Imported Upstream version 5.1.2

5 files changed, 75 insertions, 47 deletions

diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index a913e063e..11a8771cc 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
 COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
 COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
 piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
 random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2e10f324b..e5e6d9246 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -880,7 +880,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
 			else
 			{
 				vip = host_create_from_string(token, 0);
-				if (vip)
+				if (!vip)
 				{
 					DBG1(DBG_CFG, "ignored invalid subnet token: %s", token);
 				}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index b583bfc53..f770d7c9e 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -778,7 +778,7 @@ stroke_control_t *stroke_control_create()
 			.destroy = _destroy,
 		},
 		.timeout = lib->settings->get_int(lib->settings,
-								"%s.plugins.stroke.timeout", 0, charon->name),
+									"%s.plugins.stroke.timeout", 0, lib->ns),
 	);
 
 	return &this->public;
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 8d0001271..f908219ed 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -17,8 +17,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <limits.h>
-#include <libgen.h>
-#include <sys/mman.h>
 #include <fcntl.h>
 #include <errno.h>
 #include <unistd.h>
@@ -521,7 +519,16 @@ METHOD(stroke_cred_t, cache_cert, void,
 
 			if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
 			{
-				chunk_write(chunk, buf, "crl", 022, TRUE);
+				if (chunk_write(chunk, buf, 022, TRUE))
+				{
+					DBG1(DBG_CFG, "  written crl file '%s' (%d bytes)",
+						 buf, chunk.len);
+				}
+				else
+				{
+					DBG1(DBG_CFG, "  writing crl file '%s' failed: %s",
+						 buf, strerror(errno));
+				}
 				free(chunk.ptr);
 			}
 		}
@@ -1092,46 +1099,24 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr,
 static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
 						 char *file, int level, FILE *prompt)
 {
-	int line_nr = 0, fd;
-	chunk_t src, line;
-	struct stat sb;
-	void *addr;
+	int line_nr = 0;
+	chunk_t *src, line;
 
 	DBG1(DBG_CFG, "loading secrets from '%s'", file);
-	fd = open(file, O_RDONLY);
-	if (fd == -1)
+	src = chunk_map(file, FALSE);
+	if (!src)
 	{
 		DBG1(DBG_CFG, "opening secrets file '%s' failed: %s", file,
 			 strerror(errno));
 		return;
 	}
-	if (fstat(fd, &sb) == -1)
-	{
-		DBG1(DBG_LIB, "getting file size of '%s' failed: %s", file,
-			 strerror(errno));
-		close(fd);
-		return;
-	}
-	if (sb.st_size == 0)
-	{	/* skip empty files, as mmap() complains */
-		close(fd);
-		return;
-	}
-	addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
-	if (addr == MAP_FAILED)
-	{
-		DBG1(DBG_LIB, "mapping '%s' failed: %s", file, strerror(errno));
-		close(fd);
-		return;
-	}
-	src = chunk_create(addr, sb.st_size);
 
 	if (!secrets)
 	{
 		secrets = mem_cred_create();
 	}
 
-	while (fetchline(&src, &line))
+	while (fetchline(src, &line))
 	{
 		chunk_t ids, token;
 		shared_key_type_t type;
@@ -1172,8 +1157,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
 			}
 			else
 			{	/* use directory of current file if relative */
-				dir = strdup(file);
-				dir = dirname(dir);
+				dir = path_dirname(file);
 
 				if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern))
 				{
@@ -1272,8 +1256,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
 			break;
 		}
 	}
-	munmap(addr, sb.st_size);
-	close(fd);
+	chunk_unmap(src);
 
 	if (level == 0)
 	{	/* replace secrets in active credential set */
@@ -1394,7 +1377,7 @@ stroke_cred_t *stroke_cred_create()
 
 	this->force_ca_cert = lib->settings->get_bool(lib->settings,
 						"%s.plugins.stroke.ignore_missing_ca_basic_constraint",
-						FALSE, charon->name);
+						FALSE, lib->ns);
 
 	load_certs(this);
 	load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 3adebb523..169ff2bf6 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Tobias Brunner
+ * Copyright (C) 2011-2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -99,6 +99,11 @@ struct private_stroke_socket_t {
 	 * Counter values for IKE events
 	 */
 	stroke_counter_t *counter;
+
+	/**
+	 * TRUE if log level changes are not allowed
+	 */
+	bool prevent_loglevel_changes;
 };
 
 /**
@@ -490,6 +495,25 @@ static void stroke_leases(private_stroke_socket_t *this,
 }
 
 /**
+ * Callback function for usage report
+ */
+static void report_usage(FILE *out, int count, size_t bytes,
+						 backtrace_t *bt, bool detailed)
+{
+	fprintf(out, "%zu bytes total, %d allocations, %zu bytes average:\n",
+			bytes, count, bytes / count);
+	bt->log(bt, out, detailed);
+}
+
+/**
+ * Callback function for memusage summary
+ */
+static void sum_usage(FILE *out, int count, size_t bytes, int whitelisted)
+{
+	fprintf(out, "Total memory usage: %zu\n", bytes);
+}
+
+/**
  * Show memory usage
  */
 static void stroke_memusage(private_stroke_socket_t *this,
@@ -497,7 +521,9 @@ static void stroke_memusage(private_stroke_socket_t *this,
 {
 	if (lib->leak_detective)
 	{
-		lib->leak_detective->usage(lib->leak_detective, out);
+		lib->leak_detective->usage(lib->leak_detective,
+								   (leak_detective_report_cb_t)report_usage,
+								   (leak_detective_summary_cb_t)sum_usage, out);
 	}
 }
 
@@ -546,6 +572,12 @@ static void stroke_loglevel(private_stroke_socket_t *this,
 	DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
 		 msg->loglevel.level, msg->loglevel.type);
 
+	if (this->prevent_loglevel_changes)
+	{
+		DBG1(DBG_CFG, "prevented log level change");
+		fprintf(out, "command not allowed!\n");
+		return;
+	}
 	if (strcaseeq(msg->loglevel.type, "any"))
 	{
 		group = DBG_ANY;
@@ -555,7 +587,7 @@ static void stroke_loglevel(private_stroke_socket_t *this,
 		group = enum_from_name(debug_names, msg->loglevel.type);
 		if ((int)group < 0)
 		{
-			fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
+			fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
 			return;
 		}
 	}
@@ -591,8 +623,8 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
 		return FALSE;
 	}
 
-	/* read message */
-	msg = malloc(len);
+	/* read message (we need an additional byte to terminate the buffer) */
+	msg = malloc(len + 1);
 	msg->length = len;
 	if (!stream->read_all(stream, (char*)msg + sizeof(len), len - sizeof(len)))
 	{
@@ -603,6 +635,9 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
 		free(msg);
 		return FALSE;
 	}
+	/* make sure even incorrectly unterminated strings don't extend over the
+	 * message boundaries */
+	((char*)msg)[len] = '\0';
 
 	DBG3(DBG_CFG, "stroke message %b", (void*)msg, len);
 
@@ -727,6 +762,8 @@ stroke_socket_t *stroke_socket_create()
 		.public = {
 			.destroy = _destroy,
 		},
+		.prevent_loglevel_changes = lib->settings->get_bool(lib->settings,
+				"%s.plugins.stroke.prevent_loglevel_changes", FALSE, lib->ns),
 	);
 
 	this->cred = stroke_cred_create();
@@ -746,10 +783,10 @@ stroke_socket_t *stroke_socket_create()
 	charon->bus->add_listener(charon->bus, &this->counter->listener);
 
 	max_concurrent = lib->settings->get_int(lib->settings,
-			"%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
-			charon->name);
+				"%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
+				lib->ns);
 	uri = lib->settings->get_str(lib->settings,
-			"%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, charon->name);
+				"%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, lib->ns);
 	this->service = lib->streams->create_service(lib->streams, uri, 10);
 	if (!this->service)
 	{