;
|
|
this->ike_sa->build_message(this->ike_sa, INFORMATIONAL, FALSE, &acknowledge);
|
|
return this->ike_sa->send_response(this->ike_sa, acknowledge);
|
|
}
|
|
|
|
/* get signer for verification and crypter for decryption */
|
|
ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
|
|
if (!ike_sa_id->is_initiator(ike_sa_id))
|
|
{
|
|
crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
|
|
signer = this->ike_sa->get_signer_initiator(this->ike_sa);
|
|
}
|
|
else
|
|
{
|
|
crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
|
|
signer = this->ike_sa->get_signer_responder(this->ike_sa);
|
|
}
|
|
|
|
/* parse incoming message, check if it's proper signed */
|
|
status = message->parse_body(message, crypter, signer);
|
|
if (status != SUCCESS)
|
|
{
|
|
this->logger->log(this->logger, AUDIT, "INFORMATIONAL message decryption failed. Ignoring message");
|
|
return status;
|
|
}
|
|
|
|
/* ok, he knows about the deletion, destroy this IKE SA */
|
|
return DESTROY_ME;
|
|
}
|
|
|
|
/**
|
|
* Implementation of state_t.get_state.
|
|
*/
|
|
static ike_sa_state_t get_state(private_delete_requested_t *this)
|
|
{
|
|
return DELETE_REQUESTED;
|
|
}
|
|
|
|
/**
|
|
* Implementation of state_t.get_state
|
|
*/
|
|
static void destroy(private_delete_requested_t *this)
|
|
{
|
|
free(this);
|
|
}
|
|
|
|
/*
|
|
* Described in header.
|
|
*/
|
|
delete_requested_t *delete_requested_create(protected_ike_sa_t *ike_sa)
|
|
{
|
|
private_delete_requested_t *this = malloc_thing(private_delete_requested_t);
|
|
|
|
/* interface functions */
|
|
this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
|
|
this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
|
|
this->public.state_interface.destroy = (void (*) (state_t *)) destroy;
|
|
|
|
/* private data */
|
|
this->ike_sa = ike_sa;
|
|
this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
|
|
|
|
return &(this->public);
|
|
}
|