diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 09:52:39 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-03-22 09:52:39 +0000 |
| commit | 7a229aeb240cc750546f55ad089022f0ca7dc44f (patch) | |
| tree | d1767cb9d72b52a79a5b74e570fd57d0a0e87c1c /src/charon | |
| parent | 19364e11c66714324bd3d5d0dc9212db397085cb (diff) | |
| download | vyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.tar.gz vyos-strongswan-7a229aeb240cc750546f55ad089022f0ca7dc44f.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.13)
Diffstat (limited to 'src/charon')
| -rw-r--r-- | src/charon/config/attributes/attribute_manager.c | 16 | ||||
| -rw-r--r-- | src/charon/config/proposal.c | 64 | ||||
| -rw-r--r-- | src/charon/config/proposal.h | 7 | ||||
| -rw-r--r-- | src/charon/config/traffic_selector.c | 59 | ||||
| -rw-r--r-- | src/charon/config/traffic_selector.h | 7 | ||||
| -rw-r--r-- | src/charon/credentials/credential_manager.c | 18 | ||||
| -rw-r--r-- | src/charon/daemon.c | 10 | ||||
| -rw-r--r-- | src/charon/plugins/eap_mschapv2/eap_mschapv2.c | 4 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 80 | ||||
| -rw-r--r-- | src/charon/plugins/sql/pool.c | 4 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_attribute.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.c | 1 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 7 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 42 | ||||
| -rw-r--r-- | src/charon/sa/ike_sa.c | 11 |
15 files changed, 168 insertions, 164 deletions
diff --git a/src/charon/config/attributes/attribute_manager.c b/src/charon/config/attributes/attribute_manager.c index b919c4261..a069c954a 100644 --- a/src/charon/config/attributes/attribute_manager.c +++ b/src/charon/config/attributes/attribute_manager.c @@ -17,6 +17,7 @@ #include "attribute_manager.h" +#include <daemon.h> #include <utils/linked_list.h> #include <utils/mutex.h> @@ -53,7 +54,7 @@ static host_t* acquire_address(private_attribute_manager_t *this, enumerator_t *enumerator; attribute_provider_t *current; host_t *host = NULL; - + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) @@ -67,6 +68,10 @@ static host_t* acquire_address(private_attribute_manager_t *this, enumerator->destroy(enumerator); this->lock->unlock(this->lock); + if (!host) + { + DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool); + } return host; } @@ -78,18 +83,25 @@ static void release_address(private_attribute_manager_t *this, { enumerator_t *enumerator; attribute_provider_t *current; - + bool found = FALSE; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) { if (current->release_address(current, pool, address, id)) { + found = TRUE; break; } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); + + if (!found) + { + DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); + } } /** diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index 8fcbdc960..92ef34b75 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: proposal.c 4685 2008-11-22 16:14:55Z martin $ + * $Id: proposal.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <string.h> @@ -803,10 +803,10 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) } /** - * print all algorithms of a kind to stream + * print all algorithms of a kind to buffer */ -static int print_alg(private_proposal_t *this, FILE *stream, u_int kind, - void *names, bool *first) +static int print_alg(private_proposal_t *this, char **dst, int *len, + u_int kind, void *names, bool *first) { enumerator_t *enumerator; size_t written = 0; @@ -817,16 +817,16 @@ static int print_alg(private_proposal_t *this, FILE *stream, u_int kind, { if (*first) { - written += fprintf(stream, "%N", names, alg); + written += print_in_hook(*dst, *len, "%N", names, alg); *first = FALSE; } else { - written += fprintf(stream, "/%N", names, alg); + written += print_in_hook(*dst, *len, "/%N", names, alg); } if (size) { - written += fprintf(stream, "-%d", size); + written += print_in_hook(*dst, *len, "-%d", size); } } enumerator->destroy(enumerator); @@ -834,10 +834,10 @@ static int print_alg(private_proposal_t *this, FILE *stream, u_int kind, } /** - * output handler in printf() + * Described in header. */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) +int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args) { private_proposal_t *this = *((private_proposal_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); @@ -847,65 +847,43 @@ static int print(FILE *stream, const struct printf_info *info, if (this == NULL) { - return fprintf(stream, "(null)"); + return print_in_hook(dst, len, "(null)"); } - if (info->alt) + if (spec->hash) { enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &this)) { /* call recursivly */ if (first) { - written += fprintf(stream, "%P", this); + written += print_in_hook(dst, len, "%P", this); first = FALSE; } else { - written += fprintf(stream, ", %P", this); + written += print_in_hook(dst, len, ", %P", this); } } enumerator->destroy(enumerator); return written; } - written = fprintf(stream, "%N:", protocol_id_names, this->protocol); - written += print_alg(this, stream, ENCRYPTION_ALGORITHM, + written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol); + written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM, encryption_algorithm_names, &first); - written += print_alg(this, stream, INTEGRITY_ALGORITHM, + written += print_alg(this, &dst, &len, INTEGRITY_ALGORITHM, integrity_algorithm_names, &first); - written += print_alg(this, stream, PSEUDO_RANDOM_FUNCTION, + written += print_alg(this, &dst, &len, PSEUDO_RANDOM_FUNCTION, pseudo_random_function_names, &first); - written += print_alg(this, stream, DIFFIE_HELLMAN_GROUP, + written += print_alg(this, &dst, &len, DIFFIE_HELLMAN_GROUP, diffie_hellman_group_names, &first); - written += print_alg(this, stream, EXTENDED_SEQUENCE_NUMBERS, + written += print_alg(this, &dst, &len, EXTENDED_SEQUENCE_NUMBERS, extended_sequence_numbers_names, &first); return written; } /** - * arginfo handler for printf() proposal - */ -static int arginfo(const struct printf_info *info, size_t n, int *argtypes) -{ - if (n > 0) - { - argtypes[0] = PA_POINTER; - } - return 1; -} - -/** - * return printf hook functions for a proposal - */ -printf_hook_functions_t proposal_get_printf_hooks() -{ - printf_hook_functions_t hooks = {print, arginfo}; - - return hooks; -} - -/** * Implements proposal_t.destroy. */ static void destroy(private_proposal_t *this) diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index fb7dc9dfa..ea01120f9 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: proposal.h 4062 2008-06-12 11:42:19Z martin $ + * $Id: proposal.h 4936 2009-03-12 18:07:32Z tobias $ */ /** @@ -233,13 +233,14 @@ proposal_t *proposal_create_default(protocol_id_t protocol); proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); /** - * Get printf hooks for a proposal. + * printf hook function for proposal_t. * * Arguments are: * proposal_t *proposal * With the #-specifier, arguments are: * linked_list_t *list containing proposal_t* */ -printf_hook_functions_t proposal_get_printf_hooks(); +int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args); #endif /* PROPOSAL_H_ @} */ diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c index 7442fc7ef..b3bab900d 100644 --- a/src/charon/config/traffic_selector.c +++ b/src/charon/config/traffic_selector.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007 Tobias Brunner + * Copyright (C) 2007-2009 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -14,14 +14,13 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: traffic_selector.c 4860 2009-02-11 13:09:52Z martin $ + * $Id: traffic_selector.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <arpa/inet.h> #include <string.h> #include <netdb.h> #include <stdio.h> -#include <printf.h> #include "traffic_selector.h" @@ -157,10 +156,10 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port); /** - * output handler in printf() + * Described in header. */ -static int print(FILE *stream, const struct printf_info *info, - const void *const *args) +int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args) { private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); @@ -175,16 +174,16 @@ static int print(FILE *stream, const struct printf_info *info, if (this == NULL) { - return fprintf(stream, "(null)"); + return print_in_hook(dst, len, "(null)"); } - if (info->alt) + if (spec->hash) { iterator = list->create_iterator(list, TRUE); while (iterator->iterate(iterator, (void**)&this)) { /* call recursivly */ - written += fprintf(stream, "%R ", this); + written += print_in_hook(dst, len, "%R ", this); } iterator->destroy(iterator); return written; @@ -196,7 +195,7 @@ static int print(FILE *stream, const struct printf_info *info, memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) { - written += fprintf(stream, "dynamic"); + written += print_in_hook(dst, len, "dynamic"); } else { @@ -209,7 +208,7 @@ static int print(FILE *stream, const struct printf_info *info, inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str)); } mask = calc_netbits(this); - written += fprintf(stream, "%s/%d", addr_str, mask); + written += print_in_hook(dst, len, "%s/%d", addr_str, mask); } /* check if we have protocol and/or port selectors */ @@ -221,7 +220,7 @@ static int print(FILE *stream, const struct printf_info *info, return written; } - written += fprintf(stream, "["); + written += print_in_hook(dst, len, "["); /* build protocol string */ if (has_proto) @@ -230,18 +229,18 @@ static int print(FILE *stream, const struct printf_info *info, if (proto) { - written += fprintf(stream, "%s", proto->p_name); + written += print_in_hook(dst, len, "%s", proto->p_name); serv_proto = proto->p_name; } else { - written += fprintf(stream, "%d", this->protocol); + written += print_in_hook(dst, len, "%d", this->protocol); } } if (has_proto && has_ports) { - written += fprintf(stream, "/"); + written += print_in_hook(dst, len, "/"); } /* build port string */ @@ -253,47 +252,25 @@ static int print(FILE *stream, const struct printf_info *info, if (serv) { - written += fprintf(stream, "%s", serv->s_name); + written += print_in_hook(dst, len, "%s", serv->s_name); } else { - written += fprintf(stream, "%d", this->from_port); + written += print_in_hook(dst, len, "%d", this->from_port); } } else { - written += fprintf(stream, "%d-%d", this->from_port, this->to_port); + written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); } } - written += fprintf(stream, "]"); + written += print_in_hook(dst, len, "]"); return written; } /** - * arginfo handler for printf() traffic selector - */ -static int arginfo(const struct printf_info *info, size_t n, int *argtypes) -{ - if (n > 0) - { - argtypes[0] = PA_POINTER; - } - return 1; -} - -/** - * return printf hook functions for a chunk - */ -printf_hook_functions_t traffic_selector_get_printf_hooks() -{ - printf_hook_functions_t hooks = {print, arginfo}; - - return hooks; -} - -/** * implements traffic_selector_t.get_subset */ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other) diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h index 69c04c605..fcec4e50b 100644 --- a/src/charon/config/traffic_selector.h +++ b/src/charon/config/traffic_selector.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: traffic_selector.h 4860 2009-02-11 13:09:52Z martin $ + * $Id: traffic_selector.h 4936 2009-03-12 18:07:32Z tobias $ */ /** @@ -291,13 +291,14 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, u_int16_t from_port, u_int16_t to_port); /** - * Get printf hooks for a traffic selector. + * printf hook function for traffic_selector_t. * * Arguments are: * traffic_selector_t *ts * With the #-specifier, arguments are: * linked_list_t *list containing traffic_selector_t* */ -printf_hook_functions_t traffic_selector_get_printf_hooks(); +int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args); #endif /* TRAFFIC_SELECTOR_H_ @} */ diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c index 309115280..2841086b2 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/charon/credentials/credential_manager.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: credential_manager.c 4591 2008-11-05 16:12:54Z martin $ + * $Id: credential_manager.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <pthread.h> @@ -572,7 +572,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, case VALIDATION_REVOKED: /* subject has been revoked by a valid OCSP response */ DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", - &revocation, crl_reason_names, reason); + &revocation, TRUE, crl_reason_names, reason); revoked = TRUE; break; case VALIDATION_GOOD: @@ -593,7 +593,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, best = cand; if (best->get_validity(best, NULL, NULL, &valid_until)) { - DBG1(DBG_CFG, " ocsp response is valid: until %#T", + DBG1(DBG_CFG, " ocsp response is valid: until %T", &valid_until, FALSE); *valid = VALIDATION_GOOD; if (cache) @@ -603,7 +603,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, } else { - DBG1(DBG_CFG, " ocsp response is stale: since %#T", + DBG1(DBG_CFG, " ocsp response is stale: since %T", &valid_until, FALSE); *valid = VALIDATION_STALE; } @@ -791,7 +791,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, if (chunk_equals(serial, subject->get_serial(subject))) { DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", - &revocation, crl_reason_names, reason); + &revocation, TRUE, crl_reason_names, reason); *valid = VALIDATION_REVOKED; enumerator->destroy(enumerator); DESTROY_IF(best); @@ -807,7 +807,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, best = cand; if (best->get_validity(best, NULL, NULL, &valid_until)) { - DBG1(DBG_CFG, " crl is valid: until %#T", &valid_until, FALSE); + DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE); *valid = VALIDATION_GOOD; if (cache) { /* we cache non-stale crls only, as a stale crls are refetched */ @@ -816,7 +816,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, } else { - DBG1(DBG_CFG, " crl is stale: since %#T", &valid_until, FALSE); + DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE); *valid = VALIDATION_STALE; } } @@ -938,13 +938,13 @@ static bool check_certificate(private_credential_manager_t *this, if (!subject->get_validity(subject, NULL, ¬_before, ¬_after)) { DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)", - ¬_before, ¬_after); + ¬_before, TRUE, ¬_after, TRUE); return FALSE; } if (!issuer->get_validity(issuer, NULL, ¬_before, ¬_after)) { DBG1(DBG_CFG, "issuer certificate invalid (valid from %T to %T)", - ¬_before, ¬_after); + ¬_before, TRUE, ¬_after, TRUE); return FALSE; } if (issuer->get_type(issuer) == CERT_X509 && diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 78cbeec83..6dcb39a89 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -644,9 +644,13 @@ int main(int argc, char *argv[]) /* initialize library */ library_init(STRONGSWAN_CONF); lib->printf_hook->add_handler(lib->printf_hook, 'R', - traffic_selector_get_printf_hooks()); + traffic_selector_printf_hook, + PRINTF_HOOK_ARGTYPE_POINTER, + PRINTF_HOOK_ARGTYPE_END); lib->printf_hook->add_handler(lib->printf_hook, 'P', - proposal_get_printf_hooks()); + proposal_printf_hook, + PRINTF_HOOK_ARGTYPE_POINTER, + PRINTF_HOOK_ARGTYPE_END); private_charon = daemon_create(); charon = (daemon_t*)private_charon; diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 47dac47d4..07ca48e6f 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_mschapv2.c 4888 2009-02-19 14:32:13Z tobias $ + * $Id: eap_mschapv2.c 4896 2009-02-24 13:39:50Z martin $ */ #include "eap_mschapv2.h" @@ -643,7 +643,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, rng->destroy(rng); shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, this->server, this->peer); + SHARED_EAP, this->peer, this->server); if (shared == NULL) { DBG1(DBG_IKE, "no EAP key found for hosts '%D' - '%D'", diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 1f2b6f723..72744b784 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -83,8 +83,8 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, */ static void signal_failure(NMVPNPlugin *plugin) { - /* TODO: NM does not handle this failure!? - nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */ + /* TODO: NM does not handle this failure!? */ + nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); } @@ -144,7 +144,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, nm_creds_t *creds; NMSettingVPN *settings; identification_t *user = NULL, *gateway; - char *address, *str; + const char *address, *str; bool virtual, encap, ipcomp; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; @@ -164,20 +164,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, DBG4(DBG_CFG, "received NetworkManager connection: %s", nm_setting_to_string(NM_SETTING(settings))); - address = g_hash_table_lookup(settings->data, "address"); + address = nm_setting_vpn_get_data_item(settings, "address"); if (!address || !*address) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "Gateway address missing."); return FALSE; } - str = g_hash_table_lookup(settings->data, "virtual"); + str = nm_setting_vpn_get_data_item(settings, "virtual"); virtual = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "encap"); + str = nm_setting_vpn_get_data_item(settings, "encap"); encap = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "ipcomp"); + str = nm_setting_vpn_get_data_item(settings, "ipcomp"); ipcomp = str && streq(str, "yes"); - str = g_hash_table_lookup(settings->data, "method"); + str = nm_setting_vpn_get_data_item(settings, "method"); if (str) { if (streq(str, "psk")) @@ -202,7 +202,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, creds->clear(creds); /* gateway cert */ - str = g_hash_table_lookup(settings->data, "certificate"); + str = nm_setting_vpn_get_data_item(settings, "certificate"); if (str) { cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -220,20 +220,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, if (auth_class == AUTH_CLASS_EAP) { /* username/password authentication ... */ - str = g_hash_table_lookup(settings->data, "user"); + str = nm_setting_vpn_get_data_item(settings, "user"); if (str) { user = identification_create_from_encoding(ID_KEY_ID, chunk_create(str, strlen(str))); - str = g_hash_table_lookup(settings->secrets, "password"); - creds->set_username_password(creds, user, str); + str = nm_setting_vpn_get_secret(settings, "password"); + creds->set_username_password(creds, user, (char*)str); } } if (auth_class == AUTH_CLASS_PUBKEY) { /* ... or certificate/private key authenitcation */ - str = g_hash_table_lookup(settings->data, "usercert"); + str = nm_setting_vpn_get_data_item(settings, "usercert"); if (str) { public_key_t *public; @@ -241,10 +241,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); - + if (!cert) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading peer certificate failed."); + return FALSE; + } /* try agent */ - str = g_hash_table_lookup(settings->secrets, "agent"); - if (agent && str && cert) + str = nm_setting_vpn_get_secret(settings, "agent"); + if (agent && str) { public = cert->get_public_key(cert); if (public) @@ -256,25 +262,38 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, BUILD_END); public->destroy(public); } + if (!private) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Connecting to SSH agent failed."); + } } /* ... or key file */ - str = g_hash_table_lookup(settings->data, "userkey"); - if (!agent && str && cert) + str = nm_setting_vpn_get_data_item(settings, "userkey"); + if (!agent && str) { chunk_t secret, chunk; bool pgp = FALSE; - secret.ptr = g_hash_table_lookup(settings->secrets, "password"); + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, + "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file(str, &secret, &chunk, &pgp)) + if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp)) { private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); free(chunk.ptr); } + if (!private) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading private key failed."); + } } if (private) { @@ -285,8 +304,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, else { DESTROY_IF(cert); - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - "Loading user certificate/private key failed."); return FALSE; } } @@ -302,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * Set up configurations */ - ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address); + ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, user, gateway->clone(gateway), @@ -367,40 +384,40 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, char **setting_name, GError **error) { NMSettingVPN *settings; - char *method, *path; + const char *method, *path; chunk_t secret = chunk_empty, key; bool pgp = FALSE; settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); - method = g_hash_table_lookup(settings->data, "method"); + method = nm_setting_vpn_get_data_item(settings, "method"); if (method) { if (streq(method, "eap")) { - if (g_hash_table_lookup(settings->secrets, "password")) + if (nm_setting_vpn_get_secret(settings, "password")) { return FALSE; } } else if (streq(method, "agent")) { - if (g_hash_table_lookup(settings->secrets, "agent")) + if (nm_setting_vpn_get_secret(settings, "agent")) { return FALSE; } } else if (streq(method, "key")) { - path = g_hash_table_lookup(settings->data, "userkey"); + path = nm_setting_vpn_get_data_item(settings, "userkey"); if (path) { - secret.ptr = g_hash_table_lookup(settings->secrets, "password"); + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file(path, &secret, &key, &pgp)) + if (pem_asn1_load_file((char*)path, &secret, &key, &pgp)) { free(key.ptr); return FALSE; @@ -434,6 +451,9 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) } } enumerator->destroy(enumerator); + + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, + "Connection not found."); return FALSE; } diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c index 8f5dc54dd..9761e88e9 100644 --- a/src/charon/plugins/sql/pool.c +++ b/src/charon/plugins/sql/pool.c @@ -554,10 +554,10 @@ static void leases(char *filter, bool utc) printf("%-7s ", "expired"); } - printf(" %#T ", &acquired, utc); + printf(" %T ", &acquired, utc); if (released) { - printf("%#T ", &released, utc); + printf("%T ", &released, utc); } else { diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index cd6f7c0cd..826aa8318 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -89,7 +89,7 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) e->destroy(e); return pool; } - DBG1(DBG_CFG, "ip pool '%s' not found"); + DESTROY_IF(e); return 0; } diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index 7591a1e27..f850b5320 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -307,6 +307,7 @@ static bool release_address(private_stroke_attribute_t *this, { DBG1(DBG_CFG, "lease %H of %D went offline", address, id); pool->offline->put(pool->offline, id, (void*)offset); + found = TRUE; } } } diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 07e0ca768..434aec22b 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -804,7 +804,7 @@ static void load_secrets(private_stroke_cred_t *this) } else if (match("PIN", &token)) { - chunk_t sc = chunk_empty; + chunk_t sc = chunk_empty, secret = chunk_empty; char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; @@ -847,13 +847,13 @@ static void load_secrets(private_stroke_cred_t *this) DBG1(DBG_CFG, "line %d: expected PIN", line_nr); goto error; } - ugh = extract_secret(&chunk, &line); + ugh = extract_secret(&secret, &line); if (ugh != NULL) { DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh); goto error; } - snprintf(pin, sizeof(pin), "%.*s", chunk.len, chunk.ptr); + snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; /* we assume an RSA key */ @@ -867,6 +867,7 @@ static void load_secrets(private_stroke_cred_t *this) this->private->insert_last(this->private, key); } memset(pin, 0, sizeof(pin)); + chunk_clear(&secret); } else if ((match("PSK", &token) && (type = SHARED_IKE)) || (match("EAP", &token) && (type = SHARED_EAP)) || diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 8042875c9..94b3def3a 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -88,7 +88,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) time_t established; established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); - fprintf(out, " %#V ago", &now, &established); + fprintf(out, " %V ago", &now, &established); } fprintf(out, ", %H[%D]...%H[%D]\n", @@ -116,11 +116,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) if (rekey) { - fprintf(out, ", rekeying in %#V", &rekey, &now); + fprintf(out, ", rekeying in %V", &rekey, &now); } if (reauth) { - fprintf(out, ", %N reauthentication in %#V", auth_class_names, + fprintf(out, ", %N reauthentication in %V", auth_class_names, get_auth_class(ike_sa->get_peer_cfg(ike_sa)), &reauth, &now); } @@ -212,7 +212,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { - fprintf(out, "in %#V", &now, &rekey); + fprintf(out, "in %V", &now, &rekey); } else { @@ -265,12 +265,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo char *plugin, *pool; host_t *host; u_int32_t dpd; - time_t uptime = time(NULL) - this->uptime; + time_t now = time(NULL); bool first = TRUE; u_int size, online, offline; fprintf(out, "Performance:\n"); - fprintf(out, " uptime: %V, since %#T\n", &uptime, &this->uptime, FALSE); + fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE); fprintf(out, " worker threads: %d idle of %d,", charon->processor->get_idle_threads(charon->processor), charon->processor->get_total_threads(charon->processor)); @@ -290,6 +290,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { + if (name && !streq(name, pool)) + { + continue; + } if (first) { first = FALSE; @@ -655,26 +659,26 @@ static void stroke_list_certs(linked_list_t *list, char *label, /* list validity */ cert->get_validity(cert, &now, ¬Before, ¬After); - fprintf(out, " validity: not before %#T, ", ¬Before, utc); + fprintf(out, " validity: not before %T, ", ¬Before, utc); if (now < notBefore) { - fprintf(out, "not valid yet (valid in %#V)\n", &now, ¬Before); + fprintf(out, "not valid yet (valid in %V)\n", &now, ¬Before); } else { fprintf(out, "ok\n"); } - fprintf(out, " not after %#T, ", ¬After, utc); + fprintf(out, " not after %T, ", ¬After, utc); if (now > notAfter) { - fprintf(out, "expired (%#V ago)\n", &now, ¬After); + fprintf(out, "expired (%V ago)\n", &now, ¬After); } else { fprintf(out, "ok"); if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, ¬After); + fprintf(out, " (expires in %V)", &now, ¬After); } fprintf(out, " \n"); } @@ -755,18 +759,18 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); - fprintf(out, " updates: this %#T\n", &thisUpdate, utc); - fprintf(out, " next %#T, ", &nextUpdate, utc); + fprintf(out, " updates: this %T\n", &thisUpdate, utc); + fprintf(out, " next %T, ", &nextUpdate, utc); if (now > nextUpdate) { - fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate); + fprintf(out, "expired (%V ago)\n", &now, &nextUpdate); } else { fprintf(out, "ok"); if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, &nextUpdate); + fprintf(out, " (expires in %V)", &now, &nextUpdate); } fprintf(out, " \n"); } @@ -828,18 +832,18 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); - fprintf(out, " updates: this %#T\n", &thisUpdate, utc); - fprintf(out, " next %#T, ", &nextUpdate, utc); + fprintf(out, " updates: this %T\n", &thisUpdate, utc); + fprintf(out, " next %T, ", &nextUpdate, utc); if (now > nextUpdate) { - fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate); + fprintf(out, "expired (%V ago)\n", &now, &nextUpdate); } else { fprintf(out, "ok"); if (now > nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24) { - fprintf(out, " (expires in %#V)", &now, &nextUpdate); + fprintf(out, " (expires in %V)", &now, &nextUpdate); } fprintf(out, " \n"); } diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 82dd479ca..6acbc6eef 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -15,12 +15,11 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_sa.c 4808 2008-12-16 15:48:36Z martin $ + * $Id: ike_sa.c 4945 2009-03-16 14:23:36Z martin $ */ #include <sys/time.h> #include <string.h> -#include <printf.h> #include <sys/stat.h> #include <errno.h> #include <time.h> @@ -1103,6 +1102,12 @@ static void resolve_hosts(private_ike_sa_t *this) { host->set_port(host, IKEV2_UDP_PORT); } + else + { /* fallback to address family specific %any(6), if configured */ + host = host_create_from_dns( + this->ike_cfg->get_my_addr(this->ike_cfg), + 0, IKEV2_UDP_PORT); + } } } if (host) @@ -1743,7 +1748,7 @@ static status_t reauth(private_ike_sa_t *this) { time_t now = time(NULL); - DBG1(DBG_IKE, "IKE_SA will timeout in %#V", + DBG1(DBG_IKE, "IKE_SA will timeout in %V", &now, &this->stats[STAT_DELETE]); return FAILED; } |