diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 10:06:21 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 10:06:21 +0000 |
commit | 7b88a5ce44f52abb13390c6c105bdd58a590a626 (patch) | |
tree | abfb7e16a76d3d65af2c809c949b747a874e33fd /src/charon/plugins | |
parent | 3c810543672b76a7c9b871420866f822f8b067d8 (diff) | |
download | vyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.tar.gz vyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.zip |
- New upstream version.
Diffstat (limited to 'src/charon/plugins')
-rw-r--r-- | src/charon/plugins/eap_mschapv2/eap_mschapv2.c | 4 | ||||
-rw-r--r-- | src/charon/plugins/nm/nm_service.c | 80 | ||||
-rw-r--r-- | src/charon/plugins/sql/pool.c | 4 | ||||
-rw-r--r-- | src/charon/plugins/sql/sql_attribute.c | 2 | ||||
-rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.c | 1 | ||||
-rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 7 | ||||
-rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 42 |
7 files changed, 83 insertions, 57 deletions
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 47dac47d4..07ca48e6f 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_mschapv2.c 4888 2009-02-19 14:32:13Z tobias $ + * $Id: eap_mschapv2.c 4896 2009-02-24 13:39:50Z martin $ */ #include "eap_mschapv2.h" @@ -643,7 +643,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, rng->destroy(rng); shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, this->server, this->peer); + SHARED_EAP, this->peer, this->server); if (shared == NULL) { DBG1(DBG_IKE, "no EAP key found for hosts '%D' - '%D'", diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 1f2b6f723..72744b784 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -83,8 +83,8 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, */ static void signal_failure(NMVPNPlugin *plugin) { - /* TODO: NM does not handle this failure!? - nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */ + /* TODO: NM does not handle this failure!? */ + nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); } @@ -144,7 +144,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, nm_creds_t *creds; NMSettingVPN *settings; identification_t *user = NULL, *gateway; - char *address, *str; + const char *address, *str; bool virtual, encap, ipcomp; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; @@ -164,20 +164,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, DBG4(DBG_CFG, "received NetworkManager connection: %s", nm_setting_to_string(NM_SETTING(settings))); - address = g_hash_table_lookup(settings->data, "address"); + address = nm_setting_vpn_get_data_item(settings, "address"); if (!address || !*address) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "Gateway address missing."); return FALSE; } - str = g_hash_table_lookup(settings->data, "virtual"); + str = nm_setting_vpn_get_data_item(settings, "virtual"); virtual = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "encap"); + str = nm_setting_vpn_get_data_item(settings, "encap"); encap = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "ipcomp"); + str = nm_setting_vpn_get_data_item(settings, "ipcomp"); ipcomp = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "method"); + str = nm_setting_vpn_get_data_item(settings, "method"); if (str) { if (streq(str, "psk")) @@ -202,7 +202,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, creds->clear(creds); /* gateway cert */ - str = g_hash_table_lookup(settings->data, "certificate"); + str = nm_setting_vpn_get_data_item(settings, "certificate"); if (str) { cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -220,20 +220,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, if (auth_class == AUTH_CLASS_EAP) { /* username/password authentication ... */ - str = g_hash_table_lookup(settings->data, "user"); + str = nm_setting_vpn_get_data_item(settings, "user"); if (str) { user = identification_create_from_encoding(ID_KEY_ID, chunk_create(str, strlen(str))); - str = g_hash_table_lookup(settings->secrets, "password"); - creds->set_username_password(creds, user, str); + str = nm_setting_vpn_get_secret(settings, "password"); + creds->set_username_password(creds, user, (char*)str); } } if (auth_class == AUTH_CLASS_PUBKEY) { /* ... or certificate/private key authenitcation */ - str = g_hash_table_lookup(settings->data, "usercert"); + str = nm_setting_vpn_get_data_item(settings, "usercert"); if (str) { public_key_t *public; @@ -241,10 +241,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); - + if (!cert) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading peer certificate failed."); + return FALSE; + } /* try agent */ - str = g_hash_table_lookup(settings->secrets, "agent"); - if (agent && str && cert) + str = nm_setting_vpn_get_secret(settings, "agent"); + if (agent && str) { public = cert->get_public_key(cert); if (public) @@ -256,25 +262,38 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, BUILD_END); public->destroy(public); } + if (!private) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Connecting to SSH agent failed."); + } } /* ... or key file */ - str = g_hash_table_lookup(settings->data, "userkey"); - if (!agent && str && cert) + str = nm_setting_vpn_get_data_item(settings, "userkey"); + if (!agent && str) { chunk_t secret, chunk; bool pgp = FALSE; - secret.ptr = g_hash_table_lookup(settings->secrets, "password"); + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, + "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file(str, &secret, &chunk, &pgp)) + if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp)) { private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); free(chunk.ptr); } + if (!private) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading private key failed."); + } } if (private) { @@ -285,8 +304,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, else { DESTROY_IF(cert); - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - "Loading user certificate/private key failed."); return FALSE; } } @@ -302,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * Set up configurations */ - ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address); + ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, user, gateway->clone(gateway), @@ -367,40 +384,40 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, char **setting_name, GError **error) { NMSettingVPN *settings; - char *method, *path; + const char *method, *path; chunk_t secret = chunk_empty, key; bool pgp = FALSE; settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); - method = g_hash_table_lookup(settings->data, "method"); + method = nm_setting_vpn_get_data_item(settings, "method"); if (method) { if (streq(method, "eap")) { - if (g_hash_table_lookup(settings->secrets, "password")) + if (nm_setting_vpn_get_secret(settings, "password")) { return FALSE; } } else if (streq(method, "agent")) { - if (g_hash_table_lookup(settings->secrets, "agent")) + if (nm_setting_vpn_get_secret(settings, "agent")) { return FALSE; } } else if (streq(method, "key")) { - path = g_hash_table_lookup(settings->data, "userkey"); + path = nm_setting_vpn_get_data_item(settings, "userkey"); if (path) { - secret.ptr = g_hash_table_lookup(settings->secrets, "password"); + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file(path, &secret, &key, &pgp)) + if (pem_asn1_load_file((char*)path, &secret, &key, &pgp)) { free(key.ptr); return FALSE; @@ -434,6 +451,9 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) } } enumerator->destroy(enumerator); + + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, + "Connection not found."); return FALSE; } diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c index 8f5dc54dd..9761e88e9 100644 --- a/src/charon/plugins/sql/pool.c +++ b/src/charon/plugins/sql/pool.c @@ -554,10 +554,10 @@ static void leases(char *filter, bool utc) printf("%-7s ", "expired"); } - printf(" %#T ", &acquired, utc); + printf(" %T ", &acquired, utc); if (released) { - printf("%#T ", &released, utc); + printf("%T ", &released, utc); } else { diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index cd6f7c0cd..826aa8318 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -89,7 +89,7 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) e->destroy(e); return pool; } - DBG1(DBG_CFG, "ip pool '%s' not found"); + DESTROY_IF(e); return 0; } diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index 7591a1e27..f850b5320 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -307,6 +307,7 @@ static bool release_address(private_stroke_attribute_t *this, { DBG1(DBG_CFG, "lease %H of %D went offline", address, id); pool->offline->put(pool->offline, id, (void*)offset); + found = TRUE; } } } diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 07e0ca768..434aec22b 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -804,7 +804,7 @@ static void load_secrets(private_stroke_cred_t *this) } else if (match("PIN", &token)) { - chunk_t sc = chunk_empty; + chunk_t sc = chunk_empty, secret = chunk_empty; char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; @@ -847,13 +847,13 @@ static void load_secrets(private_stroke_cred_t *this) DBG1(DBG_CFG, "line %d: expected PIN", line_nr); goto error; } - ugh = extract_secret(&chunk, &line); + ugh = extract_secret(&secret, &line); if (ugh != NULL) { DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh); goto error; } - snprintf(pin, sizeof(pin), "%.*s", chunk.len, chunk.ptr); + snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; /* we assume an RSA key */ @@ -867,6 +867,7 @@ static void load_secrets(private_stroke_cred_t *this) this->private->insert_last(this->private, key); } memset(pin, 0, sizeof(pin)); + chunk_clear(&secret); } else if ((match("PSK", &token) && (type = SHARED_IKE)) || (match("EAP", &token) && (type = SHARED_EAP)) || diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 8042875c9..94b3def3a 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -88,7 +88,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) time_t established; established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); - fprintf(out, " %#V ago", &now, &established); + fprintf(out, " %V ago", &now, &established); } fprintf(out, ", %H[%D]...%H[%D]\n", @@ -116,11 +116,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) if (rekey) { - fprintf(out, ", rekeying in %#V", &rekey, &now); + fprintf(out, ", rekeying in %V", &rekey, &now); } if (reauth) { - fprintf(out, ", %N reauthentication in %#V", auth_class_names, + fprintf(out, ", %N reauthentication in %V", auth_class_names, get_auth_class(ike_sa->get_peer_cfg(ike_sa)), &reauth, &now); } @@ -212,7 +212,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { - fprintf(out, "in %#V", &now, &rekey); + fprintf(out, "in %V", &now, &rekey); } else { @@ -265,12 +265,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo char *plugin, *pool; host_t *host; u_int32_t dpd; - time_t uptime = time(NULL) - this->uptime; + time_t now = time(NULL); bool first = TRUE; u_int size, online, offline; fprintf(out, "Performance:\n"); - fprintf(out, " uptime: %V, since %#T\n", &uptime, &this->uptime, FALSE); + fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE); fprintf(out, " worker threads: %d idle of %d,", charon->processor->get_idle_threads(charon->processor), charon->processor->get_total_threads(charon->processor)); @@ -290,6 +290,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { + if (name && !streq(name, pool)) + { + continue; + } if (first) { first = FALSE; @@ -655,26 +659,26 @@ static void stroke_list_certs(linked_list_t *list, char *label, /* list validity */ cert->get_validity(cert, &now, ¬Before, ¬After); - fprintf(out, " validity: not before %#T, ", ¬Before, utc); + fprintf(out, " validity: not before %T, ", ¬Before, utc); if (now < notBefore) { - fprintf(out, "not valid yet (valid in %#V)\n", &now, ¬Before); + fprintf(out, "not valid yet (valid in %V)\n", &now, ¬Before); } else { fprintf(out, "ok\n"); } - fprintf(out, " not after %#T, ", ¬After, utc); + fprintf(out, " not after %T, ", ¬After, utc); if (now > notAfter) { - fprintf(out, "expired (%#V ago)\n", &now, ¬After); + fprintf(out, "expired (%V ago)\n", &now, ¬After); } else { fprintf(out, "ok"); if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, ¬After); + fprintf(out, " (expires in %V)", &now, ¬After); } fprintf(out, " \n"); } @@ -755,18 +759,18 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); - fprintf(out, " updates: this %#T\n", &thisUpdate, utc); - fprintf(out, " next %#T, ", &nextUpdate, utc); + fprintf(out, " updates: this %T\n", &thisUpdate, utc); + fprintf(out, " next %T, ", &nextUpdate, utc); if (now > nextUpdate) { - fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate); + fprintf(out, "expired (%V ago)\n", &now, &nextUpdate); } else { fprintf(out, "ok"); if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, &nextUpdate); + fprintf(out, " (expires in %V)", &now, &nextUpdate); } fprintf(out, " \n"); } @@ -828,18 +832,18 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); - fprintf(out, " updates: this %#T\n", &thisUpdate, utc); - fprintf(out, " next %#T, ", &nextUpdate, utc); + fprintf(out, " updates: this %T\n", &thisUpdate, utc); + fprintf(out, " next %T, ", &nextUpdate, utc); if (now > nextUpdate) { - fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate); + fprintf(out, "expired (%V ago)\n", &now, &nextUpdate); } else { fprintf(out, "ok"); if (now > nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, &nextUpdate); + fprintf(out, " (expires in %V)", &now, &nextUpdate); } fprintf(out, " \n"); } |