diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2014-05-07 10:52:48 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2014-05-07 10:52:48 +0000 |
| commit | 7942c61e54e00b34d0d687504f2260beb917762d (patch) | |
| tree | fbdd62824790f356f5a911f6f08d6e080e4d554b /sbin/iked | |
| parent | a5fe9520b8a270dcbf4c36ce6c0362fae0cd35ed (diff) | |
factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)
from ikev2_ike_auth_recv() code (message parsing; used once); ok mikeb@
Diffstat (limited to 'sbin/iked')
| -rw-r--r-- | sbin/iked/ikev2.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index a0d02f29533..552ca7227de 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.108 2014/05/06 14:10:53 markus Exp $ */ +/* $OpenBSD: ikev2.c,v 1.109 2014/05/07 10:52:47 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -54,8 +54,9 @@ struct iked_sa * u_int8_t *, u_int8_t **, size_t *); void ikev2_recv(struct iked *, struct iked_message *); -int ikev2_ike_auth(struct iked *, struct iked_sa *, +int ikev2_ike_auth_recv(struct iked *, struct iked_sa *, struct iked_message *); +int ikev2_ike_auth(struct iked *, struct iked_sa *); void ikev2_init_recv(struct iked *, struct iked_message *, struct ike_header *); @@ -253,7 +254,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) log_warnx("%s: peer certificate is invalid", __func__); } - if (ikev2_ike_auth(env, sa, NULL) != 0) + if (ikev2_ike_auth(env, sa) != 0) log_debug("%s: failed to send ike auth", __func__); break; case IMSG_CERT: @@ -296,7 +297,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) sa_stateflags(sa, IKED_REQ_CERT); - if (ikev2_ike_auth(env, sa, NULL) != 0) + if (ikev2_ike_auth(env, sa) != 0) log_debug("%s: failed to send ike auth", __func__); break; case IMSG_AUTH: @@ -331,7 +332,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) /* Switch in case we already have certvalid or authvalid */ sa_state(env, sa, IKEV2_STATE_VALID); - if (ikev2_ike_auth(env, sa, NULL) != 0) + if (ikev2_ike_auth(env, sa) != 0) log_debug("%s: failed to send ike auth", __func__); break; default: @@ -490,7 +491,7 @@ done: } int -ikev2_ike_auth(struct iked *env, struct iked_sa *sa, +ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, struct iked_message *msg) { struct iked_id *id, *certid; @@ -499,9 +500,6 @@ ikev2_ike_auth(struct iked *env, struct iked_sa *sa, struct iked_policy *policy = sa->sa_policy; int ret = -1; - if (msg == NULL) - goto done; - if (sa->sa_hdr.sh_initiator) { id = &sa->sa_rid; certid = &sa->sa_rcert; @@ -635,7 +633,12 @@ ikev2_ike_auth(struct iked *env, struct iked_sa *sa, } else sa_stateflags(sa, IKED_REQ_SA); } - done: + return ikev2_ike_auth(env, sa); +} + +int +ikev2_ike_auth(struct iked *env, struct iked_sa *sa) +{ if (sa->sa_hdr.sh_initiator) { if (sa_stateok(sa, IKEV2_STATE_AUTH_SUCCESS)) return (ikev2_init_done(env, sa)); @@ -720,7 +723,7 @@ ikev2_init_recv(struct iked *env, struct iked_message *msg, (void)ikev2_init_auth(env, msg); break; case IKEV2_EXCHANGE_IKE_AUTH: - (void)ikev2_ike_auth(env, sa, msg); + (void)ikev2_ike_auth_recv(env, sa, msg); break; case IKEV2_EXCHANGE_CREATE_CHILD_SA: (void)ikev2_init_create_child_sa(env, msg); @@ -1916,7 +1919,7 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg, sa->sa_policy->pol_auth.auth_eap) sa_state(env, sa, IKEV2_STATE_EAP); - if (ikev2_ike_auth(env, sa, msg) != 0) { + if (ikev2_ike_auth_recv(env, sa, msg) != 0) { log_debug("%s: failed to send auth response", __func__); sa_state(env, sa, IKEV2_STATE_CLOSED); return; |