Constify sa in ikev2_pld_eap(). The parser code must not change any

sa or policy state, this should help make it clearer.

ok patrick@

5 files changed, 20 insertions, 19 deletions

diff --git a/regress/sbin/iked/parser/common.c b/regress/sbin/iked/parser/common.c
index a37451af33f..92f6a578d60 100644
--- a/regress/sbin/iked/parser/common.c
+++ b/regress/sbin/iked/parser/common.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: common.c,v 1.6 2020/09/20 17:29:55 tobhe Exp $ */
+/*	$OpenBSD: common.c,v 1.7 2020/11/18 22:24:03 tobhe Exp $ */
 /*
  * A bunch of stub functions so we can compile and link ikev2_pld.c
  * in a standalone program for testing purposes.
@@ -18,8 +18,8 @@
 #include "types.h"
 #include "test_helper.h"
 
-int	 eap_parse(struct iked *, struct iked_sa *, struct iked_message *,
-	    void *, int);
+int	 eap_parse(struct iked *, const struct iked_sa *,
+	    struct iked_message *, void *, int);
 int	 ikev2_msg_frompeer(struct iked_message *);
 int	 ikev2_send_ike_e(struct iked *, struct iked_sa *, struct ibuf *,
 	    u_int8_t, u_int8_t, int);
@@ -28,7 +28,7 @@ struct iked_childsa *
 	 childsa_lookup(struct iked_sa *, u_int64_t, u_int8_t);
 int	  ikev2_childsa_delete(struct iked *, struct iked_sa *,
 	    u_int8_t, u_int64_t, u_int64_t *, int);
-int	 sa_stateok(struct iked_sa *, int);
+int	 sa_stateok(const struct iked_sa *, int);
 void	 sa_state(struct iked *, struct iked_sa *, int);
 void	 ikev2_disable_rekeying(struct iked *, struct iked_sa *);
 void	 ikev2_init_ike_sa(struct iked *, void *);
@@ -54,7 +54,7 @@ struct ibuf *
 	     struct ibuf *);
 
 int
-eap_parse(struct iked *env, struct iked_sa *sa, struct iked_message *msg,
+eap_parse(struct iked *env, const struct iked_sa *sa, struct iked_message *msg,
     void *data, int response)
 {
 	return (0);
@@ -98,7 +98,7 @@ ikev2_childsa_delete(struct iked *a, struct iked_sa *b, u_int8_t c,
 }
 
 int
-sa_stateok(struct iked_sa *a, int b)
+sa_stateok(const struct iked_sa *a, int b)
 {
 	return (0);
 }
diff --git a/sbin/iked/eap.c b/sbin/iked/eap.c
index 8c90d418e79..376875a02c7 100644
--- a/sbin/iked/eap.c
+++ b/sbin/iked/eap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eap.c,v 1.18 2020/10/09 08:59:15 tobhe Exp $	*/
+/*	$OpenBSD: eap.c,v 1.19 2020/11/18 22:24:03 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -42,8 +42,8 @@
 int	 eap_message_send(struct iked *, struct iked_sa *, int, int);
 ssize_t	 eap_add_id_request(struct ibuf *);
 char	*eap_validate_id_response(struct eap_message *);
-int	 eap_mschap(struct iked *, struct iked_sa *, struct iked_message *,
-	    struct eap_message *);
+int	 eap_mschap(struct iked *, const struct iked_sa *,
+	    struct iked_message *, struct eap_message *);
 
 ssize_t
 eap_add_id_request(struct ibuf *e)
@@ -314,7 +314,8 @@ eap_mschap_success(struct iked *env, struct iked_sa *sa, int eap_id)
 }
 
 int
-eap_mschap(struct iked *env, struct iked_sa *sa, struct iked_message *msg, struct eap_message *eap)
+eap_mschap(struct iked *env, const struct iked_sa *sa,
+    struct iked_message *msg, struct eap_message *eap)
 {
 	struct eap_mschap_response	*msr;
 	struct eap_mschap_peer		*msp;
@@ -387,8 +388,8 @@ eap_mschap(struct iked *env, struct iked_sa *sa, struct iked_message *msg, struc
 }
 
 int
-eap_parse(struct iked *env, struct iked_sa *sa, struct iked_message *msg, void *data,
-    int response)
+eap_parse(struct iked *env, const struct iked_sa *sa, struct iked_message *msg,
+    void *data, int response)
 {
 	struct eap_header		*hdr = data;
 	struct eap_message		*eap = data;
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index dc5ae674c0f..a2e12803fbe 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.171 2020/10/30 23:05:39 tobhe Exp $	*/
+/*	$OpenBSD: iked.h,v 1.172 2020/11/18 22:24:03 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -852,7 +852,7 @@ void	 policy_ref(struct iked *, struct iked_policy *);
 void	 policy_unref(struct iked *, struct iked_policy *);
 void	 sa_state(struct iked *, struct iked_sa *, int);
 void	 sa_stateflags(struct iked_sa *, unsigned int);
-int	 sa_stateok(struct iked_sa *, int);
+int	 sa_stateok(const struct iked_sa *, int);
 struct iked_sa *
 	 sa_new(struct iked *, uint64_t, uint64_t, unsigned int,
 	    struct iked_policy *);
@@ -1028,7 +1028,7 @@ int	 ikev2_pld_parse(struct iked *, struct ike_header *,
 	    struct iked_message *, size_t);
 
 /* eap.c */
-int	 eap_parse(struct iked *, struct iked_sa *, struct iked_message*,
+int	 eap_parse(struct iked *, const struct iked_sa *, struct iked_message*,
 	    void *, int);
 int	 eap_success(struct iked *, struct iked_sa *, int);
 int	 eap_identity_request(struct iked *, struct iked_sa *);
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index e0545260a08..1d0630e41b5 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.108 2020/10/29 21:49:58 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.109 2020/11/18 22:24:03 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1944,7 +1944,7 @@ ikev2_pld_eap(struct iked *env, struct ikev2_payload *pld,
 {
 	struct eap_header		 hdr;
 	struct eap_message		*eap = NULL;
-	struct iked_sa			*sa = msg->msg_sa;
+	const struct iked_sa		*sa = msg->msg_sa;
 	size_t				 len;
 
 	if (ikev2_validate_eap(msg, offset, left, &hdr))
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index 015dcefdaff..0b86540787b 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: policy.c,v 1.70 2020/09/09 21:25:42 tobhe Exp $	*/
+/*	$OpenBSD: policy.c,v 1.71 2020/11/18 22:24:03 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -331,7 +331,7 @@ sa_stateflags(struct iked_sa *sa, unsigned int flags)
 }
 
 int
-sa_stateok(struct iked_sa *sa, int state)
+sa_stateok(const struct iked_sa *sa, int state)
 {
 	unsigned int	 require;