summaryrefslogtreecommitdiff
path: root/src/charon/plugins
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
commita9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
treed82a9d506c62cff257e5292845b68df3ca5c60dc /src/charon/plugins
parent12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
downloadvyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
Diffstat (limited to 'src/charon/plugins')
-rw-r--r--src/charon/plugins/attr/Makefile.am2
-rw-r--r--src/charon/plugins/attr/Makefile.in7
-rw-r--r--src/charon/plugins/eap_aka/Makefile.am2
-rw-r--r--src/charon/plugins/eap_aka/Makefile.in7
-rw-r--r--src/charon/plugins/eap_gtc/Makefile.am2
-rw-r--r--src/charon/plugins/eap_gtc/Makefile.in7
-rw-r--r--src/charon/plugins/eap_identity/Makefile.am2
-rw-r--r--src/charon/plugins/eap_identity/Makefile.in7
-rw-r--r--src/charon/plugins/eap_md5/Makefile.am2
-rw-r--r--src/charon/plugins/eap_md5/Makefile.in7
-rw-r--r--src/charon/plugins/eap_mschapv2/Makefile.am2
-rw-r--r--src/charon/plugins/eap_mschapv2/Makefile.in7
-rw-r--r--src/charon/plugins/eap_radius/Makefile.am2
-rw-r--r--src/charon/plugins/eap_radius/Makefile.in7
-rw-r--r--src/charon/plugins/eap_radius/eap_radius.c21
-rw-r--r--src/charon/plugins/eap_radius/radius_client.c5
-rw-r--r--src/charon/plugins/eap_sim/Makefile.am2
-rw-r--r--src/charon/plugins/eap_sim/Makefile.in7
-rw-r--r--src/charon/plugins/eap_sim_file/Makefile.am2
-rw-r--r--src/charon/plugins/eap_sim_file/Makefile.in7
-rw-r--r--src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c2
-rw-r--r--src/charon/plugins/kernel_klips/Makefile.am2
-rw-r--r--src/charon/plugins/kernel_klips/Makefile.in7
-rw-r--r--src/charon/plugins/kernel_klips/kernel_klips_ipsec.c15
-rw-r--r--src/charon/plugins/kernel_netlink/Makefile.am2
-rw-r--r--src/charon/plugins/kernel_netlink/Makefile.in7
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c87
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_net.c4
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_shared.c2
-rw-r--r--src/charon/plugins/kernel_pfkey/Makefile.am2
-rw-r--r--src/charon/plugins/kernel_pfkey/Makefile.in7
-rw-r--r--src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c192
-rw-r--r--src/charon/plugins/kernel_pfroute/Makefile.am2
-rw-r--r--src/charon/plugins/kernel_pfroute/Makefile.in7
-rw-r--r--src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c4
-rw-r--r--src/charon/plugins/load_tester/Makefile.am2
-rw-r--r--src/charon/plugins/load_tester/Makefile.in7
-rw-r--r--src/charon/plugins/load_tester/load_tester_ipsec.c11
-rw-r--r--src/charon/plugins/load_tester/load_tester_plugin.c4
-rw-r--r--src/charon/plugins/medcli/Makefile.am2
-rw-r--r--src/charon/plugins/medcli/Makefile.in7
-rw-r--r--src/charon/plugins/medsrv/Makefile.am2
-rw-r--r--src/charon/plugins/medsrv/Makefile.in7
-rw-r--r--src/charon/plugins/nm/Makefile.am2
-rw-r--r--src/charon/plugins/nm/Makefile.in7
-rw-r--r--src/charon/plugins/nm/nm_creds.c2
-rw-r--r--src/charon/plugins/nm/nm_service.c179
-rw-r--r--src/charon/plugins/resolv_conf/Makefile.am2
-rw-r--r--src/charon/plugins/resolv_conf/Makefile.in7
-rw-r--r--src/charon/plugins/resolv_conf/resolv_conf_handler.c2
-rw-r--r--src/charon/plugins/smp/Makefile.am2
-rw-r--r--src/charon/plugins/smp/Makefile.in7
-rw-r--r--src/charon/plugins/sql/Makefile.am2
-rw-r--r--src/charon/plugins/sql/Makefile.in7
-rw-r--r--src/charon/plugins/sql/pool.c13
-rw-r--r--src/charon/plugins/sql/sql_attribute.c149
-rw-r--r--src/charon/plugins/sql/sql_config.c4
-rw-r--r--src/charon/plugins/stroke/Makefile.am2
-rw-r--r--src/charon/plugins/stroke/Makefile.in7
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.c2
-rw-r--r--src/charon/plugins/stroke/stroke_ca.c2
-rw-r--r--src/charon/plugins/stroke/stroke_config.c2
-rw-r--r--src/charon/plugins/stroke/stroke_cred.c96
-rw-r--r--src/charon/plugins/stroke/stroke_list.c37
-rw-r--r--src/charon/plugins/stroke/stroke_socket.c1
-rw-r--r--src/charon/plugins/uci/Makefile.am2
-rw-r--r--src/charon/plugins/uci/Makefile.in7
-rw-r--r--src/charon/plugins/unit_tester/Makefile.am2
-rw-r--r--src/charon/plugins/unit_tester/Makefile.in7
-rw-r--r--src/charon/plugins/unit_tester/tests.h3
-rw-r--r--src/charon/plugins/unit_tester/tests/test_id.c180
-rw-r--r--src/charon/plugins/unit_tester/tests/test_mutex.c2
-rw-r--r--src/charon/plugins/updown/Makefile.am2
-rw-r--r--src/charon/plugins/updown/Makefile.in7
74 files changed, 1000 insertions, 237 deletions
diff --git a/src/charon/plugins/attr/Makefile.am b/src/charon/plugins/attr/Makefile.am
index d5eb99d9f..b4b3b7da6 100644
--- a/src/charon/plugins/attr/Makefile.am
+++ b/src/charon/plugins/attr/Makefile.am
@@ -6,4 +6,4 @@ AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-attr.la
libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
attr_provider.h attr_provider.c
-libstrongswan_attr_la_LDFLAGS = -module
+libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/attr/Makefile.in b/src/charon/plugins/attr/Makefile.in
index c0467054e..5c94771e1 100644
--- a/src/charon/plugins/attr/Makefile.in
+++ b/src/charon/plugins/attr/Makefile.in
@@ -73,12 +73,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -143,6 +145,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -183,7 +186,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -223,7 +228,7 @@ plugin_LTLIBRARIES = libstrongswan-attr.la
libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
attr_provider.h attr_provider.c
-libstrongswan_attr_la_LDFLAGS = -module
+libstrongswan_attr_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am
index e1ad1eaf9..1a3ea1857 100644
--- a/src/charon/plugins/eap_aka/Makefile.am
+++ b/src/charon/plugins/eap_aka/Makefile.am
@@ -6,6 +6,6 @@ AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapaka.la
libstrongswan_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c
-libstrongswan_eapaka_la_LDFLAGS = -module
+libstrongswan_eapaka_la_LDFLAGS = -module -avoid-version
libstrongswan_eapaka_la_LIBADD = -lgmp
diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/charon/plugins/eap_aka/Makefile.in
index 74d49ac73..2d2405379 100644
--- a/src/charon/plugins/eap_aka/Makefile.in
+++ b/src/charon/plugins/eap_aka/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -222,7 +227,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapaka.la
libstrongswan_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c
-libstrongswan_eapaka_la_LDFLAGS = -module
+libstrongswan_eapaka_la_LDFLAGS = -module -avoid-version
libstrongswan_eapaka_la_LIBADD = -lgmp
all: all-am
diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am
index 1057bd506..547a8dfc5 100644
--- a/src/charon/plugins/eap_gtc/Makefile.am
+++ b/src/charon/plugins/eap_gtc/Makefile.am
@@ -6,5 +6,5 @@ AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapgtc.la
libstrongswan_eapgtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
-libstrongswan_eapgtc_la_LDFLAGS = -module -lpam
+libstrongswan_eapgtc_la_LDFLAGS = -module -avoid-version -lpam
diff --git a/src/charon/plugins/eap_gtc/Makefile.in b/src/charon/plugins/eap_gtc/Makefile.in
index 19d648bbd..46d438a97 100644
--- a/src/charon/plugins/eap_gtc/Makefile.in
+++ b/src/charon/plugins/eap_gtc/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -222,7 +227,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapgtc.la
libstrongswan_eapgtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
-libstrongswan_eapgtc_la_LDFLAGS = -module -lpam
+libstrongswan_eapgtc_la_LDFLAGS = -module -avoid-version -lpam
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_identity/Makefile.am b/src/charon/plugins/eap_identity/Makefile.am
index dbf66e74b..79ddee3e8 100644
--- a/src/charon/plugins/eap_identity/Makefile.am
+++ b/src/charon/plugins/eap_identity/Makefile.am
@@ -6,5 +6,5 @@ AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapidentity.la
libstrongswan_eapidentity_la_SOURCES = \
eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
-libstrongswan_eapidentity_la_LDFLAGS = -module
+libstrongswan_eapidentity_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_identity/Makefile.in b/src/charon/plugins/eap_identity/Makefile.in
index f275cd770..0adb9ce10 100644
--- a/src/charon/plugins/eap_identity/Makefile.in
+++ b/src/charon/plugins/eap_identity/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ plugin_LTLIBRARIES = libstrongswan-eapidentity.la
libstrongswan_eapidentity_la_SOURCES = \
eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
-libstrongswan_eapidentity_la_LDFLAGS = -module
+libstrongswan_eapidentity_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_md5/Makefile.am b/src/charon/plugins/eap_md5/Makefile.am
index d7964fee9..8bad64368 100644
--- a/src/charon/plugins/eap_md5/Makefile.am
+++ b/src/charon/plugins/eap_md5/Makefile.am
@@ -6,5 +6,5 @@ AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapmd5.la
libstrongswan_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
-libstrongswan_eapmd5_la_LDFLAGS = -module
+libstrongswan_eapmd5_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_md5/Makefile.in b/src/charon/plugins/eap_md5/Makefile.in
index 372b80b3e..c11837b91 100644
--- a/src/charon/plugins/eap_md5/Makefile.in
+++ b/src/charon/plugins/eap_md5/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -222,7 +227,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
AM_CFLAGS = -rdynamic
plugin_LTLIBRARIES = libstrongswan-eapmd5.la
libstrongswan_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
-libstrongswan_eapmd5_la_LDFLAGS = -module
+libstrongswan_eapmd5_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/charon/plugins/eap_mschapv2/Makefile.am
index 6ab931905..179da70fc 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.am
+++ b/src/charon/plugins/eap_mschapv2/Makefile.am
@@ -8,5 +8,5 @@ plugin_LTLIBRARIES = libstrongswan-eapmschapv2.la
libstrongswan_eapmschapv2_la_SOURCES = \
eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
eap_mschapv2.h eap_mschapv2.c
-libstrongswan_eapmschapv2_la_LDFLAGS = -module
+libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/charon/plugins/eap_mschapv2/Makefile.in
index 5ae41d896..d6dd74b88 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.in
+++ b/src/charon/plugins/eap_mschapv2/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -227,7 +232,7 @@ libstrongswan_eapmschapv2_la_SOURCES = \
eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
eap_mschapv2.h eap_mschapv2.c
-libstrongswan_eapmschapv2_la_LDFLAGS = -module
+libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am
index f7de2f14f..df5c94656 100644
--- a/src/charon/plugins/eap_radius/Makefile.am
+++ b/src/charon/plugins/eap_radius/Makefile.am
@@ -10,5 +10,5 @@ libstrongswan_eapradius_la_SOURCES = \
eap_radius.h eap_radius.c \
radius_client.h radius_client.c \
radius_message.h radius_message.c
-libstrongswan_eapradius_la_LDFLAGS = -module
+libstrongswan_eapradius_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/charon/plugins/eap_radius/Makefile.in
index e7a4cd0f8..c30111fad 100644
--- a/src/charon/plugins/eap_radius/Makefile.in
+++ b/src/charon/plugins/eap_radius/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -229,7 +234,7 @@ libstrongswan_eapradius_la_SOURCES = \
radius_client.h radius_client.c \
radius_message.h radius_message.c
-libstrongswan_eapradius_la_LDFLAGS = -module
+libstrongswan_eapradius_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c
index ee2477440..deb3b648b 100644
--- a/src/charon/plugins/eap_radius/eap_radius.c
+++ b/src/charon/plugins/eap_radius/eap_radius.c
@@ -66,6 +66,11 @@ struct private_eap_radius_t {
* TRUE to use EAP-Start, FALSE to send EAP-Identity Response directly
*/
bool eap_start;
+
+ /**
+ * Prefix to prepend to EAP identity
+ */
+ char *id_prefix;
};
/**
@@ -86,18 +91,20 @@ static void add_eap_identity(private_eap_radius_t *this,
/** identity data */
u_int8_t data[];
} __attribute__((__packed__)) *hdr;
- chunk_t id;
+ chunk_t id, prefix;
size_t len;
id = this->peer->get_encoding(this->peer);
- len = sizeof(*hdr) + id.len;
+ prefix = chunk_create(this->id_prefix, strlen(this->id_prefix));
+ len = sizeof(*hdr) + prefix.len + id.len;
hdr = alloca(len);
hdr->code = EAP_RESPONSE;
hdr->identifier = 0;
hdr->length = htons(len);
hdr->type = EAP_IDENTITY;
- memcpy(hdr->data, id.ptr, id.len);
+ memcpy(hdr->data, prefix.ptr, prefix.len);
+ memcpy(hdr->data + prefix.len, id.ptr, id.len);
request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len));
}
@@ -136,9 +143,12 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out)
{
radius_message_t *request, *response;
status_t status = FAILED;
+ chunk_t username;
request = radius_message_create_request();
- request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer));
+ username = chunk_create(this->id_prefix, strlen(this->id_prefix));
+ username = chunk_cata("cc", username, this->peer->get_encoding(this->peer));
+ request->add(request, RAT_USER_NAME, username);
if (this->eap_start)
{
@@ -283,7 +293,8 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
this->msk = chunk_empty;
this->eap_start = lib->settings->get_bool(lib->settings,
"charon.plugins.eap_radius.eap_start", FALSE);
-
+ this->id_prefix = lib->settings->get_str(lib->settings,
+ "charon.plugins.eap_radius.id_prefix", "");
return &this->public;
}
diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c
index 57d3f8f21..de1bafc6d 100644
--- a/src/charon/plugins/eap_radius/radius_client.c
+++ b/src/charon/plugins/eap_radius/radius_client.c
@@ -161,8 +161,8 @@ bool radius_client_init()
"charon.plugins.eap_radius.sockets", 1);
sockets = linked_list_create();
- mutex = mutex_create(MUTEX_DEFAULT);
- condvar = condvar_create(CONDVAR_DEFAULT);
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
for (i = 0; i < count; i++)
{
fd = socket(host->get_family(host), SOCK_DGRAM, IPPROTO_UDP);
@@ -353,6 +353,7 @@ static radius_message_t* request(private_radius_client_t *this,
}
DBG1(DBG_CFG, "RADIUS server is not responding");
put_socket(socket);
+ charon->bus->alert(charon->bus, ALERT_RADIUS_NOT_RESPONDING);
return NULL;
}
diff --git a/src/charon/plugins/eap_sim/Makefile.am b/src/charon/plugins/eap_sim/Makefile.am
index 6cb53ebb5..e503bddab 100644
--- a/src/charon/plugins/eap_sim/Makefile.am
+++ b/src/charon/plugins/eap_sim/Makefile.am
@@ -7,5 +7,5 @@ plugin_LTLIBRARIES = libstrongswan-eapsim.la
libstrongswan_eapsim_la_SOURCES = eap_sim.h eap_sim.c \
eap_sim_plugin.h eap_sim_plugin.c
-libstrongswan_eapsim_la_LDFLAGS = -module
+libstrongswan_eapsim_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim/Makefile.in b/src/charon/plugins/eap_sim/Makefile.in
index 2374567bc..8f6daacad 100644
--- a/src/charon/plugins/eap_sim/Makefile.in
+++ b/src/charon/plugins/eap_sim/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -224,7 +229,7 @@ plugin_LTLIBRARIES = libstrongswan-eapsim.la
libstrongswan_eapsim_la_SOURCES = eap_sim.h eap_sim.c \
eap_sim_plugin.h eap_sim_plugin.c
-libstrongswan_eapsim_la_LDFLAGS = -module
+libstrongswan_eapsim_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_sim_file/Makefile.am b/src/charon/plugins/eap_sim_file/Makefile.am
index fc3a0fa14..1cd1dd9e2 100644
--- a/src/charon/plugins/eap_sim_file/Makefile.am
+++ b/src/charon/plugins/eap_sim_file/Makefile.am
@@ -10,5 +10,5 @@ libstrongswan_eapsim_file_la_SOURCES = \
eap_sim_file_card.h eap_sim_file_card.c \
eap_sim_file_provider.h eap_sim_file_provider.c \
eap_sim_file_triplets.h eap_sim_file_triplets.c
-libstrongswan_eapsim_file_la_LDFLAGS = -module
+libstrongswan_eapsim_file_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim_file/Makefile.in b/src/charon/plugins/eap_sim_file/Makefile.in
index 554b3a7bc..b19cc839f 100644
--- a/src/charon/plugins/eap_sim_file/Makefile.in
+++ b/src/charon/plugins/eap_sim_file/Makefile.in
@@ -77,12 +77,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -147,6 +149,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -187,7 +190,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -230,7 +235,7 @@ libstrongswan_eapsim_file_la_SOURCES = \
eap_sim_file_provider.h eap_sim_file_provider.c \
eap_sim_file_triplets.h eap_sim_file_triplets.c
-libstrongswan_eapsim_file_la_LDFLAGS = -module
+libstrongswan_eapsim_file_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c
index d093851c2..e27ed6860 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c
+++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c
@@ -251,7 +251,7 @@ eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file)
this->public.destroy = (void(*)(eap_sim_file_triplets_t*))destroy;
this->triplets = linked_list_create();
- this->mutex = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
read_triplets(this, file);
diff --git a/src/charon/plugins/kernel_klips/Makefile.am b/src/charon/plugins/kernel_klips/Makefile.am
index dc0234775..0c0987cca 100644
--- a/src/charon/plugins/kernel_klips/Makefile.am
+++ b/src/charon/plugins/kernel_klips/Makefile.am
@@ -7,4 +7,4 @@ plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
-libstrongswan_kernel_klips_la_LDFLAGS = -module
+libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_klips/Makefile.in b/src/charon/plugins/kernel_klips/Makefile.in
index a1efe9d5a..4b1c27352 100644
--- a/src/charon/plugins/kernel_klips/Makefile.in
+++ b/src/charon/plugins/kernel_klips/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
-libstrongswan_kernel_klips_la_LDFLAGS = -module
+libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c
index c69ce4c9a..9a903d027 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1934,6 +1934,16 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this,
}
/**
+ * Implementation of kernel_interface_t.query_sa.
+ */
+static status_t query_sa(private_kernel_klips_ipsec_t *this, host_t *src,
+ host_t *dst, u_int32_t spi, protocol_id_t protocol,
+ u_int64_t *bytes)
+{
+ return NOT_SUPPORTED; /* TODO */
+}
+
+/**
* Implementation of kernel_interface_t.del_sa.
*/
static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src,
@@ -2609,6 +2619,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
+ this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
@@ -2621,8 +2632,8 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
this->allocated_spis = linked_list_create();
this->installed_sas = linked_list_create();
this->ipsec_devices = linked_list_create();
- this->mutex = mutex_create(MUTEX_DEFAULT);
- this->mutex_pfkey = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE);
this->seq = 0;
diff --git a/src/charon/plugins/kernel_netlink/Makefile.am b/src/charon/plugins/kernel_netlink/Makefile.am
index e0efe5779..6351280d6 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.am
+++ b/src/charon/plugins/kernel_netlink/Makefile.am
@@ -8,4 +8,4 @@ plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \
kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
-libstrongswan_kernel_netlink_la_LDFLAGS = -module
+libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_netlink/Makefile.in b/src/charon/plugins/kernel_netlink/Makefile.in
index b97738bff..46d2a1c65 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.in
+++ b/src/charon/plugins/kernel_netlink/Makefile.in
@@ -77,12 +77,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -147,6 +149,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -187,7 +190,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -228,7 +233,7 @@ libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink
kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
kernel_netlink_shared.h kernel_netlink_shared.c
-libstrongswan_kernel_netlink_la_LDFLAGS = -module
+libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 9322d8dfe..2051316f6 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -984,16 +984,20 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
break;
case ENCR_AES_CCM_ICV16:
case ENCR_AES_GCM_ICV16:
+ case ENCR_CAMELLIA_CCM_ICV16:
icv_size += 32;
/* FALL */
case ENCR_AES_CCM_ICV12:
case ENCR_AES_GCM_ICV12:
+ case ENCR_CAMELLIA_CCM_ICV12:
icv_size += 32;
/* FALL */
case ENCR_AES_CCM_ICV8:
case ENCR_AES_GCM_ICV8:
+ case ENCR_CAMELLIA_CCM_ICV8:
{
- rthdr->rta_type = XFRMA_ALG_AEAD;
+ struct xfrm_algo_aead *algo;
+
alg_name = lookup_algorithm(encryption_algs, enc_alg);
if (alg_name == NULL)
{
@@ -1004,6 +1008,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
+ rthdr->rta_type = XFRMA_ALG_AEAD;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len);
hdr->nlmsg_len += rthdr->rta_len;
if (hdr->nlmsg_len > sizeof(request))
@@ -1011,7 +1016,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
return FAILED;
}
- struct xfrm_algo_aead* algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
+ algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
algo->alg_key_len = enc_key.len * 8;
algo->alg_icv_len = icv_size;
strcpy(algo->alg_name, alg_name);
@@ -1022,7 +1027,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
}
default:
{
- rthdr->rta_type = XFRMA_ALG_CRYPT;
+ struct xfrm_algo *algo;
+
alg_name = lookup_algorithm(encryption_algs, enc_alg);
if (alg_name == NULL)
{
@@ -1033,6 +1039,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
DBG2(DBG_KNL, " using encryption algorithm %N with key size %d",
encryption_algorithm_names, enc_alg, enc_key.len * 8);
+ rthdr->rta_type = XFRMA_ALG_CRYPT;
rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len);
hdr->nlmsg_len += rthdr->rta_len;
if (hdr->nlmsg_len > sizeof(request))
@@ -1040,13 +1047,12 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
return FAILED;
}
- struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
+ algo = (struct xfrm_algo*)RTA_DATA(rthdr);
algo->alg_key_len = enc_key.len * 8;
strcpy(algo->alg_name, alg_name);
memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
rthdr = XFRM_RTA_NEXT(rthdr);
- break;
}
}
@@ -1230,6 +1236,74 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
}
/**
+ * Implementation of kernel_interface_t.query_sa.
+ */
+static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
+ host_t *dst, u_int32_t spi, protocol_id_t protocol,
+ u_int64_t *bytes)
+{
+ netlink_buf_t request;
+ struct nlmsghdr *out = NULL, *hdr;
+ struct xfrm_usersa_id *sa_id;
+ struct xfrm_usersa_info *sa = NULL;
+ size_t len;
+
+ memset(&request, 0, sizeof(request));
+
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi));
+
+ hdr = (struct nlmsghdr*)request;
+ hdr->nlmsg_flags = NLM_F_REQUEST;
+ hdr->nlmsg_type = XFRM_MSG_GETSA;
+ hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
+
+ sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ host2xfrm(dst, &sa_id->daddr);
+ sa_id->spi = spi;
+ sa_id->proto = proto_ike2kernel(protocol);
+ sa_id->family = dst->get_family(dst);
+
+ if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS)
+ {
+ hdr = out;
+ while (NLMSG_OK(hdr, len))
+ {
+ switch (hdr->nlmsg_type)
+ {
+ case XFRM_MSG_NEWSA:
+ {
+ sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr);
+ break;
+ }
+ case NLMSG_ERROR:
+ {
+ struct nlmsgerr *err = NLMSG_DATA(hdr);
+ DBG1(DBG_KNL, "querying SAD entry with SPI %.8x failed: %s (%d)",
+ ntohl(spi), strerror(-err->error), -err->error);
+ break;
+ }
+ default:
+ hdr = NLMSG_NEXT(hdr, len);
+ continue;
+ case NLMSG_DONE:
+ break;
+ }
+ break;
+ }
+ }
+
+ if (sa == NULL)
+ {
+ DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ free(out);
+ return FAILED;
+ }
+ *bytes = sa->curlft.bytes;
+
+ free(out);
+ return SUCCESS;
+}
+/**
* Implementation of kernel_interface_t.del_sa.
*/
static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
@@ -1888,6 +1962,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
+ this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
@@ -1897,7 +1972,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
/* private members */
this->policies = hashtable_create((hashtable_hash_t)policy_hash,
(hashtable_equals_t)policy_equals, 32);
- this->mutex = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
this->install_routes = lib->settings->get_bool(lib->settings,
"charon.install_routes", TRUE);
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c
index 32154a7ea..e5c0b5da7 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1370,8 +1370,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
/* private members */
this->ifaces = linked_list_create();
- this->mutex = mutex_create(MUTEX_DEFAULT);
- this->condvar = condvar_create(CONDVAR_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
timerclear(&this->last_roam);
this->routing_table = lib->settings->get_int(lib->settings,
"charon.routing_table", IPSEC_ROUTING_TABLE);
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c
index 7ef7cc56e..ec1187083 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -255,7 +255,7 @@ netlink_socket_t *netlink_socket_create(int protocol) {
/* private members */
this->seq = 200;
- this->mutex = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
memset(&addr, 0, sizeof(addr));
addr.nl_family = AF_NETLINK;
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.am b/src/charon/plugins/kernel_pfkey/Makefile.am
index c9d66b5de..e03a0ca02 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.am
+++ b/src/charon/plugins/kernel_pfkey/Makefile.am
@@ -7,4 +7,4 @@ plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
-libstrongswan_kernel_pfkey_la_LDFLAGS = -module
+libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/charon/plugins/kernel_pfkey/Makefile.in
index df2492ef7..e01510127 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.in
+++ b/src/charon/plugins/kernel_pfkey/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
-libstrongswan_kernel_pfkey_la_LDFLAGS = -module
+libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 56f0320dc..1f83e8f39 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -17,6 +17,10 @@
#include <sys/types.h>
#include <sys/socket.h>
+#ifdef __FreeBSD__
+#include <limits.h> /* for LONG_MAX */
+#endif
+
#ifdef HAVE_NET_PFKEYV2_H
#include <net/pfkeyv2.h>
#else
@@ -37,11 +41,11 @@
#endif
#ifdef HAVE_NATT
-#ifdef HAVE_NETINET_UDP_H
-#include <netinet/udp.h>
-#else
+#ifdef HAVE_LINUX_UDP_H
#include <linux/udp.h>
-#endif /*HAVE_NETINET_UDP_H*/
+#else
+#include <netinet/udp.h>
+#endif /*HAVE_LINUX_UDP_H*/
#endif /*HAVE_NATT*/
#include <unistd.h>
@@ -89,7 +93,7 @@
#define IP_IPSEC_POLICY 16
#endif
-/* missing on uclibc */
+/** missing on uclibc */
#ifndef IPV6_IPSEC_POLICY
#define IPV6_IPSEC_POLICY 34
#endif
@@ -98,6 +102,17 @@
#define PRIO_LOW 3000
#define PRIO_HIGH 2000
+#ifdef __APPLE__
+/** from xnu/bsd/net/pfkeyv2.h */
+#define SADB_X_EXT_NATT 0x002
+ struct sadb_sa_2 {
+ struct sadb_sa sa;
+ u_int16_t sadb_sa_natt_port;
+ u_int16_t sadb_reserved0;
+ u_int32_t sadb_reserved1;
+ };
+#endif
+
/** buffer size for PF_KEY messages */
#define PFKEY_BUFFER_SIZE 4096
@@ -467,7 +482,7 @@ static u_int8_t dir2kernel(policy_dir_t dir)
return IPSEC_DIR_FWD;
#endif
default:
- return dir;
+ return IPSEC_DIR_INVALID;
}
}
@@ -693,7 +708,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out)
while (len >= PFKEY_LEN(sizeof(struct sadb_ext)))
{
- DBG2(DBG_KNL, " %N", sadb_ext_type_names, ext->sadb_ext_type);
+ DBG3(DBG_KNL, " %N", sadb_ext_type_names, ext->sadb_ext_type);
if (ext->sadb_ext_len < PFKEY_LEN(sizeof(struct sadb_ext)) ||
ext->sadb_ext_len > len)
{
@@ -740,6 +755,8 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket
this->mutex_pfkey->lock(this->mutex_pfkey);
+ /* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367,
+ * in particular the behavior in response to an SADB_ACQUIRE. */
in->sadb_msg_seq = ++this->seq;
in->sadb_msg_pid = getpid();
@@ -801,14 +818,23 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket
}
if (msg->sadb_msg_seq != this->seq)
{
- DBG1(DBG_KNL, "received PF_KEY message with invalid sequence number, "
- "was %d expected %d", msg->sadb_msg_seq, this->seq);
- if (msg->sadb_msg_seq < this->seq)
+ DBG1(DBG_KNL, "received PF_KEY message with unexpected sequence "
+ "number, was %d expected %d", msg->sadb_msg_seq, this->seq);
+ if (msg->sadb_msg_seq == 0)
+ {
+ /* FreeBSD and Mac OS X do this for the response to
+ * SADB_X_SPDGET (but not for the response to SADB_GET).
+ * FreeBSD: 'key_spdget' in /usr/src/sys/netipsec/key.c. */
+ }
+ else if (msg->sadb_msg_seq < this->seq)
{
continue;
}
- this->mutex_pfkey->unlock(this->mutex_pfkey);
- return FAILED;
+ else
+ {
+ this->mutex_pfkey->unlock(this->mutex_pfkey);
+ return FAILED;
+ }
}
if (msg->sadb_msg_type != in->sadb_msg_type)
{
@@ -1223,10 +1249,25 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD;
msg->sadb_msg_satype = proto_ike2satype(protocol);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
-
- sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
+
+#ifdef __APPLE__
+ if (encap)
+ {
+ struct sadb_sa_2 *sa_2;
+ sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg);
+ sa_2->sadb_sa_natt_port = dst->get_port(dst);
+ sa = &sa_2->sa;
+ sa->sadb_sa_flags |= SADB_X_EXT_NATT;
+ len = sizeof(struct sadb_sa_2);
+ }
+ else
+#endif
+ {
+ sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
+ len = sizeof(struct sadb_sa);
+ }
sa->sadb_sa_exttype = SADB_EXT_SA;
- sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
+ sa->sadb_sa_len = PFKEY_LEN(len);
sa->sadb_sa_spi = spi;
sa->sadb_sa_replay = (protocol == IPPROTO_COMP) ? 0 : 32;
sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg);
@@ -1403,7 +1444,21 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
msg->sadb_msg_satype = proto_ike2satype(protocol);
msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
+#ifdef __APPLE__
+ {
+ struct sadb_sa_2 *sa_2;
+ sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg);
+ sa_2->sa.sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa_2));
+ memcpy(&sa_2->sa, response.sa, sizeof(struct sadb_sa));
+ if (encap)
+ {
+ sa_2->sadb_sa_natt_port = new_dst->get_port(new_dst);
+ sa_2->sa.sadb_sa_flags |= SADB_X_EXT_NATT;
+ }
+ }
+#else
PFKEY_EXT_COPY(msg, response.sa);
+#endif
PFKEY_EXT_COPY(msg, response.x_sa2);
PFKEY_EXT_COPY(msg, response.src);
@@ -1421,7 +1476,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
{
PFKEY_EXT_COPY(msg, response.key_auth);
}
-
+
#ifdef HAVE_NATT
if (new_encap)
{
@@ -1449,6 +1504,65 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
}
/**
+ * Implementation of kernel_interface_t.query_sa.
+ */
+static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
+ host_t *dst, u_int32_t spi, protocol_id_t protocol,
+ u_int64_t *bytes)
+{
+ unsigned char request[PFKEY_BUFFER_SIZE];
+ struct sadb_msg *msg, *out;
+ struct sadb_sa *sa;
+ pfkey_msg_t response;
+ size_t len;
+
+ memset(&request, 0, sizeof(request));
+
+ DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi));
+
+ msg = (struct sadb_msg*)request;
+ msg->sadb_msg_version = PF_KEY_V2;
+ msg->sadb_msg_type = SADB_GET;
+ msg->sadb_msg_satype = proto_ike2satype(protocol);
+ msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg));
+
+ sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg);
+ sa->sadb_sa_exttype = SADB_EXT_SA;
+ sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa));
+ sa->sadb_sa_spi = spi;
+ PFKEY_EXT_ADD(msg, sa);
+
+ /* the Linux Kernel doesn't care for the src address, but other systems do
+ * (e.g. FreeBSD)
+ */
+ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0);
+ add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0);
+
+ if (pfkey_send(this, msg, &out, &len) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ return FAILED;
+ }
+ else if (out->sadb_msg_errno)
+ {
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)",
+ ntohl(spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno);
+ free(out);
+ return FAILED;
+ }
+ else if (parse_pfkey_message(out, &response) != SUCCESS)
+ {
+ DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
+ free(out);
+ return FAILED;
+ }
+ *bytes = response.lft_current->sadb_lifetime_bytes;
+
+ free(out);
+ return SUCCESS;
+}
+
+/**
* Implementation of kernel_interface_t.del_sa.
*/
static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
@@ -1476,7 +1590,9 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
sa->sadb_sa_spi = spi;
PFKEY_EXT_ADD(msg, sa);
- /* the Linux Kernel doesn't care for the src address, but other systems do (e.g. FreeBSD) */
+ /* the Linux Kernel doesn't care for the src address, but other systems do
+ * (e.g. FreeBSD)
+ */
add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0);
add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0);
@@ -1518,6 +1634,12 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
pfkey_msg_t response;
size_t len;
+ if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ {
+ /* FWD policies are not supported on all platforms */
+ return SUCCESS;
+ }
+
/* create a policy */
policy = create_policy_entry(src_ts, dst_ts, direction, reqid);
@@ -1594,6 +1716,18 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto,
policy->dst.mask);
+#ifdef __FreeBSD__
+ { /* on FreeBSD a lifetime has to be defined to be able to later query
+ * the current use time. */
+ struct sadb_lifetime *lft;
+ lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg);
+ lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
+ lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime));
+ lft->sadb_lifetime_addtime = LONG_MAX;
+ PFKEY_EXT_ADD(msg, lft);
+ }
+#endif
+
this->mutex->unlock(this->mutex);
if (pfkey_send(this, msg, &out, &len) != SUCCESS)
@@ -1700,6 +1834,12 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
pfkey_msg_t response;
size_t len;
+ if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ {
+ /* FWD policies are not supported on all platforms */
+ return NOT_FOUND;
+ }
+
DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts,
policy_dir_names, direction);
@@ -1764,6 +1904,13 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
free(out);
return FAILED;
}
+ else if (response.lft_current == NULL)
+ {
+ DBG1(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no "
+ "use time", src_ts, dst_ts, policy_dir_names, direction);
+ free(out);
+ return FAILED;
+ }
*use_time = response.lft_current->sadb_lifetime_usetime;
@@ -1787,6 +1934,12 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
route_entry_t *route;
size_t len;
+ if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+ {
+ /* FWD policies are not supported on all platforms */
+ return SUCCESS;
+ }
+
DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts,
policy_dir_names, direction);
@@ -1995,6 +2148,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
+ this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
@@ -2004,8 +2158,8 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
/* private members */
this->policies = linked_list_create();
- this->mutex = mutex_create(MUTEX_DEFAULT);
- this->mutex_pfkey = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
this->install_routes = lib->settings->get_bool(lib->settings,
"charon.install_routes", TRUE);
this->seq = 0;
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.am b/src/charon/plugins/kernel_pfroute/Makefile.am
index 3ad445c09..b6e6587a7 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.am
+++ b/src/charon/plugins/kernel_pfroute/Makefile.am
@@ -7,4 +7,4 @@ plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
kernel_pfroute_net.h kernel_pfroute_net.c
-libstrongswan_kernel_pfroute_la_LDFLAGS = -module
+libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.in b/src/charon/plugins/kernel_pfroute/Makefile.in
index e585a7db2..05da8e271 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.in
+++ b/src/charon/plugins/kernel_pfroute/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
kernel_pfroute_net.h kernel_pfroute_net.c
-libstrongswan_kernel_pfroute_la_LDFLAGS = -module
+libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c
index c2b35a5ce..d5a864b1c 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -681,8 +681,8 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
/* private members */
this->ifaces = linked_list_create();
- this->mutex = mutex_create(MUTEX_DEFAULT);
- this->mutex_pfroute = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT);
this->seq = 0;
diff --git a/src/charon/plugins/load_tester/Makefile.am b/src/charon/plugins/load_tester/Makefile.am
index 121f0b080..e6e04229a 100644
--- a/src/charon/plugins/load_tester/Makefile.am
+++ b/src/charon/plugins/load_tester/Makefile.am
@@ -13,5 +13,5 @@ libstrongswan_load_tester_la_SOURCES = \
load_tester_listener.c load_tester_listener.h \
load_tester_diffie_hellman.c load_tester_diffie_hellman.h
-libstrongswan_load_tester_la_LDFLAGS = -module
+libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/charon/plugins/load_tester/Makefile.in
index 056ac16d3..3b494cea2 100644
--- a/src/charon/plugins/load_tester/Makefile.in
+++ b/src/charon/plugins/load_tester/Makefile.in
@@ -78,12 +78,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -148,6 +150,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -188,7 +191,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -233,7 +238,7 @@ libstrongswan_load_tester_la_SOURCES = \
load_tester_listener.c load_tester_listener.h \
load_tester_diffie_hellman.c load_tester_diffie_hellman.h
-libstrongswan_load_tester_la_LDFLAGS = -module
+libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/charon/plugins/load_tester/load_tester_ipsec.c
index d37f7a7bd..e463d2adc 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/charon/plugins/load_tester/load_tester_ipsec.c
@@ -84,6 +84,16 @@ static status_t update_sa(private_load_tester_ipsec_t *this,
}
/**
+ * Implementation of kernel_interface_t.query_sa.
+ */
+static status_t query_sa(private_load_tester_ipsec_t *this, host_t *src,
+ host_t *dst, u_int32_t spi, protocol_id_t protocol,
+ u_int64_t *bytes)
+{
+ return NOT_SUPPORTED;
+}
+
+/**
* Implementation of kernel_interface_t.del_sa.
*/
static status_t del_sa(private_load_tester_ipsec_t *this, host_t *src,
@@ -151,6 +161,7 @@ load_tester_ipsec_t *load_tester_ipsec_create()
this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
+ this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t *this,host_t *, host_t *,traffic_selector_t *,traffic_selector_t *,policy_dir_t, u_int32_t,protocol_id_t, u_int32_t,ipsec_mode_t, u_int16_t, u_int16_t,bool))add_policy;
this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c
index 12ac7b090..93ed2e3c5 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.c
+++ b/src/charon/plugins/load_tester/load_tester_plugin.c
@@ -202,8 +202,8 @@ plugin_t *plugin_create()
shutdown_on = this->iterations * this->initiators;
}
- this->mutex = mutex_create(MUTEX_DEFAULT);
- this->condvar = condvar_create(CONDVAR_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
this->config = load_tester_config_create();
this->creds = load_tester_creds_create();
this->listener = load_tester_listener_create(shutdown_on);
diff --git a/src/charon/plugins/medcli/Makefile.am b/src/charon/plugins/medcli/Makefile.am
index f15950af9..a5f018f82 100644
--- a/src/charon/plugins/medcli/Makefile.am
+++ b/src/charon/plugins/medcli/Makefile.am
@@ -8,5 +8,5 @@ libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
medcli_creds.h medcli_creds.c \
medcli_config.h medcli_config.c \
medcli_listener.h medcli_listener.c
-libstrongswan_medcli_la_LDFLAGS = -module
+libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medcli/Makefile.in b/src/charon/plugins/medcli/Makefile.in
index cef486411..9a2b3f889 100644
--- a/src/charon/plugins/medcli/Makefile.in
+++ b/src/charon/plugins/medcli/Makefile.in
@@ -75,12 +75,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -145,6 +147,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -185,7 +188,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -227,7 +232,7 @@ libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
medcli_config.h medcli_config.c \
medcli_listener.h medcli_listener.c
-libstrongswan_medcli_la_LDFLAGS = -module
+libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/medsrv/Makefile.am b/src/charon/plugins/medsrv/Makefile.am
index 476da1878..f3611a79e 100644
--- a/src/charon/plugins/medsrv/Makefile.am
+++ b/src/charon/plugins/medsrv/Makefile.am
@@ -7,5 +7,5 @@ plugin_LTLIBRARIES = libstrongswan-medsrv.la
libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
medsrv_creds.h medsrv_creds.c \
medsrv_config.h medsrv_config.c
-libstrongswan_medsrv_la_LDFLAGS = -module
+libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medsrv/Makefile.in b/src/charon/plugins/medsrv/Makefile.in
index ec537e505..ba599499b 100644
--- a/src/charon/plugins/medsrv/Makefile.in
+++ b/src/charon/plugins/medsrv/Makefile.in
@@ -75,12 +75,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -145,6 +147,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -185,7 +188,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
medsrv_creds.h medsrv_creds.c \
medsrv_config.h medsrv_config.c
-libstrongswan_medsrv_la_LDFLAGS = -module
+libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am
index 9a0b48cd2..b74a4e46f 100644
--- a/src/charon/plugins/nm/Makefile.am
+++ b/src/charon/plugins/nm/Makefile.am
@@ -9,5 +9,5 @@ libstrongswan_nm_la_SOURCES = \
nm_service.h nm_service.c \
nm_creds.h nm_creds.c \
nm_handler.h nm_handler.c
-libstrongswan_nm_la_LDFLAGS = -module
+libstrongswan_nm_la_LDFLAGS = -module -avoid-version
libstrongswan_nm_la_LIBADD = ${nm_LIBS}
diff --git a/src/charon/plugins/nm/Makefile.in b/src/charon/plugins/nm/Makefile.in
index a75af8a0f..c7c428c2a 100644
--- a/src/charon/plugins/nm/Makefile.in
+++ b/src/charon/plugins/nm/Makefile.in
@@ -75,12 +75,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -145,6 +147,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -185,7 +188,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -228,7 +233,7 @@ libstrongswan_nm_la_SOURCES = \
nm_creds.h nm_creds.c \
nm_handler.h nm_handler.c
-libstrongswan_nm_la_LDFLAGS = -module
+libstrongswan_nm_la_LDFLAGS = -module -avoid-version
libstrongswan_nm_la_LIBADD = ${nm_LIBS}
all: all-am
diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c
index d93b81c9a..4ea2c36dd 100644
--- a/src/charon/plugins/nm/nm_creds.c
+++ b/src/charon/plugins/nm/nm_creds.c
@@ -322,7 +322,7 @@ nm_creds_t *nm_creds_create()
this->public.clear = (void(*)(nm_creds_t*))clear;
this->public.destroy = (void(*)(nm_creds_t*))destroy;
- this->lock = rwlock_create(RWLOCK_DEFAULT);
+ this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
this->cert = NULL;
this->user = NULL;
diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c
index bca4d9e09..88a3cc95e 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/charon/plugins/nm/nm_service.c
@@ -14,6 +14,7 @@
*/
#include <nm-setting-vpn.h>
+#include <nm-setting-connection.h>
#include "nm_service.h"
#include <daemon.h>
@@ -25,8 +26,6 @@
#include <stdio.h>
-#define CONFIG_NAME "NetworkManager"
-
G_DEFINE_TYPE(NMStrongswanPlugin, nm_strongswan_plugin, NM_TYPE_VPN_PLUGIN)
/**
@@ -43,6 +42,8 @@ typedef struct {
nm_creds_t *creds;
/* attribute handler for DNS/NBNS server information */
nm_handler_t *handler;
+ /* name of the connection */
+ char *name;
} NMStrongswanPluginPrivate;
#define NM_STRONGSWAN_PLUGIN_GET_PRIVATE(o) \
@@ -121,14 +122,14 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
/**
* signal failure to NM, connecting failed
*/
-static void signal_failure(NMVPNPlugin *plugin)
+static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure)
{
nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
handler->reset(handler);
/* TODO: NM does not handle this failure!? */
- nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
+ nm_vpn_plugin_failure(plugin, failure);
nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
@@ -140,16 +141,10 @@ static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa,
{
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
- if (private->ike_sa == ike_sa)
+ if (private->ike_sa == ike_sa && state == IKE_DESTROYING)
{
- switch (state)
- {
- case IKE_DESTROYING:
- signal_failure(private->plugin);
- return FALSE;
- default:
- break;
- }
+ signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
+ return FALSE;
}
return TRUE;
}
@@ -161,32 +156,63 @@ static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa,
child_sa_t *child_sa, child_sa_state_t state)
{
NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
+
+ if (private->ike_sa == ike_sa && state == CHILD_DESTROYING)
+ {
+ signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
+ return FALSE;
+ }
+ return TRUE;
+}
+/**
+ * Implementation of listener_t.child_updown
+ */
+static bool child_updown(listener_t *listener, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, bool up)
+{
+ NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
+
if (private->ike_sa == ike_sa)
{
- switch (state)
+ if (up)
+ { /* disable initiate-failure-detection hooks */
+ private->listener.ike_state_change = NULL;
+ private->listener.child_state_change = NULL;
+ signal_ipv4_config(private->plugin, ike_sa, child_sa);
+ }
+ else
{
- case CHILD_INSTALLED:
- signal_ipv4_config(private->plugin, ike_sa, child_sa);
- return FALSE;
- case CHILD_DESTROYING:
- signal_failure(private->plugin);
- return FALSE;
- default:
- break;
+ signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
+ return FALSE;
}
}
return TRUE;
}
/**
+ * Implementation of listener_t.ike_rekey
+ */
+static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new)
+{
+ NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
+
+ if (private->ike_sa == old)
+ { /* follow a rekeyed IKE_SA */
+ private->ike_sa = new;
+ }
+ return TRUE;
+}
+
+/**
* Connect function called from NM via DBUS
*/
static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
GError **err)
{
- nm_creds_t *creds;
- NMSettingVPN *settings;
+ NMStrongswanPluginPrivate *priv;
+ NMSettingConnection *conn;
+ NMSettingVPN *vpn;
identification_t *user = NULL, *gateway;
const char *address, *str;
bool virtual, encap, ipcomp;
@@ -204,25 +230,34 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Read parameters
*/
- settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
- NM_TYPE_SETTING_VPN));
-
- DBG4(DBG_CFG, "received NetworkManager connection: %s",
- nm_setting_to_string(NM_SETTING(settings)));
- address = nm_setting_vpn_get_data_item(settings, "address");
+ priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
+ conn = NM_SETTING_CONNECTION(nm_connection_get_setting(connection,
+ NM_TYPE_SETTING_CONNECTION));
+ vpn = NM_SETTING_VPN(nm_connection_get_setting(connection,
+ NM_TYPE_SETTING_VPN));
+ if (priv->name)
+ {
+ free(priv->name);
+ }
+ priv->name = strdup(nm_setting_connection_get_id(conn));
+ DBG1(DBG_CFG, "received initiate for NetworkManager connection %s",
+ priv->name);
+ DBG4(DBG_CFG, "%s",
+ nm_setting_to_string(NM_SETTING(vpn)));
+ address = nm_setting_vpn_get_data_item(vpn, "address");
if (!address || !*address)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Gateway address missing.");
return FALSE;
}
- str = nm_setting_vpn_get_data_item(settings, "virtual");
+ str = nm_setting_vpn_get_data_item(vpn, "virtual");
virtual = str && streq(str, "yes");
- str = nm_setting_vpn_get_data_item(settings, "encap");
+ str = nm_setting_vpn_get_data_item(vpn, "encap");
encap = str && streq(str, "yes");
- str = nm_setting_vpn_get_data_item(settings, "ipcomp");
+ str = nm_setting_vpn_get_data_item(vpn, "ipcomp");
ipcomp = str && streq(str, "yes");
- str = nm_setting_vpn_get_data_item(settings, "method");
+ str = nm_setting_vpn_get_data_item(vpn, "method");
if (str)
{
if (streq(str, "psk"))
@@ -243,16 +278,15 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Register credentials
*/
- creds = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->creds;
- creds->clear(creds);
+ priv->creds->clear(priv->creds);
/* gateway/CA cert */
- str = nm_setting_vpn_get_data_item(settings, "certificate");
+ str = nm_setting_vpn_get_data_item(vpn, "certificate");
if (str)
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, str, BUILD_END);
- creds->set_certificate(creds, cert);
+ priv->creds->set_certificate(priv->creds, cert);
}
if (!cert)
{
@@ -279,19 +313,19 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
if (auth_class == AUTH_CLASS_EAP)
{
/* username/password authentication ... */
- str = nm_setting_vpn_get_data_item(settings, "user");
+ str = nm_setting_vpn_get_data_item(vpn, "user");
if (str)
{
user = identification_create_from_string((char*)str);
- str = nm_setting_vpn_get_secret(settings, "password");
- creds->set_username_password(creds, user, (char*)str);
+ str = nm_setting_vpn_get_secret(vpn, "password");
+ priv->creds->set_username_password(priv->creds, user, (char*)str);
}
}
if (auth_class == AUTH_CLASS_PUBKEY)
{
/* ... or certificate/private key authenitcation */
- str = nm_setting_vpn_get_data_item(settings, "usercert");
+ str = nm_setting_vpn_get_data_item(vpn, "usercert");
if (str)
{
public_key_t *public;
@@ -308,7 +342,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
return FALSE;
}
/* try agent */
- str = nm_setting_vpn_get_secret(settings, "agent");
+ str = nm_setting_vpn_get_secret(vpn, "agent");
if (agent && str)
{
public = cert->get_public_key(cert);
@@ -329,14 +363,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
}
}
/* ... or key file */
- str = nm_setting_vpn_get_data_item(settings, "userkey");
+ str = nm_setting_vpn_get_data_item(vpn, "userkey");
if (!agent && str)
{
chunk_t secret, chunk;
bool pgp = FALSE;
- secret.ptr = (char*)nm_setting_vpn_get_secret(settings,
- "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(vpn, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
@@ -358,7 +391,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
{
user = cert->get_subject(cert);
user = user->clone(user);
- creds->set_cert_and_key(creds, cert, private);
+ priv->creds->set_cert_and_key(priv->creds, cert, private);
}
else
{
@@ -382,7 +415,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
*/
ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
- peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg,
+ peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
600, 600, /* jitter, over 10min */
@@ -398,11 +431,11 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
- child_cfg = child_cfg_create(CONFIG_NAME,
+ child_cfg = child_cfg_create(priv->name,
10800, 10200, /* lifetime 3h, rekey 2h50min */
300, /* jitter 5min */
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_RESTART, ipcomp);
+ ACTION_NONE, ACTION_NONE, ipcomp);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
@@ -413,7 +446,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
/**
- * Start to initiate
+ * Prepare IKE_SA
*/
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
peer_cfg);
@@ -425,21 +458,27 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
{
peer_cfg->destroy(peer_cfg);
}
+
+ /**
+ * Register listener, enable initiate-failure-detection hooks
+ */
+ priv->ike_sa = ike_sa;
+ priv->listener.ike_state_change = ike_state_change;
+ priv->listener.child_state_change = child_state_change;
+ charon->bus->add_listener(charon->bus, &priv->listener);
+
+ /**
+ * Initiate
+ */
if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
{
+ charon->bus->remove_listener(charon->bus, &priv->listener);
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"Initiating failed.");
return FALSE;
}
-
- /**
- * Register listener
- */
- NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->ike_sa = ike_sa;
- charon->bus->add_listener(charon->bus,
- &NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->listener);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
return TRUE;
}
@@ -501,14 +540,16 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
*/
static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
{
+ NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
enumerator_t *enumerator;
ike_sa_t *ike_sa;
u_int id;
+ /* our ike_sa pointer might be invalid, lookup sa */
enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
while (enumerator->enumerate(enumerator, &ike_sa))
{
- if (streq(CONFIG_NAME, ike_sa->get_name(ike_sa)))
+ if (priv->ike_sa == ike_sa)
{
id = ike_sa->get_unique_id(ike_sa);
enumerator->destroy(enumerator);
@@ -529,13 +570,13 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
*/
static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
{
- NMStrongswanPluginPrivate *private;
+ NMStrongswanPluginPrivate *priv;
- private = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
- private->plugin = NM_VPN_PLUGIN(plugin);
- memset(&private->listener.log, 0, sizeof(listener_t));
- private->listener.ike_state_change = ike_state_change;
- private->listener.child_state_change = child_state_change;
+ priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
+ priv->plugin = NM_VPN_PLUGIN(plugin);
+ memset(&priv->listener.log, 0, sizeof(listener_t));
+ priv->listener.child_updown = child_updown;
+ priv->listener.ike_rekey = ike_rekey;
}
/**
@@ -565,8 +606,12 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds,
NULL);
if (plugin)
{
- NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->creds = creds;
- NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler = handler;
+ NMStrongswanPluginPrivate *priv;
+
+ priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
+ priv->creds = creds;
+ priv->handler = handler;
+ priv->name = NULL;
}
return plugin;
}
diff --git a/src/charon/plugins/resolv_conf/Makefile.am b/src/charon/plugins/resolv_conf/Makefile.am
index 917964f93..be7f862f2 100644
--- a/src/charon/plugins/resolv_conf/Makefile.am
+++ b/src/charon/plugins/resolv_conf/Makefile.am
@@ -8,6 +8,6 @@ plugin_LTLIBRARIES = libstrongswan-resolv-conf.la
libstrongswan_resolv_conf_la_SOURCES = \
resolv_conf_plugin.h resolv_conf_plugin.c \
resolv_conf_handler.h resolv_conf_handler.c
-libstrongswan_resolv_conf_la_LDFLAGS = -module
+libstrongswan_resolv_conf_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/resolv_conf/Makefile.in b/src/charon/plugins/resolv_conf/Makefile.in
index 91ddae582..19c20467a 100644
--- a/src/charon/plugins/resolv_conf/Makefile.in
+++ b/src/charon/plugins/resolv_conf/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -229,7 +234,7 @@ libstrongswan_resolv_conf_la_SOURCES = \
resolv_conf_plugin.h resolv_conf_plugin.c \
resolv_conf_handler.h resolv_conf_handler.c
-libstrongswan_resolv_conf_la_LDFLAGS = -module
+libstrongswan_resolv_conf_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolv_conf/resolv_conf_handler.c
index 19e3b3275..749cfbc5b 100644
--- a/src/charon/plugins/resolv_conf/resolv_conf_handler.c
+++ b/src/charon/plugins/resolv_conf/resolv_conf_handler.c
@@ -183,7 +183,7 @@ resolv_conf_handler_t *resolv_conf_handler_create()
this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release;
this->public.destroy = (void(*)(resolv_conf_handler_t*))destroy;
- this->mutex = mutex_create(MUTEX_DEFAULT);
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
this->file = lib->settings->get_str(lib->settings,
"charon.plugins.resolv-conf.file", RESOLV_CONF);
diff --git a/src/charon/plugins/smp/Makefile.am b/src/charon/plugins/smp/Makefile.am
index 1679f1c68..a434b388b 100644
--- a/src/charon/plugins/smp/Makefile.am
+++ b/src/charon/plugins/smp/Makefile.am
@@ -5,6 +5,6 @@ AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
plugin_LTLIBRARIES = libstrongswan-smp.la
libstrongswan_smp_la_SOURCES = smp.h smp.c
-libstrongswan_smp_la_LDFLAGS = -module
+libstrongswan_smp_la_LDFLAGS = -module -avoid-version
libstrongswan_smp_la_LIBADD = ${xml_LIBS}
diff --git a/src/charon/plugins/smp/Makefile.in b/src/charon/plugins/smp/Makefile.in
index f06321ba7..d23d2d001 100644
--- a/src/charon/plugins/smp/Makefile.in
+++ b/src/charon/plugins/smp/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -222,7 +227,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CF
AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
plugin_LTLIBRARIES = libstrongswan-smp.la
libstrongswan_smp_la_SOURCES = smp.h smp.c
-libstrongswan_smp_la_LDFLAGS = -module
+libstrongswan_smp_la_LDFLAGS = -module -avoid-version
libstrongswan_smp_la_LIBADD = ${xml_LIBS}
all: all-am
diff --git a/src/charon/plugins/sql/Makefile.am b/src/charon/plugins/sql/Makefile.am
index ea39ce0d5..bf4963f29 100644
--- a/src/charon/plugins/sql/Makefile.am
+++ b/src/charon/plugins/sql/Makefile.am
@@ -10,7 +10,7 @@ plugin_LTLIBRARIES = libstrongswan-sql.la
libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
sql_config.h sql_config.c sql_cred.h sql_cred.c \
sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
-libstrongswan_sql_la_LDFLAGS = -module
+libstrongswan_sql_la_LDFLAGS = -module -avoid-version
ipsec_PROGRAMS = pool
pool_SOURCES = pool.c
diff --git a/src/charon/plugins/sql/Makefile.in b/src/charon/plugins/sql/Makefile.in
index 0848ea0dd..f6fd8e4f7 100644
--- a/src/charon/plugins/sql/Makefile.in
+++ b/src/charon/plugins/sql/Makefile.in
@@ -82,12 +82,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -152,6 +154,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -192,7 +195,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -237,7 +242,7 @@ libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
sql_config.h sql_config.c sql_cred.h sql_cred.c \
sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
-libstrongswan_sql_la_LDFLAGS = -module
+libstrongswan_sql_la_LDFLAGS = -module -avoid-version
pool_SOURCES = pool.c
pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
all: all-am
diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c
index 7d393b6f7..ebcc9adc7 100644
--- a/src/charon/plugins/sql/pool.c
+++ b/src/charon/plugins/sql/pool.c
@@ -637,8 +637,19 @@ int main(int argc, char *argv[])
} operation = OP_USAGE;
dbg = dbg_stderr;
- library_init(STRONGSWAN_CONF);
atexit(library_deinit);
+
+ /* initialize library */
+ if (!library_init(STRONGSWAN_CONF))
+ {
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "pool", argv[0]))
+ {
+ fprintf(stderr, "integrity check of pool failed\n");
+ exit(SS_RC_DAEMON_INTEGRITY);
+ }
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
lib->settings->get_str(lib->settings, "pool.load", PLUGINS));
diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c
index 95d0d30d4..77601e612 100644
--- a/src/charon/plugins/sql/sql_attribute.c
+++ b/src/charon/plugins/sql/sql_attribute.c
@@ -92,25 +92,18 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout)
}
/**
- * Lookup a lease
+ * Look up an existing lease
*/
-static host_t *get_address(private_sql_attribute_t *this, char *name,
- u_int pool, u_int timeout, u_int identity)
+static host_t* check_lease(private_sql_attribute_t *this, char *name,
+ u_int pool, u_int identity)
{
- enumerator_t *e;
- u_int id;
- chunk_t address;
- host_t *host;
- time_t now = time(NULL);
-
- /* We check for leases for that identity first and for other expired
- * leases afterwards. We select an address as a candidate, but double
- * check if it is still valid in the update. This allows us to work
- * without locking. */
-
- /* check for an existing lease for that identity */
while (TRUE)
{
+ u_int id;
+ chunk_t address;
+ enumerator_t *e;
+ time_t now = time(NULL);
+
e = this->db->query(this->db,
"SELECT id, address FROM addresses "
"WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1",
@@ -122,11 +115,14 @@ static host_t *get_address(private_sql_attribute_t *this, char *name,
}
address = chunk_clonea(address);
e->destroy(e);
+
if (this->db->execute(this->db, NULL,
"UPDATE addresses SET acquired = ?, released = 0 "
"WHERE id = ? AND identity = ? AND released != 0",
DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0)
{
+ host_t *host;
+
host = host_create_from_chunk(AF_UNSPEC, address, 0);
if (host)
{
@@ -136,14 +132,43 @@ static host_t *get_address(private_sql_attribute_t *this, char *name,
}
}
}
-
- /* check for an expired lease */
+ return NULL;
+}
+
+/**
+ * We check for unallocated addresses or expired leases. First we select an
+ * address as a candidate, but double check later on if it is still available
+ * during the update operation. This allows us to work without locking.
+ */
+static host_t* get_lease(private_sql_attribute_t *this, char *name,
+ u_int pool, u_int timeout, u_int identity)
+{
while (TRUE)
{
- e = this->db->query(this->db,
+ u_int id;
+ chunk_t address;
+ enumerator_t *e;
+ time_t now = time(NULL);
+ int hits;
+
+ if (timeout)
+ {
+ /* check for an expired lease */
+ e = this->db->query(this->db,
"SELECT id, address FROM addresses "
"WHERE pool = ? AND released != 0 AND released < ? LIMIT 1",
DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB);
+ }
+ else
+ {
+ /* with static leases, check for an unallocated address */
+ e = this->db->query(this->db,
+ "SELECT id, address FROM addresses "
+ "WHERE pool = ? AND identity = 0 LIMIT 1",
+ DB_UINT, pool, DB_UINT, DB_BLOB);
+
+ }
+
if (!e || !e->enumerate(e, &id, &address))
{
DESTROY_IF(e);
@@ -152,13 +177,27 @@ static host_t *get_address(private_sql_attribute_t *this, char *name,
address = chunk_clonea(address);
e->destroy(e);
- if (this->db->execute(this->db, NULL,
- "UPDATE addresses SET "
- "acquired = ?, released = 0, identity = ? "
- "WHERE id = ? AND released != 0 AND released < ?",
- DB_UINT, now, DB_UINT, identity,
- DB_UINT, id, DB_UINT, now - timeout) > 0)
+ if (timeout)
+ {
+ hits = this->db->execute(this->db, NULL,
+ "UPDATE addresses SET "
+ "acquired = ?, released = 0, identity = ? "
+ "WHERE id = ? AND released != 0 AND released < ?",
+ DB_UINT, now, DB_UINT, identity,
+ DB_UINT, id, DB_UINT, now - timeout);
+ }
+ else
{
+ hits = this->db->execute(this->db, NULL,
+ "UPDATE addresses SET "
+ "acquired = ?, released = 0, identity = ? "
+ "WHERE id = ? AND identity = 0",
+ DB_UINT, now, DB_UINT, identity, DB_UINT, id);
+ }
+ if (hits > 0)
+ {
+ host_t *host;
+
host = host_create_from_chunk(AF_UNSPEC, address, 0);
if (host)
{
@@ -169,37 +208,75 @@ static host_t *get_address(private_sql_attribute_t *this, char *name,
}
}
DBG1(DBG_CFG, "no available address found in pool '%s'", name);
- return 0;
+ return NULL;
}
/**
* Implementation of attribute_provider_t.acquire_address
*/
static host_t* acquire_address(private_sql_attribute_t *this,
- char *name, identification_t *id,
+ char *names, identification_t *id,
host_t *requested)
{
- enumerator_t *enumerator;
- u_int pool, timeout, identity;
host_t *address = NULL;
-
+ u_int identity, pool, timeout;
+
identity = get_identity(this, id);
if (identity)
{
- enumerator = enumerator_create_token(name, ",", " ");
- while (enumerator->enumerate(enumerator, &name))
+ /* check for a single pool first (no concatenation and enumeration) */
+ if (strchr(names, ',') == NULL)
{
- pool = get_pool(this, name, &timeout);
+ pool = get_pool(this, names, &timeout);
if (pool)
{
- address = get_address(this, name, pool, timeout, identity);
- if (address)
+ /* check for an existing lease */
+ address = check_lease(this, names, pool, identity);
+ if (address == NULL)
+ {
+ /* get an unallocated address or expired lease */
+ address = get_lease(this, names, pool, timeout, identity);
+ }
+ }
+ }
+ else
+ {
+ enumerator_t *enumerator;
+ char *name;
+
+ /* in a first step check for an existing lease over all pools */
+ enumerator = enumerator_create_token(names, ",", " ");
+ while (enumerator->enumerate(enumerator, &name))
+ {
+ pool = get_pool(this, name, &timeout);
+ if (pool)
+ {
+ address = check_lease(this, name, pool, identity);
+ if (address)
+ {
+ enumerator->destroy(enumerator);
+ return address;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* in a second step get an unallocated address or expired lease */
+ enumerator = enumerator_create_token(names, ",", " ");
+ while (enumerator->enumerate(enumerator, &name))
+ {
+ pool = get_pool(this, name, &timeout);
+ if (pool)
{
- break;
+ address = get_lease(this, name, pool, timeout, identity);
+ if (address)
+ {
+ break;
+ }
}
}
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
}
return address;
}
diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c
index 3e5efce34..e7dfe573b 100644
--- a/src/charon/plugins/sql/sql_config.c
+++ b/src/charon/plugins/sql/sql_config.c
@@ -295,10 +295,10 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
mediation, mediated_cfg, peer_id);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method);
- auth->add(auth, AUTH_RULE_IDENTITY, local_id->clone(local_id));
+ auth->add(auth, AUTH_RULE_IDENTITY, local_id);
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_IDENTITY, remote_id->clone(remote_id));
+ auth->add(auth, AUTH_RULE_IDENTITY, remote_id);
if (eap_type)
{
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am
index fb58ba62b..79a63f2c2 100644
--- a/src/charon/plugins/stroke/Makefile.am
+++ b/src/charon/plugins/stroke/Makefile.am
@@ -18,5 +18,5 @@ libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
stroke_list.h stroke_list.c \
stroke_shared_key.h stroke_shared_key.c
-libstrongswan_stroke_la_LDFLAGS = -module
+libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/stroke/Makefile.in b/src/charon/plugins/stroke/Makefile.in
index f246286a0..19822ebc8 100644
--- a/src/charon/plugins/stroke/Makefile.in
+++ b/src/charon/plugins/stroke/Makefile.in
@@ -76,12 +76,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -186,7 +189,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -237,7 +242,7 @@ libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
stroke_list.h stroke_list.c \
stroke_shared_key.h stroke_shared_key.c
-libstrongswan_stroke_la_LDFLAGS = -module
+libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
index a7925ce3e..d3211fd67 100644
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ b/src/charon/plugins/stroke/stroke_attribute.c
@@ -539,7 +539,7 @@ stroke_attribute_t *stroke_attribute_create()
this->public.destroy = (void(*)(stroke_attribute_t*))destroy;
this->pools = linked_list_create();
- this->mutex = mutex_create(MUTEX_RECURSIVE);
+ this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
return &this->public;
}
diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c
index fab06e6c5..c354d8cb8 100644
--- a/src/charon/plugins/stroke/stroke_ca.c
+++ b/src/charon/plugins/stroke/stroke_ca.c
@@ -447,7 +447,7 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred)
this->public.destroy = (void(*)(stroke_ca_t*))destroy;
this->sections = linked_list_create();
- this->lock = rwlock_create(RWLOCK_DEFAULT);
+ this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
this->cred = cred;
return &this->public;
diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c
index 028e71e71..0b6a4ac31 100644
--- a/src/charon/plugins/stroke/stroke_config.c
+++ b/src/charon/plugins/stroke/stroke_config.c
@@ -924,7 +924,7 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred)
this->public.destroy = (void(*)(stroke_config_t*))destroy;
this->list = linked_list_create();
- this->mutex = mutex_create(MUTEX_RECURSIVE);
+ this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
this->ca = ca;
this->cred = cred;
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index dc73299b8..31bcfe9f4 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -16,6 +16,8 @@
#include <sys/stat.h>
#include <limits.h>
+#include <glob.h>
+#include <libgen.h>
#include "stroke_cred.h"
#include "stroke_shared_key.h"
@@ -41,6 +43,8 @@
#define CRL_DIR IPSEC_D_DIR "/crls"
#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
+#define MAX_SECRETS_RECURSION 10
+
typedef struct private_stroke_cred_t private_stroke_cred_t;
/**
@@ -691,7 +695,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line)
/**
* reload ipsec.secrets
*/
-static void load_secrets(private_stroke_cred_t *this)
+static void load_secrets(private_stroke_cred_t *this, char *file, int level)
{
size_t bytes;
int line_nr = 0;
@@ -700,9 +704,9 @@ static void load_secrets(private_stroke_cred_t *this)
private_key_t *private;
shared_key_t *shared;
- DBG1(DBG_CFG, "loading secrets from '%s'", SECRETS_FILE);
+ DBG1(DBG_CFG, "loading secrets from '%s'", file);
- fd = fopen(SECRETS_FILE, "r");
+ fd = fopen(file, "r");
if (fd == NULL)
{
DBG1(DBG_CFG, "opening secrets file '%s' failed");
@@ -719,15 +723,19 @@ static void load_secrets(private_stroke_cred_t *this)
src = chunk;
this->lock->write_lock(this->lock);
- while (this->shared->remove_last(this->shared,
- (void**)&shared) == SUCCESS)
- {
- shared->destroy(shared);
- }
- while (this->private->remove_last(this->private,
- (void**)&private) == SUCCESS)
+ if (level == 0)
{
- private->destroy(private);
+ /* flush secrets on non-recursive invocation */
+ while (this->shared->remove_last(this->shared,
+ (void**)&shared) == SUCCESS)
+ {
+ shared->destroy(shared);
+ }
+ while (this->private->remove_last(this->private,
+ (void**)&private) == SUCCESS)
+ {
+ private->destroy(private);
+ }
}
while (fetchline(&src, &line))
@@ -741,6 +749,66 @@ static void load_secrets(private_stroke_cred_t *this)
{
continue;
}
+ if (line.len > strlen("include ") &&
+ strneq(line.ptr, "include ", strlen("include ")))
+ {
+ glob_t buf;
+ char **expanded, *dir, pattern[PATH_MAX];
+ u_char *pos;
+
+ if (level > MAX_SECRETS_RECURSION)
+ {
+ DBG1(DBG_CFG, "maximum level of %d includes reached, ignored",
+ MAX_SECRETS_RECURSION);
+ continue;
+ }
+ /* terminate filename by space */
+ line = chunk_skip(line, strlen("include "));
+ pos = memchr(line.ptr, ' ', line.len);
+ if (pos)
+ {
+ line.len = pos - line.ptr;
+ }
+ if (line.len && line.ptr[0] == '/')
+ {
+ if (line.len + 1 > sizeof(pattern))
+ {
+ DBG1(DBG_CFG, "include pattern too long, ignored");
+ continue;
+ }
+ snprintf(pattern, sizeof(pattern), "%.*s", line.len, line.ptr);
+ }
+ else
+ { /* use directory of current file if relative */
+ dir = strdup(file);
+ dir = dirname(dir);
+
+ if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern))
+ {
+ DBG1(DBG_CFG, "include pattern too long, ignored");
+ free(dir);
+ continue;
+ }
+ snprintf(pattern, sizeof(pattern), "%s/%.*s",
+ dir, line.len, line.ptr);
+ free(dir);
+ }
+ if (glob(pattern, GLOB_ERR, NULL, &buf) != 0)
+ {
+ DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern);
+ globfree(&buf);
+ }
+ else
+ {
+ for (expanded = buf.gl_pathv; *expanded != NULL; expanded++)
+ {
+ load_secrets(this, *expanded, level + 1);
+ }
+ }
+ globfree(&buf);
+ continue;
+ }
+
if (line.len > 2 && strneq(": ", line.ptr, 2))
{
/* no ids, skip the ':' */
@@ -989,7 +1057,7 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg)
if (msg->reread.flags & REREAD_SECRETS)
{
DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this);
+ load_secrets(this, SECRETS_FILE, 0);
}
if (msg->reread.flags & REREAD_CACERTS)
{
@@ -1057,10 +1125,10 @@ stroke_cred_t *stroke_cred_create()
this->certs = linked_list_create();
this->shared = linked_list_create();
this->private = linked_list_create();
- this->lock = rwlock_create(RWLOCK_DEFAULT);
+ this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
load_certs(this);
- load_secrets(this);
+ load_secrets(this, SECRETS_FILE, 0);
this->cachecrl = FALSE;
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
index 564a511a1..6f421bd30 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/charon/plugins/stroke/stroke_list.c
@@ -146,8 +146,8 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
*/
static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
{
- u_int32_t rekey, now = time(NULL);
- u_int32_t use_in, use_out;
+ time_t use_in, use_out, rekey, now = time(NULL);
+ u_int64_t bytes_in, bytes_out;
proposal_t *proposal;
child_cfg_t *config = child_sa->get_config(child_sa);
@@ -205,6 +205,20 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
}
}
}
+
+ child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in);
+ fprintf(out, ", %llu bytes_i", bytes_in);
+ if (use_in)
+ {
+ fprintf(out, " (%ds ago)", now - use_in);
+ }
+
+ child_sa->get_usestats(child_sa, FALSE, &use_out, &bytes_out);
+ fprintf(out, ", %llu bytes_o", bytes_out);
+ if (use_out)
+ {
+ fprintf(out, " (%ds ago)", now - use_out);
+ }
fprintf(out, ", rekeying ");
rekey = child_sa->get_lifetime(child_sa, FALSE);
@@ -224,25 +238,6 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
fprintf(out, "disabled");
}
- fprintf(out, ", last use: ");
- use_in = child_sa->get_usetime(child_sa, TRUE);
- if (use_in)
- {
- fprintf(out, "%ds_i ", now - use_in);
- }
- else
- {
- fprintf(out, "no_i ");
- }
- use_out = child_sa->get_usetime(child_sa, FALSE);
- if (use_out)
- {
- fprintf(out, "%ds_o ", now - use_out);
- }
- else
- {
- fprintf(out, "no_o ");
- }
}
}
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c
index f61171e22..9b6a8a3a7 100644
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/charon/plugins/stroke/stroke_socket.c
@@ -27,6 +27,7 @@
#include <processing/jobs/callback_job.h>
#include <daemon.h>
+#include <utils/mutex.h> /* for Mac OS X compatible accept */
#include "stroke_config.h"
#include "stroke_control.h"
diff --git a/src/charon/plugins/uci/Makefile.am b/src/charon/plugins/uci/Makefile.am
index 0136bf5e9..9fdbfb709 100644
--- a/src/charon/plugins/uci/Makefile.am
+++ b/src/charon/plugins/uci/Makefile.am
@@ -8,7 +8,7 @@ libstrongswan_uci_la_SOURCES = \
uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
uci_config.h uci_config.c uci_creds.h uci_creds.c \
uci_control.h uci_control.c
-libstrongswan_uci_la_LDFLAGS = -module
+libstrongswan_uci_la_LDFLAGS = -module -avoid-version
libstrongswan_uci_la_LIBADD = -luci
diff --git a/src/charon/plugins/uci/Makefile.in b/src/charon/plugins/uci/Makefile.in
index e599135cb..c4fb335d7 100644
--- a/src/charon/plugins/uci/Makefile.in
+++ b/src/charon/plugins/uci/Makefile.in
@@ -74,12 +74,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -144,6 +146,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -184,7 +187,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ libstrongswan_uci_la_SOURCES = \
uci_config.h uci_config.c uci_creds.h uci_creds.c \
uci_control.h uci_control.c
-libstrongswan_uci_la_LDFLAGS = -module
+libstrongswan_uci_la_LDFLAGS = -module -avoid-version
libstrongswan_uci_la_LIBADD = -luci
all: all-am
diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am
index 50c5e0362..64846f995 100644
--- a/src/charon/plugins/unit_tester/Makefile.am
+++ b/src/charon/plugins/unit_tester/Makefile.am
@@ -20,5 +20,5 @@ libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
tests/test_agent.c \
tests/test_id.c
-libstrongswan_unit_tester_la_LDFLAGS = -module
+libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/unit_tester/Makefile.in b/src/charon/plugins/unit_tester/Makefile.in
index 2ee5e48d8..0bf0cf301 100644
--- a/src/charon/plugins/unit_tester/Makefile.in
+++ b/src/charon/plugins/unit_tester/Makefile.in
@@ -79,12 +79,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -149,6 +151,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -189,7 +192,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -241,7 +246,7 @@ libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
tests/test_agent.c \
tests/test_id.c
-libstrongswan_unit_tester_la_LDFLAGS = -module
+libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES:
diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h
index dcf2a5d18..b99940c1a 100644
--- a/src/charon/plugins/unit_tester/tests.h
+++ b/src/charon/plugins/unit_tester/tests.h
@@ -36,5 +36,8 @@ DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE)
DEFINE_TEST("IP pool", test_pool, FALSE)
DEFINE_TEST("SSH agent", test_agent, FALSE)
DEFINE_TEST("ID parts", test_id_parts, FALSE)
+DEFINE_TEST("ID wildcards", test_id_wildcards, FALSE)
+DEFINE_TEST("ID equals", test_id_equals, FALSE)
+DEFINE_TEST("ID matches", test_id_matches, FALSE)
/** @}*/
diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/charon/plugins/unit_tester/tests/test_id.c
index 56dab2421..a1ef76be8 100644
--- a/src/charon/plugins/unit_tester/tests/test_id.c
+++ b/src/charon/plugins/unit_tester/tests/test_id.c
@@ -67,3 +67,183 @@ bool test_id_parts()
return TRUE;
}
+/*******************************************************************************
+ * identification contains_wildcards() test
+ ******************************************************************************/
+
+static bool test_id_wildcards_has(char *string)
+{
+ identification_t *id;
+ bool contains;
+
+ id = identification_create_from_string(string);
+ contains = id->contains_wildcards(id);
+ id->destroy(id);
+ return contains;
+}
+
+bool test_id_wildcards()
+{
+ if (!test_id_wildcards_has("C=*, O=strongSwan, CN=gw"))
+ {
+ return FALSE;
+ }
+ if (!test_id_wildcards_has("C=CH, O=strongSwan, CN=*"))
+ {
+ return FALSE;
+ }
+ if (test_id_wildcards_has("C=**, O=a*, CN=*a"))
+ {
+ return FALSE;
+ }
+ if (!test_id_wildcards_has("*@strongswan.org"))
+ {
+ return FALSE;
+ }
+ if (!test_id_wildcards_has("*.strongswan.org"))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/*******************************************************************************
+ * identification equals test
+ ******************************************************************************/
+
+static bool test_id_equals_one(identification_t *a, char *b_str)
+{
+ identification_t *b;
+ bool equals;
+
+ b = identification_create_from_string(b_str);
+ equals = a->equals(a, b);
+ b->destroy(b);
+ return equals;
+}
+
+bool test_id_equals()
+{
+ identification_t *a;
+ chunk_t encoding, fuzzed;
+ int i;
+
+ a = identification_create_from_string(
+ "C=CH, E=martin@strongswan.org, CN=martin");
+
+ if (!test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin"))
+ {
+ return FALSE;
+ }
+ if (!test_id_equals_one(a, "C=ch, E=martin@STRONGSWAN.ORG, CN=Martin"))
+ {
+ return FALSE;
+ }
+ if (test_id_equals_one(a, "C=CN, E=martin@strongswan.org, CN=martin"))
+ {
+ return FALSE;
+ }
+ if (test_id_equals_one(a, "E=martin@strongswan.org, C=CH, CN=martin"))
+ {
+ return FALSE;
+ }
+ if (test_id_equals_one(a, "E=martin@strongswan.org, C=CH, CN=martin"))
+ {
+ return FALSE;
+ }
+ encoding = chunk_clone(a->get_encoding(a));
+ a->destroy(a);
+
+ /* simple fuzzing, increment each byte of encoding */
+ for (i = 0; i < encoding.len; i++)
+ {
+ if (i == 11 || i == 30 || i == 62)
+ { /* skip ASN.1 type fields, as equals() handles them graceful */
+ continue;
+ }
+ fuzzed = chunk_clone(encoding);
+ fuzzed.ptr[i]++;
+ a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
+ if (test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin"))
+ {
+ return FALSE;
+ }
+ a->destroy(a);
+ free(fuzzed.ptr);
+ }
+
+ /* and decrement each byte of encoding */
+ for (i = 0; i < encoding.len; i++)
+ {
+ if (i == 11 || i == 30 || i == 62)
+ {
+ continue;
+ }
+ fuzzed = chunk_clone(encoding);
+ fuzzed.ptr[i]--;
+ a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
+ if (test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin"))
+ {
+ return FALSE;
+ }
+ a->destroy(a);
+ free(fuzzed.ptr);
+ }
+ free(encoding.ptr);
+ return TRUE;
+}
+
+/*******************************************************************************
+ * identification matches test
+ ******************************************************************************/
+
+static id_match_t test_id_matches_one(identification_t *a, char *b_str)
+{
+ identification_t *b;
+ id_match_t match;
+
+ b = identification_create_from_string(b_str);
+ match = a->matches(a, b);
+ b->destroy(b);
+ return match;
+}
+
+bool test_id_matches()
+{
+ identification_t *a;
+
+ a = identification_create_from_string(
+ "C=CH, E=martin@strongswan.org, CN=martin");
+
+ if (test_id_matches_one(a, "C=CH, E=martin@strongswan.org, CN=martin")
+ != ID_MATCH_PERFECT)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=CH, E=*, CN=martin") != ID_MATCH_ONE_WILDCARD)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=CH, E=*, CN=*") != ID_MATCH_ONE_WILDCARD - 1)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=*, E=*, CN=*") != ID_MATCH_ONE_WILDCARD - 2)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=*, E=*, CN=*, O=BADInc") != ID_MATCH_NONE)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=*, E=*") != ID_MATCH_NONE)
+ {
+ return FALSE;
+ }
+ if (test_id_matches_one(a, "C=*, E=a@b.c, CN=*") != ID_MATCH_NONE)
+ {
+ return FALSE;
+ }
+ a->destroy(a);
+ return TRUE;
+}
diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/charon/plugins/unit_tester/tests/test_mutex.c
index a305d5082..cb315276b 100644
--- a/src/charon/plugins/unit_tester/tests/test_mutex.c
+++ b/src/charon/plugins/unit_tester/tests/test_mutex.c
@@ -65,7 +65,7 @@ bool test_mutex()
int i;
pthread_t threads[THREADS];
- mutex = mutex_create(MUTEX_RECURSIVE);
+ mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
for (i = 0; i < 10; i++)
{
diff --git a/src/charon/plugins/updown/Makefile.am b/src/charon/plugins/updown/Makefile.am
index de60d9fbf..fe6e0bb52 100644
--- a/src/charon/plugins/updown/Makefile.am
+++ b/src/charon/plugins/updown/Makefile.am
@@ -7,6 +7,6 @@ plugin_LTLIBRARIES = libstrongswan-updown.la
libstrongswan_updown_la_SOURCES = \
updown_plugin.h updown_plugin.c \
updown_listener.h updown_listener.c
-libstrongswan_updown_la_LDFLAGS = -module
+libstrongswan_updown_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/updown/Makefile.in b/src/charon/plugins/updown/Makefile.in
index d0aac79f9..b1b6fb497 100644
--- a/src/charon/plugins/updown/Makefile.in
+++ b/src/charon/plugins/updown/Makefile.in
@@ -75,12 +75,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -145,6 +147,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -185,7 +188,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -226,7 +231,7 @@ libstrongswan_updown_la_SOURCES = \
updown_plugin.h updown_plugin.c \
updown_listener.h updown_listener.c
-libstrongswan_updown_la_LDFLAGS = -module
+libstrongswan_updown_la_LDFLAGS = -module -avoid-version
all: all-am
.SUFFIXES: