Imported Upstream version 5.2.0

4 files changed, 64 insertions, 42 deletions

diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
index 9509b1bd3..b90688791 100644
--- a/src/libcharon/plugins/stroke/Makefile.am
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -7,7 +7,7 @@ AM_CPPFLAGS = \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-stroke.la
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 253203de7..59a59834a 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -268,6 +268,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -286,6 +287,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -313,6 +315,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -404,6 +407,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -423,7 +427,7 @@ AM_CPPFLAGS = \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-stroke.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-stroke.la
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index e5e6d9246..62967b006 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -174,10 +174,12 @@ static void add_proposals(private_stroke_config_t *this, char *string,
 	if (ike_cfg)
 	{
 		ike_cfg->add_proposal(ike_cfg, proposal_create_default(proto));
+		ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(proto));
 	}
 	else
 	{
 		child_cfg->add_proposal(child_cfg, proposal_create_default(proto));
+		child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto));
 	}
 }
 
@@ -1149,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
 				map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
 				msg->add_conn.inactivity, msg->add_conn.reqid,
 				&mark_in, &mark_out, msg->add_conn.tfc);
+	if (msg->add_conn.replay_window != -1)
+	{
+		child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
+	}
 	child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
 											msg->add_conn.install_policy);
 	add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 169ff2bf6..54dd56e91 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -107,6 +107,19 @@ struct private_stroke_socket_t {
 };
 
 /**
+ * Helper macro to log configuration options, but only if they are defined.
+ */
+#define DBG_OPT(...) VA_ARGS_DISPATCH(DBG_OPT, __VA_ARGS__)(__VA_ARGS__)
+#define DBG_OPT2(fmt, val) ({ \
+	typeof(val) _val = val; \
+	if (_val) { DBG2(DBG_CFG, fmt, _val); } \
+})
+#define DBG_OPT3(fmt, label, val) ({ \
+	typeof(val) _val = val; \
+	if (_val) { DBG2(DBG_CFG, fmt, label, _val); } \
+})
+
+/**
  * Helper function which corrects the string pointers
  * in a stroke_msg_t. Strings in a stroke_msg sent over "wire"
  * contains RELATIVE addresses (relative to the beginning of the
@@ -157,22 +170,22 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
 	pop_string(msg, &end->cert_policy);
 	pop_string(msg, &end->updown);
 
-	DBG2(DBG_CFG, "  %s=%s", label, end->address);
-	DBG2(DBG_CFG, "  %ssubnet=%s", label, end->subnets);
-	DBG2(DBG_CFG, "  %ssourceip=%s", label, end->sourceip);
-	DBG2(DBG_CFG, "  %sdns=%s", label, end->dns);
-	DBG2(DBG_CFG, "  %sauth=%s", label, end->auth);
-	DBG2(DBG_CFG, "  %sauth2=%s", label, end->auth2);
-	DBG2(DBG_CFG, "  %sid=%s", label, end->id);
-	DBG2(DBG_CFG, "  %sid2=%s", label, end->id2);
-	DBG2(DBG_CFG, "  %srsakey=%s", label, end->rsakey);
-	DBG2(DBG_CFG, "  %scert=%s", label, end->cert);
-	DBG2(DBG_CFG, "  %scert2=%s", label, end->cert2);
-	DBG2(DBG_CFG, "  %sca=%s", label, end->ca);
-	DBG2(DBG_CFG, "  %sca2=%s", label, end->ca2);
-	DBG2(DBG_CFG, "  %sgroups=%s", label, end->groups);
-	DBG2(DBG_CFG, "  %sgroups2=%s", label, end->groups2);
-	DBG2(DBG_CFG, "  %supdown=%s", label, end->updown);
+	DBG_OPT("  %s=%s", label, end->address);
+	DBG_OPT("  %ssubnet=%s", label, end->subnets);
+	DBG_OPT("  %ssourceip=%s", label, end->sourceip);
+	DBG_OPT("  %sdns=%s", label, end->dns);
+	DBG_OPT("  %sauth=%s", label, end->auth);
+	DBG_OPT("  %sauth2=%s", label, end->auth2);
+	DBG_OPT("  %sid=%s", label, end->id);
+	DBG_OPT("  %sid2=%s", label, end->id2);
+	DBG_OPT("  %srsakey=%s", label, end->rsakey);
+	DBG_OPT("  %scert=%s", label, end->cert);
+	DBG_OPT("  %scert2=%s", label, end->cert2);
+	DBG_OPT("  %sca=%s", label, end->ca);
+	DBG_OPT("  %sca2=%s", label, end->ca2);
+	DBG_OPT("  %sgroups=%s", label, end->groups);
+	DBG_OPT("  %sgroups2=%s", label, end->groups2);
+	DBG_OPT("  %supdown=%s", label, end->updown);
 }
 
 /**
@@ -194,20 +207,20 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
 	pop_string(msg, &msg->add_conn.algorithms.ah);
 	pop_string(msg, &msg->add_conn.ikeme.mediated_by);
 	pop_string(msg, &msg->add_conn.ikeme.peerid);
-	DBG2(DBG_CFG, "  eap_identity=%s", msg->add_conn.eap_identity);
-	DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
-	DBG2(DBG_CFG, "  xauth_identity=%s", msg->add_conn.xauth_identity);
-	DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
-	DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
-	DBG2(DBG_CFG, "  ah=%s", msg->add_conn.algorithms.ah);
-	DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);
-	DBG2(DBG_CFG, "  dpdtimeout=%d", msg->add_conn.dpd.timeout);
-	DBG2(DBG_CFG, "  dpdaction=%d", msg->add_conn.dpd.action);
-	DBG2(DBG_CFG, "  closeaction=%d", msg->add_conn.close_action);
-	DBG2(DBG_CFG, "  mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
-	DBG2(DBG_CFG, "  mediated_by=%s", msg->add_conn.ikeme.mediated_by);
-	DBG2(DBG_CFG, "  me_peerid=%s", msg->add_conn.ikeme.peerid);
-	DBG2(DBG_CFG, "  keyexchange=ikev%u", msg->add_conn.version);
+	DBG_OPT("  eap_identity=%s", msg->add_conn.eap_identity);
+	DBG_OPT("  aaa_identity=%s", msg->add_conn.aaa_identity);
+	DBG_OPT("  xauth_identity=%s", msg->add_conn.xauth_identity);
+	DBG_OPT("  ike=%s", msg->add_conn.algorithms.ike);
+	DBG_OPT("  esp=%s", msg->add_conn.algorithms.esp);
+	DBG_OPT("  ah=%s", msg->add_conn.algorithms.ah);
+	DBG_OPT("  dpddelay=%d", msg->add_conn.dpd.delay);
+	DBG_OPT("  dpdtimeout=%d", msg->add_conn.dpd.timeout);
+	DBG_OPT("  dpdaction=%d", msg->add_conn.dpd.action);
+	DBG_OPT("  closeaction=%d", msg->add_conn.close_action);
+	DBG_OPT("  mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
+	DBG_OPT("  mediated_by=%s", msg->add_conn.ikeme.mediated_by);
+	DBG_OPT("  me_peerid=%s", msg->add_conn.ikeme.peerid);
+	DBG_OPT("  keyexchange=ikev%u", msg->add_conn.version);
 
 	this->config->add(this->config, msg);
 	this->attribute->add_dns(this->attribute, msg);
@@ -311,13 +324,13 @@ static void stroke_add_ca(private_stroke_socket_t *this,
 	pop_string(msg, &msg->add_ca.ocspuri);
 	pop_string(msg, &msg->add_ca.ocspuri2);
 	pop_string(msg, &msg->add_ca.certuribase);
-	DBG2(DBG_CFG, "ca %s",            msg->add_ca.name);
-	DBG2(DBG_CFG, "  cacert=%s",      msg->add_ca.cacert);
-	DBG2(DBG_CFG, "  crluri=%s",      msg->add_ca.crluri);
-	DBG2(DBG_CFG, "  crluri2=%s",     msg->add_ca.crluri2);
-	DBG2(DBG_CFG, "  ocspuri=%s",     msg->add_ca.ocspuri);
-	DBG2(DBG_CFG, "  ocspuri2=%s",    msg->add_ca.ocspuri2);
-	DBG2(DBG_CFG, "  certuribase=%s", msg->add_ca.certuribase);
+	DBG2(DBG_CFG, "ca %s", msg->add_ca.name);
+	DBG_OPT("  cacert=%s", msg->add_ca.cacert);
+	DBG_OPT("  crluri=%s", msg->add_ca.crluri);
+	DBG_OPT("  crluri2=%s", msg->add_ca.crluri2);
+	DBG_OPT("  ocspuri=%s", msg->add_ca.ocspuri);
+	DBG_OPT("  ocspuri2=%s", msg->add_ca.ocspuri2);
+	DBG_OPT("  certuribase=%s", msg->add_ca.certuribase);
 
 	this->ca->add(this->ca, msg);
 }
@@ -584,8 +597,7 @@ static void stroke_loglevel(private_stroke_socket_t *this,
 	}
 	else
 	{
-		group = enum_from_name(debug_names, msg->loglevel.type);
-		if ((int)group < 0)
+		if (!enum_from_name(debug_names, msg->loglevel.type, &group))
 		{
 			fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
 			return;