Imported Upstream version 5.1.0

author: Yves-Alexis Perez <corsac@debian.org> 2013-08-25 15:37:26 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2013-08-25 15:37:26 +0200
commit: 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (patch)
tree: 009fc492961e13860d2a4bc2de8caf2bbe2975e7 /src/libcharon/plugins/error_notify
parent: c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (diff)
download: vyos-strongswan-6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349.tar.gz
vyos-strongswan-6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349.zip
7 files changed, 224 insertions, 158 deletions
diff --git a/src/libcharon/plugins/error_notify/Makefile.am b/src/libcharon/plugins/error_notify/Makefile.am
index fccd25201..980fe1fbd 100644
--- a/src/libcharon/plugins/error_notify/Makefile.am
+++ b/src/libcharon/plugins/error_notify/Makefile.am
@@ -1,10 +1,12 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
+AM_CFLAGS = \
+	-rdynamic
+
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-error-notify.la
 else
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index b06fdf430..db20f0532 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -64,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
 	$(top_srcdir)/m4/macros/add-plugin.m4 \
-	$(top_srcdir)/configure.in
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
@@ -105,7 +105,10 @@ am_libstrongswan_error_notify_la_OBJECTS = error_notify_plugin.lo \
 	error_notify_socket.lo error_notify_listener.lo
 libstrongswan_error_notify_la_OBJECTS =  \
 	$(am_libstrongswan_error_notify_la_OBJECTS)
-libstrongswan_error_notify_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_error_notify_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_error_notify_la_LDFLAGS) $(LDFLAGS) -o $@
@@ -122,13 +125,26 @@ am__depfiles_maybe = depfiles
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC    " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
 CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD  " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN   " $@;
 SOURCES = $(libstrongswan_error_notify_la_SOURCES) \
 	$(error_notify_SOURCES)
 DIST_SOURCES = $(libstrongswan_error_notify_la_SOURCES) \
@@ -144,6 +160,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
@@ -156,6 +173,8 @@ CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
 CHECK_CFLAGS = @CHECK_CFLAGS@
 CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
@@ -171,6 +190,7 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GENHTML = @GENHTML@
 GPERF = @GPERF@
 GPRBUILD = @GPRBUILD@
 GREP = @GREP@
@@ -179,6 +199,7 @@ INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LEX = @LEX@
@@ -225,6 +246,7 @@ SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
 VERSION = @VERSION@
 YACC = @YACC@
 YFLAGS = @YFLAGS@
@@ -253,6 +275,7 @@ charon_natt_port = @charon_natt_port@
 charon_plugins = @charon_plugins@
 charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
@@ -330,12 +353,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
+AM_CFLAGS = \
+	-rdynamic
+
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-error-notify.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-error-notify.la
 libstrongswan_error_notify_la_SOURCES = \
@@ -422,7 +448,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-error-notify.la: $(libstrongswan_error_notify_la_OBJECTS) $(libstrongswan_error_notify_la_DEPENDENCIES) $(EXTRA_libstrongswan_error_notify_la_DEPENDENCIES) 
-	$(libstrongswan_error_notify_la_LINK) $(am_libstrongswan_error_notify_la_rpath) $(libstrongswan_error_notify_la_OBJECTS) $(libstrongswan_error_notify_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(libstrongswan_error_notify_la_LINK) $(am_libstrongswan_error_notify_la_rpath) $(libstrongswan_error_notify_la_OBJECTS) $(libstrongswan_error_notify_la_LIBADD) $(LIBS)
 install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
@@ -471,7 +497,7 @@ clean-ipsecPROGRAMS:
 	rm -f $$list
 error-notify$(EXEEXT): $(error_notify_OBJECTS) $(error_notify_DEPENDENCIES) $(EXTRA_error_notify_DEPENDENCIES) 
 	@rm -f error-notify$(EXEEXT)
-	$(LINK) $(error_notify_OBJECTS) $(error_notify_LDADD) $(LIBS)
+	$(AM_V_CCLD)$(LINK) $(error_notify_OBJECTS) $(error_notify_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -485,25 +511,25 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/error_notify_socket.Plo@am__quote@
 
 .c.o:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
 mostlyclean-libtool:
 	-rm -f *.lo
diff --git a/src/libcharon/plugins/error_notify/error_notify.c b/src/libcharon/plugins/error_notify/error_notify.c
index fec35a45d..e68f8a4a5 100644
--- a/src/libcharon/plugins/error_notify/error_notify.c
+++ b/src/libcharon/plugins/error_notify/error_notify.c
@@ -16,46 +16,89 @@
 #include "error_notify_msg.h"
 
 #include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
 #include <unistd.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <errno.h>
+#include <arpa/inet.h>
 
 /**
- * Example of a simple notification listener
+ * Connect to the daemon, return FD
  */
-int main(int argc, char *argv[])
+static int make_connection()
 {
-	struct sockaddr_un addr;
-	error_notify_msg_t msg;
-	int s;
+	union {
+		struct sockaddr_un un;
+		struct sockaddr_in in;
+		struct sockaddr sa;
+	} addr;
+	int fd, len;
 
-	addr.sun_family = AF_UNIX;
-	strcpy(addr.sun_path, ERROR_NOTIFY_SOCKET);
+	if (getenv("TCP_PORT"))
+	{
+		addr.in.sin_family = AF_INET;
+		addr.in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+		addr.in.sin_port = htons(atoi(getenv("TCP_PORT")));
+		len = sizeof(addr.in);
+	}
+	else
+	{
+		addr.un.sun_family = AF_UNIX;
+		strcpy(addr.un.sun_path, ERROR_NOTIFY_SOCKET);
 
-	s = socket(AF_UNIX, SOCK_SEQPACKET, 0);
-	if (s < 0)
+		len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.un.sun_path);
+	}
+	fd = socket(addr.sa.sa_family, SOCK_STREAM, 0);
+	if (fd < 0)
 	{
 		fprintf(stderr, "opening socket failed: %s\n", strerror(errno));
-		return 1;
+		return -1;
+	}
+	if (connect(fd, &addr.sa, len) < 0)
+	{
+		fprintf(stderr, "connecting failed: %s\n", strerror(errno));
+		close(fd);
+		return -1;
 	}
-	if (connect(s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+	return fd;
+}
+
+/**
+ * Example of a simple notification listener
+ */
+int main(int argc, char *argv[])
+{
+	error_notify_msg_t msg;
+	int s, len, total;
+	void *pos;
+
+	s = make_connection();
+	if (s < 0)
 	{
-		fprintf(stderr, "connect failed: %s\n", strerror(errno));
-		close(s);
 		return 1;
 	}
 	while (1)
 	{
-		if (read(s, &msg, sizeof(msg)) != sizeof(msg))
+		total = 0;
+		pos = &msg;
+
+		while (total < sizeof(msg))
 		{
-			fprintf(stderr, "read failed: %s\n", strerror(errno));
-			close(s);
-			return 1;
+			len = read(s, pos, sizeof(msg) - total);
+			if (len < 0)
+			{
+				fprintf(stderr, "read failed: %s\n", strerror(errno));
+				close(s);
+				return 1;
+			}
+			total += len;
+			pos += len;
 		}
 		printf("%d %s %s %s %s\n",
-			   msg.type, msg.name, msg.id, msg.ip, msg.str);
+			   ntohl(msg.type), msg.name, msg.id, msg.ip, msg.str);
 	}
 	close(s);
 	return 0;
diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c
index 9a6383cbe..13860fe50 100644
--- a/src/libcharon/plugins/error_notify/error_notify_listener.c
+++ b/src/libcharon/plugins/error_notify/error_notify_listener.c
@@ -45,6 +45,8 @@ METHOD(listener_t, alert, bool,
 	identification_t *id;
 	linked_list_t *list, *list2;
 	peer_cfg_t *peer_cfg;
+	certificate_t *cert;
+	time_t not_before, not_after;
 
 	if (!this->socket->has_listeners(this->socket))
 	{
@@ -56,80 +58,80 @@ METHOD(listener_t, alert, bool,
 	switch (alert)
 	{
 		case ALERT_RADIUS_NOT_RESPONDING:
-			msg.type = ERROR_NOTIFY_RADIUS_NOT_RESPONDING;
+			msg.type = htonl(ERROR_NOTIFY_RADIUS_NOT_RESPONDING);
 			snprintf(msg.str, sizeof(msg.str),
 					 "a RADIUS request message timed out");
 			break;
 		case ALERT_LOCAL_AUTH_FAILED:
-			msg.type = ERROR_NOTIFY_LOCAL_AUTH_FAILED;
+			msg.type = htonl(ERROR_NOTIFY_LOCAL_AUTH_FAILED);
 			snprintf(msg.str, sizeof(msg.str),
 					 "creating local authentication data failed");
 			break;
 		case ALERT_PEER_AUTH_FAILED:
-			msg.type = ERROR_NOTIFY_PEER_AUTH_FAILED;
+			msg.type = htonl(ERROR_NOTIFY_PEER_AUTH_FAILED);
 			snprintf(msg.str, sizeof(msg.str), "peer authentication failed");
 			break;
 		case ALERT_PARSE_ERROR_HEADER:
-			msg.type = ERROR_NOTIFY_PARSE_ERROR_HEADER;
+			msg.type = htonl(ERROR_NOTIFY_PARSE_ERROR_HEADER);
 			message = va_arg(args, message_t*);
 			snprintf(msg.str, sizeof(msg.str), "parsing IKE header from "
 					 "%#H failed", message->get_source(message));
 			break;
 		case ALERT_PARSE_ERROR_BODY:
-			msg.type = ERROR_NOTIFY_PARSE_ERROR_BODY;
+			msg.type = htonl(ERROR_NOTIFY_PARSE_ERROR_BODY);
 			message = va_arg(args, message_t*);
 			snprintf(msg.str, sizeof(msg.str), "parsing IKE message from "
 					 "%#H failed", message->get_source(message));
 			break;
 		case ALERT_RETRANSMIT_SEND_TIMEOUT:
-			msg.type = ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT;
+			msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT);
 			snprintf(msg.str, sizeof(msg.str),
 					 "IKE message retransmission timed out");
 			break;
 		case ALERT_HALF_OPEN_TIMEOUT:
-			msg.type = ERROR_NOTIFY_HALF_OPEN_TIMEOUT;
+			msg.type = htonl(ERROR_NOTIFY_HALF_OPEN_TIMEOUT);
 			snprintf(msg.str, sizeof(msg.str), "IKE_SA timed out before it "
 					 "could be established");
 			break;
 		case ALERT_PROPOSAL_MISMATCH_IKE:
-			msg.type = ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE;
+			msg.type = htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE);
 			list = va_arg(args, linked_list_t*);
 			snprintf(msg.str, sizeof(msg.str), "the received IKE_SA poposals "
 					 "did not match: %#P", list);
 			break;
 		case ALERT_PROPOSAL_MISMATCH_CHILD:
-			msg.type = ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD;
+			msg.type = htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD);
 			list = va_arg(args, linked_list_t*);
 			snprintf(msg.str, sizeof(msg.str), "the received CHILD_SA poposals "
 					 "did not match: %#P", list);
 			break;
 		case ALERT_TS_MISMATCH:
-			msg.type = ERROR_NOTIFY_TS_MISMATCH;
+			msg.type = htonl(ERROR_NOTIFY_TS_MISMATCH);
 			list = va_arg(args, linked_list_t*);
 			list2 = va_arg(args, linked_list_t*);
 			snprintf(msg.str, sizeof(msg.str), "the received traffic selectors "
 					 "did not match: %#R=== %#R", list, list2);
 			break;
 		case ALERT_INSTALL_CHILD_SA_FAILED:
-			msg.type = ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED;
+			msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED);
 			snprintf(msg.str, sizeof(msg.str), "installing IPsec SA failed");
 			break;
 		case ALERT_INSTALL_CHILD_POLICY_FAILED:
-			msg.type = ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED;
+			msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED);
 			snprintf(msg.str, sizeof(msg.str), "installing IPsec policy failed");
 			break;
 		case ALERT_UNIQUE_REPLACE:
-			msg.type = ERROR_NOTIFY_UNIQUE_REPLACE;
+			msg.type = htonl(ERROR_NOTIFY_UNIQUE_REPLACE);
 			snprintf(msg.str, sizeof(msg.str),
 					 "replaced old IKE_SA due to uniqueness policy");
 			break;
 		case ALERT_UNIQUE_KEEP:
-			msg.type = ERROR_NOTIFY_UNIQUE_KEEP;
+			msg.type = htonl(ERROR_NOTIFY_UNIQUE_KEEP);
 			snprintf(msg.str, sizeof(msg.str), "keep existing in favor of "
 					 "rejected new IKE_SA due to uniqueness policy");
 			break;
 		case ALERT_VIP_FAILURE:
-			msg.type = ERROR_NOTIFY_VIP_FAILURE;
+			msg.type = htonl(ERROR_NOTIFY_VIP_FAILURE);
 			list = va_arg(args, linked_list_t*);
 			if (list->get_first(list, (void**)&host) == SUCCESS)
 			{
@@ -143,10 +145,30 @@ METHOD(listener_t, alert, bool,
 			}
 			break;
 		case ALERT_AUTHORIZATION_FAILED:
-			msg.type = ERROR_NOTIFY_AUTHORIZATION_FAILED;
+			msg.type = htonl(ERROR_NOTIFY_AUTHORIZATION_FAILED);
 			snprintf(msg.str, sizeof(msg.str), "an authorization plugin "
 					 "prevented establishment of an IKE_SA");
 			break;
+		case ALERT_CERT_EXPIRED:
+			msg.type = htonl(ERROR_NOTIFY_CERT_EXPIRED);
+			cert = va_arg(args, certificate_t*);
+			cert->get_validity(cert, NULL, &not_before, &not_after);
+			snprintf(msg.str, sizeof(msg.str), "certificiate expired: '%Y' "
+					 "(valid from %T to %T)", cert->get_subject(cert),
+					 &not_before, TRUE, &not_after, TRUE);
+			break;
+		case ALERT_CERT_REVOKED:
+			msg.type = htonl(ERROR_NOTIFY_CERT_REVOKED);
+			cert = va_arg(args, certificate_t*);
+			snprintf(msg.str, sizeof(msg.str), "certificiate revoked: '%Y'",
+					 cert->get_subject(cert));
+			break;
+		case ALERT_CERT_NO_ISSUER:
+			msg.type = htonl(ERROR_NOTIFY_NO_ISSUER_CERT);
+			cert = va_arg(args, certificate_t*);
+			snprintf(msg.str, sizeof(msg.str), "no trusted issuer certificate "
+					 "found: '%Y'", cert->get_issuer(cert));
+			break;
 		default:
 			return TRUE;
 	}
diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h
index e3cdd67e9..c66080276 100644
--- a/src/libcharon/plugins/error_notify/error_notify_msg.h
+++ b/src/libcharon/plugins/error_notify/error_notify_msg.h
@@ -45,6 +45,9 @@ enum {
 	ERROR_NOTIFY_UNIQUE_KEEP = 14,
 	ERROR_NOTIFY_VIP_FAILURE = 15,
 	ERROR_NOTIFY_AUTHORIZATION_FAILED = 16,
+	ERROR_NOTIFY_CERT_EXPIRED = 17,
+	ERROR_NOTIFY_CERT_REVOKED = 18,
+	ERROR_NOTIFY_NO_ISSUER_CERT = 19,
 };
 
 /**
@@ -54,13 +57,13 @@ struct error_notify_msg_t {
 	/** message type */
 	int type;
 	/** string with an error description */
-	char str[128];
+	char str[384];
 	/** connection name, if known */
 	char name[64];
 	/** peer identity, if known */
-	char id[128];
+	char id[256];
 	/** peer address and port, if known */
 	char ip[60];
-};
+} __attribute__((packed));
 
 #endif /** ERROR_NOTIFY_MSG_H_ @}*/
diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.c b/src/libcharon/plugins/error_notify/error_notify_plugin.c
index f4f0647fb..40ace6014 100644
--- a/src/libcharon/plugins/error_notify/error_notify_plugin.c
+++ b/src/libcharon/plugins/error_notify/error_notify_plugin.c
@@ -49,10 +49,37 @@ METHOD(plugin_t, get_name, char*,
 	return "error-notify";
 }
 
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_error_notify_plugin_t *this,
+					  plugin_feature_t *feature, bool reg, void *cb_data)
+{
+	if (reg)
+	{
+		charon->bus->add_listener(charon->bus, &this->listener->listener);
+	}
+	else
+	{
+		charon->bus->remove_listener(charon->bus, &this->listener->listener);
+	}
+	return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+	private_error_notify_plugin_t *this, plugin_feature_t *features[])
+{
+	static plugin_feature_t f[] = {
+		PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+			PLUGIN_PROVIDE(CUSTOM, "error-notify"),
+	};
+	*features = f;
+	return countof(f);
+}
+
 METHOD(plugin_t, destroy, void,
 	private_error_notify_plugin_t *this)
 {
-	charon->bus->remove_listener(charon->bus, &this->listener->listener);
 	this->listener->destroy(this->listener);
 	this->socket->destroy(this->socket);
 	free(this);
@@ -69,15 +96,20 @@ plugin_t *error_notify_plugin_create()
 		.public = {
 			.plugin = {
 				.get_name = _get_name,
-				.reload = (void*)return_false,
+				.get_features = _get_features,
 				.destroy = _destroy,
 			},
 		},
 		.socket = error_notify_socket_create(),
 	);
 
+	if (!this->socket)
+	{
+		free(this);
+		return NULL;
+	}
+
 	this->listener = error_notify_listener_create(this->socket);
-	charon->bus->add_listener(charon->bus, &this->listener->listener);
 
 	return &this->public.plugin;
 }
diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c
index 3ea657ba5..aafd0a4cd 100644
--- a/src/libcharon/plugins/error_notify/error_notify_socket.c
+++ b/src/libcharon/plugins/error_notify/error_notify_socket.c
@@ -43,12 +43,12 @@ struct private_error_notify_socket_t {
 	error_notify_socket_t public;
 
 	/**
-	 * Unix socket file descriptor
+	 * Service accepting connections
 	 */
-	int socket;
+	stream_service_t *service;
 
 	/**
-	 * List of connected clients, as uintptr_t FD
+	 * List of connected clients, as stream_t
 	 */
 	linked_list_t *connected;
 
@@ -58,48 +58,6 @@ struct private_error_notify_socket_t {
 	mutex_t *mutex;
 };
 
-/**
- * Open error notify unix socket
- */
-static bool open_socket(private_error_notify_socket_t *this)
-{
-	struct sockaddr_un addr;
-	mode_t old;
-
-	addr.sun_family = AF_UNIX;
-	strcpy(addr.sun_path, ERROR_NOTIFY_SOCKET);
-
-	this->socket = socket(AF_UNIX, SOCK_SEQPACKET, 0);
-	if (this->socket == -1)
-	{
-		DBG1(DBG_CFG, "creating notify socket failed");
-		return FALSE;
-	}
-	unlink(addr.sun_path);
-	old = umask(~(S_IRWXU | S_IRWXG));
-	if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)) < 0)
-	{
-		DBG1(DBG_CFG, "binding notify socket failed: %s", strerror(errno));
-		close(this->socket);
-		return FALSE;
-	}
-	umask(old);
-	if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
-			  charon->caps->get_gid(charon->caps)) != 0)
-	{
-		DBG1(DBG_CFG, "changing notify socket permissions failed: %s",
-			 strerror(errno));
-	}
-	if (listen(this->socket, 10) < 0)
-	{
-		DBG1(DBG_CFG, "listening on notify socket failed: %s", strerror(errno));
-		close(this->socket);
-		unlink(addr.sun_path);
-		return FALSE;
-	}
-	return TRUE;
-}
-
 METHOD(error_notify_socket_t, has_listeners, bool,
 	private_error_notify_socket_t *this)
 {
@@ -116,23 +74,21 @@ METHOD(error_notify_socket_t, notify, void,
 	private_error_notify_socket_t *this, error_notify_msg_t *msg)
 {
 	enumerator_t *enumerator;
-	uintptr_t fd;
+	stream_t *stream;
 
 	this->mutex->lock(this->mutex);
 	enumerator = this->connected->create_enumerator(this->connected);
-	while (enumerator->enumerate(enumerator, (void*)&fd))
+	while (enumerator->enumerate(enumerator, &stream))
 	{
-		while (send(fd, msg, sizeof(*msg), 0) <= 0)
+		if (!stream->write_all(stream, msg, sizeof(*msg)))
 		{
 			switch (errno)
 			{
-				case EINTR:
-					continue;
 				case ECONNRESET:
 				case EPIPE:
 					/* disconnect, remove this listener */
 					this->connected->remove_at(this->connected, enumerator);
-					close(fd);
+					stream->destroy(stream);
 					break;
 				default:
 					DBG1(DBG_CFG, "sending notify failed: %s", strerror(errno));
@@ -146,45 +102,23 @@ METHOD(error_notify_socket_t, notify, void,
 }
 
 /**
- * Accept client connections, dispatch
+ * Accept client connections
  */
-static job_requeue_t accept_(private_error_notify_socket_t *this)
+static bool on_accept(private_error_notify_socket_t *this, stream_t *stream)
 {
-	struct sockaddr_un addr;
-	int fd, len;
-	bool oldstate;
-
-	len = sizeof(addr);
-	oldstate = thread_cancelability(TRUE);
-	fd = accept(this->socket, (struct sockaddr*)&addr, &len);
-	thread_cancelability(oldstate);
+	this->mutex->lock(this->mutex);
+	this->connected->insert_last(this->connected, stream);
+	this->mutex->unlock(this->mutex);
 
-	if (fd != -1)
-	{
-		this->mutex->lock(this->mutex);
-		this->connected->insert_last(this->connected, (void*)(uintptr_t)fd);
-		this->mutex->unlock(this->mutex);
-	}
-	else
-	{
-		DBG1(DBG_CFG, "accepting notify connection failed: %s",
-			 strerror(errno));
-	}
-	return JOB_REQUEUE_DIRECT;
+	return TRUE;
 }
 
 METHOD(error_notify_socket_t, destroy, void,
 	private_error_notify_socket_t *this)
 {
-	uintptr_t fd;
-
-	while (this->connected->remove_last(this->connected, (void*)&fd) == SUCCESS)
-	{
-		close(fd);
-	}
-	this->connected->destroy(this->connected);
+	DESTROY_IF(this->service);
+	this->connected->destroy_offset(this->connected, offsetof(stream_t, destroy));
 	this->mutex->destroy(this->mutex);
-	close(this->socket);
 	free(this);
 }
 
@@ -194,6 +128,7 @@ METHOD(error_notify_socket_t, destroy, void,
 error_notify_socket_t *error_notify_socket_create()
 {
 	private_error_notify_socket_t *this;
+	char *uri;
 
 	INIT(this,
 		.public = {
@@ -205,15 +140,18 @@ error_notify_socket_t *error_notify_socket_create()
 		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
 	);
 
-	if (!open_socket(this))
+	uri = lib->settings->get_str(lib->settings,
+				"%s.plugins.error-notify.socket", "unix://" ERROR_NOTIFY_SOCKET,
+				charon->name);
+	this->service = lib->streams->create_service(lib->streams, uri, 10);
+	if (!this->service)
 	{
-		free(this);
+		DBG1(DBG_CFG, "creating duplicheck socket failed");
+		destroy(this);
 		return NULL;
 	}
-
-	lib->processor->queue_job(lib->processor,
-		(job_t*)callback_job_create_with_prio((callback_job_cb_t)accept_, this,
-				NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
+	this->service->on_accept(this->service, (stream_service_cb_t)on_accept,
+							 this, JOB_PRIO_CRITICAL, 1);
 
 	return &this->public;
 }
author	Yves-Alexis Perez <corsac@debian.org>	2013-08-25 15:37:26 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2013-08-25 15:37:26 +0200
commit	6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (patch)
tree	009fc492961e13860d2a4bc2de8caf2bbe2975e7 /src/libcharon/plugins/error_notify
parent	c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (diff)
download	vyos-strongswan-6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349.tar.gz vyos-strongswan-6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349.zip