summaryrefslogtreecommitdiff
path: root/src/charon/plugins
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 10:06:21 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 10:06:21 +0000
commit7b88a5ce44f52abb13390c6c105bdd58a590a626 (patch)
treeabfb7e16a76d3d65af2c809c949b747a874e33fd /src/charon/plugins
parent3c810543672b76a7c9b871420866f822f8b067d8 (diff)
downloadvyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.tar.gz
vyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.zip
- New upstream version.
Diffstat (limited to 'src/charon/plugins')
-rw-r--r--src/charon/plugins/eap_mschapv2/eap_mschapv2.c4
-rw-r--r--src/charon/plugins/nm/nm_service.c80
-rw-r--r--src/charon/plugins/sql/pool.c4
-rw-r--r--src/charon/plugins/sql/sql_attribute.c2
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.c1
-rw-r--r--src/charon/plugins/stroke/stroke_cred.c7
-rw-r--r--src/charon/plugins/stroke/stroke_list.c42
7 files changed, 83 insertions, 57 deletions
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
index 47dac47d4..07ca48e6f 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_mschapv2.c 4888 2009-02-19 14:32:13Z tobias $
+ * $Id: eap_mschapv2.c 4896 2009-02-24 13:39:50Z martin $
*/
#include "eap_mschapv2.h"
@@ -643,7 +643,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
rng->destroy(rng);
shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, this->server, this->peer);
+ SHARED_EAP, this->peer, this->server);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for hosts '%D' - '%D'",
diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c
index 1f2b6f723..72744b784 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/charon/plugins/nm/nm_service.c
@@ -83,8 +83,8 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
*/
static void signal_failure(NMVPNPlugin *plugin)
{
- /* TODO: NM does not handle this failure!?
- nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */
+ /* TODO: NM does not handle this failure!? */
+ nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
@@ -144,7 +144,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
nm_creds_t *creds;
NMSettingVPN *settings;
identification_t *user = NULL, *gateway;
- char *address, *str;
+ const char *address, *str;
bool virtual, encap, ipcomp;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
@@ -164,20 +164,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
DBG4(DBG_CFG, "received NetworkManager connection: %s",
nm_setting_to_string(NM_SETTING(settings)));
- address = g_hash_table_lookup(settings->data, "address");
+ address = nm_setting_vpn_get_data_item(settings, "address");
if (!address || !*address)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Gateway address missing.");
return FALSE;
}
- str = g_hash_table_lookup(settings->data, "virtual");
+ str = nm_setting_vpn_get_data_item(settings, "virtual");
virtual = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "encap");
+ str = nm_setting_vpn_get_data_item(settings, "encap");
encap = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "ipcomp");
+ str = nm_setting_vpn_get_data_item(settings, "ipcomp");
ipcomp = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "method");
+ str = nm_setting_vpn_get_data_item(settings, "method");
if (str)
{
if (streq(str, "psk"))
@@ -202,7 +202,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
creds->clear(creds);
/* gateway cert */
- str = g_hash_table_lookup(settings->data, "certificate");
+ str = nm_setting_vpn_get_data_item(settings, "certificate");
if (str)
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
@@ -220,20 +220,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
if (auth_class == AUTH_CLASS_EAP)
{
/* username/password authentication ... */
- str = g_hash_table_lookup(settings->data, "user");
+ str = nm_setting_vpn_get_data_item(settings, "user");
if (str)
{
user = identification_create_from_encoding(ID_KEY_ID,
chunk_create(str, strlen(str)));
- str = g_hash_table_lookup(settings->secrets, "password");
- creds->set_username_password(creds, user, str);
+ str = nm_setting_vpn_get_secret(settings, "password");
+ creds->set_username_password(creds, user, (char*)str);
}
}
if (auth_class == AUTH_CLASS_PUBKEY)
{
/* ... or certificate/private key authenitcation */
- str = g_hash_table_lookup(settings->data, "usercert");
+ str = nm_setting_vpn_get_data_item(settings, "usercert");
if (str)
{
public_key_t *public;
@@ -241,10 +241,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, str, BUILD_END);
-
+ if (!cert)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading peer certificate failed.");
+ return FALSE;
+ }
/* try agent */
- str = g_hash_table_lookup(settings->secrets, "agent");
- if (agent && str && cert)
+ str = nm_setting_vpn_get_secret(settings, "agent");
+ if (agent && str)
{
public = cert->get_public_key(cert);
if (public)
@@ -256,25 +262,38 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
BUILD_END);
public->destroy(public);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Connecting to SSH agent failed.");
+ }
}
/* ... or key file */
- str = g_hash_table_lookup(settings->data, "userkey");
- if (!agent && str && cert)
+ str = nm_setting_vpn_get_data_item(settings, "userkey");
+ if (!agent && str)
{
chunk_t secret, chunk;
bool pgp = FALSE;
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings,
+ "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(str, &secret, &chunk, &pgp))
+ if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp))
{
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
free(chunk.ptr);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading private key failed.");
+ }
}
if (private)
{
@@ -285,8 +304,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
DESTROY_IF(cert);
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
- "Loading user certificate/private key failed.");
return FALSE;
}
}
@@ -302,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Set up configurations
*/
- ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address);
+ ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg,
user, gateway->clone(gateway),
@@ -367,40 +384,40 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
char **setting_name, GError **error)
{
NMSettingVPN *settings;
- char *method, *path;
+ const char *method, *path;
chunk_t secret = chunk_empty, key;
bool pgp = FALSE;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
NM_TYPE_SETTING_VPN));
- method = g_hash_table_lookup(settings->data, "method");
+ method = nm_setting_vpn_get_data_item(settings, "method");
if (method)
{
if (streq(method, "eap"))
{
- if (g_hash_table_lookup(settings->secrets, "password"))
+ if (nm_setting_vpn_get_secret(settings, "password"))
{
return FALSE;
}
}
else if (streq(method, "agent"))
{
- if (g_hash_table_lookup(settings->secrets, "agent"))
+ if (nm_setting_vpn_get_secret(settings, "agent"))
{
return FALSE;
}
}
else if (streq(method, "key"))
{
- path = g_hash_table_lookup(settings->data, "userkey");
+ path = nm_setting_vpn_get_data_item(settings, "userkey");
if (path)
{
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(path, &secret, &key, &pgp))
+ if (pem_asn1_load_file((char*)path, &secret, &key, &pgp))
{
free(key.ptr);
return FALSE;
@@ -434,6 +451,9 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
}
}
enumerator->destroy(enumerator);
+
+ g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL,
+ "Connection not found.");
return FALSE;
}
diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c
index 8f5dc54dd..9761e88e9 100644
--- a/src/charon/plugins/sql/pool.c
+++ b/src/charon/plugins/sql/pool.c
@@ -554,10 +554,10 @@ static void leases(char *filter, bool utc)
printf("%-7s ", "expired");
}
- printf(" %#T ", &acquired, utc);
+ printf(" %T ", &acquired, utc);
if (released)
{
- printf("%#T ", &released, utc);
+ printf("%T ", &released, utc);
}
else
{
diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c
index cd6f7c0cd..826aa8318 100644
--- a/src/charon/plugins/sql/sql_attribute.c
+++ b/src/charon/plugins/sql/sql_attribute.c
@@ -89,7 +89,7 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout)
e->destroy(e);
return pool;
}
- DBG1(DBG_CFG, "ip pool '%s' not found");
+ DESTROY_IF(e);
return 0;
}
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
index 7591a1e27..f850b5320 100644
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ b/src/charon/plugins/stroke/stroke_attribute.c
@@ -307,6 +307,7 @@ static bool release_address(private_stroke_attribute_t *this,
{
DBG1(DBG_CFG, "lease %H of %D went offline", address, id);
pool->offline->put(pool->offline, id, (void*)offset);
+ found = TRUE;
}
}
}
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 07e0ca768..434aec22b 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -804,7 +804,7 @@ static void load_secrets(private_stroke_cred_t *this)
}
else if (match("PIN", &token))
{
- chunk_t sc = chunk_empty;
+ chunk_t sc = chunk_empty, secret = chunk_empty;
char smartcard[32], keyid[22], pin[32];
private_key_t *key;
u_int slot;
@@ -847,13 +847,13 @@ static void load_secrets(private_stroke_cred_t *this)
DBG1(DBG_CFG, "line %d: expected PIN", line_nr);
goto error;
}
- ugh = extract_secret(&chunk, &line);
+ ugh = extract_secret(&secret, &line);
if (ugh != NULL)
{
DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh);
goto error;
}
- snprintf(pin, sizeof(pin), "%.*s", chunk.len, chunk.ptr);
+ snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
pin[sizeof(pin) - 1] = '\0';
/* we assume an RSA key */
@@ -867,6 +867,7 @@ static void load_secrets(private_stroke_cred_t *this)
this->private->insert_last(this->private, key);
}
memset(pin, 0, sizeof(pin));
+ chunk_clear(&secret);
}
else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
(match("EAP", &token) && (type = SHARED_EAP)) ||
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
index 8042875c9..94b3def3a 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/charon/plugins/stroke/stroke_list.c
@@ -88,7 +88,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
time_t established;
established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED);
- fprintf(out, " %#V ago", &now, &established);
+ fprintf(out, " %V ago", &now, &established);
}
fprintf(out, ", %H[%D]...%H[%D]\n",
@@ -116,11 +116,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
if (rekey)
{
- fprintf(out, ", rekeying in %#V", &rekey, &now);
+ fprintf(out, ", rekeying in %V", &rekey, &now);
}
if (reauth)
{
- fprintf(out, ", %N reauthentication in %#V", auth_class_names,
+ fprintf(out, ", %N reauthentication in %V", auth_class_names,
get_auth_class(ike_sa->get_peer_cfg(ike_sa)),
&reauth, &now);
}
@@ -212,7 +212,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
rekey = child_sa->get_lifetime(child_sa, FALSE);
if (rekey)
{
- fprintf(out, "in %#V", &now, &rekey);
+ fprintf(out, "in %V", &now, &rekey);
}
else
{
@@ -265,12 +265,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo
char *plugin, *pool;
host_t *host;
u_int32_t dpd;
- time_t uptime = time(NULL) - this->uptime;
+ time_t now = time(NULL);
bool first = TRUE;
u_int size, online, offline;
fprintf(out, "Performance:\n");
- fprintf(out, " uptime: %V, since %#T\n", &uptime, &this->uptime, FALSE);
+ fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE);
fprintf(out, " worker threads: %d idle of %d,",
charon->processor->get_idle_threads(charon->processor),
charon->processor->get_total_threads(charon->processor));
@@ -290,6 +290,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo
enumerator = this->attribute->create_pool_enumerator(this->attribute);
while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
{
+ if (name && !streq(name, pool))
+ {
+ continue;
+ }
if (first)
{
first = FALSE;
@@ -655,26 +659,26 @@ static void stroke_list_certs(linked_list_t *list, char *label,
/* list validity */
cert->get_validity(cert, &now, &notBefore, &notAfter);
- fprintf(out, " validity: not before %#T, ", &notBefore, utc);
+ fprintf(out, " validity: not before %T, ", &notBefore, utc);
if (now < notBefore)
{
- fprintf(out, "not valid yet (valid in %#V)\n", &now, &notBefore);
+ fprintf(out, "not valid yet (valid in %V)\n", &now, &notBefore);
}
else
{
fprintf(out, "ok\n");
}
- fprintf(out, " not after %#T, ", &notAfter, utc);
+ fprintf(out, " not after %T, ", &notAfter, utc);
if (now > notAfter)
{
- fprintf(out, "expired (%#V ago)\n", &now, &notAfter);
+ fprintf(out, "expired (%V ago)\n", &now, &notAfter);
}
else
{
fprintf(out, "ok");
if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &notAfter);
+ fprintf(out, " (expires in %V)", &now, &notAfter);
}
fprintf(out, " \n");
}
@@ -755,18 +759,18 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
/* list validity */
cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %#T\n", &thisUpdate, utc);
- fprintf(out, " next %#T, ", &nextUpdate, utc);
+ fprintf(out, " updates: this %T\n", &thisUpdate, utc);
+ fprintf(out, " next %T, ", &nextUpdate, utc);
if (now > nextUpdate)
{
- fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
}
else
{
fprintf(out, "ok");
if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &nextUpdate);
+ fprintf(out, " (expires in %V)", &now, &nextUpdate);
}
fprintf(out, " \n");
}
@@ -828,18 +832,18 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
/* list validity */
cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %#T\n", &thisUpdate, utc);
- fprintf(out, " next %#T, ", &nextUpdate, utc);
+ fprintf(out, " updates: this %T\n", &thisUpdate, utc);
+ fprintf(out, " next %T, ", &nextUpdate, utc);
if (now > nextUpdate)
{
- fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
}
else
{
fprintf(out, "ok");
if (now > nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &nextUpdate);
+ fprintf(out, " (expires in %V)", &now, &nextUpdate);
}
fprintf(out, " \n");
}