summaryrefslogtreecommitdiff
path: root/src/charon/plugins/stroke
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-25 19:01:36 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-05-25 19:01:36 +0000
commit1ac70afcc1f7d6d2738a34308810719b0976d29f (patch)
tree805f6ce2a15d1a717781d7cbceac8408a74b6b0c /src/charon/plugins/stroke
parented7d79f96177044949744da10f4431c1d6242241 (diff)
downloadvyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.tar.gz
vyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.4.0)
Diffstat (limited to 'src/charon/plugins/stroke')
-rw-r--r--src/charon/plugins/stroke/Makefile.am22
-rw-r--r--src/charon/plugins/stroke/Makefile.in590
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.c546
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.h86
-rw-r--r--src/charon/plugins/stroke/stroke_ca.c458
-rw-r--r--src/charon/plugins/stroke/stroke_ca.h80
-rw-r--r--src/charon/plugins/stroke/stroke_config.c949
-rw-r--r--src/charon/plugins/stroke/stroke_config.h66
-rw-r--r--src/charon/plugins/stroke/stroke_control.c491
-rw-r--r--src/charon/plugins/stroke/stroke_control.h88
-rw-r--r--src/charon/plugins/stroke/stroke_cred.c1174
-rw-r--r--src/charon/plugins/stroke/stroke_cred.h84
-rw-r--r--src/charon/plugins/stroke/stroke_list.c1230
-rw-r--r--src/charon/plugins/stroke/stroke_list.h74
-rw-r--r--src/charon/plugins/stroke/stroke_plugin.c65
-rw-r--r--src/charon/plugins/stroke/stroke_plugin.h50
-rw-r--r--src/charon/plugins/stroke/stroke_shared_key.c140
-rw-r--r--src/charon/plugins/stroke/stroke_shared_key.h60
-rw-r--r--src/charon/plugins/stroke/stroke_socket.c670
-rw-r--r--src/charon/plugins/stroke/stroke_socket.h42
20 files changed, 0 insertions, 6965 deletions
diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am
deleted file mode 100644
index 94d311609..000000000
--- a/src/charon/plugins/stroke/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-
-AM_CFLAGS = \
--rdynamic \
--DIPSEC_CONFDIR=\"${sysconfdir}\" \
--DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
- stroke_socket.h stroke_socket.c \
- stroke_config.h stroke_config.c \
- stroke_control.h stroke_control.c \
- stroke_cred.h stroke_cred.c \
- stroke_ca.h stroke_ca.c \
- stroke_attribute.h stroke_attribute.c \
- stroke_list.h stroke_list.c \
- stroke_shared_key.h stroke_shared_key.c
-
-libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/stroke/Makefile.in b/src/charon/plugins/stroke/Makefile.in
deleted file mode 100644
index 6e6b3b813..000000000
--- a/src/charon/plugins/stroke/Makefile.in
+++ /dev/null
@@ -1,590 +0,0 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/charon/plugins/stroke
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
-libstrongswan_stroke_la_LIBADD =
-am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \
- stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \
- stroke_attribute.lo stroke_list.lo stroke_shared_key.lo
-libstrongswan_stroke_la_OBJECTS = \
- $(am_libstrongswan_stroke_la_OBJECTS)
-libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libstrongswan_stroke_la_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
-SOURCES = $(libstrongswan_stroke_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_stroke_la_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GPERF = @GPERF@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PTHREADLIB = @PTHREADLIB@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-default_pkcs11 = @default_pkcs11@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
-ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libstrongswan_plugins = @libstrongswan_plugins@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-piddir = @piddir@
-plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-strongswan_conf = @strongswan_conf@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-AM_CFLAGS = \
--rdynamic \
--DIPSEC_CONFDIR=\"${sysconfdir}\" \
--DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
- stroke_socket.h stroke_socket.c \
- stroke_config.h stroke_config.c \
- stroke_control.h stroke_control.c \
- stroke_cred.h stroke_cred.c \
- stroke_ca.h stroke_ca.c \
- stroke_attribute.h stroke_attribute.c \
- stroke_list.h stroke_list.c \
- stroke_shared_key.h stroke_shared_key.c
-
-libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
- }
-
-uninstall-pluginLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
- done
-
-clean-pluginLTLIBRARIES:
- -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
- @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
- test "$$dir" != "$$p" || dir=.; \
- echo "rm -f \"$${dir}/so_locations\""; \
- rm -f "$${dir}/so_locations"; \
- done
-libstrongswan-stroke.la: $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_DEPENDENCIES)
- $(libstrongswan_stroke_la_LINK) -rpath $(plugindir) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_attribute.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_ca.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_config.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_control.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_cred.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_list.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_plugin.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_shared_key.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_socket.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- mkid -fID $$unique
-tags: TAGS
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- set x; \
- here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: CTAGS
-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(plugindir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-pluginLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-pluginLTLIBRARIES ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-pluginLTLIBRARIES \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
deleted file mode 100644
index 7a5ce683e..000000000
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_attribute.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <utils/hashtable.h>
-#include <threading/mutex.h>
-
-#define POOL_LIMIT (sizeof(uintptr_t)*8)
-
-typedef struct private_stroke_attribute_t private_stroke_attribute_t;
-
-/**
- * private data of stroke_attribute
- */
-struct private_stroke_attribute_t {
-
- /**
- * public functions
- */
- stroke_attribute_t public;
-
- /**
- * list of pools, contains pool_t
- */
- linked_list_t *pools;
-
- /**
- * mutex to lock access to pools
- */
- mutex_t *mutex;
-};
-
-typedef struct {
- /** name of the pool */
- char *name;
- /** base address of the pool */
- host_t *base;
- /** size of the pool */
- int size;
- /** next unused address */
- int unused;
- /** hashtable [identity => offset], for online leases */
- hashtable_t *online;
- /** hashtable [identity => offset], for offline leases */
- hashtable_t *offline;
- /** hashtable [identity => identity], handles identity references */
- hashtable_t *ids;
-} pool_t;
-
-/**
- * hashtable hash function for identities
- */
-static u_int id_hash(identification_t *id)
-{
- return chunk_hash(id->get_encoding(id));
-}
-
-/**
- * hashtable equals function for identities
- */
-static bool id_equals(identification_t *a, identification_t *b)
-{
- return a->equals(a, b);
-}
-
-/**
- * destroy a pool_t
- */
-static void pool_destroy(pool_t *this)
-{
- enumerator_t *enumerator;
- identification_t *id;
-
- enumerator = this->ids->create_enumerator(this->ids);
- while (enumerator->enumerate(enumerator, &id, NULL))
- {
- id->destroy(id);
- }
- enumerator->destroy(enumerator);
- this->ids->destroy(this->ids);
- this->online->destroy(this->online);
- this->offline->destroy(this->offline);
- DESTROY_IF(this->base);
- free(this->name);
- free(this);
-}
-
-/**
- * find a pool by name
- */
-static pool_t *find_pool(private_stroke_attribute_t *this, char *name)
-{
- enumerator_t *enumerator;
- pool_t *current, *found = NULL;
-
- enumerator = this->pools->create_enumerator(this->pools);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (streq(name, current->name))
- {
- found = current;
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-/**
- * convert an pool offset to an address
- */
-host_t* offset2host(pool_t *pool, int offset)
-{
- chunk_t addr;
- host_t *host;
- u_int32_t *pos;
-
- offset--;
- if (offset > pool->size)
- {
- return NULL;
- }
-
- addr = chunk_clone(pool->base->get_address(pool->base));
- if (pool->base->get_family(pool->base) == AF_INET6)
- {
- pos = (u_int32_t*)(addr.ptr + 12);
- }
- else
- {
- pos = (u_int32_t*)addr.ptr;
- }
- *pos = htonl(offset + ntohl(*pos));
- host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
- free(addr.ptr);
- return host;
-}
-
-/**
- * convert a host to a pool offset
- */
-int host2offset(pool_t *pool, host_t *addr)
-{
- chunk_t host, base;
- u_int32_t hosti, basei;
-
- if (addr->get_family(addr) != pool->base->get_family(pool->base))
- {
- return -1;
- }
- host = addr->get_address(addr);
- base = pool->base->get_address(pool->base);
- if (addr->get_family(addr) == AF_INET6)
- {
- /* only look at last /32 block */
- if (!memeq(host.ptr, base.ptr, 12))
- {
- return -1;
- }
- host = chunk_skip(host, 12);
- base = chunk_skip(base, 12);
- }
- hosti = ntohl(*(u_int32_t*)(host.ptr));
- basei = ntohl(*(u_int32_t*)(base.ptr));
- if (hosti > basei + pool->size)
- {
- return -1;
- }
- return hosti - basei + 1;
-}
-
-/**
- * Implementation of attribute_provider_t.acquire_address
- */
-static host_t* acquire_address(private_stroke_attribute_t *this,
- char *name, identification_t *id,
- host_t *requested)
-{
- pool_t *pool;
- uintptr_t offset = 0;
- enumerator_t *enumerator;
- identification_t *old_id;
-
- this->mutex->lock(this->mutex);
- pool = find_pool(this, name);
- while (pool)
- {
- /* handle %config case by mirroring requested address */
- if (pool->size == 0)
- {
- this->mutex->unlock(this->mutex);
- return requested->clone(requested);
- }
-
- if (!requested->is_anyaddr(requested) &&
- requested->get_family(requested) !=
- pool->base->get_family(pool->base))
- {
- DBG1(DBG_CFG, "IP pool address family mismatch");
- break;
- }
-
- /* check for a valid offline lease, refresh */
- offset = (uintptr_t)pool->offline->remove(pool->offline, id);
- if (offset)
- {
- id = pool->ids->get(pool->ids, id);
- if (id)
- {
- DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
- pool->online->put(pool->online, id, (void*)offset);
- break;
- }
- }
-
- /* check for a valid online lease, reassign */
- offset = (uintptr_t)pool->online->get(pool->online, id);
- if (offset && offset == host2offset(pool, requested))
- {
- DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
- break;
- }
-
- if (pool->unused < pool->size)
- {
- /* assigning offset, starting by 1. Handling 0 in hashtable
- * is difficult. */
- offset = ++pool->unused;
- id = id->clone(id);
- pool->ids->put(pool->ids, id, id);
- pool->online->put(pool->online, id, (void*)offset);
- DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
- break;
- }
- /* no more addresses, replace the first found offline lease */
- enumerator = pool->offline->create_enumerator(pool->offline);
- if (enumerator->enumerate(enumerator, &old_id, &offset))
- {
- offset = (uintptr_t)pool->offline->remove(pool->offline, old_id);
- if (offset)
- {
- /* destroy reference to old ID */
- old_id = pool->ids->remove(pool->ids, old_id);
- DBG1(DBG_CFG, "reassigning existing offline lease by '%Y' to '%Y'",
- old_id, id);
- if (old_id)
- {
- old_id->destroy(old_id);
- }
- id = id->clone(id);
- pool->ids->put(pool->ids, id, id);
- pool->online->put(pool->online, id, (void*)offset);
- enumerator->destroy(enumerator);
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name);
- break;
- }
- this->mutex->unlock(this->mutex);
- if (offset)
- {
- return offset2host(pool, offset);
- }
- return NULL;
-}
-
-/**
- * Implementation of attribute_provider_t.release_address
- */
-static bool release_address(private_stroke_attribute_t *this,
- char *name, host_t *address, identification_t *id)
-{
- pool_t *pool;
- bool found = FALSE;
- uintptr_t offset;
-
- this->mutex->lock(this->mutex);
- pool = find_pool(this, name);
- if (pool)
- {
- if (pool->size != 0)
- {
- offset = (uintptr_t)pool->online->remove(pool->online, id);
- if (offset)
- {
- id = pool->ids->get(pool->ids, id);
- if (id)
- {
- DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
- pool->offline->put(pool->offline, id, (void*)offset);
- found = TRUE;
- }
- }
- }
- }
- this->mutex->unlock(this->mutex);
- return found;
-}
-
-/**
- * Implementation of stroke_attribute_t.add_pool.
- */
-static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
- if (msg->add_conn.other.sourceip_mask)
- {
- pool_t *pool;
-
- pool = malloc_thing(pool_t);
- pool->base = NULL;
- pool->size = 0;
- pool->unused = 0;
- pool->name = strdup(msg->add_conn.name);
- pool->online = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
- pool->offline = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
- pool->ids = hashtable_create((hashtable_hash_t)id_hash,
- (hashtable_equals_t)id_equals, 16);
-
- /* if %config, add an empty pool, otherwise */
- if (msg->add_conn.other.sourceip)
- {
- u_int32_t bits;
- int family;
-
- DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
- msg->add_conn.name, msg->add_conn.other.sourceip,
- msg->add_conn.other.sourceip_mask);
-
- pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
- if (!pool->base)
- {
- pool_destroy(pool);
- DBG1(DBG_CFG, "virtual IP address invalid, discarded");
- return;
- }
- family = pool->base->get_family(pool->base);
- bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_mask;
- if (bits > POOL_LIMIT)
- {
- bits = POOL_LIMIT;
- DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
- msg->add_conn.other.sourceip,
- (family == AF_INET ? 32 : 128) - bits);
- }
- pool->size = 1 << (bits);
-
- if (pool->size > 2)
- { /* do not use first and last addresses of a block */
- pool->unused++;
- pool->size--;
- }
- }
- this->mutex->lock(this->mutex);
- this->pools->insert_last(this->pools, pool);
- this->mutex->unlock(this->mutex);
- }
-}
-
-/**
- * Implementation of stroke_attribute_t.del_pool.
- */
-static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
- enumerator_t *enumerator;
- pool_t *pool;
-
- this->mutex->lock(this->mutex);
- enumerator = this->pools->create_enumerator(this->pools);
- while (enumerator->enumerate(enumerator, &pool))
- {
- if (streq(msg->del_conn.name, pool->name))
- {
- this->pools->remove_at(this->pools, enumerator);
- pool_destroy(pool);
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
-}
-
-/**
- * Pool enumerator filter function, converts pool_t to name, size, ...
- */
-static bool pool_filter(void *mutex, pool_t **poolp, char **name,
- void *d1, u_int *size, void *d2, u_int *online,
- void *d3, u_int *offline)
-{
- pool_t *pool = *poolp;
-
- *name = pool->name;
- *size = pool->size;
- *online = pool->online->get_count(pool->online);
- *offline = pool->offline->get_count(pool->offline);
- return TRUE;
-}
-
-/**
- * Implementation of stroke_attribute_t.create_pool_enumerator
- */
-static enumerator_t* create_pool_enumerator(private_stroke_attribute_t *this)
-{
- this->mutex->lock(this->mutex);
- return enumerator_create_filter(this->pools->create_enumerator(this->pools),
- (void*)pool_filter,
- this->mutex, (void*)this->mutex->unlock);
-}
-
-/**
- * lease enumerator
- */
-typedef struct {
- /** implemented enumerator interface */
- enumerator_t public;
- /** inner hash-table enumerator */
- enumerator_t *inner;
- /** enumerated pool */
- pool_t *pool;
- /** mutex to unlock on destruction */
- mutex_t *mutex;
- /** currently enumerated lease address */
- host_t *current;
-} lease_enumerator_t;
-
-/**
- * Implementation of lease_enumerator_t.enumerate
- */
-static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out,
- host_t **addr_out, bool *online)
-{
- identification_t *id;
- uintptr_t offset;
-
- DESTROY_IF(this->current);
- this->current = NULL;
-
- if (this->inner->enumerate(this->inner, &id, NULL))
- {
- offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
- if (offset)
- {
- *id_out = id;
- *addr_out = this->current = offset2host(this->pool, offset);
- *online = TRUE;
- return TRUE;
- }
- offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
- if (offset)
- {
- *id_out = id;
- *addr_out = this->current = offset2host(this->pool, offset);
- *online = FALSE;
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * Implementation of lease_enumerator_t.destroy
- */
-static void lease_enumerator_destroy(lease_enumerator_t *this)
-{
- DESTROY_IF(this->current);
- this->inner->destroy(this->inner);
- this->mutex->unlock(this->mutex);
- free(this);
-}
-
-/**
- * Implementation of stroke_attribute_t.create_lease_enumerator
- */
-static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this,
- char *pool)
-{
- lease_enumerator_t *enumerator;
-
- this->mutex->lock(this->mutex);
- enumerator = malloc_thing(lease_enumerator_t);
- enumerator->pool = find_pool(this, pool);
- if (!enumerator->pool)
- {
- this->mutex->unlock(this->mutex);
- free(enumerator);
- return NULL;
- }
- enumerator->public.enumerate = (void*)lease_enumerate;
- enumerator->public.destroy = (void*)lease_enumerator_destroy;
- enumerator->inner = enumerator->pool->ids->create_enumerator(enumerator->pool->ids);
- enumerator->mutex = this->mutex;
- enumerator->current = NULL;
- return &enumerator->public;
-}
-
-/**
- * Implementation of stroke_attribute_t.destroy
- */
-static void destroy(private_stroke_attribute_t *this)
-{
- this->mutex->destroy(this->mutex);
- this->pools->destroy_function(this->pools, (void*)pool_destroy);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_attribute_t *stroke_attribute_create()
-{
- private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t);
-
- this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address;
- this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
- this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))enumerator_create_empty;
- this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool;
- this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool;
- this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator;
- this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator;
- this->public.destroy = (void(*)(stroke_attribute_t*))destroy;
-
- this->pools = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h
deleted file mode 100644
index cf6c950a6..000000000
--- a/src/charon/plugins/stroke/stroke_attribute.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_attribute stroke_attribute
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_ATTRIBUTE_H_
-#define STROKE_ATTRIBUTE_H_
-
-#include <stroke_msg.h>
-#include <attributes/attribute_provider.h>
-
-typedef struct stroke_attribute_t stroke_attribute_t;
-
-/**
- * Stroke IKEv2 cfg attribute provider
- */
-struct stroke_attribute_t {
-
- /**
- * Implements attribute provider interface
- */
- attribute_provider_t provider;
-
- /**
- * Add a virtual IP address.
- *
- * @param msg stroke message
- * @param end end of stroke message that contains virtual IP.
- */
- void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg);
-
- /**
- * Remove a virtual IP address.
- *
- * @param msg stroke message
- */
- void (*del_pool)(stroke_attribute_t *this, stroke_msg_t *msg);
-
- /**
- * Create an enumerator over installed pools.
- *
- * Enumerator enumerates over
- * char *pool, u_int size, u_int offline, u_int online.
- *
- * @return enumerator
- */
- enumerator_t* (*create_pool_enumerator)(stroke_attribute_t *this);
-
- /**
- * Create an enumerator over the leases of a pool.
- *
- * Enumerator enumerates over
- * identification_t *id, host_t *address, bool online
- *
- * @param pool name of the pool to enumerate
- * @return enumerator, NULL if pool not found
- */
- enumerator_t* (*create_lease_enumerator)(stroke_attribute_t *this,
- char *pool);
- /**
- * Destroy a stroke_attribute instance.
- */
- void (*destroy)(stroke_attribute_t *this);
-};
-
-/**
- * Create a stroke_attribute instance.
- */
-stroke_attribute_t *stroke_attribute_create();
-
-#endif /** STROKE_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c
deleted file mode 100644
index 49146f18b..000000000
--- a/src/charon/plugins/stroke/stroke_ca.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_ca.h"
-#include "stroke_cred.h"
-
-#include <threading/rwlock.h>
-#include <utils/linked_list.h>
-#include <crypto/hashers/hasher.h>
-
-#include <daemon.h>
-
-typedef struct private_stroke_ca_t private_stroke_ca_t;
-
-/**
- * private data of stroke_ca
- */
-struct private_stroke_ca_t {
-
- /**
- * public functions
- */
- stroke_ca_t public;
-
- /**
- * read-write lock to lists
- */
- rwlock_t *lock;
-
- /**
- * list of starters CA sections and its certificates (ca_section_t)
- */
- linked_list_t *sections;
-
- /**
- * stroke credentials, stores our CA certificates
- */
- stroke_cred_t *cred;
-};
-
-typedef struct ca_section_t ca_section_t;
-
-/**
- * loaded ipsec.conf CA sections
- */
-struct ca_section_t {
-
- /**
- * name of the CA section
- */
- char *name;
-
- /**
- * reference to cert in trusted_credential_t
- */
- certificate_t *cert;
-
- /**
- * CRL URIs
- */
- linked_list_t *crl;
-
- /**
- * OCSP URIs
- */
- linked_list_t *ocsp;
-
- /**
- * Hashes of certificates issued by this CA
- */
- linked_list_t *hashes;
-
- /**
- * Base URI used for certificates from this CA
- */
- char *certuribase;
-};
-
-/**
- * create a new CA section
- */
-static ca_section_t *ca_section_create(char *name, certificate_t *cert)
-{
- ca_section_t *ca = malloc_thing(ca_section_t);
-
- ca->name = strdup(name);
- ca->crl = linked_list_create();
- ca->ocsp = linked_list_create();
- ca->cert = cert;
- ca->hashes = linked_list_create();
- ca->certuribase = NULL;
- return ca;
-}
-
-/**
- * destroy a ca section entry
- */
-static void ca_section_destroy(ca_section_t *this)
-{
- this->crl->destroy_function(this->crl, free);
- this->ocsp->destroy_function(this->ocsp, free);
- this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy));
- free(this->certuribase);
- free(this->name);
- free(this);
-}
-
-/**
- * data to pass to create_inner_cdp
- */
-typedef struct {
- private_stroke_ca_t *this;
- certificate_type_t type;
- identification_t *id;
-} cdp_data_t;
-
-/**
- * destroy cdp enumerator data and unlock list
- */
-static void cdp_data_destroy(cdp_data_t *data)
-{
- data->this->lock->unlock(data->this->lock);
- free(data);
-}
-
-/**
- * inner enumerator constructor for CDP URIs
- */
-static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data)
-{
- public_key_t *public;
- enumerator_t *enumerator = NULL;
- linked_list_t *list;
-
- if (data->type == CERT_X509_OCSP_RESPONSE)
- {
- list = section->ocsp;
- }
- else
- {
- list = section->crl;
- }
-
- public = section->cert->get_public_key(section->cert);
- if (public)
- {
- if (!data->id)
- {
- enumerator = list->create_enumerator(list);
- }
- else
- {
- if (public->has_fingerprint(public, data->id->get_encoding(data->id)))
- {
- enumerator = list->create_enumerator(list);
- }
- }
- public->destroy(public);
- }
- return enumerator;
-}
-
-/**
- * inner enumerator constructor for "Hash and URL"
- */
-static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data_t *data)
-{
- enumerator_t *enumerator = NULL, *hash_enum;
- identification_t *current;
-
- if (!data->id || !section->certuribase)
- {
- return NULL;
- }
-
- hash_enum = section->hashes->create_enumerator(section->hashes);
- while (hash_enum->enumerate(hash_enum, &current))
- {
- if (current->matches(current, data->id))
- {
- char *url, *hash;
-
- url = malloc(strlen(section->certuribase) + 40 + 1);
- strcpy(url, section->certuribase);
- hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr;
- strncat(url, hash, 40);
- free(hash);
-
- enumerator = enumerator_create_single(url, free);
- break;
- }
- }
- hash_enum->destroy(hash_enum);
- return enumerator;
-}
-
-/**
- * Implementation of credential_set_t.create_cdp_enumerator.
- */
-static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this,
- certificate_type_t type, identification_t *id)
-{
- cdp_data_t *data;
-
- switch (type)
- { /* we serve CRLs, OCSP responders and URLs for "Hash and URL" */
- case CERT_X509:
- case CERT_X509_CRL:
- case CERT_X509_OCSP_RESPONSE:
- case CERT_ANY:
- break;
- default:
- return NULL;
- }
- data = malloc_thing(cdp_data_t);
- data->this = this;
- data->type = type;
- data->id = id;
-
- this->lock->read_lock(this->lock);
- return enumerator_create_nested(this->sections->create_enumerator(this->sections),
- (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp,
- data, (void*)cdp_data_destroy);
-}
-/**
- * Implementation of stroke_ca_t.add.
- */
-static void add(private_stroke_ca_t *this, stroke_msg_t *msg)
-{
- certificate_t *cert;
- ca_section_t *ca;
-
- if (msg->add_ca.cacert == NULL)
- {
- DBG1(DBG_CFG, "missing cacert parameter");
- return;
- }
- cert = this->cred->load_ca(this->cred, msg->add_ca.cacert);
- if (cert)
- {
- ca = ca_section_create(msg->add_ca.name, cert);
- if (msg->add_ca.crluri)
- {
- ca->crl->insert_last(ca->crl, strdup(msg->add_ca.crluri));
- }
- if (msg->add_ca.crluri2)
- {
- ca->crl->insert_last(ca->crl, strdup(msg->add_ca.crluri2));
- }
- if (msg->add_ca.ocspuri)
- {
- ca->ocsp->insert_last(ca->ocsp, strdup(msg->add_ca.ocspuri));
- }
- if (msg->add_ca.ocspuri2)
- {
- ca->ocsp->insert_last(ca->ocsp, strdup(msg->add_ca.ocspuri2));
- }
- if (msg->add_ca.certuribase)
- {
- ca->certuribase = strdup(msg->add_ca.certuribase);
- }
- this->lock->write_lock(this->lock);
- this->sections->insert_last(this->sections, ca);
- this->lock->unlock(this->lock);
- DBG1(DBG_CFG, "added ca '%s'", msg->add_ca.name);
- }
-}
-
-/**
- * Implementation of stroke_ca_t.del.
- */
-static void del(private_stroke_ca_t *this, stroke_msg_t *msg)
-{
- enumerator_t *enumerator;
- ca_section_t *ca = NULL;
-
- this->lock->write_lock(this->lock);
- enumerator = this->sections->create_enumerator(this->sections);
- while (enumerator->enumerate(enumerator, &ca))
- {
- if (streq(ca->name, msg->del_ca.name))
- {
- this->sections->remove_at(this->sections, enumerator);
- break;
- }
- ca = NULL;
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
- if (ca == NULL)
- {
- DBG1(DBG_CFG, "no ca named '%s' found\n", msg->del_ca.name);
- return;
- }
- ca_section_destroy(ca);
- /* TODO: flush cached certs */
-}
-
-/**
- * list crl or ocsp URIs
- */
-static void list_uris(linked_list_t *list, char *label, FILE *out)
-{
- bool first = TRUE;
- char *uri;
- enumerator_t *enumerator;
-
- enumerator = list->create_enumerator(list);
- while (enumerator->enumerate(enumerator, (void**)&uri))
- {
- if (first)
- {
- fprintf(out, label);
- first = FALSE;
- }
- else
- {
- fprintf(out, " ");
- }
- fprintf(out, "'%s'\n", uri);
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * Implementation of stroke_ca_t.check_for_hash_and_url.
- */
-static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cert)
-{
- ca_section_t *section;
- enumerator_t *enumerator;
-
- hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher == NULL)
- {
- DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
- return;
- }
-
- this->lock->write_lock(this->lock);
- enumerator = this->sections->create_enumerator(this->sections);
- while (enumerator->enumerate(enumerator, (void**)&section))
- {
- if (section->certuribase && cert->issued_by(cert, section->cert))
- {
- chunk_t hash, encoded = cert->get_encoding(cert);
- hasher->allocate_hash(hasher, encoded, &hash);
- section->hashes->insert_last(section->hashes,
- identification_create_from_encoding(ID_KEY_ID, hash));
- chunk_free(&hash);
- chunk_free(&encoded);
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- hasher->destroy(hasher);
-}
-
-/**
- * Implementation of stroke_ca_t.list.
- */
-static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
-{
- bool first = TRUE;
- ca_section_t *section;
- enumerator_t *enumerator;
-
- this->lock->read_lock(this->lock);
- enumerator = this->sections->create_enumerator(this->sections);
- while (enumerator->enumerate(enumerator, (void**)&section))
- {
- certificate_t *cert = section->cert;
- public_key_t *public = cert->get_public_key(cert);
- chunk_t chunk;
-
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of CA Information Sections:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
- fprintf(out, " authname: \"%Y\"\n", cert->get_subject(cert));
-
- /* list authkey and keyid */
- if (public)
- {
- if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk))
- {
- fprintf(out, " authkey: %#B\n", &chunk);
- }
- if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &chunk))
- {
- fprintf(out, " keyid: %#B\n", &chunk);
- }
- public->destroy(public);
- }
- list_uris(section->crl, " crluris: ", out);
- list_uris(section->ocsp, " ocspuris: ", out);
- if (section->certuribase)
- {
- fprintf(out, " certuribase: '%s'\n", section->certuribase);
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-}
-
-/**
- * Implementation of stroke_ca_t.destroy
- */
-static void destroy(private_stroke_ca_t *this)
-{
- this->sections->destroy_function(this->sections, (void*)ca_section_destroy);
- this->lock->destroy(this->lock);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_ca_t *stroke_ca_create(stroke_cred_t *cred)
-{
- private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t);
-
- this->public.set.create_private_enumerator = (void*)return_null;
- this->public.set.create_cert_enumerator = (void*)return_null;
- this->public.set.create_shared_enumerator = (void*)return_null;
- this->public.set.create_cdp_enumerator = (void*)create_cdp_enumerator;
- this->public.set.cache_cert = (void*)nop;
- this->public.add = (void(*)(stroke_ca_t*, stroke_msg_t *msg))add;
- this->public.del = (void(*)(stroke_ca_t*, stroke_msg_t *msg))del;
- this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list;
- this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url;
- this->public.destroy = (void(*)(stroke_ca_t*))destroy;
-
- this->sections = linked_list_create();
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
- this->cred = cred;
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h
deleted file mode 100644
index 21af912ea..000000000
--- a/src/charon/plugins/stroke/stroke_ca.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_ca stroke_ca
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_CA_H_
-#define STROKE_CA_H_
-
-#include <stroke_msg.h>
-
-#include "stroke_cred.h"
-
-typedef struct stroke_ca_t stroke_ca_t;
-
-/**
- * ipsec.conf ca section handling.
- */
-struct stroke_ca_t {
-
- /**
- * Implements credential_set_t
- */
- credential_set_t set;
-
- /**
- * Add a CA to the set using a stroke_msg_t.
- *
- * @param msg stroke message containing CA info
- */
- void (*add)(stroke_ca_t *this, stroke_msg_t *msg);
-
- /**
- * Remove a CA from the set using a stroke_msg_t.
- *
- * @param msg stroke message containing CA info
- */
- void (*del)(stroke_ca_t *this, stroke_msg_t *msg);
-
- /**
- * List CA sections to stroke console.
- *
- * @param msg stroke message
- */
- void (*list)(stroke_ca_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Check if a certificate can be made available through hash and URL.
- *
- * @param cert peer certificate
- */
- void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert);
-
- /**
- * Destroy a stroke_ca instance.
- */
- void (*destroy)(stroke_ca_t *this);
-};
-
-/**
- * Create a stroke_ca instance.
- */
-stroke_ca_t *stroke_ca_create(stroke_cred_t *cred);
-
-#endif /** STROKE_CA_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c
deleted file mode 100644
index 0752f3c93..000000000
--- a/src/charon/plugins/stroke/stroke_config.c
+++ /dev/null
@@ -1,949 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_config.h"
-
-#include <daemon.h>
-#include <threading/mutex.h>
-#include <utils/lexparser.h>
-
-typedef struct private_stroke_config_t private_stroke_config_t;
-
-/**
- * private data of stroke_config
- */
-struct private_stroke_config_t {
-
- /**
- * public functions
- */
- stroke_config_t public;
-
- /**
- * list of peer_cfg_t
- */
- linked_list_t *list;
-
- /**
- * mutex to lock config list
- */
- mutex_t *mutex;
-
- /**
- * ca sections
- */
- stroke_ca_t *ca;
-
- /**
- * credentials
- */
- stroke_cred_t *cred;
-};
-
-/**
- * Implementation of backend_t.create_peer_cfg_enumerator.
- */
-static enumerator_t* create_peer_cfg_enumerator(private_stroke_config_t *this,
- identification_t *me,
- identification_t *other)
-{
- this->mutex->lock(this->mutex);
- return enumerator_create_cleaner(this->list->create_enumerator(this->list),
- (void*)this->mutex->unlock, this->mutex);
-}
-
-/**
- * filter function for ike configs
- */
-static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
-{
- *out = (*in)->get_ike_cfg(*in);
- return TRUE;
-}
-
-/**
- * Implementation of backend_t.create_ike_cfg_enumerator.
- */
-static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this,
- host_t *me, host_t *other)
-{
- this->mutex->lock(this->mutex);
- return enumerator_create_filter(this->list->create_enumerator(this->list),
- (void*)ike_filter, this->mutex,
- (void*)this->mutex->unlock);
-}
-
-/**
- * implements backend_t.get_peer_cfg_by_name.
- */
-static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *name)
-{
- enumerator_t *e1, *e2;
- peer_cfg_t *current, *found = NULL;
- child_cfg_t *child;
-
- this->mutex->lock(this->mutex);
- e1 = this->list->create_enumerator(this->list);
- while (e1->enumerate(e1, &current))
- {
- /* compare peer_cfgs name first */
- if (streq(current->get_name(current), name))
- {
- found = current;
- found->get_ref(found);
- break;
- }
- /* compare all child_cfg names otherwise */
- e2 = current->create_child_cfg_enumerator(current);
- while (e2->enumerate(e2, &child))
- {
- if (streq(child->get_name(child), name))
- {
- found = current;
- found->get_ref(found);
- break;
- }
- }
- e2->destroy(e2);
- if (found)
- {
- break;
- }
- }
- e1->destroy(e1);
- this->mutex->unlock(this->mutex);
- return found;
-}
-
-/**
- * parse a proposal string, either into ike_cfg or child_cfg
- */
-static void add_proposals(private_stroke_config_t *this, char *string,
- ike_cfg_t *ike_cfg, child_cfg_t *child_cfg)
-{
- if (string)
- {
- char *single;
- char *strict;
- proposal_t *proposal;
- protocol_id_t proto = PROTO_ESP;
-
- if (ike_cfg)
- {
- proto = PROTO_IKE;
- }
- strict = string + strlen(string) - 1;
- if (*strict == '!')
- {
- *strict = '\0';
- }
- else
- {
- strict = NULL;
- }
- while ((single = strsep(&string, ",")))
- {
- proposal = proposal_create_from_string(proto, single);
- if (proposal)
- {
- if (ike_cfg)
- {
- ike_cfg->add_proposal(ike_cfg, proposal);
- }
- else
- {
- child_cfg->add_proposal(child_cfg, proposal);
- }
- continue;
- }
- DBG1(DBG_CFG, "skipped invalid proposal string: %s", single);
- }
- if (strict)
- {
- return;
- }
- /* add default porposal to the end if not strict */
- }
- if (ike_cfg)
- {
- ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
- }
- else
- {
- child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
- }
-}
-
-/**
- * Build an IKE config from a stroke message
- */
-static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg)
-{
- stroke_end_t tmp_end;
- ike_cfg_t *ike_cfg;
- char *interface;
- host_t *host;
-
- host = host_create_from_dns(msg->add_conn.other.address, 0, 0);
- if (host)
- {
- interface = charon->kernel_interface->get_interface(
- charon->kernel_interface, host);
- host->destroy(host);
- if (interface)
- {
- DBG2(DBG_CFG, "left is other host, swapping ends");
- tmp_end = msg->add_conn.me;
- msg->add_conn.me = msg->add_conn.other;
- msg->add_conn.other = tmp_end;
- free(interface);
- }
- else
- {
- host = host_create_from_dns(msg->add_conn.me.address, 0, 0);
- if (host)
- {
- interface = charon->kernel_interface->get_interface(
- charon->kernel_interface, host);
- host->destroy(host);
- if (!interface)
- {
- DBG1(DBG_CFG, "left nor right host is our side, "
- "assuming left=local");
- }
- else
- {
- free(interface);
- }
-
- }
- }
- }
- ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
- msg->add_conn.force_encap,
- msg->add_conn.me.address,
- msg->add_conn.other.address);
- add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
- return ike_cfg;
-}
-
-/**
- * Add CRL constraint to config
- */
-static void build_crl_policy(auth_cfg_t *cfg, bool local, int policy)
-{
- /* CRL/OCSP policy, for remote config only */
- if (!local)
- {
- switch (policy)
- {
- case CRL_STRICT_YES:
- /* if yes, we require a GOOD validation */
- cfg->add(cfg, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD);
- break;
- case CRL_STRICT_IFURI:
- /* for ifuri, a SKIPPED validation is sufficient */
- cfg->add(cfg, AUTH_RULE_CRL_VALIDATION, VALIDATION_SKIPPED);
- break;
- default:
- break;
- }
- }
-}
-
-/**
- * build authentication config
- */
-static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
- stroke_msg_t *msg, bool local, bool primary)
-{
- identification_t *identity;
- certificate_t *certificate;
- char *auth, *id, *cert, *ca;
- stroke_end_t *end, *other_end;
- auth_cfg_t *cfg;
- char eap_buf[32];
-
- /* select strings */
- if (local)
- {
- end = &msg->add_conn.me;
- other_end = &msg->add_conn.other;
- }
- else
- {
- end = &msg->add_conn.other;
- other_end = &msg->add_conn.me;
- }
- if (primary)
- {
- auth = end->auth;
- id = end->id;
- if (!id)
- { /* leftid/rightid fallback to address */
- id = end->address;
- }
- cert = end->cert;
- ca = end->ca;
- if (ca && streq(ca, "%same"))
- {
- ca = other_end->ca;
- }
- }
- else
- {
- auth = end->auth2;
- id = end->id2;
- if (local && !id)
- { /* leftid2 falls back to leftid */
- id = end->id;
- }
- cert = end->cert2;
- ca = end->ca2;
- if (ca && streq(ca, "%same"))
- {
- ca = other_end->ca2;
- }
- }
-
- if (!auth)
- {
- if (primary)
- {
- if (local)
- { /* "leftauth" not defined, fall back to deprecated "authby" */
- switch (msg->add_conn.auth_method)
- {
- default:
- case AUTH_CLASS_PUBKEY:
- auth = "pubkey";
- break;
- case AUTH_CLASS_PSK:
- auth = "psk";
- break;
- case AUTH_CLASS_EAP:
- auth = "eap";
- break;
- }
- }
- else
- { /* "rightauth" not defined, fall back to deprecated "eap" */
- if (msg->add_conn.eap_type)
- {
- if (msg->add_conn.eap_vendor)
- {
- snprintf(eap_buf, sizeof(eap_buf), "eap-%d-%d",
- msg->add_conn.eap_type,
- msg->add_conn.eap_vendor);
- }
- else
- {
- snprintf(eap_buf, sizeof(eap_buf), "eap-%d",
- msg->add_conn.eap_type);
- }
- auth = eap_buf;
- }
- else
- { /* not EAP => no constraints for this peer */
- auth = "any";
- }
- }
- }
- else
- { /* no second authentication round, fine */
- return NULL;
- }
- }
-
- cfg = auth_cfg_create();
-
- /* add identity and peer certifcate */
- identity = identification_create_from_string(id);
- if (cert)
- {
- certificate = this->cred->load_peer(this->cred, cert);
- if (certificate)
- {
- if (local)
- {
- this->ca->check_for_hash_and_url(this->ca, certificate);
- }
- cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
- if (identity->get_type(identity) == ID_ANY ||
- !certificate->has_subject(certificate, identity))
- {
- DBG1(DBG_CFG, " id '%Y' not confirmed by certificate, "
- "defaulting to '%Y'", identity,
- certificate->get_subject(certificate));
- identity->destroy(identity);
- identity = certificate->get_subject(certificate);
- identity = identity->clone(identity);
- }
- }
- }
- cfg->add(cfg, AUTH_RULE_IDENTITY, identity);
-
- /* CA constraint */
- if (ca)
- {
- identity = identification_create_from_string(ca);
- certificate = charon->credentials->get_cert(charon->credentials,
- CERT_X509, KEY_ANY, identity, TRUE);
- identity->destroy(identity);
- if (certificate)
- {
- cfg->add(cfg, AUTH_RULE_CA_CERT, certificate);
- }
- else
- {
- DBG1(DBG_CFG, "CA certificate %s not found, discarding CA "
- "constraint", ca);
- }
- }
-
- /* AC groups */
- if (end->groups)
- {
- enumerator_t *enumerator;
- char *group;
-
- enumerator = enumerator_create_token(end->groups, ",", " ");
- while (enumerator->enumerate(enumerator, &group))
- {
- identity = identification_create_from_encoding(ID_IETF_ATTR_STRING,
- chunk_create(group, strlen(group)));
- cfg->add(cfg, AUTH_RULE_AC_GROUP, identity);
- }
- enumerator->destroy(enumerator);
- }
-
- /* authentication metod (class, actually) */
- if (streq(auth, "pubkey") ||
- streq(auth, "rsasig") || streq(auth, "rsa") ||
- streq(auth, "ecdsasig") || streq(auth, "ecdsa"))
- {
- cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
- build_crl_policy(cfg, local, msg->add_conn.crl_policy);
- }
- else if (streq(auth, "psk") || streq(auth, "secret"))
- {
- cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
- }
- else if (strneq(auth, "eap", 3))
- {
- enumerator_t *enumerator;
- char *str;
- int i = 0, type = 0, vendor;
-
- cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
-
- /* parse EAP string, format: eap[-type[-vendor]] */
- enumerator = enumerator_create_token(auth, "-", " ");
- while (enumerator->enumerate(enumerator, &str))
- {
- switch (i)
- {
- case 1:
- type = eap_type_from_string(str);
- if (!type)
- {
- type = atoi(str);
- if (!type)
- {
- DBG1(DBG_CFG, "unknown EAP method: %s", str);
- break;
- }
- }
- cfg->add(cfg, AUTH_RULE_EAP_TYPE, type);
- break;
- case 2:
- if (type)
- {
- vendor = atoi(str);
- if (vendor)
- {
- cfg->add(cfg, AUTH_RULE_EAP_VENDOR, vendor);
- }
- else
- {
- DBG1(DBG_CFG, "unknown EAP vendor: %s", str);
- }
- }
- break;
- default:
- break;
- }
- i++;
- }
- enumerator->destroy(enumerator);
-
- if (msg->add_conn.eap_identity)
- {
- if (streq(msg->add_conn.eap_identity, "%identity"))
- {
- identity = identification_create_from_encoding(ID_ANY,
- chunk_empty);
- }
- else
- {
- identity = identification_create_from_string(
- msg->add_conn.eap_identity);
- }
- cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, identity);
- }
- }
- else
- {
- if (!streq(auth, "any"))
- {
- DBG1(DBG_CFG, "authentication method %s unknown, fallback to any",
- auth);
- }
- build_crl_policy(cfg, local, msg->add_conn.crl_policy);
- }
- return cfg;
-}
-
-/**
- * build a peer_cfg from a stroke msg
- */
-static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
- stroke_msg_t *msg, ike_cfg_t *ike_cfg)
-{
- identification_t *peer_id = NULL;
- peer_cfg_t *mediated_by = NULL;
- host_t *vip = NULL;
- unique_policy_t unique;
- u_int32_t rekey = 0, reauth = 0, over, jitter;
- peer_cfg_t *peer_cfg;
- auth_cfg_t *auth_cfg;
-
-#ifdef ME
- if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by)
- {
- DBG1(DBG_CFG, "a mediation connection cannot be a mediated connection "
- "at the same time, aborting");
- return NULL;
- }
-
- if (msg->add_conn.ikeme.mediation)
- {
- /* force unique connections for mediation connections */
- msg->add_conn.unique = 1;
- }
-
- if (msg->add_conn.ikeme.mediated_by)
- {
- mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends,
- msg->add_conn.ikeme.mediated_by);
- if (!mediated_by)
- {
- DBG1(DBG_CFG, "mediation connection '%s' not found, aborting",
- msg->add_conn.ikeme.mediated_by);
- return NULL;
- }
- if (!mediated_by->is_mediation(mediated_by))
- {
- DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is "
- "no mediation connection, aborting",
- msg->add_conn.ikeme.mediated_by, msg->add_conn.name);
- mediated_by->destroy(mediated_by);
- return NULL;
- }
- if (msg->add_conn.ikeme.peerid)
- {
- peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid);
- }
- else if (msg->add_conn.other.id)
- {
- peer_id = identification_create_from_string(msg->add_conn.other.id);
- }
- }
-#endif /* ME */
-
- jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100;
- over = msg->add_conn.rekey.margin;
- if (msg->add_conn.rekey.reauth)
- {
- reauth = msg->add_conn.rekey.ike_lifetime - over;
- }
- else
- {
- rekey = msg->add_conn.rekey.ike_lifetime - over;
- }
- if (msg->add_conn.me.sourceip_mask)
- {
- if (msg->add_conn.me.sourceip)
- {
- vip = host_create_from_string(msg->add_conn.me.sourceip, 0);
- }
- if (!vip)
- { /* if it is set to something like %poolname, request an address */
- if (msg->add_conn.me.subnets)
- { /* use the same address as in subnet, if any */
- if (strchr(msg->add_conn.me.subnets, '.'))
- {
- vip = host_create_any(AF_INET);
- }
- else
- {
- vip = host_create_any(AF_INET6);
- }
- }
- else
- {
- if (strchr(ike_cfg->get_my_addr(ike_cfg), ':'))
- {
- vip = host_create_any(AF_INET6);
- }
- else
- {
- vip = host_create_any(AF_INET);
- }
- }
- }
- }
- switch (msg->add_conn.unique)
- {
- case 1: /* yes */
- case 2: /* replace */
- unique = UNIQUE_REPLACE;
- break;
- case 3: /* keep */
- unique = UNIQUE_KEEP;
- break;
- default: /* no */
- unique = UNIQUE_NO;
- break;
- }
- if (msg->add_conn.dpd.action == 0)
- { /* dpdaction=none disables DPD */
- msg->add_conn.dpd.delay = 0;
- }
-
- /* other.sourceip is managed in stroke_attributes. If it is set, we define
- * the pool name as the connection name, which the attribute provider
- * uses to serve pool addresses. */
- peer_cfg = peer_cfg_create(msg->add_conn.name,
- msg->add_conn.ikev2 ? 2 : 1, ike_cfg,
- msg->add_conn.me.sendcert, unique,
- msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
- msg->add_conn.mobike, msg->add_conn.dpd.delay,
- vip, msg->add_conn.other.sourceip_mask ?
- msg->add_conn.name : msg->add_conn.other.sourceip,
- msg->add_conn.ikeme.mediation, mediated_by, peer_id);
-
- /* build leftauth= */
- auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE);
- if (auth_cfg)
- {
- peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, TRUE);
- }
- else
- { /* we require at least one config on our side */
- peer_cfg->destroy(peer_cfg);
- return NULL;
- }
- /* build leftauth2= */
- auth_cfg = build_auth_cfg(this, msg, TRUE, FALSE);
- if (auth_cfg)
- {
- peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, TRUE);
- }
- /* build rightauth= */
- auth_cfg = build_auth_cfg(this, msg, FALSE, TRUE);
- if (auth_cfg)
- {
- peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
- }
- /* build rightauth2= */
- auth_cfg = build_auth_cfg(this, msg, FALSE, FALSE);
- if (auth_cfg)
- {
- peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
- }
- return peer_cfg;
-}
-
-/**
- * build a traffic selector from a stroke_end
- */
-static void add_ts(private_stroke_config_t *this,
- stroke_end_t *end, child_cfg_t *child_cfg, bool local)
-{
- traffic_selector_t *ts;
-
- if (end->tohost)
- {
- ts = traffic_selector_create_dynamic(end->protocol,
- end->port ? end->port : 0, end->port ? end->port : 65535);
- child_cfg->add_traffic_selector(child_cfg, local, ts);
- }
- else
- {
- host_t *net;
-
- if (!end->subnets)
- {
- net = host_create_from_string(end->address, IKEV2_UDP_PORT);
- if (net)
- {
- ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
- end->port);
- child_cfg->add_traffic_selector(child_cfg, local, ts);
- }
- }
- else
- {
- char *del, *start, *bits;
-
- start = end->subnets;
- do
- {
- int intbits = 0;
-
- del = strchr(start, ',');
- if (del)
- {
- *del = '\0';
- }
- bits = strchr(start, '/');
- if (bits)
- {
- *bits = '\0';
- intbits = atoi(bits + 1);
- }
-
- net = host_create_from_string(start, IKEV2_UDP_PORT);
- if (net)
- {
- ts = traffic_selector_create_from_subnet(net, intbits,
- end->protocol, end->port);
- child_cfg->add_traffic_selector(child_cfg, local, ts);
- }
- else
- {
- DBG1(DBG_CFG, "invalid subnet: %s, skipped", start);
- }
- start = del + 1;
- }
- while (del);
- }
- }
-}
-
-/**
- * build a child config from the stroke message
- */
-static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
- stroke_msg_t *msg)
-{
- child_cfg_t *child_cfg;
- action_t dpd;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = msg->add_conn.rekey.ipsec_lifetime,
- .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
- .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100
- },
- .bytes = {
- .life = msg->add_conn.rekey.life_bytes,
- .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes,
- .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100
- },
- .packets = {
- .life = msg->add_conn.rekey.life_packets,
- .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets,
- .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100
- }
- };
-
- switch (msg->add_conn.dpd.action)
- { /* map startes magic values to our action type */
- case 2: /* =hold */
- dpd = ACTION_ROUTE;
- break;
- case 3: /* =restart */
- dpd = ACTION_RESTART;
- break;
- default:
- dpd = ACTION_NONE;
- break;
- }
-
- child_cfg = child_cfg_create(
- msg->add_conn.name, &lifetime,
- msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
- msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp,
- msg->add_conn.inactivity);
- child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
- msg->add_conn.install_policy);
- add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
- add_ts(this, &msg->add_conn.other, child_cfg, FALSE);
-
- add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg);
-
- return child_cfg;
-}
-
-/**
- * Implementation of stroke_config_t.add.
- */
-static void add(private_stroke_config_t *this, stroke_msg_t *msg)
-{
- ike_cfg_t *ike_cfg, *existing_ike;
- peer_cfg_t *peer_cfg, *existing;
- child_cfg_t *child_cfg;
- enumerator_t *enumerator;
- bool use_existing = FALSE;
-
- ike_cfg = build_ike_cfg(this, msg);
- if (!ike_cfg)
- {
- return;
- }
- peer_cfg = build_peer_cfg(this, msg, ike_cfg);
- if (!peer_cfg)
- {
- ike_cfg->destroy(ike_cfg);
- return;
- }
-
- enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
- while (enumerator->enumerate(enumerator, &existing))
- {
- existing_ike = existing->get_ike_cfg(existing);
- if (existing->equals(existing, peer_cfg) &&
- existing_ike->equals(existing_ike, peer_cfg->get_ike_cfg(peer_cfg)))
- {
- use_existing = TRUE;
- peer_cfg->destroy(peer_cfg);
- peer_cfg = existing;
- peer_cfg->get_ref(peer_cfg);
- DBG1(DBG_CFG, "added child to existing configuration '%s'",
- peer_cfg->get_name(peer_cfg));
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- child_cfg = build_child_cfg(this, msg);
- if (!child_cfg)
- {
- peer_cfg->destroy(peer_cfg);
- return;
- }
- peer_cfg->add_child_cfg(peer_cfg, child_cfg);
-
- if (use_existing)
- {
- peer_cfg->destroy(peer_cfg);
- }
- else
- {
- /* add config to backend */
- DBG1(DBG_CFG, "added configuration '%s'", msg->add_conn.name);
- this->mutex->lock(this->mutex);
- this->list->insert_last(this->list, peer_cfg);
- this->mutex->unlock(this->mutex);
- }
-}
-
-/**
- * Implementation of stroke_config_t.del.
- */
-static void del(private_stroke_config_t *this, stroke_msg_t *msg)
-{
- enumerator_t *enumerator, *children;
- peer_cfg_t *peer;
- child_cfg_t *child;
- bool deleted = FALSE;
-
- this->mutex->lock(this->mutex);
- enumerator = this->list->create_enumerator(this->list);
- while (enumerator->enumerate(enumerator, (void**)&peer))
- {
- bool keep = FALSE;
-
- /* remove any child with such a name */
- children = peer->create_child_cfg_enumerator(peer);
- while (children->enumerate(children, &child))
- {
- if (streq(child->get_name(child), msg->del_conn.name))
- {
- peer->remove_child_cfg(peer, children);
- child->destroy(child);
- deleted = TRUE;
- }
- else
- {
- keep = TRUE;
- }
- }
- children->destroy(children);
-
- /* if peer config matches, or has no children anymore, remove it */
- if (!keep || streq(peer->get_name(peer), msg->del_conn.name))
- {
- this->list->remove_at(this->list, enumerator);
- peer->destroy(peer);
- deleted = TRUE;
- }
- }
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
-
- if (deleted)
- {
- DBG1(DBG_CFG, "deleted connection '%s'", msg->del_conn.name);
- }
- else
- {
- DBG1(DBG_CFG, "connection '%s' not found", msg->del_conn.name);
- }
-}
-
-/**
- * Implementation of stroke_config_t.destroy
- */
-static void destroy(private_stroke_config_t *this)
-{
- this->list->destroy_offset(this->list, offsetof(peer_cfg_t, destroy));
- this->mutex->destroy(this->mutex);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred)
-{
- private_stroke_config_t *this = malloc_thing(private_stroke_config_t);
-
- this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
- this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
- this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
- this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add;
- this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del;
- this->public.destroy = (void(*)(stroke_config_t*))destroy;
-
- this->list = linked_list_create();
- this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
- this->ca = ca;
- this->cred = cred;
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h
deleted file mode 100644
index 05e4665ca..000000000
--- a/src/charon/plugins/stroke/stroke_config.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_config stroke_config
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_CONFIG_H_
-#define STROKE_CONFIG_H_
-
-#include <config/backend.h>
-#include <stroke_msg.h>
-#include "stroke_ca.h"
-#include "stroke_cred.h"
-
-typedef struct stroke_config_t stroke_config_t;
-
-/**
- * Stroke in-memory configuration backend
- */
-struct stroke_config_t {
-
- /**
- * Implements the backend_t interface
- */
- backend_t backend;
-
- /**
- * Add a configuration to the backend.
- *
- * @param msg received stroke message containing config
- */
- void (*add)(stroke_config_t *this, stroke_msg_t *msg);
-
- /**
- * Remove a configuration from the backend.
- *
- * @param msg received stroke message containing config name
- */
- void (*del)(stroke_config_t *this, stroke_msg_t *msg);
-
- /**
- * Destroy a stroke_config instance.
- */
- void (*destroy)(stroke_config_t *this);
-};
-
-/**
- * Create a stroke_config instance.
- */
-stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred);
-
-#endif /** STROKE_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/charon/plugins/stroke/stroke_control.c
deleted file mode 100644
index a03aef697..000000000
--- a/src/charon/plugins/stroke/stroke_control.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_control.h"
-
-#include <daemon.h>
-#include <processing/jobs/delete_ike_sa_job.h>
-
-typedef struct private_stroke_control_t private_stroke_control_t;
-
-/**
- * private data of stroke_control
- */
-struct private_stroke_control_t {
-
- /**
- * public functions
- */
- stroke_control_t public;
-};
-
-
-typedef struct stroke_log_info_t stroke_log_info_t;
-
-/**
- * helper struct to say what and where to log when using controller callback
- */
-struct stroke_log_info_t {
-
- /**
- * level to log up to
- */
- level_t level;
-
- /**
- * where to write log
- */
- FILE* out;
-};
-
-/**
- * logging to the stroke interface
- */
-static bool stroke_log(stroke_log_info_t *info, debug_t group, level_t level,
- ike_sa_t *ike_sa, char *format, va_list args)
-{
- if (level <= info->level)
- {
- if (vfprintf(info->out, format, args) < 0 ||
- fprintf(info->out, "\n") < 0 ||
- fflush(info->out) != 0)
- {
- return FALSE;
- }
- }
- return TRUE;
-}
-
-/**
- * get the child_cfg with the same name as the peer cfg
- */
-static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
-{
- child_cfg_t *current, *found = NULL;
- enumerator_t *enumerator;
-
- enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
- while (enumerator->enumerate(enumerator, &current))
- {
- if (streq(current->get_name(current), name))
- {
- found = current;
- found->get_ref(found);
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-/**
- * Implementation of stroke_control_t.initiate.
- */
-static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
-{
- peer_cfg_t *peer_cfg;
- child_cfg_t *child_cfg;
- stroke_log_info_t info;
-
- peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
- msg->initiate.name);
- if (peer_cfg == NULL)
- {
- DBG1(DBG_CFG, "no config named '%s'\n", msg->initiate.name);
- return;
- }
- if (peer_cfg->get_ike_version(peer_cfg) != 2)
- {
- DBG1(DBG_CFG, "ignoring initiation request for IKEv%d config",
- peer_cfg->get_ike_version(peer_cfg));
- peer_cfg->destroy(peer_cfg);
- return;
- }
-
- child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name);
- if (child_cfg == NULL)
- {
- DBG1(DBG_CFG, "no child config named '%s'\n", msg->initiate.name);
- peer_cfg->destroy(peer_cfg);
- return;
- }
-
- if (msg->output_verbosity < 0)
- {
- charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
- NULL, NULL);
- }
- else
- {
- info.out = out;
- info.level = msg->output_verbosity;
- charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
- (controller_cb_t)stroke_log, &info);
- }
-}
-
-/**
- * Implementation of stroke_control_t.terminate.
- */
-static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
-{
- char *string, *pos = NULL, *name = NULL;
- u_int32_t id = 0;
- bool child, all = FALSE;
- int len;
- ike_sa_t *ike_sa;
- enumerator_t *enumerator;
- linked_list_t *ike_list, *child_list;
- stroke_log_info_t info;
- uintptr_t del;
-
- string = msg->terminate.name;
-
- len = strlen(string);
- if (len < 1)
- {
- DBG1(DBG_CFG, "error parsing string");
- return;
- }
- switch (string[len-1])
- {
- case '}':
- child = TRUE;
- pos = strchr(string, '{');
- break;
- case ']':
- child = FALSE;
- pos = strchr(string, '[');
- break;
- default:
- name = string;
- child = FALSE;
- break;
- }
-
- if (name)
- {
- /* is a single name */
- }
- else if (pos == string + len - 2)
- { /* is name[] or name{} */
- string[len-2] = '\0';
- name = string;
- }
- else
- {
- if (*(pos + 1) == '*')
- { /* is name[*] */
- all = TRUE;
- *pos = '\0';
- name = string;
- }
- else
- { /* is name[123] or name{23} */
- id = atoi(pos + 1);
- if (id == 0)
- {
- DBG1(DBG_CFG, "error parsing string");
- return;
- }
- }
- }
-
- info.out = out;
- info.level = msg->output_verbosity;
-
- if (id)
- {
- if (child)
- {
- charon->controller->terminate_child(charon->controller, id,
- (controller_cb_t)stroke_log, &info);
- }
- else
- {
- charon->controller->terminate_ike(charon->controller, id,
- (controller_cb_t)stroke_log, &info);
- }
- return;
- }
-
- ike_list = linked_list_create();
- child_list = linked_list_create();
- enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
- while (enumerator->enumerate(enumerator, &ike_sa))
- {
- child_sa_t *child_sa;
- iterator_t *children;
-
- if (child)
- {
- children = ike_sa->create_child_sa_iterator(ike_sa);
- while (children->iterate(children, (void**)&child_sa))
- {
- if (streq(name, child_sa->get_name(child_sa)))
- {
- child_list->insert_last(child_list,
- (void*)(uintptr_t)child_sa->get_reqid(child_sa));
- if (!all)
- {
- break;
- }
- }
- }
- children->destroy(children);
- if (child_list->get_count(child_list) && !all)
- {
- break;
- }
- }
- else if (streq(name, ike_sa->get_name(ike_sa)))
- {
- ike_list->insert_last(ike_list,
- (void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
- if (!all)
- {
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- enumerator = child_list->create_enumerator(child_list);
- while (enumerator->enumerate(enumerator, &del))
- {
- charon->controller->terminate_child(charon->controller, del,
- (controller_cb_t)stroke_log, &info);
- }
- enumerator->destroy(enumerator);
-
- enumerator = ike_list->create_enumerator(ike_list);
- while (enumerator->enumerate(enumerator, &del))
- {
- charon->controller->terminate_ike(charon->controller, del,
- (controller_cb_t)stroke_log, &info);
- }
- enumerator->destroy(enumerator);
-
- if (child_list->get_count(child_list) == 0 &&
- ike_list->get_count(ike_list) == 0)
- {
- DBG1(DBG_CFG, "no %s_SA named '%s' found",
- child ? "CHILD" : "IKE", name);
- }
- ike_list->destroy(ike_list);
- child_list->destroy(child_list);
-}
-
-/**
- * Implementation of stroke_control_t.terminate_srcip.
- */
-static void terminate_srcip(private_stroke_control_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- enumerator_t *enumerator;
- ike_sa_t *ike_sa;
- host_t *start = NULL, *end = NULL, *vip;
- chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip;
-
- if (msg->terminate_srcip.start)
- {
- start = host_create_from_string(msg->terminate_srcip.start, 0);
- }
- if (!start)
- {
- DBG1(DBG_CFG, "invalid start address: %s", msg->terminate_srcip.start);
- return;
- }
- chunk_start = start->get_address(start);
- if (msg->terminate_srcip.end)
- {
- end = host_create_from_string(msg->terminate_srcip.end, 0);
- if (!end)
- {
- DBG1(DBG_CFG, "invalid end address: %s", msg->terminate_srcip.end);
- start->destroy(start);
- return;
- }
- chunk_end = end->get_address(end);
- }
-
- enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
- while (enumerator->enumerate(enumerator, &ike_sa))
- {
- vip = ike_sa->get_virtual_ip(ike_sa, FALSE);
- if (!vip)
- {
- continue;
- }
- if (!end)
- {
- if (!vip->ip_equals(vip, start))
- {
- continue;
- }
- }
- else
- {
- chunk_vip = vip->get_address(vip);
- if (chunk_vip.len != chunk_start.len ||
- chunk_vip.len != chunk_end.len ||
- memcmp(chunk_vip.ptr, chunk_start.ptr, chunk_vip.len) < 0 ||
- memcmp(chunk_vip.ptr, chunk_end.ptr, chunk_vip.len) > 0)
- {
- continue;
- }
- }
-
- /* schedule delete asynchronously */
- charon->processor->queue_job(charon->processor, (job_t*)
- delete_ike_sa_job_create(ike_sa->get_id(ike_sa), TRUE));
- }
- enumerator->destroy(enumerator);
- start->destroy(start);
- DESTROY_IF(end);
-}
-
-/**
- * Implementation of stroke_control_t.purge_ike
- */
-static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
-{
- enumerator_t *enumerator;
- iterator_t *iterator;
- ike_sa_t *ike_sa;
- child_sa_t *child_sa;
- linked_list_t *list;
- uintptr_t del;
- stroke_log_info_t info;
-
- info.out = out;
- info.level = msg->output_verbosity;
-
- list = linked_list_create();
- enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
- while (enumerator->enumerate(enumerator, &ike_sa))
- {
- iterator = ike_sa->create_child_sa_iterator(ike_sa);
- if (!iterator->iterate(iterator, (void**)&child_sa))
- {
- list->insert_last(list,
- (void*)(uintptr_t)ike_sa->get_unique_id(ike_sa));
- }
- iterator->destroy(iterator);
- }
- enumerator->destroy(enumerator);
-
- enumerator = list->create_enumerator(list);
- while (enumerator->enumerate(enumerator, &del))
- {
- charon->controller->terminate_ike(charon->controller, del,
- (controller_cb_t)stroke_log, &info);
- }
- enumerator->destroy(enumerator);
- list->destroy(list);
-}
-
-/**
- * Implementation of stroke_control_t.route.
- */
-static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
-{
- peer_cfg_t *peer_cfg;
- child_cfg_t *child_cfg;
-
- peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
- msg->route.name);
- if (peer_cfg == NULL)
- {
- fprintf(out, "no config named '%s'\n", msg->route.name);
- return;
- }
- if (peer_cfg->get_ike_version(peer_cfg) != 2)
- {
- peer_cfg->destroy(peer_cfg);
- return;
- }
-
- child_cfg = get_child_from_peer(peer_cfg, msg->route.name);
- if (child_cfg == NULL)
- {
- fprintf(out, "no child config named '%s'\n", msg->route.name);
- peer_cfg->destroy(peer_cfg);
- return;
- }
-
- if (charon->traps->install(charon->traps, peer_cfg, child_cfg))
- {
- fprintf(out, "configuration '%s' routed\n", msg->route.name);
- }
- else
- {
- fprintf(out, "routing configuration '%s' failed\n", msg->route.name);
- }
- peer_cfg->destroy(peer_cfg);
- child_cfg->destroy(child_cfg);
-}
-
-/**
- * Implementation of stroke_control_t.unroute.
- */
-static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
-{
- child_sa_t *child_sa;
- enumerator_t *enumerator;
- u_int32_t id;
-
- enumerator = charon->traps->create_enumerator(charon->traps);
- while (enumerator->enumerate(enumerator, NULL, &child_sa))
- {
- if (streq(msg->unroute.name, child_sa->get_name(child_sa)))
- {
- id = child_sa->get_reqid(child_sa);
- enumerator->destroy(enumerator);
- charon->traps->uninstall(charon->traps, id);
- fprintf(out, "configuration '%s' unrouted\n", msg->unroute.name);
- return;
- }
- }
- enumerator->destroy(enumerator);
- fprintf(out, "configuration '%s' not found\n", msg->unroute.name);
-}
-
-/**
- * Implementation of stroke_control_t.destroy
- */
-static void destroy(private_stroke_control_t *this)
-{
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_control_t *stroke_control_create()
-{
- private_stroke_control_t *this = malloc_thing(private_stroke_control_t);
-
- this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate;
- this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate;
- this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip;
- this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike;
- this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route;
- this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute;
- this->public.destroy = (void(*)(stroke_control_t*))destroy;
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h
deleted file mode 100644
index 9b49bdc31..000000000
--- a/src/charon/plugins/stroke/stroke_control.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_control stroke_control
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_CONTROL_H_
-#define STROKE_CONTROL_H_
-
-#include <stroke_msg.h>
-#include <library.h>
-#include <stdio.h>
-
-typedef struct stroke_control_t stroke_control_t;
-
-/**
- * Process stroke control messages
- */
-struct stroke_control_t {
-
- /**
- * Initiate a connection.
- *
- * @param msg stroke message
- */
- void (*initiate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Terminate a connection.
- *
- * @param msg stroke message
- */
- void (*terminate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Terminate a connection by peers virtual IP.
- *
- * @param msg stroke message
- */
- void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Delete IKE_SAs without a CHILD_SA.
- *
- * @param msg stroke message
- */
- void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Route a connection.
- *
- * @param msg stroke message
- */
- void (*route)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Unroute a connection.
- *
- * @param msg stroke message
- */
- void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Destroy a stroke_control instance.
- */
- void (*destroy)(stroke_control_t *this);
-};
-
-/**
- * Create a stroke_control instance.
- */
-stroke_control_t *stroke_control_create();
-
-#endif /** STROKE_CONTROL_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
deleted file mode 100644
index bc0b2f6fc..000000000
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ /dev/null
@@ -1,1174 +0,0 @@
-/*
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/stat.h>
-#include <limits.h>
-#include <glob.h>
-#include <libgen.h>
-
-#include "stroke_cred.h"
-#include "stroke_shared_key.h"
-
-#include <credentials/certificates/x509.h>
-#include <credentials/certificates/crl.h>
-#include <credentials/certificates/ac.h>
-#include <utils/linked_list.h>
-#include <utils/lexparser.h>
-#include <threading/rwlock.h>
-#include <daemon.h>
-
-/* configuration directories and files */
-#define CONFIG_DIR IPSEC_CONFDIR
-#define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
-#define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
-#define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
-#define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
-#define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
-#define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
-#define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
-#define CRL_DIR IPSEC_D_DIR "/crls"
-#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
-
-#define MAX_SECRETS_RECURSION 10
-
-typedef struct private_stroke_cred_t private_stroke_cred_t;
-
-/**
- * private data of stroke_cred
- */
-struct private_stroke_cred_t {
-
- /**
- * public functions
- */
- stroke_cred_t public;
-
- /**
- * list of trusted peer/signer/CA certificates (certificate_t)
- */
- linked_list_t *certs;
-
- /**
- * list of shared secrets (private_shared_key_t)
- */
- linked_list_t *shared;
-
- /**
- * list of private keys (private_key_t)
- */
- linked_list_t *private;
-
- /**
- * read-write lock to lists
- */
- rwlock_t *lock;
-
- /**
- * cache CRLs to disk?
- */
- bool cachecrl;
-};
-
-/**
- * data to pass to various filters
- */
-typedef struct {
- private_stroke_cred_t *this;
- identification_t *id;
- certificate_type_t type;
-} id_data_t;
-
-/**
- * destroy id enumerator data and unlock list
- */
-static void id_data_destroy(id_data_t *data)
-{
- data->this->lock->unlock(data->this->lock);
- free(data);
-}
-
-/**
- * filter function for private key enumerator
- */
-static bool private_filter(id_data_t *data,
- private_key_t **in, private_key_t **out)
-{
- private_key_t *key;
-
- key = *in;
- if (data->id == NULL)
- {
- *out = key;
- return TRUE;
- }
- if (key->has_fingerprint(key, data->id->get_encoding(data->id)))
- {
- *out = key;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * Implements credential_set_t.create_private_enumerator
- */
-static enumerator_t* create_private_enumerator(private_stroke_cred_t *this,
- key_type_t type, identification_t *id)
-{
- id_data_t *data;
-
- data = malloc_thing(id_data_t);
- data->this = this;
- data->id = id;
-
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(this->private->create_enumerator(this->private),
- (void*)private_filter, data,
- (void*)id_data_destroy);
-}
-
-/**
- * filter function for certs enumerator
- */
-static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **out)
-{
- public_key_t *public;
- certificate_t *cert = *in;
-
- if (data->type != CERT_ANY && data->type != cert->get_type(cert))
- {
- return FALSE;
- }
- if (data->id == NULL || cert->has_subject(cert, data->id))
- {
- *out = *in;
- return TRUE;
- }
-
- public = cert->get_public_key(cert);
- if (public)
- {
- if (public->has_fingerprint(public, data->id->get_encoding(data->id)))
- {
- public->destroy(public);
- *out = *in;
- return TRUE;
- }
- public->destroy(public);
- }
- return FALSE;
-}
-
-/**
- * Implements credential_set_t.create_cert_enumerator
- */
-static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
- certificate_type_t cert, key_type_t key,
- identification_t *id, bool trusted)
-{
- id_data_t *data;
-
- if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC))
- {
- return NULL;
- }
- data = malloc_thing(id_data_t);
- data->this = this;
- data->id = id;
- data->type = cert;
-
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(this->certs->create_enumerator(this->certs),
- (void*)certs_filter, data,
- (void*)id_data_destroy);
-}
-
-typedef struct {
- private_stroke_cred_t *this;
- identification_t *me;
- identification_t *other;
- shared_key_type_t type;
-} shared_data_t;
-
-/**
- * free shared key enumerator data and unlock list
- */
-static void shared_data_destroy(shared_data_t *data)
-{
- data->this->lock->unlock(data->this->lock);
- free(data);
-}
-
-/**
- * filter function for certs enumerator
- */
-static bool shared_filter(shared_data_t *data,
- stroke_shared_key_t **in, shared_key_t **out,
- void **unused1, id_match_t *me,
- void **unused2, id_match_t *other)
-{
- id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
- stroke_shared_key_t *stroke = *in;
- shared_key_t *shared = &stroke->shared;
-
- if (data->type != SHARED_ANY && shared->get_type(shared) != data->type)
- {
- return FALSE;
- }
-
- if (data->me)
- {
- my_match = stroke->has_owner(stroke, data->me);
- }
- if (data->other)
- {
- other_match = stroke->has_owner(stroke, data->other);
- }
- if ((data->me || data->other) && (!my_match && !other_match))
- {
- return FALSE;
- }
- *out = shared;
- if (me)
- {
- *me = my_match;
- }
- if (other)
- {
- *other = other_match;
- }
- return TRUE;
-}
-
-/**
- * Implements credential_set_t.create_shared_enumerator
- */
-static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this,
- shared_key_type_t type, identification_t *me,
- identification_t *other)
-{
- shared_data_t *data = malloc_thing(shared_data_t);
-
- data->this = this;
- data->me = me;
- data->other = other;
- data->type = type;
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(this->shared->create_enumerator(this->shared),
- (void*)shared_filter, data,
- (void*)shared_data_destroy);
-}
-
-/**
- * Add a certificate to chain
- */
-static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert)
-{
- certificate_t *current;
- enumerator_t *enumerator;
- bool new = TRUE;
-
- this->lock->read_lock(this->lock);
- enumerator = this->certs->create_enumerator(this->certs);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current->equals(current, cert))
- {
- /* cert already in queue */
- cert->destroy(cert);
- cert = current;
- new = FALSE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (new)
- {
- this->certs->insert_last(this->certs, cert);
- }
- this->lock->unlock(this->lock);
- return cert;
-}
-
-/**
- * Implementation of stroke_cred_t.load_ca.
- */
-static certificate_t* load_ca(private_stroke_cred_t *this, char *filename)
-{
- certificate_t *cert;
- char path[PATH_MAX];
-
- if (*filename == '/')
- {
- snprintf(path, sizeof(path), "%s", filename);
- }
- else
- {
- snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename);
- }
-
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, path,
- BUILD_END);
- if (cert)
- {
- x509_t *x509 = (x509_t*)cert;
-
- if (!(x509->get_flags(x509) & X509_CA))
- {
- DBG1(DBG_CFG, " ca certificate \"%Y\" misses ca basic constraint, "
- "discarded", cert->get_subject(cert));
- cert->destroy(cert);
- return NULL;
- }
- return (certificate_t*)add_cert(this, cert);
- }
- return NULL;
-}
-
-/**
- * Add X.509 CRL to chain
- */
-static bool add_crl(private_stroke_cred_t *this, crl_t* crl)
-{
- certificate_t *current, *cert = &crl->certificate;
- enumerator_t *enumerator;
- bool new = TRUE, found = FALSE;
-
- this->lock->write_lock(this->lock);
- enumerator = this->certs->create_enumerator(this->certs);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current->get_type(current) == CERT_X509_CRL)
- {
- crl_t *crl_c = (crl_t*)current;
- chunk_t authkey = crl->get_authKeyIdentifier(crl);
- chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c);
-
- /* if compare authorityKeyIdentifiers if available */
- if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c))
- {
- found = TRUE;
- }
- else
- {
- identification_t *issuer = cert->get_issuer(cert);
- identification_t *issuer_c = current->get_issuer(current);
-
- /* otherwise compare issuer distinguished names */
- if (issuer->equals(issuer, issuer_c))
- {
- found = TRUE;
- }
- }
- if (found)
- {
- new = cert->is_newer(cert, current);
- if (new)
- {
- this->certs->remove_at(this->certs, enumerator);
- }
- else
- {
- cert->destroy(cert);
- }
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- if (new)
- {
- this->certs->insert_last(this->certs, cert);
- }
- this->lock->unlock(this->lock);
- return new;
-}
-
-/**
- * Add X.509 attribute certificate to chain
- */
-static bool add_ac(private_stroke_cred_t *this, ac_t* ac)
-{
- certificate_t *cert = &ac->certificate;
-
- this->lock->write_lock(this->lock);
- this->certs->insert_last(this->certs, cert);
- this->lock->unlock(this->lock);
- return TRUE;
-}
-
-/**
- * Implementation of stroke_cred_t.load_peer.
- */
-static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
-{
- certificate_t *cert;
- char path[PATH_MAX];
-
- if (*filename == '/')
- {
- snprintf(path, sizeof(path), "%s", filename);
- }
- else
- {
- snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
- }
-
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_ANY,
- BUILD_FROM_FILE, path,
- BUILD_END);
- if (cert)
- {
- cert = add_cert(this, cert);
- DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'",
- cert->get_subject(cert), filename);
- return cert->get_ref(cert);
- }
- DBG1(DBG_CFG, " loading certificate from '%s' failed", filename);
- return NULL;
-}
-
-/**
- * load trusted certificates from a directory
- */
-static void load_certdir(private_stroke_cred_t *this, char *path,
- certificate_type_t type, x509_flag_t flag)
-{
- struct stat st;
- char *file;
-
- enumerator_t *enumerator = enumerator_create_directory(path);
-
- if (!enumerator)
- {
- DBG1(DBG_CFG, " reading directory failed");
- return;
- }
-
- while (enumerator->enumerate(enumerator, NULL, &file, &st))
- {
- certificate_t *cert;
-
- if (!S_ISREG(st.st_mode))
- {
- /* skip special file */
- continue;
- }
- switch (type)
- {
- case CERT_X509:
- if (flag & X509_CA)
- { /* for CA certificates, we strictly require
- * the CA basic constraint to be set */
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, file, BUILD_END);
- if (cert)
- {
- x509_t *x509 = (x509_t*)cert;
-
- if (!(x509->get_flags(x509) & X509_CA))
- {
- DBG1(DBG_CFG, " ca certificate \"%Y\" lacks "
- "ca basic constraint, discarded",
- cert->get_subject(cert));
- cert->destroy(cert);
- cert = NULL;
- }
- else
- {
- DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'",
- cert->get_subject(cert), file);
- }
- }
- else
- {
- DBG1(DBG_CFG, " loading ca certificate from '%s' "
- "failed", file);
- }
- }
- else
- { /* for all other flags, we add them to the certificate. */
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FILE, file,
- BUILD_X509_FLAG, flag, BUILD_END);
- if (cert)
- {
- DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'",
- cert->get_subject(cert), file);
- }
- else
- {
- DBG1(DBG_CFG, " loading certificate from '%s' "
- "failed", file);
- }
- }
- if (cert)
- {
- add_cert(this, cert);
- }
- break;
- case CERT_X509_CRL:
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509_CRL,
- BUILD_FROM_FILE, file,
- BUILD_END);
- if (cert)
- {
- add_crl(this, (crl_t*)cert);
- DBG1(DBG_CFG, " loaded crl from '%s'", file);
- }
- else
- {
- DBG1(DBG_CFG, " loading crl from '%s' failed", file);
- }
- break;
- case CERT_X509_AC:
- cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509_AC,
- BUILD_FROM_FILE, file,
- BUILD_END);
- if (cert)
- {
- add_ac(this, (ac_t*)cert);
- DBG1(DBG_CFG, " loaded attribute certificate from '%s'",
- file);
- }
- else
- {
- DBG1(DBG_CFG, " loading attribute certificate from '%s' "
- "failed", file);
- }
- break;
- default:
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * Implementation of credential_set_t.cache_cert.
- */
-static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
-{
- if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
- {
- /* CRLs get written to /etc/ipsec.d/crls/<authkeyId>.crl */
- crl_t *crl = (crl_t*)cert;
-
- cert->get_ref(cert);
- if (add_crl(this, crl))
- {
- char buf[BUF_LEN];
- chunk_t chunk, hex;
-
- chunk = crl->get_authKeyIdentifier(crl);
- hex = chunk_to_hex(chunk, NULL, FALSE);
- snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex);
- free(hex.ptr);
-
- chunk = cert->get_encoding(cert);
- chunk_write(chunk, buf, "crl", 022, TRUE);
- free(chunk.ptr);
- }
- }
-}
-
-/**
- * Implementation of stroke_cred_t.cachecrl.
- */
-static void cachecrl(private_stroke_cred_t *this, bool enabled)
-{
- DBG1(DBG_CFG, "crl caching to %s %s",
- CRL_DIR, enabled ? "enabled" : "disabled");
- this->cachecrl = enabled;
-}
-
-
-/**
- * Convert a string of characters into a binary secret
- * A string between single or double quotes is treated as ASCII characters
- * A string prepended by 0x is treated as HEX and prepended by 0s as Base64
- */
-static err_t extract_secret(chunk_t *secret, chunk_t *line)
-{
- chunk_t raw_secret;
- char delimiter = ' ';
- bool quotes = FALSE;
-
- if (!eat_whitespace(line))
- {
- return "missing secret";
- }
-
- if (*line->ptr == '\'' || *line->ptr == '"')
- {
- quotes = TRUE;
- delimiter = *line->ptr;
- line->ptr++; line->len--;
- }
-
- if (!extract_token(&raw_secret, delimiter, line))
- {
- if (delimiter == ' ')
- {
- raw_secret = *line;
- }
- else
- {
- return "missing second delimiter";
- }
- }
-
- if (quotes)
- {
- /* treat as an ASCII string */
- *secret = chunk_clone(raw_secret);
- return NULL;
- }
- /* treat 0x as hex, 0s as base64 */
- if (raw_secret.len > 2)
- {
- if (strncasecmp("0x", raw_secret.ptr, 2) == 0)
- {
- *secret = chunk_from_hex(chunk_skip(raw_secret, 2), NULL);
- return NULL;
- }
- if (strncasecmp("0s", raw_secret.ptr, 2) == 0)
- {
- *secret = chunk_from_base64(chunk_skip(raw_secret, 2), NULL);
- return NULL;
- }
- }
- *secret = chunk_clone(raw_secret);
- return NULL;
-}
-
-/**
- * Data to pass to passphrase_cb
- */
-typedef struct {
- /** socket we use for prompting */
- FILE *prompt;
- /** private key file */
- char *file;
- /** buffer for passphrase */
- char buf[256];
-} passphrase_cb_data_t;
-
-/**
- * Passphrase callback to read from whack fd
- */
-chunk_t passphrase_cb(passphrase_cb_data_t *data, int try)
-{
- chunk_t secret = chunk_empty;;
-
- if (try > 5)
- {
- fprintf(data->prompt, "invalid passphrase, too many trials\n");
- return chunk_empty;
- }
- if (try == 1)
- {
- fprintf(data->prompt, "Private key '%s' is encrypted\n", data->file);
- }
- else
- {
- fprintf(data->prompt, "invalid passphrase\n");
- }
- fprintf(data->prompt, "Passphrase:\n");
- if (fgets(data->buf, sizeof(data->buf), data->prompt))
- {
- secret = chunk_create(data->buf, strlen(data->buf));
- if (secret.len)
- { /* trim appended \n */
- secret.len--;
- }
- }
- return secret;
-}
-
-/**
- * reload ipsec.secrets
- */
-static void load_secrets(private_stroke_cred_t *this, char *file, int level,
- FILE *prompt)
-{
- size_t bytes;
- int line_nr = 0;
- chunk_t chunk, src, line;
- FILE *fd;
- private_key_t *private;
- shared_key_t *shared;
-
- DBG1(DBG_CFG, "loading secrets from '%s'", file);
-
- fd = fopen(file, "r");
- if (fd == NULL)
- {
- DBG1(DBG_CFG, "opening secrets file '%s' failed", file);
- return;
- }
-
- /* TODO: do error checks */
- fseek(fd, 0, SEEK_END);
- chunk.len = ftell(fd);
- rewind(fd);
- chunk.ptr = malloc(chunk.len);
- bytes = fread(chunk.ptr, 1, chunk.len, fd);
- fclose(fd);
- src = chunk;
-
- if (level == 0)
- {
- this->lock->write_lock(this->lock);
-
- /* flush secrets on non-recursive invocation */
- while (this->shared->remove_last(this->shared,
- (void**)&shared) == SUCCESS)
- {
- shared->destroy(shared);
- }
- while (this->private->remove_last(this->private,
- (void**)&private) == SUCCESS)
- {
- private->destroy(private);
- }
- }
-
- while (fetchline(&src, &line))
- {
- chunk_t ids, token;
- shared_key_type_t type;
-
- line_nr++;
-
- if (!eat_whitespace(&line))
- {
- continue;
- }
- if (line.len > strlen("include ") &&
- strneq(line.ptr, "include ", strlen("include ")))
- {
- glob_t buf;
- char **expanded, *dir, pattern[PATH_MAX];
- u_char *pos;
-
- if (level > MAX_SECRETS_RECURSION)
- {
- DBG1(DBG_CFG, "maximum level of %d includes reached, ignored",
- MAX_SECRETS_RECURSION);
- continue;
- }
- /* terminate filename by space */
- line = chunk_skip(line, strlen("include "));
- pos = memchr(line.ptr, ' ', line.len);
- if (pos)
- {
- line.len = pos - line.ptr;
- }
- if (line.len && line.ptr[0] == '/')
- {
- if (line.len + 1 > sizeof(pattern))
- {
- DBG1(DBG_CFG, "include pattern too long, ignored");
- continue;
- }
- snprintf(pattern, sizeof(pattern), "%.*s", line.len, line.ptr);
- }
- else
- { /* use directory of current file if relative */
- dir = strdup(file);
- dir = dirname(dir);
-
- if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern))
- {
- DBG1(DBG_CFG, "include pattern too long, ignored");
- free(dir);
- continue;
- }
- snprintf(pattern, sizeof(pattern), "%s/%.*s",
- dir, line.len, line.ptr);
- free(dir);
- }
- if (glob(pattern, GLOB_ERR, NULL, &buf) != 0)
- {
- DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern);
- globfree(&buf);
- }
- else
- {
- for (expanded = buf.gl_pathv; *expanded != NULL; expanded++)
- {
- load_secrets(this, *expanded, level + 1, prompt);
- }
- }
- globfree(&buf);
- continue;
- }
-
- if (line.len > 2 && strneq(": ", line.ptr, 2))
- {
- /* no ids, skip the ':' */
- ids = chunk_empty;
- line.ptr++;
- line.len--;
- }
- else if (extract_token_str(&ids, " : ", &line))
- {
- /* NULL terminate the extracted id string */
- *(ids.ptr + ids.len) = '\0';
- }
- else
- {
- DBG1(DBG_CFG, "line %d: missing ' : ' separator", line_nr);
- goto error;
- }
-
- if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
- {
- DBG1(DBG_CFG, "line %d: missing token", line_nr);
- goto error;
- }
- if (match("RSA", &token) || match("ECDSA", &token))
- {
- char path[PATH_MAX];
- chunk_t filename;
- chunk_t secret = chunk_empty;
- private_key_t *key = NULL;
- key_type_t key_type = match("RSA", &token) ? KEY_RSA : KEY_ECDSA;
-
- err_t ugh = extract_value(&filename, &line);
-
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
- goto error;
- }
- if (filename.len == 0)
- {
- DBG1(DBG_CFG, "line %d: empty filename", line_nr);
- goto error;
- }
- if (*filename.ptr == '/')
- {
- /* absolute path name */
- snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr);
- }
- else
- {
- /* relative path name */
- snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR,
- filename.len, filename.ptr);
- }
-
- /* check for optional passphrase */
- if (eat_whitespace(&line))
- {
- ugh = extract_secret(&secret, &line);
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
- goto error;
- }
- }
- if (secret.len == 7 && strneq(secret.ptr, "%prompt", 7))
- {
- if (prompt)
- {
- passphrase_cb_data_t data;
-
- data.prompt = prompt;
- data.file = path;
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
- key_type, BUILD_FROM_FILE, path,
- BUILD_PASSPHRASE_CALLBACK,
- passphrase_cb, &data, BUILD_END);
- }
- }
- else
- {
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
- BUILD_FROM_FILE, path,
- BUILD_PASSPHRASE, secret, BUILD_END);
- }
- if (key)
- {
- DBG1(DBG_CFG, " loaded %N private key from '%s'",
- key_type_names, key->get_type(key), path);
- this->private->insert_last(this->private, key);
- }
- else
- {
- DBG1(DBG_CFG, " loading private key from '%s' failed", path);
- }
- chunk_clear(&secret);
- }
- else if (match("PIN", &token))
- {
- chunk_t sc = chunk_empty, secret = chunk_empty;
- char smartcard[32], keyid[22], pin[32];
- private_key_t *key;
- u_int slot;
-
- err_t ugh = extract_value(&sc, &line);
-
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
- goto error;
- }
- if (sc.len == 0)
- {
- DBG1(DBG_CFG, "line %d: expected %%smartcard specifier", line_nr);
- goto error;
- }
- snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr);
- smartcard[sizeof(smartcard) - 1] = '\0';
-
- /* parse slot and key id. only two formats are supported.
- * first try %smartcard<slot>:<keyid> */
- if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2)
- {
- snprintf(smartcard, sizeof(smartcard), "%u:%s", slot, keyid);
- }
- /* then try %smartcard:<keyid> */
- else if (sscanf(smartcard, "%%smartcard:%s", keyid) == 1)
- {
- snprintf(smartcard, sizeof(smartcard), "%s", keyid);
- }
- else
- {
- DBG1(DBG_CFG, "line %d: the given %%smartcard specifier is not"
- " supported or invalid", line_nr);
- goto error;
- }
-
- if (!eat_whitespace(&line))
- {
- DBG1(DBG_CFG, "line %d: expected PIN", line_nr);
- goto error;
- }
- ugh = extract_secret(&secret, &line);
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh);
- goto error;
- }
- snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
- pin[sizeof(pin) - 1] = '\0';
-
- /* we assume an RSA key */
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_SMARTCARD_KEYID, smartcard,
- BUILD_SMARTCARD_PIN, pin, BUILD_END);
-
- if (key)
- {
- DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
- this->private->insert_last(this->private, key);
- }
- memset(pin, 0, sizeof(pin));
- chunk_clear(&secret);
- }
- else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
- (match("EAP", &token) && (type = SHARED_EAP)) ||
- (match("XAUTH", &token) && (type = SHARED_EAP)))
- {
- stroke_shared_key_t *shared_key;
- chunk_t secret = chunk_empty;
- bool any = TRUE;
-
- err_t ugh = extract_secret(&secret, &line);
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
- goto error;
- }
- shared_key = stroke_shared_key_create(type, secret);
- DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type,
- ids.len > 0 ? (char*)ids.ptr : "%any");
- DBG4(DBG_CFG, " secret: %#B", &secret);
-
- this->shared->insert_last(this->shared, shared_key);
- while (ids.len > 0)
- {
- chunk_t id;
- identification_t *peer_id;
-
- ugh = extract_value(&id, &ids);
- if (ugh != NULL)
- {
- DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
- goto error;
- }
- if (id.len == 0)
- {
- continue;
- }
-
- /* NULL terminate the ID string */
- *(id.ptr + id.len) = '\0';
- peer_id = identification_create_from_string(id.ptr);
- if (peer_id->get_type(peer_id) == ID_ANY)
- {
- peer_id->destroy(peer_id);
- continue;
- }
-
- shared_key->add_owner(shared_key, peer_id);
- any = FALSE;
- }
- if (any)
- {
- shared_key->add_owner(shared_key,
- identification_create_from_encoding(ID_ANY, chunk_empty));
- }
- }
- else
- {
- DBG1(DBG_CFG, "line %d: token must be either "
- "RSA, ECDSA, PSK, EAP, XAUTH or PIN", line_nr);
- goto error;
- }
- }
-error:
- if (level == 0)
- {
- this->lock->unlock(this->lock);
- }
- chunk_clear(&chunk);
-}
-
-/**
- * load all certificates from ipsec.d
- */
-static void load_certs(private_stroke_cred_t *this)
-{
- DBG1(DBG_CFG, "loading ca certificates from '%s'",
- CA_CERTIFICATE_DIR);
- load_certdir(this, CA_CERTIFICATE_DIR, CERT_X509, X509_CA);
-
- DBG1(DBG_CFG, "loading aa certificates from '%s'",
- AA_CERTIFICATE_DIR);
- load_certdir(this, AA_CERTIFICATE_DIR, CERT_X509, X509_AA);
-
- DBG1(DBG_CFG, "loading ocsp signer certificates from '%s'",
- OCSP_CERTIFICATE_DIR);
- load_certdir(this, OCSP_CERTIFICATE_DIR, CERT_X509, X509_OCSP_SIGNER);
-
- DBG1(DBG_CFG, "loading attribute certificates from '%s'",
- ATTR_CERTIFICATE_DIR);
- load_certdir(this, ATTR_CERTIFICATE_DIR, CERT_X509_AC, 0);
-
- DBG1(DBG_CFG, "loading crls from '%s'",
- CRL_DIR);
- load_certdir(this, CRL_DIR, CERT_X509_CRL, 0);
-}
-
-/**
- * Implementation of stroke_cred_t.reread.
- */
-static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt)
-{
- if (msg->reread.flags & REREAD_SECRETS)
- {
- DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this, SECRETS_FILE, 0, prompt);
- }
- if (msg->reread.flags & REREAD_CACERTS)
- {
- DBG1(DBG_CFG, "rereading ca certificates from '%s'",
- CA_CERTIFICATE_DIR);
- load_certdir(this, CA_CERTIFICATE_DIR, CERT_X509, X509_CA);
- }
- if (msg->reread.flags & REREAD_OCSPCERTS)
- {
- DBG1(DBG_CFG, "rereading ocsp signer certificates from '%s'",
- OCSP_CERTIFICATE_DIR);
- load_certdir(this, OCSP_CERTIFICATE_DIR, CERT_X509,
- X509_OCSP_SIGNER);
- }
- if (msg->reread.flags & REREAD_AACERTS)
- {
- DBG1(DBG_CFG, "rereading aa certificates from '%s'",
- AA_CERTIFICATE_DIR);
- load_certdir(this, AA_CERTIFICATE_DIR, CERT_X509, X509_AA);
- }
- if (msg->reread.flags & REREAD_ACERTS)
- {
- DBG1(DBG_CFG, "rereading attribute certificates from '%s'",
- ATTR_CERTIFICATE_DIR);
- load_certdir(this, ATTR_CERTIFICATE_DIR, CERT_X509_AC, 0);
- }
- if (msg->reread.flags & REREAD_CRLS)
- {
- DBG1(DBG_CFG, "rereading crls from '%s'",
- CRL_DIR);
- load_certdir(this, CRL_DIR, CERT_X509_CRL, 0);
- }
-}
-
-/**
- * Implementation of stroke_cred_t.destroy
- */
-static void destroy(private_stroke_cred_t *this)
-{
- this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy));
- this->shared->destroy_offset(this->shared, offsetof(shared_key_t, destroy));
- this->private->destroy_offset(this->private, offsetof(private_key_t, destroy));
- this->lock->destroy(this->lock);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_cred_t *stroke_cred_create()
-{
- private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t);
-
- this->public.set.create_private_enumerator = (void*)create_private_enumerator;
- this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
- this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
- this->public.set.create_cdp_enumerator = (void*)return_null;
- this->public.set.cache_cert = (void*)cache_cert;
- this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread;
- this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca;
- this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer;
- this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl;
- this->public.destroy = (void(*)(stroke_cred_t*))destroy;
-
- this->certs = linked_list_create();
- this->shared = linked_list_create();
- this->private = linked_list_create();
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
-
- load_certs(this);
- load_secrets(this, SECRETS_FILE, 0, NULL);
-
- this->cachecrl = FALSE;
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h
deleted file mode 100644
index ccee7d87c..000000000
--- a/src/charon/plugins/stroke/stroke_cred.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_cred stroke_cred
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_CRED_H_
-#define STROKE_CRED_H_
-
-#include <stdio.h>
-
-#include <stroke_msg.h>
-#include <credentials/credential_set.h>
-#include <credentials/certificates/certificate.h>
-
-typedef struct stroke_cred_t stroke_cred_t;
-
-/**
- * Stroke in-memory credential storage.
- */
-struct stroke_cred_t {
-
- /**
- * Implements credential_set_t
- */
- credential_set_t set;
-
- /**
- * Reread secrets from config files.
- *
- * @param msg stroke message
- * @param prompt I/O channel to prompt for private key passhprase
- */
- void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);
-
- /**
- * Load a CA certificate, and serve it through the credential_set.
- *
- * @param filename file to load CA cert from
- * @return reference to loaded certificate, or NULL
- */
- certificate_t* (*load_ca)(stroke_cred_t *this, char *filename);
-
- /**
- * Load a peer certificate and serve it rhrough the credential_set.
- *
- * @param filename file to load peer cert from
- * @return reference to loaded certificate, or NULL
- */
- certificate_t* (*load_peer)(stroke_cred_t *this, char *filename);
-
- /**
- * Enable/Disable CRL caching to disk.
- *
- * @param enabled TRUE to enable, FALSE to disable
- */
- void (*cachecrl)(stroke_cred_t *this, bool enabled);
-
- /**
- * Destroy a stroke_cred instance.
- */
- void (*destroy)(stroke_cred_t *this);
-};
-
-/**
- * Create a stroke_cred instance.
- */
-stroke_cred_t *stroke_cred_create();
-
-#endif /** STROKE_CRED_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
deleted file mode 100644
index c2a98da33..000000000
--- a/src/charon/plugins/stroke/stroke_list.c
+++ /dev/null
@@ -1,1230 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_list.h"
-
-#include <time.h>
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <credentials/certificates/x509.h>
-#include <credentials/certificates/ac.h>
-#include <credentials/certificates/crl.h>
-#include <credentials/certificates/pgp_certificate.h>
-#include <credentials/ietf_attributes/ietf_attributes.h>
-#include <config/peer_cfg.h>
-
-/* warning intervals for list functions */
-#define CERT_WARNING_INTERVAL 30 /* days */
-#define CRL_WARNING_INTERVAL 7 /* days */
-#define AC_WARNING_INTERVAL 1 /* day */
-
-typedef struct private_stroke_list_t private_stroke_list_t;
-
-/**
- * private data of stroke_list
- */
-struct private_stroke_list_t {
-
- /**
- * public functions
- */
- stroke_list_t public;
-
- /**
- * timestamp of daemon start
- */
- time_t uptime;
-
- /**
- * strokes attribute provider
- */
- stroke_attribute_t *attribute;
-};
-
-/**
- * log an IKE_SA to out
- */
-static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
-{
- ike_sa_id_t *id = ike_sa->get_id(ike_sa);
- time_t now = time_monotonic(NULL);
-
- fprintf(out, "%12s[%d]: %N",
- ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
- ike_sa_state_names, ike_sa->get_state(ike_sa));
-
- if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED)
- {
- time_t established;
-
- established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED);
- fprintf(out, " %V ago", &now, &established);
- }
-
- fprintf(out, ", %H[%Y]...%H[%Y]\n",
- ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa),
- ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa));
-
- if (all)
- {
- proposal_t *ike_proposal;
-
- ike_proposal = ike_sa->get_proposal(ike_sa);
-
- fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s",
- ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
- id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "",
- id->get_responder_spi(id), id->is_initiator(id) ? "" : "*");
-
-
- if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED)
- {
- time_t rekey, reauth;
- peer_cfg_t *peer_cfg;
-
- rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY);
- reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH);
- peer_cfg = ike_sa->get_peer_cfg(ike_sa);
-
- if (rekey)
- {
- fprintf(out, ", rekeying in %V", &rekey, &now);
- }
- if (reauth)
- {
- bool first = TRUE;
- enumerator_t *enumerator;
- auth_cfg_t *auth;
-
- fprintf(out, ", ");
- enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, TRUE);
- while (enumerator->enumerate(enumerator, &auth))
- {
- if (!first)
- {
- fprintf(out, "+");
- }
- first = FALSE;
- fprintf(out, "%N", auth_class_names,
- auth->get(auth, AUTH_RULE_AUTH_CLASS));
- }
- enumerator->destroy(enumerator);
- fprintf(out, " reauthentication in %V", &reauth, &now);
- }
- if (!rekey && !reauth)
- {
- fprintf(out, ", rekeying disabled");
- }
- }
- fprintf(out, "\n");
-
- if (ike_proposal)
- {
- char buf[BUF_LEN];
-
- snprintf(buf, BUF_LEN, "%P", ike_proposal);
- fprintf(out, "%12s[%d]: IKE proposal: %s\n",
- ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
- buf+4);
- }
- }
-}
-
-/**
- * log an CHILD_SA to out
- */
-static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
-{
- time_t use_in, use_out, rekey, now;
- u_int64_t bytes_in, bytes_out;
- proposal_t *proposal;
- child_cfg_t *config = child_sa->get_config(child_sa);
-
-
- fprintf(out, "%12s{%d}: %N, %N%s",
- child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
- child_sa_state_names, child_sa->get_state(child_sa),
- ipsec_mode_names, child_sa->get_mode(child_sa),
- config->use_proxy_mode(config) ? "_PROXY" : "");
-
- if (child_sa->get_state(child_sa) == CHILD_INSTALLED)
- {
- fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o",
- protocol_id_names, child_sa->get_protocol(child_sa),
- child_sa->has_encap(child_sa) ? " in UDP" : "",
- ntohl(child_sa->get_spi(child_sa, TRUE)),
- ntohl(child_sa->get_spi(child_sa, FALSE)));
-
- if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE)
- {
- fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o",
- ntohs(child_sa->get_cpi(child_sa, TRUE)),
- ntohs(child_sa->get_cpi(child_sa, FALSE)));
- }
-
- if (all)
- {
- fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa),
- child_sa->get_reqid(child_sa));
-
- proposal = child_sa->get_proposal(child_sa);
- if (proposal)
- {
- u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED;
- u_int16_t encr_size = 0, int_size = 0;
-
- proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
- &encr_alg, &encr_size);
- proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
- &int_alg, &int_size);
-
- if (encr_alg != ENCR_UNDEFINED)
- {
- fprintf(out, "%N", encryption_algorithm_names, encr_alg);
- if (encr_size)
- {
- fprintf(out, "_%u", encr_size);
- }
- }
- if (int_alg != AUTH_UNDEFINED)
- {
- fprintf(out, "/%N", integrity_algorithm_names, int_alg);
- if (int_size)
- {
- fprintf(out, "_%u", int_size);
- }
- }
- }
-
- now = time_monotonic(NULL);
- child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in);
- fprintf(out, ", %llu bytes_i", bytes_in);
- if (use_in)
- {
- fprintf(out, " (%ds ago)", now - use_in);
- }
-
- child_sa->get_usestats(child_sa, FALSE, &use_out, &bytes_out);
- fprintf(out, ", %llu bytes_o", bytes_out);
- if (use_out)
- {
- fprintf(out, " (%ds ago)", now - use_out);
- }
- fprintf(out, ", rekeying ");
-
- rekey = child_sa->get_lifetime(child_sa, FALSE);
- if (rekey)
- {
- if (now > rekey)
- {
- fprintf(out, "active");
- }
- else
- {
- fprintf(out, "in %V", &now, &rekey);
- }
- }
- else
- {
- fprintf(out, "disabled");
- }
-
- }
- }
-
- fprintf(out, "\n%12s{%d}: %#R=== %#R\n",
- child_sa->get_name(child_sa), child_sa->get_reqid(child_sa),
- child_sa->get_traffic_selectors(child_sa, TRUE),
- child_sa->get_traffic_selectors(child_sa, FALSE));
-}
-
-/**
- * Log a configs local or remote authentication config to out
- */
-static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
-{
- enumerator_t *enumerator, *rules;
- auth_rule_t rule;
- auth_cfg_t *auth;
- auth_class_t auth_class;
- identification_t *id;
- certificate_t *cert;
- cert_validation_t valid;
- char *name;
-
- name = peer_cfg->get_name(peer_cfg);
-
- enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
- while (enumerator->enumerate(enumerator, &auth))
- {
- fprintf(out, "%12s: %s [%Y] uses ", name, local ? "local: " : "remote:",
- auth->get(auth, AUTH_RULE_IDENTITY));
-
- auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
- if (auth_class != AUTH_CLASS_EAP)
- {
- fprintf(out, "%N authentication\n", auth_class_names, auth_class);
- }
- else
- {
- if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK)
- {
- fprintf(out, "EAP authentication");
- }
- else
- {
- if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR))
- {
- fprintf(out, "EAP_%d-%d authentication",
- (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE),
- (uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR));
- }
- else
- {
- fprintf(out, "%N authentication", eap_type_names,
- (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE));
- }
- }
- id = auth->get(auth, AUTH_RULE_EAP_IDENTITY);
- if (id)
- {
- fprintf(out, " with EAP identity '%Y'", id);
- }
- fprintf(out, "\n");
- }
-
- cert = auth->get(auth, AUTH_RULE_CA_CERT);
- if (cert)
- {
- fprintf(out, "%12s: ca: \"%Y\"\n", name, cert->get_subject(cert));
- }
-
- cert = auth->get(auth, AUTH_RULE_IM_CERT);
- if (cert)
- {
- fprintf(out, "%12s: im-ca: \"%Y\"\n", name, cert->get_subject(cert));
- }
-
- cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
- if (cert)
- {
- fprintf(out, "%12s: cert: \"%Y\"\n", name,
- cert->get_subject(cert));
- }
-
- valid = (uintptr_t)auth->get(auth, AUTH_RULE_OCSP_VALIDATION);
- if (valid != VALIDATION_FAILED)
- {
- fprintf(out, "%12s: ocsp: status must be GOOD%s\n", name,
- (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : "");
- }
-
- valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION);
- if (valid != VALIDATION_FAILED)
- {
- fprintf(out, "%12s: crl: status must be GOOD%s\n", name,
- (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : "");
- }
-
- rules = auth->create_enumerator(auth);
- while (rules->enumerate(rules, &rule, &id))
- {
- if (rule == AUTH_RULE_AC_GROUP)
- {
- fprintf(out, "%12s: group: %Y\n", name, id);
- }
- }
- rules->destroy(rules);
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * Implementation of stroke_list_t.status.
- */
-static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all)
-{
- enumerator_t *enumerator, *children;
- ike_cfg_t *ike_cfg;
- child_cfg_t *child_cfg;
- child_sa_t *child_sa;
- ike_sa_t *ike_sa;
- bool first, found = FALSE;
- char *name = msg->status.name;
-
- if (all)
- {
- peer_cfg_t *peer_cfg;
- char *plugin, *pool;
- host_t *host;
- u_int32_t dpd;
- time_t since, now;
- u_int size, online, offline;
-
- now = time_monotonic(NULL);
- since = time(NULL) - (now - this->uptime);
-
- fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n");
- fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE);
- fprintf(out, " worker threads: %d idle of %d,",
- charon->processor->get_idle_threads(charon->processor),
- charon->processor->get_total_threads(charon->processor));
- fprintf(out, " job queue load: %d,",
- charon->processor->get_job_load(charon->processor));
- fprintf(out, " scheduled events: %d\n",
- charon->scheduler->get_job_load(charon->scheduler));
- fprintf(out, " loaded plugins: ");
- enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
- while (enumerator->enumerate(enumerator, &plugin))
- {
- fprintf(out, "%s ", plugin);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n");
-
- first = TRUE;
- enumerator = this->attribute->create_pool_enumerator(this->attribute);
- while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
- {
- if (name && !streq(name, pool))
- {
- continue;
- }
- if (first)
- {
- first = FALSE;
- fprintf(out, "Virtual IP pools (size/online/offline):\n");
- }
- fprintf(out, " %s: %u/%u/%u\n", pool, size, online, offline);
- }
- enumerator->destroy(enumerator);
-
- enumerator = charon->kernel_interface->create_address_enumerator(
- charon->kernel_interface, FALSE, FALSE);
- fprintf(out, "Listening IP addresses:\n");
- while (enumerator->enumerate(enumerator, (void**)&host))
- {
- fprintf(out, " %H\n", host);
- }
- enumerator->destroy(enumerator);
-
- fprintf(out, "Connections:\n");
- enumerator = charon->backends->create_peer_cfg_enumerator(
- charon->backends, NULL, NULL, NULL, NULL);
- while (enumerator->enumerate(enumerator, &peer_cfg))
- {
- if (peer_cfg->get_ike_version(peer_cfg) != 2 ||
- (name && !streq(name, peer_cfg->get_name(peer_cfg))))
- {
- continue;
- }
-
- ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
- fprintf(out, "%12s: %s...%s", peer_cfg->get_name(peer_cfg),
- ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg));
-
- dpd = peer_cfg->get_dpd(peer_cfg);
- if (dpd)
- {
- fprintf(out, ", dpddelay=%us", dpd);
- }
- fprintf(out, "\n");
-
- log_auth_cfgs(out, peer_cfg, TRUE);
- log_auth_cfgs(out, peer_cfg, FALSE);
-
- children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
- while (children->enumerate(children, &child_cfg))
- {
- linked_list_t *my_ts, *other_ts;
-
- my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
- fprintf(out, "%12s: child: %#R=== %#R", child_cfg->get_name(child_cfg),
- my_ts, other_ts);
- my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
- other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
-
- if (dpd)
- {
- fprintf(out, ", dpdaction=%N", action_names,
- child_cfg->get_dpd_action(child_cfg));
- }
- fprintf(out, "\n");
- }
- children->destroy(children);
- }
- enumerator->destroy(enumerator);
- }
-
- first = TRUE;
- enumerator = charon->traps->create_enumerator(charon->traps);
- while (enumerator->enumerate(enumerator, NULL, &child_sa))
- {
- if (first)
- {
- fprintf(out, "Routed Connections:\n");
- first = FALSE;
- }
- log_child_sa(out, child_sa, all);
- }
- enumerator->destroy(enumerator);
-
- fprintf(out, "Security Associations:\n");
- enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
- while (enumerator->enumerate(enumerator, &ike_sa))
- {
- bool ike_printed = FALSE;
- iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa);
-
- if (name == NULL || streq(name, ike_sa->get_name(ike_sa)))
- {
- log_ike_sa(out, ike_sa, all);
- found = TRUE;
- ike_printed = TRUE;
- }
-
- while (children->iterate(children, (void**)&child_sa))
- {
- if (name == NULL || streq(name, child_sa->get_name(child_sa)))
- {
- if (!ike_printed)
- {
- log_ike_sa(out, ike_sa, all);
- found = TRUE;
- ike_printed = TRUE;
- }
- log_child_sa(out, child_sa, all);
- }
- }
- children->destroy(children);
- }
- enumerator->destroy(enumerator);
-
- if (!found)
- {
- if (name)
- {
- fprintf(out, " no match\n");
- }
- else
- {
- fprintf(out, " none\n");
- }
- }
-}
-
-/**
- * create a unique certificate list without duplicates
- * certicates having the same issuer are grouped together.
- */
-static linked_list_t* create_unique_cert_list(certificate_type_t type)
-{
- linked_list_t *list = linked_list_create();
- enumerator_t *enumerator = charon->credentials->create_cert_enumerator(
- charon->credentials, type, KEY_ANY,
- NULL, FALSE);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- iterator_t *iterator = list->create_iterator(list, TRUE);
- identification_t *issuer = cert->get_issuer(cert);
- bool previous_same, same = FALSE, last = TRUE;
- certificate_t *list_cert;
-
- while (iterator->iterate(iterator, (void**)&list_cert))
- {
- /* exit if we have a duplicate? */
- if (list_cert->equals(list_cert, cert))
- {
- last = FALSE;
- break;
- }
- /* group certificates with same issuer */
- previous_same = same;
- same = list_cert->has_issuer(list_cert, issuer);
- if (previous_same && !same)
- {
- iterator->insert_before(iterator, (void *)cert->get_ref(cert));
- last = FALSE;
- break;
- }
- }
- iterator->destroy(iterator);
-
- if (last)
- {
- list->insert_last(list, (void *)cert->get_ref(cert));
- }
- }
- enumerator->destroy(enumerator);
- return list;
-}
-
-/**
- * Print a single public key.
- */
-static void list_public_key(public_key_t *public, FILE *out)
-{
- private_key_t *private = NULL;
- chunk_t keyid;
- identification_t *id;
- auth_cfg_t *auth;
-
- if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid))
- {
- id = identification_create_from_encoding(ID_KEY_ID, keyid);
- auth = auth_cfg_create();
- private = charon->credentials->get_private(charon->credentials,
- public->get_type(public), id, auth);
- auth->destroy(auth);
- id->destroy(id);
- }
-
- fprintf(out, " pubkey: %N %d bits%s\n",
- key_type_names, public->get_type(public),
- public->get_keysize(public) * 8,
- private ? ", has private key" : "");
- if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid))
- {
- fprintf(out, " keyid: %#B\n", &keyid);
- }
- if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid))
- {
- fprintf(out, " subjkey: %#B\n", &keyid);
- }
- DESTROY_IF(private);
-}
-
-/**
- * list all raw public keys
- */
-static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out)
-{
- bool first = TRUE;
-
- enumerator_t *enumerator = list->create_enumerator(list);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- public_key_t *public = cert->get_public_key(cert);
-
- if (public)
- {
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of Raw Public Keys:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
-
- list_public_key(public, out);
- public->destroy(public);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * list OpenPGP certificates
- */
-static void stroke_list_pgp(linked_list_t *list,bool utc, FILE *out)
-{
- bool first = TRUE;
- time_t now = time(NULL);
- enumerator_t *enumerator = list->create_enumerator(list);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- time_t created, until;
- public_key_t *public;
- pgp_certificate_t *pgp_cert = (pgp_certificate_t*)cert;
- chunk_t fingerprint = pgp_cert->get_fingerprint(pgp_cert);
-
- if (first)
- {
-
- fprintf(out, "\n");
- fprintf(out, "List of PGP End Entity Certificates:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
- fprintf(out, " userid: '%Y'\n", cert->get_subject(cert));
-
- fprintf(out, " digest: %#B\n", &fingerprint);
-
- /* list validity */
- cert->get_validity(cert, &now, &created, &until);
- fprintf(out, " created: %T\n", &created, utc);
- fprintf(out, " until: %T%s\n", &until, utc,
- (until == TIME_32_BIT_SIGNED_MAX) ? " (expires never)":"");
-
- public = cert->get_public_key(cert);
- if (public)
- {
- list_public_key(public, out);
- public->destroy(public);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * list all X.509 certificates matching the flags
- */
-static void stroke_list_certs(linked_list_t *list, char *label,
- x509_flag_t flags, bool utc, FILE *out)
-{
- bool first = TRUE;
- time_t now = time(NULL);
- enumerator_t *enumerator;
- certificate_t *cert;
- x509_flag_t flag_mask;
-
- /* mask all auxiliary flags */
- flag_mask = ~(X509_SERVER_AUTH | X509_CLIENT_AUTH |
- X509_SELF_SIGNED | X509_IP_ADDR_BLOCKS );
-
- enumerator = list->create_enumerator(list);
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- x509_t *x509 = (x509_t*)cert;
- x509_flag_t x509_flags = x509->get_flags(x509) & flag_mask;
-
- /* list only if flag is set or flag == 0 */
- if ((x509_flags & flags) || (x509_flags == flags))
- {
- enumerator_t *enumerator;
- identification_t *altName;
- bool first_altName = TRUE;
- int pathlen;
- chunk_t serial, authkey;
- time_t notBefore, notAfter;
- public_key_t *public;
-
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of %s:\n", label);
- first = FALSE;
- }
- fprintf(out, "\n");
-
- /* list subjectAltNames */
- enumerator = x509->create_subjectAltName_enumerator(x509);
- while (enumerator->enumerate(enumerator, (void**)&altName))
- {
- if (first_altName)
- {
- fprintf(out, " altNames: ");
- first_altName = FALSE;
- }
- else
- {
- fprintf(out, ", ");
- }
- fprintf(out, "%Y", altName);
- }
- if (!first_altName)
- {
- fprintf(out, "\n");
- }
- enumerator->destroy(enumerator);
-
- fprintf(out, " subject: \"%Y\"\n", cert->get_subject(cert));
- fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert));
- serial = x509->get_serial(x509);
- fprintf(out, " serial: %#B\n", &serial);
-
- /* list validity */
- cert->get_validity(cert, &now, &notBefore, &notAfter);
- fprintf(out, " validity: not before %T, ", &notBefore, utc);
- if (now < notBefore)
- {
- fprintf(out, "not valid yet (valid in %V)\n", &now, &notBefore);
- }
- else
- {
- fprintf(out, "ok\n");
- }
- fprintf(out, " not after %T, ", &notAfter, utc);
- if (now > notAfter)
- {
- fprintf(out, "expired (%V ago)\n", &now, &notAfter);
- }
- else
- {
- fprintf(out, "ok");
- if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
- {
- fprintf(out, " (expires in %V)", &now, &notAfter);
- }
- fprintf(out, " \n");
- }
-
- public = cert->get_public_key(cert);
- if (public)
- {
- list_public_key(public, out);
- public->destroy(public);
- }
-
- /* list optional authorityKeyIdentifier */
- authkey = x509->get_authKeyIdentifier(x509);
- if (authkey.ptr)
- {
- fprintf(out, " authkey: %#B\n", &authkey);
- }
-
- /* list optional pathLenConstraint */
- pathlen = x509->get_pathLenConstraint(x509);
- if (pathlen != X509_NO_PATH_LEN_CONSTRAINT)
- {
- fprintf(out, " pathlen: %d\n", pathlen);
- }
-
- /* list optional ipAddrBlocks */
- if (x509->get_flags(x509) & X509_IP_ADDR_BLOCKS)
- {
- traffic_selector_t *ipAddrBlock;
- bool first_ipAddrBlock = TRUE;
-
- fprintf(out, " addresses: ");
- enumerator = x509->create_ipAddrBlock_enumerator(x509);
- while (enumerator->enumerate(enumerator, &ipAddrBlock))
- {
- if (first_ipAddrBlock)
- {
- first_ipAddrBlock = FALSE;
- }
- else
- {
- fprintf(out, ", ");
- }
- fprintf(out, "%R", ipAddrBlock);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n");
- }
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * list all X.509 attribute certificates
- */
-static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
-{
- bool first = TRUE;
- time_t thisUpdate, nextUpdate, now = time(NULL);
- enumerator_t *enumerator = list->create_enumerator(list);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- ac_t *ac = (ac_t*)cert;
- identification_t *id;
- ietf_attributes_t *groups;
- chunk_t chunk;
-
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 Attribute Certificates:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
-
- id = cert->get_subject(cert);
- if (id)
- {
- fprintf(out, " holder: \"%Y\"\n", id);
- }
- id = ac->get_holderIssuer(ac);
- if (id)
- {
- fprintf(out, " hissuer: \"%Y\"\n", id);
- }
- chunk = ac->get_holderSerial(ac);
- if (chunk.ptr)
- {
- fprintf(out, " hserial: %#B\n", &chunk);
- }
- groups = ac->get_groups(ac);
- if (groups)
- {
- fprintf(out, " groups: %s\n", groups->get_string(groups));
- groups->destroy(groups);
- }
- fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert));
- chunk = ac->get_serial(ac);
- fprintf(out, " serial: %#B\n", &chunk);
-
- /* list validity */
- cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %T\n", &thisUpdate, utc);
- fprintf(out, " next %T, ", &nextUpdate, utc);
- if (now > nextUpdate)
- {
- fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
- }
- else
- {
- fprintf(out, "ok");
- if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24)
- {
- fprintf(out, " (expires in %V)", &now, &nextUpdate);
- }
- fprintf(out, " \n");
- }
-
- /* list optional authorityKeyIdentifier */
- chunk = ac->get_authKeyIdentifier(ac);
- if (chunk.ptr)
- {
- fprintf(out, " authkey: %#B\n", &chunk);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * list all X.509 CRLs
- */
-static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
-{
- bool first = TRUE;
- time_t thisUpdate, nextUpdate, now = time(NULL);
- enumerator_t *enumerator = list->create_enumerator(list);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- crl_t *crl = (crl_t*)cert;
- chunk_t chunk;
-
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of X.509 CRLs:\n");
- first = FALSE;
- }
- fprintf(out, "\n");
-
- fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert));
-
- /* list optional crlNumber */
- chunk = crl->get_serial(crl);
- if (chunk.ptr)
- {
- fprintf(out, " serial: %#B\n", &chunk);
- }
-
- /* count the number of revoked certificates */
- {
- int count = 0;
- enumerator_t *enumerator = crl->create_enumerator(crl);
-
- while (enumerator->enumerate(enumerator, NULL, NULL, NULL))
- {
- count++;
- }
- fprintf(out, " revoked: %d certificate%s\n", count,
- (count == 1)? "" : "s");
- enumerator->destroy(enumerator);
- }
-
- /* list validity */
- cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %T\n", &thisUpdate, utc);
- fprintf(out, " next %T, ", &nextUpdate, utc);
- if (now > nextUpdate)
- {
- fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
- }
- else
- {
- fprintf(out, "ok");
- if (now > nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24)
- {
- fprintf(out, " (expires in %V)", &now, &nextUpdate);
- }
- fprintf(out, " \n");
- }
-
- /* list optional authorityKeyIdentifier */
- chunk = crl->get_authKeyIdentifier(crl);
- if (chunk.ptr)
- {
- fprintf(out, " authkey: %#B\n", &chunk);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * list all OCSP responses
- */
-static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
-{
- bool first = TRUE;
- enumerator_t *enumerator = list->create_enumerator(list);
- certificate_t *cert;
-
- while (enumerator->enumerate(enumerator, (void**)&cert))
- {
- if (first)
- {
- fprintf(out, "\n");
- fprintf(out, "List of OCSP responses:\n");
- fprintf(out, "\n");
- first = FALSE;
- }
-
- fprintf(out, " signer: \"%Y\"\n", cert->get_issuer(cert));
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * List of registered cryptographical algorithms
- */
-static void list_algs(FILE *out)
-{
- enumerator_t *enumerator;
- encryption_algorithm_t encryption;
- integrity_algorithm_t integrity;
- hash_algorithm_t hash;
- pseudo_random_function_t prf;
- diffie_hellman_group_t group;
-
- fprintf(out, "\n");
- fprintf(out, "List of registered IKEv2 Algorithms:\n");
- fprintf(out, "\n encryption: ");
- enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &encryption))
- {
- fprintf(out, "%N ", encryption_algorithm_names, encryption);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n integrity: ");
- enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &integrity))
- {
- fprintf(out, "%N ", integrity_algorithm_names, integrity);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n hasher: ");
- enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &hash))
- {
- fprintf(out, "%N ", hash_algorithm_names, hash);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n prf: ");
- enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &prf))
- {
- fprintf(out, "%N ", pseudo_random_function_names, prf);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n dh-group: ");
- enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &group))
- {
- fprintf(out, "%N ", diffie_hellman_group_names, group);
- }
- enumerator->destroy(enumerator);
- fprintf(out, "\n");
-}
-
-/**
- * Implementation of stroke_list_t.list.
- */
-static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
-{
- linked_list_t *cert_list = NULL;
-
- if (msg->list.flags & LIST_PUBKEYS)
- {
- linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY);
-
- stroke_list_pubkeys(pubkey_list, msg->list.utc, out);
- pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy));
- }
- if (msg->list.flags & LIST_CERTS)
- {
- linked_list_t *pgp_list = create_unique_cert_list(CERT_GPG);
-
- stroke_list_pgp(pgp_list, msg->list.utc, out);
- pgp_list->destroy_offset(pgp_list, offsetof(certificate_t, destroy));
- }
- if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS))
- {
- cert_list = create_unique_cert_list(CERT_X509);
- }
- if (msg->list.flags & LIST_CERTS)
- {
- stroke_list_certs(cert_list, "X.509 End Entity Certificates",
- X509_NONE, msg->list.utc, out);
- }
- if (msg->list.flags & LIST_CACERTS)
- {
- stroke_list_certs(cert_list, "X.509 CA Certificates",
- X509_CA, msg->list.utc, out);
- }
- if (msg->list.flags & LIST_OCSPCERTS)
- {
- stroke_list_certs(cert_list, "X.509 OCSP Signer Certificates",
- X509_OCSP_SIGNER, msg->list.utc, out);
- }
- if (msg->list.flags & LIST_AACERTS)
- {
- stroke_list_certs(cert_list, "X.509 AA Certificates",
- X509_AA, msg->list.utc, out);
- }
- DESTROY_OFFSET_IF(cert_list, offsetof(certificate_t, destroy));
-
- if (msg->list.flags & LIST_ACERTS)
- {
- linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC);
-
- stroke_list_acerts(ac_list, msg->list.utc, out);
- ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy));
- }
- if (msg->list.flags & LIST_CRLS)
- {
- linked_list_t *crl_list = create_unique_cert_list(CERT_X509_CRL);
-
- stroke_list_crls(crl_list, msg->list.utc, out);
- crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy));
- }
- if (msg->list.flags & LIST_OCSP)
- {
- linked_list_t *ocsp_list = create_unique_cert_list(CERT_X509_OCSP_RESPONSE);
-
- stroke_list_ocsp(ocsp_list, msg->list.utc, out);
-
- ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy));
- }
- if (msg->list.flags & LIST_ALGS)
- {
- list_algs(out);
- }
-}
-
-/**
- * Print leases of a single pool
- */
-static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool,
- host_t *address, u_int size, u_int online, u_int offline)
-{
- enumerator_t *enumerator;
- identification_t *id;
- host_t *lease;
- bool on;
- int found = 0;
-
- fprintf(out, "Leases in pool '%s', usage: %lu/%lu, %lu online\n",
- pool, online + offline, size, online);
- enumerator = this->attribute->create_lease_enumerator(this->attribute, pool);
- while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on))
- {
- if (!address || address->ip_equals(address, lease))
- {
- fprintf(out, " %15H %s '%Y'\n",
- lease, on ? "online" : "offline", id);
- found++;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- fprintf(out, " no matching leases found\n");
- }
-}
-
-/**
- * Implementation of stroke_list_t.leases
- */
-static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
-{
- enumerator_t *enumerator;
- u_int size, offline, online;
- host_t *address = NULL;
- char *pool;
- int found = 0;
-
- if (msg->leases.address)
- {
- address = host_create_from_string(msg->leases.address, 0);
- }
-
- enumerator = this->attribute->create_pool_enumerator(this->attribute);
- while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
- {
- if (!msg->leases.pool || streq(msg->leases.pool, pool))
- {
- pool_leases(this, out, pool, address, size, online, offline);
- found++;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- if (msg->leases.pool)
- {
- fprintf(out, "pool '%s' not found\n", msg->leases.pool);
- }
- else
- {
- fprintf(out, "no pools found\n");
- }
- }
- DESTROY_IF(address);
-}
-
-/**
- * Implementation of stroke_list_t.destroy
- */
-static void destroy(private_stroke_list_t *this)
-{
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_list_t *stroke_list_create(stroke_attribute_t *attribute)
-{
- private_stroke_list_t *this = malloc_thing(private_stroke_list_t);
-
- this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list;
- this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status;
- this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases;
- this->public.destroy = (void(*)(stroke_list_t*))destroy;
-
- this->uptime = time_monotonic(NULL);
- this->attribute = attribute;
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h
deleted file mode 100644
index b5bedc6c2..000000000
--- a/src/charon/plugins/stroke/stroke_list.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_list stroke_list
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_LIST_H_
-#define STROKE_LIST_H_
-
-#include "stroke_attribute.h"
-
-#include <stroke_msg.h>
-#include <library.h>
-
-typedef struct stroke_list_t stroke_list_t;
-
-/**
- * Log status information to stroke console
- */
-struct stroke_list_t {
-
- /**
- * List certificate information to stroke console.
- *
- * @param msg stroke message
- * @param out stroke console stream
- */
- void (*list)(stroke_list_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Log status information to stroke console.
- *
- * @param msg stroke message
- * @param out stroke console stream
- * @param all TRUE for "statusall"
- */
- void (*status)(stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all);
-
- /**
- * Log pool leases to stroke console.
- *
- * @param msg stroke message
- * @param out stroke console stream
- */
- void (*leases)(stroke_list_t *this, stroke_msg_t *msg, FILE *out);
-
- /**
- * Destroy a stroke_list instance.
- */
- void (*destroy)(stroke_list_t *this);
-};
-
-/**
- * Create a stroke_list instance.
- *
- * @param attribute strokes attribute provider
- */
-stroke_list_t *stroke_list_create(stroke_attribute_t *attribute);
-
-#endif /** STROKE_LIST_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/charon/plugins/stroke/stroke_plugin.c
deleted file mode 100644
index 61ae10953..000000000
--- a/src/charon/plugins/stroke/stroke_plugin.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_plugin.h"
-
-#include <library.h>
-#include "stroke_socket.h"
-
-typedef struct private_stroke_plugin_t private_stroke_plugin_t;
-
-/**
- * private data of stroke_plugin
- */
-struct private_stroke_plugin_t {
-
- /**
- * public functions
- */
- stroke_plugin_t public;
-
- /**
- * stroke socket, receives strokes
- */
- stroke_socket_t *socket;
-};
-
-/**
- * Implementation of stroke_plugin_t.destroy
- */
-static void destroy(private_stroke_plugin_t *this)
-{
- this->socket->destroy(this->socket);
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *plugin_create()
-{
- private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
-
- this->socket = stroke_socket_create();
- if (this->socket == NULL)
- {
- free(this);
- return NULL;
- }
- return &this->public.plugin;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h
deleted file mode 100644
index 3a1e81df6..000000000
--- a/src/charon/plugins/stroke/stroke_plugin.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke stroke
- * @ingroup cplugins
- *
- * @defgroup stroke_plugin stroke_plugin
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_PLUGIN_H_
-#define STROKE_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct stroke_plugin_t stroke_plugin_t;
-
-/**
- * strongSwan 2.x style configuration and control interface.
- *
- * Stroke is a home-brewed communication interface inspired by whack. It
- * uses a unix socket (/var/run/charon.ctl).
- */
-struct stroke_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-/**
- * Instanciate stroke plugin.
- */
-plugin_t *plugin_create();
-
-#endif /** STROKE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/charon/plugins/stroke/stroke_shared_key.c
deleted file mode 100644
index 4f716e83a..000000000
--- a/src/charon/plugins/stroke/stroke_shared_key.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_shared_key.h"
-
-#include <utils/linked_list.h>
-
-typedef struct private_stroke_shared_key_t private_stroke_shared_key_t;
-
-/**
- * private data of shared_key
- */
-struct private_stroke_shared_key_t {
-
- /**
- * implements shared_key_t
- */
- stroke_shared_key_t public;
-
- /**
- * type of this key
- */
- shared_key_type_t type;
-
- /**
- * data of the key
- */
- chunk_t key;
-
- /**
- * list of key owners, as identification_t
- */
- linked_list_t *owners;
-
- /**
- * reference counter
- */
- refcount_t ref;
-};
-
-/**
- * Implementation of shared_key_t.get_type.
- */
-static shared_key_type_t get_type(private_stroke_shared_key_t *this)
-{
- return this->type;
-}
-
-/**
- * Implementation of shared_key_t.get_ref.
- */
-static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this)
-{
- ref_get(&this->ref);
- return this;
-}
-
-/**
- * Implementation of shared_key_t.get_key.
- */
-static chunk_t get_key(private_stroke_shared_key_t *this)
-{
- return this->key;
-}
-
-/**
- * Implementation of stroke_shared_key_t.has_owner.
- */
-static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t *owner)
-{
- enumerator_t *enumerator;
- id_match_t match, best = ID_MATCH_NONE;
- identification_t *current;
-
- enumerator = this->owners->create_enumerator(this->owners);
- while (enumerator->enumerate(enumerator, &current))
- {
- match = owner->matches(owner, current);
- if (match > best)
- {
- best = match;
- }
- }
- enumerator->destroy(enumerator);
- return best;
-}
-/**
- * Implementation of stroke_shared_key_t.add_owner.
- */
-static void add_owner(private_stroke_shared_key_t *this, identification_t *owner)
-{
- this->owners->insert_last(this->owners, owner);
-}
-
-/**
- * Implementation of stroke_shared_key_t.destroy
- */
-static void destroy(private_stroke_shared_key_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->owners->destroy_offset(this->owners, offsetof(identification_t, destroy));
- chunk_free(&this->key);
- free(this);
- }
-}
-
-/**
- * create a shared key
- */
-stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key)
-{
- private_stroke_shared_key_t *this = malloc_thing(private_stroke_shared_key_t);
-
- this->public.shared.get_type = (shared_key_type_t(*)(shared_key_t*))get_type;
- this->public.shared.get_key = (chunk_t(*)(shared_key_t*))get_key;
- this->public.shared.get_ref = (shared_key_t*(*)(shared_key_t*))get_ref;
- this->public.shared.destroy = (void(*)(shared_key_t*))destroy;
- this->public.add_owner = (void(*)(stroke_shared_key_t*, identification_t *owner))add_owner;
- this->public.has_owner = (id_match_t(*)(stroke_shared_key_t*, identification_t *owner))has_owner;
-
- this->owners = linked_list_create();
- this->type = type;
- this->key = key;
- this->ref = 1;
-
- return &this->public;
-}
diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h
deleted file mode 100644
index 05ad55083..000000000
--- a/src/charon/plugins/stroke/stroke_shared_key.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_shared_key stroke_shared_key
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_SHARED_KEY_H_
-#define STROKE_SHARED_KEY_H_
-
-#include <utils/identification.h>
-#include <credentials/keys/shared_key.h>
-
-typedef struct stroke_shared_key_t stroke_shared_key_t;
-
-/**
- * Shared key implementation for keys read from ipsec.secrets
- */
-struct stroke_shared_key_t {
-
- /**
- * Implements the shared_key_t interface.
- */
- shared_key_t shared;
-
- /**
- * Add an owner to the key.
- *
- * @param owner owner to add
- */
- void (*add_owner)(stroke_shared_key_t *this, identification_t *owner);
-
- /**
- * Check if a key has a specific owner.
- *
- * @param owner owner to check
- * @return best match found
- */
- id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner);
-};
-
-/**
- * Create a stroke_shared_key instance.
- */
-stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key);
-
-#endif /** STROKE_SHARED_KEY_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c
deleted file mode 100644
index 820e097f1..000000000
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ /dev/null
@@ -1,670 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_socket.h"
-
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/fcntl.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <processing/jobs/callback_job.h>
-#include <daemon.h>
-#include <threading/thread.h>
-
-#include "stroke_config.h"
-#include "stroke_control.h"
-#include "stroke_cred.h"
-#include "stroke_ca.h"
-#include "stroke_attribute.h"
-#include "stroke_list.h"
-
-typedef struct stroke_job_context_t stroke_job_context_t;
-typedef struct private_stroke_socket_t private_stroke_socket_t;
-
-/**
- * private data of stroke_socket
- */
-struct private_stroke_socket_t {
-
- /**
- * public functions
- */
- stroke_socket_t public;
-
- /**
- * Unix socket to listen for strokes
- */
- int socket;
-
- /**
- * job accepting stroke messages
- */
- callback_job_t *job;
-
- /**
- * configuration backend
- */
- stroke_config_t *config;
-
- /**
- * attribute provider
- */
- stroke_attribute_t *attribute;
-
- /**
- * controller to control daemon
- */
- stroke_control_t *control;
-
- /**
- * credential set
- */
- stroke_cred_t *cred;
-
- /**
- * CA sections
- */
- stroke_ca_t *ca;
-
- /**
- * Status information logging
- */
- stroke_list_t *list;
-};
-
-/**
- * job context to pass to processing thread
- */
-struct stroke_job_context_t {
-
- /**
- * file descriptor to read from
- */
- int fd;
-
- /**
- * global stroke interface
- */
- private_stroke_socket_t *this;
-};
-
-/**
- * Helper function which corrects the string pointers
- * in a stroke_msg_t. Strings in a stroke_msg sent over "wire"
- * contains RELATIVE addresses (relative to the beginning of the
- * stroke_msg). They must be corrected if they reach our address
- * space...
- */
-static void pop_string(stroke_msg_t *msg, char **string)
-{
- if (*string == NULL)
- {
- return;
- }
-
- /* check for sanity of string pointer and string */
- if (string < (char**)msg ||
- string > (char**)msg + sizeof(stroke_msg_t) ||
- (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg) ||
- (unsigned long)*string > msg->length)
- {
- *string = "(invalid pointer in stroke msg)";
- }
- else
- {
- *string = (char*)msg + (unsigned long)*string;
- }
-}
-
-/**
- * Pop the strings of a stroke_end_t struct and log them for debugging purposes
- */
-static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
-{
- pop_string(msg, &end->address);
- pop_string(msg, &end->subnets);
- pop_string(msg, &end->sourceip);
- pop_string(msg, &end->auth);
- pop_string(msg, &end->auth2);
- pop_string(msg, &end->id);
- pop_string(msg, &end->id2);
- pop_string(msg, &end->cert);
- pop_string(msg, &end->cert2);
- pop_string(msg, &end->ca);
- pop_string(msg, &end->ca2);
- pop_string(msg, &end->groups);
- pop_string(msg, &end->updown);
-
- DBG2(DBG_CFG, " %s=%s", label, end->address);
- DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets);
- DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip);
- DBG2(DBG_CFG, " %sauth=%s", label, end->auth);
- DBG2(DBG_CFG, " %sauth2=%s", label, end->auth2);
- DBG2(DBG_CFG, " %sid=%s", label, end->id);
- DBG2(DBG_CFG, " %sid2=%s", label, end->id2);
- DBG2(DBG_CFG, " %scert=%s", label, end->cert);
- DBG2(DBG_CFG, " %scert2=%s", label, end->cert2);
- DBG2(DBG_CFG, " %sca=%s", label, end->ca);
- DBG2(DBG_CFG, " %sca2=%s", label, end->ca2);
- DBG2(DBG_CFG, " %sgroups=%s", label, end->groups);
- DBG2(DBG_CFG, " %supdown=%s", label, end->updown);
-}
-
-/**
- * Add a connection to the configuration list
- */
-static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
-{
- pop_string(msg, &msg->add_conn.name);
- DBG1(DBG_CFG, "received stroke: add connection '%s'", msg->add_conn.name);
-
- DBG2(DBG_CFG, "conn %s", msg->add_conn.name);
- pop_end(msg, "left", &msg->add_conn.me);
- pop_end(msg, "right", &msg->add_conn.other);
- pop_string(msg, &msg->add_conn.eap_identity);
- pop_string(msg, &msg->add_conn.algorithms.ike);
- pop_string(msg, &msg->add_conn.algorithms.esp);
- pop_string(msg, &msg->add_conn.ikeme.mediated_by);
- pop_string(msg, &msg->add_conn.ikeme.peerid);
- DBG2(DBG_CFG, " eap_identity=%s", msg->add_conn.eap_identity);
- DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike);
- DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp);
- DBG2(DBG_CFG, " mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
- DBG2(DBG_CFG, " mediated_by=%s", msg->add_conn.ikeme.mediated_by);
- DBG2(DBG_CFG, " me_peerid=%s", msg->add_conn.ikeme.peerid);
-
- this->config->add(this->config, msg);
- this->attribute->add_pool(this->attribute, msg);
-}
-
-/**
- * Delete a connection from the list
- */
-static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
-{
- pop_string(msg, &msg->del_conn.name);
- DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name);
-
- this->config->del(this->config, msg);
- this->attribute->del_pool(this->attribute, msg);
-}
-
-/**
- * initiate a connection by name
- */
-static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->initiate.name);
- DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name);
-
- this->control->initiate(this->control, msg, out);
-}
-
-/**
- * terminate a connection by name
- */
-static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->terminate.name);
- DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name);
-
- this->control->terminate(this->control, msg, out);
-}
-
-/**
- * terminate a connection by peers virtual IP
- */
-static void stroke_terminate_srcip(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->terminate_srcip.start);
- pop_string(msg, &msg->terminate_srcip.end);
- DBG1(DBG_CFG, "received stroke: terminate-srcip %s-%s",
- msg->terminate_srcip.start, msg->terminate_srcip.end);
-
- this->control->terminate_srcip(this->control, msg, out);
-}
-
-/**
- * route a policy (install SPD entries)
- */
-static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->route.name);
- DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name);
-
- this->control->route(this->control, msg, out);
-}
-
-/**
- * unroute a policy
- */
-static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->terminate.name);
- DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name);
-
- this->control->unroute(this->control, msg, out);
-}
-
-/**
- * Add a ca information record to the cainfo list
- */
-static void stroke_add_ca(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->add_ca.name);
- DBG1(DBG_CFG, "received stroke: add ca '%s'", msg->add_ca.name);
-
- pop_string(msg, &msg->add_ca.cacert);
- pop_string(msg, &msg->add_ca.crluri);
- pop_string(msg, &msg->add_ca.crluri2);
- pop_string(msg, &msg->add_ca.ocspuri);
- pop_string(msg, &msg->add_ca.ocspuri2);
- pop_string(msg, &msg->add_ca.certuribase);
- DBG2(DBG_CFG, "ca %s", msg->add_ca.name);
- DBG2(DBG_CFG, " cacert=%s", msg->add_ca.cacert);
- DBG2(DBG_CFG, " crluri=%s", msg->add_ca.crluri);
- DBG2(DBG_CFG, " crluri2=%s", msg->add_ca.crluri2);
- DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri);
- DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2);
- DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase);
-
- this->ca->add(this->ca, msg);
-}
-
-/**
- * Delete a ca information record from the cainfo list
- */
-static void stroke_del_ca(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->del_ca.name);
- DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name);
-
- this->ca->del(this->ca, msg);
-}
-
-
-/**
- * show status of daemon
- */
-static void stroke_status(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out, bool all)
-{
- pop_string(msg, &(msg->status.name));
-
- this->list->status(this->list, msg, out, all);
-}
-
-/**
- * list various information
- */
-static void stroke_list(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
-{
- if (msg->list.flags & LIST_CAINFOS)
- {
- this->ca->list(this->ca, msg, out);
- }
- this->list->list(this->list, msg, out);
-}
-
-/**
- * reread various information
- */
-static void stroke_reread(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- this->cred->reread(this->cred, msg, out);
-}
-
-/**
- * purge various information
- */
-static void stroke_purge(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- if (msg->purge.flags & PURGE_OCSP)
- {
- charon->credentials->flush_cache(charon->credentials,
- CERT_X509_OCSP_RESPONSE);
- }
- if (msg->purge.flags & PURGE_IKE)
- {
- this->control->purge_ike(this->control, msg, out);
- }
-}
-
-/**
- * list pool leases
- */
-static void stroke_leases(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- pop_string(msg, &msg->leases.pool);
- pop_string(msg, &msg->leases.address);
-
- this->list->leases(this->list, msg, out);
-}
-
-debug_t get_group_from_name(char *type)
-{
- if (strcaseeq(type, "any")) return DBG_ANY;
- else if (strcaseeq(type, "mgr")) return DBG_MGR;
- else if (strcaseeq(type, "ike")) return DBG_IKE;
- else if (strcaseeq(type, "chd")) return DBG_CHD;
- else if (strcaseeq(type, "job")) return DBG_JOB;
- else if (strcaseeq(type, "cfg")) return DBG_CFG;
- else if (strcaseeq(type, "knl")) return DBG_KNL;
- else if (strcaseeq(type, "net")) return DBG_NET;
- else if (strcaseeq(type, "enc")) return DBG_ENC;
- else if (strcaseeq(type, "lib")) return DBG_LIB;
- else return -1;
-}
-
-/**
- * set the verbosity debug output
- */
-static void stroke_loglevel(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- enumerator_t *enumerator;
- sys_logger_t *sys_logger;
- file_logger_t *file_logger;
- debug_t group;
-
- pop_string(msg, &(msg->loglevel.type));
- DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
- msg->loglevel.level, msg->loglevel.type);
-
- group = get_group_from_name(msg->loglevel.type);
- if (group < 0)
- {
- fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
- return;
- }
- /* we set the loglevel on ALL sys- and file-loggers */
- enumerator = charon->sys_loggers->create_enumerator(charon->sys_loggers);
- while (enumerator->enumerate(enumerator, &sys_logger))
- {
- sys_logger->set_level(sys_logger, group, msg->loglevel.level);
- }
- enumerator->destroy(enumerator);
- enumerator = charon->file_loggers->create_enumerator(charon->file_loggers);
- while (enumerator->enumerate(enumerator, &file_logger))
- {
- file_logger->set_level(file_logger, group, msg->loglevel.level);
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * set various config options
- */
-static void stroke_config(private_stroke_socket_t *this,
- stroke_msg_t *msg, FILE *out)
-{
- this->cred->cachecrl(this->cred, msg->config.cachecrl);
-}
-
-/**
- * destroy a job context
- */
-static void stroke_job_context_destroy(stroke_job_context_t *this)
-{
- if (this->fd)
- {
- close(this->fd);
- }
- free(this);
-}
-
-/**
- * process a stroke request from the socket pointed by "fd"
- */
-static job_requeue_t process(stroke_job_context_t *ctx)
-{
- stroke_msg_t *msg;
- u_int16_t msg_length;
- ssize_t bytes_read;
- FILE *out;
- private_stroke_socket_t *this = ctx->this;
- int strokefd = ctx->fd;
-
- /* peek the length */
- bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK);
- if (bytes_read != sizeof(msg_length))
- {
- DBG1(DBG_CFG, "reading length of stroke message failed: %s",
- strerror(errno));
- return JOB_REQUEUE_NONE;
- }
-
- /* read message */
- msg = alloca(msg_length);
- bytes_read = recv(strokefd, msg, msg_length, 0);
- if (bytes_read != msg_length)
- {
- DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno));
- return JOB_REQUEUE_NONE;
- }
-
- out = fdopen(strokefd, "w+");
- if (out == NULL)
- {
- DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno));
- return JOB_REQUEUE_NONE;
- }
-
- DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length);
-
- switch (msg->type)
- {
- case STR_INITIATE:
- stroke_initiate(this, msg, out);
- break;
- case STR_ROUTE:
- stroke_route(this, msg, out);
- break;
- case STR_UNROUTE:
- stroke_unroute(this, msg, out);
- break;
- case STR_TERMINATE:
- stroke_terminate(this, msg, out);
- break;
- case STR_TERMINATE_SRCIP:
- stroke_terminate_srcip(this, msg, out);
- break;
- case STR_STATUS:
- stroke_status(this, msg, out, FALSE);
- break;
- case STR_STATUS_ALL:
- stroke_status(this, msg, out, TRUE);
- break;
- case STR_ADD_CONN:
- stroke_add_conn(this, msg);
- break;
- case STR_DEL_CONN:
- stroke_del_conn(this, msg);
- break;
- case STR_ADD_CA:
- stroke_add_ca(this, msg, out);
- break;
- case STR_DEL_CA:
- stroke_del_ca(this, msg, out);
- break;
- case STR_LOGLEVEL:
- stroke_loglevel(this, msg, out);
- break;
- case STR_CONFIG:
- stroke_config(this, msg, out);
- break;
- case STR_LIST:
- stroke_list(this, msg, out);
- break;
- case STR_REREAD:
- stroke_reread(this, msg, out);
- break;
- case STR_PURGE:
- stroke_purge(this, msg, out);
- break;
- case STR_LEASES:
- stroke_leases(this, msg, out);
- break;
- default:
- DBG1(DBG_CFG, "received unknown stroke");
- break;
- }
- fclose(out);
- /* fclose() closes underlying FD */
- ctx->fd = 0;
- return JOB_REQUEUE_NONE;
-}
-
-/**
- * Implementation of private_stroke_socket_t.stroke_receive.
- */
-static job_requeue_t receive(private_stroke_socket_t *this)
-{
- struct sockaddr_un strokeaddr;
- int strokeaddrlen = sizeof(strokeaddr);
- int strokefd;
- bool oldstate;
- callback_job_t *job;
- stroke_job_context_t *ctx;
-
- oldstate = thread_cancelability(TRUE);
- strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
- thread_cancelability(oldstate);
-
- if (strokefd < 0)
- {
- DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno));
- return JOB_REQUEUE_FAIR;
- }
-
- ctx = malloc_thing(stroke_job_context_t);
- ctx->fd = strokefd;
- ctx->this = this;
- job = callback_job_create((callback_job_cb_t)process,
- ctx, (void*)stroke_job_context_destroy, this->job);
- charon->processor->queue_job(charon->processor, (job_t*)job);
-
- return JOB_REQUEUE_FAIR;
-}
-
-
-/**
- * initialize and open stroke socket
- */
-static bool open_socket(private_stroke_socket_t *this)
-{
- struct sockaddr_un socket_addr;
- mode_t old;
-
- socket_addr.sun_family = AF_UNIX;
- strcpy(socket_addr.sun_path, STROKE_SOCKET);
-
- /* set up unix socket */
- this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
- if (this->socket == -1)
- {
- DBG1(DBG_CFG, "could not create stroke socket");
- return FALSE;
- }
-
- unlink(socket_addr.sun_path);
- old = umask(~(S_IRWXU | S_IRWXG));
- if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
- {
- DBG1(DBG_CFG, "could not bind stroke socket: %s", strerror(errno));
- close(this->socket);
- return FALSE;
- }
- umask(old);
- if (chown(socket_addr.sun_path, charon->uid, charon->gid) != 0)
- {
- DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
- strerror(errno));
- }
-
- if (listen(this->socket, 10) < 0)
- {
- DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno));
- close(this->socket);
- unlink(socket_addr.sun_path);
- return FALSE;
- }
- return TRUE;
-}
-
-/**
- * Implementation of stroke_socket_t.destroy
- */
-static void destroy(private_stroke_socket_t *this)
-{
- this->job->cancel(this->job);
- charon->credentials->remove_set(charon->credentials, &this->ca->set);
- charon->credentials->remove_set(charon->credentials, &this->cred->set);
- charon->backends->remove_backend(charon->backends, &this->config->backend);
- lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
- this->cred->destroy(this->cred);
- this->ca->destroy(this->ca);
- this->config->destroy(this->config);
- this->attribute->destroy(this->attribute);
- this->control->destroy(this->control);
- this->list->destroy(this->list);
- free(this);
-}
-
-/*
- * see header file
- */
-stroke_socket_t *stroke_socket_create()
-{
- private_stroke_socket_t *this = malloc_thing(private_stroke_socket_t);
-
- this->public.destroy = (void(*)(stroke_socket_t*))destroy;
-
- if (!open_socket(this))
- {
- free(this);
- return NULL;
- }
-
- this->cred = stroke_cred_create();
- this->attribute = stroke_attribute_create();
- this->ca = stroke_ca_create(this->cred);
- this->config = stroke_config_create(this->ca, this->cred);
- this->control = stroke_control_create();
- this->list = stroke_list_create(this->attribute);
-
- charon->credentials->add_set(charon->credentials, &this->ca->set);
- charon->credentials->add_set(charon->credentials, &this->cred->set);
- charon->backends->add_backend(charon->backends, &this->config->backend);
- lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
-
- this->job = callback_job_create((callback_job_cb_t)receive,
- this, NULL, NULL);
- charon->processor->queue_job(charon->processor, (job_t*)this->job);
-
- return &this->public;
-}
-
diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h
deleted file mode 100644
index 2aac8be9b..000000000
--- a/src/charon/plugins/stroke/stroke_socket.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup stroke_socket stroke_socket
- * @{ @ingroup stroke
- */
-
-#ifndef STROKE_SOCKET_H_
-#define STROKE_SOCKET_H_
-
-typedef struct stroke_socket_t stroke_socket_t;
-
-/**
- * Stroke socket, opens UNIX communication socket, reads and dispatches.
- */
-struct stroke_socket_t {
-
- /**
- * Destroy a stroke_socket instance.
- */
- void (*destroy)(stroke_socket_t *this);
-};
-
-/**
- * Create a stroke_socket instance.
- */
-stroke_socket_t *stroke_socket_create();
-
-#endif /** STROKE_SOCKET_H_ @}*/