summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/stroke
diff options
context:
space:
mode:
authorRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:29:19 +0100
committerRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:29:19 +0100
commit365e71f706b40c32173fa06c6feaac48c1527520 (patch)
tree54fa72a914d18c9430eaa54f3de4a2d4419198af /src/libcharon/plugins/stroke
parent5d7669b7b3563c50b3c86903e0a49373d597b8a0 (diff)
parent568905f488e63e28778f87ac0e38d845f45bae79 (diff)
downloadvyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.tar.gz
vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.zip
Fixed merge, don't know why this didn't happen automatically - maybe a leftover from the svn->git conversion
Diffstat (limited to 'src/libcharon/plugins/stroke')
-rw-r--r--src/libcharon/plugins/stroke/Makefile.am4
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in20
-rw-r--r--src/libcharon/plugins/stroke/stroke_ca.c59
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c92
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.c191
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.h10
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c129
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c139
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.c19
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c35
10 files changed, 698 insertions, 0 deletions
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
index 40888a40b..29f680174 100644
--- a/src/libcharon/plugins/stroke/Makefile.am
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -21,7 +21,11 @@ libstrongswan_stroke_la_SOURCES = \
stroke_cred.h stroke_cred.c \
stroke_ca.h stroke_ca.c \
stroke_attribute.h stroke_attribute.c \
+<<<<<<< HEAD
stroke_list.h stroke_list.c \
stroke_shared_key.h stroke_shared_key.c
+=======
+ stroke_list.h stroke_list.c
+>>>>>>> upstream/4.5.1
libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index e6e98838b..3649c8ee9 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -77,7 +77,11 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_stroke_la_LIBADD =
am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \
stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \
+<<<<<<< HEAD
stroke_attribute.lo stroke_list.lo stroke_shared_key.lo
+=======
+ stroke_attribute.lo stroke_list.lo
+>>>>>>> upstream/4.5.1
libstrongswan_stroke_la_OBJECTS = \
$(am_libstrongswan_stroke_la_OBJECTS)
libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -223,9 +227,13 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+<<<<<<< HEAD
ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
+=======
+ipsecgroup = @ipsecgroup@
+>>>>>>> upstream/4.5.1
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +272,11 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+<<<<<<< HEAD
+=======
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+>>>>>>> upstream/4.5.1
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
@@ -292,8 +305,12 @@ libstrongswan_stroke_la_SOURCES = \
stroke_cred.h stroke_cred.c \
stroke_ca.h stroke_ca.c \
stroke_attribute.h stroke_attribute.c \
+<<<<<<< HEAD
stroke_list.h stroke_list.c \
stroke_shared_key.h stroke_shared_key.c
+=======
+ stroke_list.h stroke_list.c
+>>>>>>> upstream/4.5.1
libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
all: all-am
@@ -386,7 +403,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_cred.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_list.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_plugin.Plo@am__quote@
+<<<<<<< HEAD
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_shared_key.Plo@am__quote@
+=======
+>>>>>>> upstream/4.5.1
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_socket.Plo@am__quote@
.c.o:
diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c
index 9a3ae0ab9..57126053b 100644
--- a/src/libcharon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
@@ -113,6 +113,10 @@ static void ca_section_destroy(ca_section_t *this)
this->crl->destroy_function(this->crl, free);
this->ocsp->destroy_function(this->ocsp, free);
this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy));
+<<<<<<< HEAD
+=======
+ this->cert->destroy(this->cert);
+>>>>>>> upstream/4.5.1
free(this->certuribase);
free(this->name);
free(this);
@@ -207,11 +211,16 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data
return enumerator;
}
+<<<<<<< HEAD
/**
* Implementation of credential_set_t.create_cdp_enumerator.
*/
static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this,
certificate_type_t type, identification_t *id)
+=======
+METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
+ private_stroke_ca_t *this, certificate_type_t type, identification_t *id)
+>>>>>>> upstream/4.5.1
{
cdp_data_t *data;
@@ -235,10 +244,16 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this,
(type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp,
data, (void*)cdp_data_destroy);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_ca_t.add.
*/
static void add(private_stroke_ca_t *this, stroke_msg_t *msg)
+=======
+
+METHOD(stroke_ca_t, add, void,
+ private_stroke_ca_t *this, stroke_msg_t *msg)
+>>>>>>> upstream/4.5.1
{
certificate_t *cert;
ca_section_t *ca;
@@ -279,10 +294,15 @@ static void add(private_stroke_ca_t *this, stroke_msg_t *msg)
}
}
+<<<<<<< HEAD
/**
* Implementation of stroke_ca_t.del.
*/
static void del(private_stroke_ca_t *this, stroke_msg_t *msg)
+=======
+METHOD(stroke_ca_t, del, void,
+ private_stroke_ca_t *this, stroke_msg_t *msg)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator;
ca_section_t *ca = NULL;
@@ -336,10 +356,15 @@ static void list_uris(linked_list_t *list, char *label, FILE *out)
enumerator->destroy(enumerator);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_ca_t.check_for_hash_and_url.
*/
static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cert)
+=======
+METHOD(stroke_ca_t, check_for_hash_and_url, void,
+ private_stroke_ca_t *this, certificate_t* cert)
+>>>>>>> upstream/4.5.1
{
ca_section_t *section;
enumerator_t *enumerator;
@@ -376,10 +401,15 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer
hasher->destroy(hasher);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_ca_t.list.
*/
static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_ca_t, list, void,
+ private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
bool first = TRUE;
ca_section_t *section;
@@ -426,10 +456,15 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
this->lock->unlock(this->lock);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_ca_t.destroy
*/
static void destroy(private_stroke_ca_t *this)
+=======
+METHOD(stroke_ca_t, destroy, void,
+ private_stroke_ca_t *this)
+>>>>>>> upstream/4.5.1
{
this->sections->destroy_function(this->sections, (void*)ca_section_destroy);
this->lock->destroy(this->lock);
@@ -441,6 +476,7 @@ static void destroy(private_stroke_ca_t *this)
*/
stroke_ca_t *stroke_ca_create(stroke_cred_t *cred)
{
+<<<<<<< HEAD
private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t);
this->public.set.create_private_enumerator = (void*)return_null;
@@ -457,6 +493,29 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred)
this->sections = linked_list_create();
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
this->cred = cred;
+=======
+ private_stroke_ca_t *this;
+
+ INIT(this,
+ .public = {
+ .set = {
+ .create_private_enumerator = (void*)return_null,
+ .create_cert_enumerator = (void*)return_null,
+ .create_shared_enumerator = (void*)return_null,
+ .create_cdp_enumerator = _create_cdp_enumerator,
+ .cache_cert = (void*)nop,
+ },
+ .add = _add,
+ .del = _del,
+ .list = _list,
+ .check_for_hash_and_url = _check_for_hash_and_url,
+ .destroy = _destroy,
+ },
+ .sections = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ .cred = cred,
+ );
+>>>>>>> upstream/4.5.1
return &this->public;
}
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 165212a5e..11822a3bc 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -53,12 +53,17 @@ struct private_stroke_config_t {
stroke_cred_t *cred;
};
+<<<<<<< HEAD
/**
* Implementation of backend_t.create_peer_cfg_enumerator.
*/
static enumerator_t* create_peer_cfg_enumerator(private_stroke_config_t *this,
identification_t *me,
identification_t *other)
+=======
+METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
+ private_stroke_config_t *this, identification_t *me, identification_t *other)
+>>>>>>> upstream/4.5.1
{
this->mutex->lock(this->mutex);
return enumerator_create_cleaner(this->list->create_enumerator(this->list),
@@ -74,11 +79,16 @@ static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
return TRUE;
}
+<<<<<<< HEAD
/**
* Implementation of backend_t.create_ike_cfg_enumerator.
*/
static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this,
host_t *me, host_t *other)
+=======
+METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
+ private_stroke_config_t *this, host_t *me, host_t *other)
+>>>>>>> upstream/4.5.1
{
this->mutex->lock(this->mutex);
return enumerator_create_filter(this->list->create_enumerator(this->list),
@@ -86,10 +96,15 @@ static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this,
(void*)this->mutex->unlock);
}
+<<<<<<< HEAD
/**
* implements backend_t.get_peer_cfg_by_name.
*/
static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *name)
+=======
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+ private_stroke_config_t *this, char *name)
+>>>>>>> upstream/4.5.1
{
enumerator_t *e1, *e2;
peer_cfg_t *current, *found = NULL;
@@ -438,6 +453,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
enumerator->destroy(enumerator);
}
+<<<<<<< HEAD
/* authentication metod (class, actually) */
if (streq(auth, "pubkey") ||
streq(auth, "rsasig") || streq(auth, "rsa") ||
@@ -445,6 +461,40 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
{
cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
build_crl_policy(cfg, local, msg->add_conn.crl_policy);
+=======
+ /* certificatePolicies */
+ if (end->cert_policy)
+ {
+ enumerator_t *enumerator;
+ char *policy;
+
+ enumerator = enumerator_create_token(end->cert_policy, ",", " ");
+ while (enumerator->enumerate(enumerator, &policy))
+ {
+ cfg->add(cfg, AUTH_RULE_CERT_POLICY, strdup(policy));
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ /* authentication metod (class, actually) */
+ if (streq(auth, "pubkey") ||
+ strneq(auth, "rsa", strlen("rsa")) ||
+ strneq(auth, "ecdsa", strlen("ecdsa")))
+ {
+ u_int strength;
+
+ cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ build_crl_policy(cfg, local, msg->add_conn.crl_policy);
+
+ if (sscanf(auth, "rsa-%d", &strength) == 1)
+ {
+ cfg->add(cfg, AUTH_RULE_RSA_STRENGTH, (uintptr_t)strength);
+ }
+ if (sscanf(auth, "ecdsa-%d", &strength) == 1)
+ {
+ cfg->add(cfg, AUTH_RULE_ECDSA_STRENGTH, (uintptr_t)strength);
+ }
+>>>>>>> upstream/4.5.1
}
else if (streq(auth, "psk") || streq(auth, "secret"))
{
@@ -808,9 +858,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
child_cfg = child_cfg_create(
msg->add_conn.name, &lifetime,
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
+<<<<<<< HEAD
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp,
msg->add_conn.inactivity, msg->add_conn.reqid,
&mark_in, &mark_out);
+=======
+ msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
+ msg->add_conn.inactivity, msg->add_conn.reqid,
+ &mark_in, &mark_out, msg->add_conn.tfc);
+>>>>>>> upstream/4.5.1
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
msg->add_conn.install_policy);
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
@@ -821,10 +877,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
return child_cfg;
}
+<<<<<<< HEAD
/**
* Implementation of stroke_config_t.add.
*/
static void add(private_stroke_config_t *this, stroke_msg_t *msg)
+=======
+METHOD(stroke_config_t, add, void,
+ private_stroke_config_t *this, stroke_msg_t *msg)
+>>>>>>> upstream/4.5.1
{
ike_cfg_t *ike_cfg, *existing_ike;
peer_cfg_t *peer_cfg, *existing;
@@ -884,10 +945,15 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg)
}
}
+<<<<<<< HEAD
/**
* Implementation of stroke_config_t.del.
*/
static void del(private_stroke_config_t *this, stroke_msg_t *msg)
+=======
+METHOD(stroke_config_t, del, void,
+ private_stroke_config_t *this, stroke_msg_t *msg)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator, *children;
peer_cfg_t *peer;
@@ -938,10 +1004,15 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg)
}
}
+<<<<<<< HEAD
/**
* Implementation of stroke_config_t.destroy
*/
static void destroy(private_stroke_config_t *this)
+=======
+METHOD(stroke_config_t, destroy, void,
+ private_stroke_config_t *this)
+>>>>>>> upstream/4.5.1
{
this->list->destroy_offset(this->list, offsetof(peer_cfg_t, destroy));
this->mutex->destroy(this->mutex);
@@ -953,6 +1024,7 @@ static void destroy(private_stroke_config_t *this)
*/
stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred)
{
+<<<<<<< HEAD
private_stroke_config_t *this = malloc_thing(private_stroke_config_t);
this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
@@ -966,6 +1038,26 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred)
this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
this->ca = ca;
this->cred = cred;
+=======
+ private_stroke_config_t *this;
+
+ INIT(this,
+ .public = {
+ .backend = {
+ .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+ .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
+ .get_peer_cfg_by_name = _get_peer_cfg_by_name,
+ },
+ .add = _add,
+ .del = _del,
+ .destroy = _destroy,
+ },
+ .list = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
+ .ca = ca,
+ .cred = cred,
+ );
+>>>>>>> upstream/4.5.1
return &this->public;
}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index e0398ba78..03ba4c305 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -17,6 +17,11 @@
#include <daemon.h>
#include <processing/jobs/delete_ike_sa_job.h>
+<<<<<<< HEAD
+=======
+#include <processing/jobs/rekey_ike_sa_job.h>
+#include <processing/jobs/rekey_child_sa_job.h>
+>>>>>>> upstream/4.5.1
typedef struct private_stroke_control_t private_stroke_control_t;
@@ -90,10 +95,15 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
return found;
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.initiate.
*/
static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_control_t, initiate, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
@@ -137,6 +147,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou
}
/**
+<<<<<<< HEAD
* Implementation of stroke_control_t.terminate.
*/
static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
@@ -152,16 +163,34 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o
uintptr_t del;
string = msg->terminate.name;
+=======
+ * Parse a terminate/rekey specifier
+ */
+static bool parse_specifier(char *string, u_int32_t *id,
+ char **name, bool *child, bool *all)
+{
+ int len;
+ char *pos = NULL;
+
+ *id = 0;
+ *name = NULL;
+ *all = FALSE;
+>>>>>>> upstream/4.5.1
len = strlen(string);
if (len < 1)
{
+<<<<<<< HEAD
DBG1(DBG_CFG, "error parsing string");
return;
+=======
+ return FALSE;
+>>>>>>> upstream/4.5.1
}
switch (string[len-1])
{
case '}':
+<<<<<<< HEAD
child = TRUE;
pos = strchr(string, '{');
break;
@@ -176,18 +205,39 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o
}
if (name)
+=======
+ *child = TRUE;
+ pos = strchr(string, '{');
+ break;
+ case ']':
+ *child = FALSE;
+ pos = strchr(string, '[');
+ break;
+ default:
+ *name = string;
+ *child = FALSE;
+ break;
+ }
+
+ if (*name)
+>>>>>>> upstream/4.5.1
{
/* is a single name */
}
else if (pos == string + len - 2)
{ /* is name[] or name{} */
string[len-2] = '\0';
+<<<<<<< HEAD
name = string;
+=======
+ *name = string;
+>>>>>>> upstream/4.5.1
}
else
{
if (!pos)
{
+<<<<<<< HEAD
DBG1(DBG_CFG, "error parsing string");
return;
}
@@ -207,6 +257,45 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o
}
}
}
+=======
+ return FALSE;
+ }
+ if (*(pos + 1) == '*')
+ { /* is name[*] */
+ *all = TRUE;
+ *pos = '\0';
+ *name = string;
+ }
+ else
+ { /* is name[123] or name{23} */
+ *id = atoi(pos + 1);
+ if (*id == 0)
+ {
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
+}
+
+METHOD(stroke_control_t, terminate, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+{
+ char *name;
+ u_int32_t id;
+ bool child, all;
+ ike_sa_t *ike_sa;
+ enumerator_t *enumerator;
+ linked_list_t *ike_list, *child_list;
+ stroke_log_info_t info;
+ uintptr_t del;
+
+ if (!parse_specifier(msg->terminate.name, &id, &name, &child, &all))
+ {
+ DBG1(DBG_CFG, "error parsing specifier string");
+ return;
+ }
+>>>>>>> upstream/4.5.1
info.out = out;
info.level = msg->output_verbosity;
@@ -293,11 +382,76 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o
child_list->destroy(child_list);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.terminate_srcip.
*/
static void terminate_srcip(private_stroke_control_t *this,
stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_control_t, rekey, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+{
+ char *name;
+ u_int32_t id;
+ bool child, all, finished = FALSE;
+ ike_sa_t *ike_sa;
+ enumerator_t *enumerator;
+
+ if (!parse_specifier(msg->terminate.name, &id, &name, &child, &all))
+ {
+ DBG1(DBG_CFG, "error parsing specifier string");
+ return;
+ }
+ enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
+ while (enumerator->enumerate(enumerator, &ike_sa))
+ {
+ child_sa_t *child_sa;
+ iterator_t *children;
+
+ if (child)
+ {
+ children = ike_sa->create_child_sa_iterator(ike_sa);
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ if ((name && streq(name, child_sa->get_name(child_sa))) ||
+ (id && id == child_sa->get_reqid(child_sa)))
+ {
+ lib->processor->queue_job(lib->processor,
+ (job_t*)rekey_child_sa_job_create(
+ child_sa->get_reqid(child_sa),
+ child_sa->get_protocol(child_sa),
+ child_sa->get_spi(child_sa, TRUE)));
+ if (!all)
+ {
+ finished = TRUE;
+ break;
+ }
+ }
+ }
+ children->destroy(children);
+ }
+ else if ((name && streq(name, ike_sa->get_name(ike_sa))) ||
+ (id && id == ike_sa->get_unique_id(ike_sa)))
+ {
+ lib->processor->queue_job(lib->processor,
+ (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE));
+ if (!all)
+ {
+ finished = TRUE;
+ }
+ }
+ if (finished)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+METHOD(stroke_control_t, terminate_srcip, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator;
ike_sa_t *ike_sa;
@@ -362,10 +516,15 @@ static void terminate_srcip(private_stroke_control_t *this,
DESTROY_IF(end);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.purge_ike
*/
static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_control_t, purge_ike, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator;
iterator_t *iterator;
@@ -402,10 +561,15 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o
list->destroy(list);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.route.
*/
static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_control_t, route, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
@@ -443,10 +607,15 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
child_cfg->destroy(child_cfg);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.unroute.
*/
static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_control_t, unroute, void,
+ private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
child_sa_t *child_sa;
enumerator_t *enumerator;
@@ -468,10 +637,15 @@ static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out
fprintf(out, "configuration '%s' not found\n", msg->unroute.name);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_control_t.destroy
*/
static void destroy(private_stroke_control_t *this)
+=======
+METHOD(stroke_control_t, destroy, void,
+ private_stroke_control_t *this)
+>>>>>>> upstream/4.5.1
{
free(this);
}
@@ -481,6 +655,7 @@ static void destroy(private_stroke_control_t *this)
*/
stroke_control_t *stroke_control_create()
{
+<<<<<<< HEAD
private_stroke_control_t *this = malloc_thing(private_stroke_control_t);
this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate;
@@ -490,6 +665,22 @@ stroke_control_t *stroke_control_create()
this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route;
this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute;
this->public.destroy = (void(*)(stroke_control_t*))destroy;
+=======
+ private_stroke_control_t *this;
+
+ INIT(this,
+ .public = {
+ .initiate = _initiate,
+ .terminate = _terminate,
+ .terminate_srcip = _terminate_srcip,
+ .rekey = _rekey,
+ .purge_ike = _purge_ike,
+ .route = _route,
+ .unroute = _unroute,
+ .destroy = _destroy,
+ },
+ );
+>>>>>>> upstream/4.5.1
return &this->public;
}
diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h
index 9b49bdc31..e4d67023a 100644
--- a/src/libcharon/plugins/stroke/stroke_control.h
+++ b/src/libcharon/plugins/stroke/stroke_control.h
@@ -54,6 +54,16 @@ struct stroke_control_t {
void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
/**
+<<<<<<< HEAD
+=======
+ * Rekey a connection.
+ *
+ * @param msg stroke message
+ */
+ void (*rekey)(stroke_control_t *this, stroke_msg_t *msg, FILE *out);
+
+ /**
+>>>>>>> upstream/4.5.1
* Delete IKE_SAs without a CHILD_SA.
*
* @param msg stroke message
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 91e71f1f4..6d9440778 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -1,5 +1,9 @@
/*
+<<<<<<< HEAD
* Copyright (C) 2008 Tobias Brunner
+=======
+ * Copyright (C) 2008-2010 Tobias Brunner
+>>>>>>> upstream/4.5.1
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -25,7 +29,10 @@
#include <unistd.h>
#include "stroke_cred.h"
+<<<<<<< HEAD
#include "stroke_shared_key.h"
+=======
+>>>>>>> upstream/4.5.1
#include <credentials/certificates/x509.h>
#include <credentials/certificates/crl.h>
@@ -64,6 +71,7 @@ struct private_stroke_cred_t {
stroke_cred_t public;
/**
+<<<<<<< HEAD
* list of trusted peer/signer/CA certificates (certificate_t)
*/
linked_list_t *certs;
@@ -82,6 +90,11 @@ struct private_stroke_cred_t {
* read-write lock to lists
*/
rwlock_t *lock;
+=======
+ * credentials
+ */
+ mem_cred_t *creds;
+>>>>>>> upstream/4.5.1
/**
* cache CRLs to disk?
@@ -90,6 +103,7 @@ struct private_stroke_cred_t {
};
/**
+<<<<<<< HEAD
* data to pass to various filters
*/
typedef struct {
@@ -321,6 +335,8 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert)
}
/**
+=======
+>>>>>>> upstream/4.5.1
* Implementation of stroke_cred_t.load_ca.
*/
static certificate_t* load_ca(private_stroke_cred_t *this, char *filename)
@@ -352,12 +368,17 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename)
cert->destroy(cert);
return NULL;
}
+<<<<<<< HEAD
return (certificate_t*)add_cert(this, cert);
+=======
+ return this->creds->add_cert_ref(this->creds, TRUE, cert);
+>>>>>>> upstream/4.5.1
}
return NULL;
}
/**
+<<<<<<< HEAD
* Add X.509 CRL to chain
*/
static bool add_crl(private_stroke_cred_t *this, crl_t* crl)
@@ -431,6 +452,8 @@ static bool add_ac(private_stroke_cred_t *this, ac_t* ac)
}
/**
+=======
+>>>>>>> upstream/4.5.1
* Implementation of stroke_cred_t.load_peer.
*/
static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
@@ -453,10 +476,17 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
BUILD_END);
if (cert)
{
+<<<<<<< HEAD
cert = add_cert(this, cert);
DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'",
cert->get_subject(cert), filename);
return cert->get_ref(cert);
+=======
+ cert = this->creds->add_cert_ref(this->creds, TRUE, cert);
+ DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'",
+ cert->get_subject(cert), filename);
+ return cert;
+>>>>>>> upstream/4.5.1
}
DBG1(DBG_CFG, " loading certificate from '%s' failed", filename);
return NULL;
@@ -511,8 +541,13 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
}
else
{
+<<<<<<< HEAD
DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'",
cert->get_subject(cert), file);
+=======
+ DBG1(DBG_CFG, " loaded ca certificate \"%Y\" "
+ "from '%s'", cert->get_subject(cert), file);
+>>>>>>> upstream/4.5.1
}
}
else
@@ -540,7 +575,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
}
if (cert)
{
+<<<<<<< HEAD
add_cert(this, cert);
+=======
+ this->creds->add_cert(this->creds, TRUE, cert);
+>>>>>>> upstream/4.5.1
}
break;
case CERT_X509_CRL:
@@ -550,7 +589,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
BUILD_END);
if (cert)
{
+<<<<<<< HEAD
add_crl(this, (crl_t*)cert);
+=======
+ this->creds->add_crl(this->creds, (crl_t*)cert);
+>>>>>>> upstream/4.5.1
DBG1(DBG_CFG, " loaded crl from '%s'", file);
}
else
@@ -565,7 +608,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
BUILD_END);
if (cert)
{
+<<<<<<< HEAD
add_ac(this, (ac_t*)cert);
+=======
+ this->creds->add_cert(this->creds, FALSE, cert);
+>>>>>>> upstream/4.5.1
DBG1(DBG_CFG, " loaded attribute certificate from '%s'",
file);
}
@@ -593,7 +640,11 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
crl_t *crl = (crl_t*)cert;
cert->get_ref(cert);
+<<<<<<< HEAD
if (add_crl(this, crl))
+=======
+ if (this->creds->add_crl(this->creds, crl))
+>>>>>>> upstream/4.5.1
{
char buf[BUF_LEN];
chunk_t chunk, hex;
@@ -914,7 +965,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
}
/* unlock: smartcard needs the pin and potentially calls public set */
+<<<<<<< HEAD
this->lock->unlock(this->lock);
+=======
+>>>>>>> upstream/4.5.1
switch (format)
{
case SC_FORMAT_SLOT_MODULE_KEYID:
@@ -936,7 +990,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
BUILD_PKCS11_KEYID, chunk, BUILD_END);
break;
}
+<<<<<<< HEAD
this->lock->write_lock(this->lock);
+=======
+>>>>>>> upstream/4.5.1
if (mem)
{
lib->credmgr->remove_local_set(lib->credmgr, &mem->set);
@@ -951,7 +1008,11 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
if (key)
{
DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
+<<<<<<< HEAD
this->private->insert_last(this->private, key);
+=======
+ this->creds->add_key(this->creds, key);
+>>>>>>> upstream/4.5.1
}
return TRUE;
}
@@ -1022,11 +1083,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr,
cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data);
lib->credmgr->add_local_set(lib->credmgr, &cb->set);
+<<<<<<< HEAD
/* unlock, as the builder might ask for a secret */
this->lock->unlock(this->lock);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
BUILD_FROM_FILE, path, BUILD_END);
this->lock->write_lock(this->lock);
+=======
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
+ BUILD_FROM_FILE, path, BUILD_END);
+>>>>>>> upstream/4.5.1
lib->credmgr->remove_local_set(lib->credmgr, &cb->set);
cb->destroy(cb);
@@ -1042,11 +1108,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr,
mem->add_shared(mem, shared, NULL);
lib->credmgr->add_local_set(lib->credmgr, &mem->set);
+<<<<<<< HEAD
/* unlock, as the builder might ask for a secret */
this->lock->unlock(this->lock);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
BUILD_FROM_FILE, path, BUILD_END);
this->lock->write_lock(this->lock);
+=======
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
+ BUILD_FROM_FILE, path, BUILD_END);
+>>>>>>> upstream/4.5.1
lib->credmgr->remove_local_set(lib->credmgr, &mem->set);
mem->destroy(mem);
@@ -1055,7 +1126,11 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr,
{
DBG1(DBG_CFG, " loaded %N private key from '%s'",
key_type_names, key->get_type(key), path);
+<<<<<<< HEAD
this->private->insert_last(this->private, key);
+=======
+ this->creds->add_key(this->creds, key);
+>>>>>>> upstream/4.5.1
}
else
{
@@ -1070,7 +1145,12 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr,
static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr,
shared_key_type_t type, chunk_t ids)
{
+<<<<<<< HEAD
stroke_shared_key_t *shared_key;
+=======
+ shared_key_t *shared_key;
+ linked_list_t *owners;
+>>>>>>> upstream/4.5.1
chunk_t secret = chunk_empty;
bool any = TRUE;
@@ -1080,12 +1160,20 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr,
DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
return FALSE;
}
+<<<<<<< HEAD
shared_key = stroke_shared_key_create(type, secret);
+=======
+ shared_key = shared_key_create(type, secret);
+>>>>>>> upstream/4.5.1
DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type,
ids.len > 0 ? (char*)ids.ptr : "%any");
DBG4(DBG_CFG, " secret: %#B", &secret);
+<<<<<<< HEAD
this->shared->insert_last(this->shared, shared_key);
+=======
+ owners = linked_list_create();
+>>>>>>> upstream/4.5.1
while (ids.len > 0)
{
chunk_t id;
@@ -1111,14 +1199,25 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr,
continue;
}
+<<<<<<< HEAD
shared_key->add_owner(shared_key, peer_id);
+=======
+ owners->insert_last(owners, peer_id);
+>>>>>>> upstream/4.5.1
any = FALSE;
}
if (any)
{
+<<<<<<< HEAD
shared_key->add_owner(shared_key,
identification_create_from_encoding(ID_ANY, chunk_empty));
}
+=======
+ owners->insert_last(owners,
+ identification_create_from_encoding(ID_ANY, chunk_empty));
+ }
+ this->creds->add_shared_list(this->creds, shared_key, owners);
+>>>>>>> upstream/4.5.1
return TRUE;
}
@@ -1130,8 +1229,11 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
{
int line_nr = 0, fd;
chunk_t src, line;
+<<<<<<< HEAD
private_key_t *private;
shared_key_t *shared;
+=======
+>>>>>>> upstream/4.5.1
struct stat sb;
void *addr;
@@ -1160,6 +1262,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
src = chunk_create(addr, sb.st_size);
if (level == 0)
+<<<<<<< HEAD
{
this->lock->write_lock(this->lock);
@@ -1174,6 +1277,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
{
private->destroy(private);
}
+=======
+ { /* flush secrets on non-recursive invocation */
+ this->creds->clear_secrets(this->creds);
+>>>>>>> upstream/4.5.1
}
while (fetchline(&src, &line))
@@ -1234,7 +1341,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
if (glob(pattern, GLOB_ERR, NULL, &buf) != 0)
{
DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern);
+<<<<<<< HEAD
globfree(&buf);
+=======
+>>>>>>> upstream/4.5.1
}
else
{
@@ -1302,10 +1412,13 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
break;
}
}
+<<<<<<< HEAD
if (level == 0)
{
this->lock->unlock(this->lock);
}
+=======
+>>>>>>> upstream/4.5.1
munmap(addr, sb.st_size);
close(fd);
}
@@ -1384,10 +1497,15 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt)
*/
static void destroy(private_stroke_cred_t *this)
{
+<<<<<<< HEAD
this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy));
this->shared->destroy_offset(this->shared, offsetof(shared_key_t, destroy));
this->private->destroy_offset(this->private, offsetof(private_key_t, destroy));
this->lock->destroy(this->lock);
+=======
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+ this->creds->destroy(this->creds);
+>>>>>>> upstream/4.5.1
free(this);
}
@@ -1398,9 +1516,15 @@ stroke_cred_t *stroke_cred_create()
{
private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t);
+<<<<<<< HEAD
this->public.set.create_private_enumerator = (void*)create_private_enumerator;
this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
+=======
+ this->public.set.create_private_enumerator = (void*)return_null;
+ this->public.set.create_cert_enumerator = (void*)return_null;
+ this->public.set.create_shared_enumerator = (void*)return_null;
+>>>>>>> upstream/4.5.1
this->public.set.create_cdp_enumerator = (void*)return_null;
this->public.set.cache_cert = (void*)cache_cert;
this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread;
@@ -1409,10 +1533,15 @@ stroke_cred_t *stroke_cred_create()
this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl;
this->public.destroy = (void(*)(stroke_cred_t*))destroy;
+<<<<<<< HEAD
this->certs = linked_list_create();
this->shared = linked_list_create();
this->private = linked_list_create();
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+=======
+ this->creds = mem_cred_create();
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+>>>>>>> upstream/4.5.1
load_certs(this);
load_secrets(this, SECRETS_FILE, 0, NULL);
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 86deea490..9c71b2cd2 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -388,10 +388,15 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
enumerator->destroy(enumerator);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_list_t.status.
*/
static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all)
+=======
+METHOD(stroke_list_t, status, void,
+ private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator, *children;
ike_cfg_t *ike_cfg;
@@ -756,7 +761,11 @@ static void stroke_list_certs(linked_list_t *list, char *label,
enumerator_t *enumerator;
identification_t *altName;
bool first_altName = TRUE;
+<<<<<<< HEAD
int pathlen;
+=======
+ u_int pathlen;
+>>>>>>> upstream/4.5.1
chunk_t serial, authkey;
time_t notBefore, notAfter;
public_key_t *public;
@@ -836,10 +845,17 @@ static void stroke_list_certs(linked_list_t *list, char *label,
}
/* list optional pathLenConstraint */
+<<<<<<< HEAD
pathlen = x509->get_pathLenConstraint(x509);
if (pathlen != X509_NO_PATH_LEN_CONSTRAINT)
{
fprintf(out, " pathlen: %d\n", pathlen);
+=======
+ pathlen = x509->get_constraint(x509, X509_PATH_LEN);
+ if (pathlen != X509_NO_CONSTRAINT)
+ {
+ fprintf(out, " pathlen: %u\n", pathlen);
+>>>>>>> upstream/4.5.1
}
/* list optional ipAddrBlocks */
@@ -979,6 +995,13 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
{
fprintf(out, " serial: %#B\n", &chunk);
}
+<<<<<<< HEAD
+=======
+ if (crl->is_delta_crl(crl, &chunk))
+ {
+ fprintf(out, " delta for: %#B\n", &chunk);
+ }
+>>>>>>> upstream/4.5.1
/* count the number of revoked certificates */
{
@@ -1060,6 +1083,28 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
}
/**
+<<<<<<< HEAD
+=======
+ * Print the name of an algorithm plus the name of the plugin that registered it
+ */
+static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type,
+ const char *plugin_name)
+{
+ char alg_name[BUF_LEN];
+ int alg_name_len;
+
+ alg_name_len = sprintf(alg_name, " %N[%s]", alg_names, alg_type, plugin_name);
+ if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE)
+ {
+ fprintf(out, "\n ");
+ *len = 13;
+ }
+ fprintf(out, "%s", alg_name);
+ *len += alg_name_len;
+}
+
+/**
+>>>>>>> upstream/4.5.1
* List of registered cryptographical algorithms
*/
static void list_algs(FILE *out)
@@ -1070,6 +1115,7 @@ static void list_algs(FILE *out)
hash_algorithm_t hash;
pseudo_random_function_t prf;
diffie_hellman_group_t group;
+<<<<<<< HEAD
fprintf(out, "\n");
fprintf(out, "List of registered IKEv2 Algorithms:\n");
@@ -1113,15 +1159,82 @@ static void list_algs(FILE *out)
while (enumerator->enumerate(enumerator, &group))
{
fprintf(out, "%N ", diffie_hellman_group_names, group);
+=======
+ rng_quality_t quality;
+ const char *plugin_name;
+ int len;
+
+ fprintf(out, "\n");
+ fprintf(out, "List of registered IKEv2 Algorithms:\n");
+ fprintf(out, "\n encryption:");
+ len = 13;
+ enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
+ {
+ print_alg(out, &len, encryption_algorithm_names, encryption, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n integrity: ");
+ len = 13;
+ enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
+ {
+ print_alg(out, &len, integrity_algorithm_names, integrity, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n aead: ");
+ len = 13;
+ enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
+ {
+ print_alg(out, &len, encryption_algorithm_names, encryption, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n hasher: ");
+ len = 13;
+ enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &hash, &plugin_name))
+ {
+ print_alg(out, &len, hash_algorithm_names, hash, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n prf: ");
+ len = 13;
+ enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &prf, &plugin_name))
+ {
+ print_alg(out, &len, pseudo_random_function_names, prf, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n dh-group: ");
+ len = 13;
+ enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &group, &plugin_name))
+ {
+ print_alg(out, &len, diffie_hellman_group_names, group, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(out, "\n random-gen:");
+ len = 13;
+ enumerator = lib->crypto->create_rng_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &quality, &plugin_name))
+ {
+ print_alg(out, &len, rng_quality_names, quality, plugin_name);
+>>>>>>> upstream/4.5.1
}
enumerator->destroy(enumerator);
fprintf(out, "\n");
}
+<<<<<<< HEAD
/**
* Implementation of stroke_list_t.list.
*/
static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_list_t, list, void,
+ private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
linked_list_t *cert_list = NULL;
@@ -1224,10 +1337,15 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool,
}
}
+<<<<<<< HEAD
/**
* Implementation of stroke_list_t.leases
*/
static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
+=======
+METHOD(stroke_list_t, leases, void,
+ private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
+>>>>>>> upstream/4.5.1
{
enumerator_t *enumerator;
u_int size, offline, online;
@@ -1264,10 +1382,15 @@ static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
DESTROY_IF(address);
}
+<<<<<<< HEAD
/**
* Implementation of stroke_list_t.destroy
*/
static void destroy(private_stroke_list_t *this)
+=======
+METHOD(stroke_list_t, destroy, void,
+ private_stroke_list_t *this)
+>>>>>>> upstream/4.5.1
{
free(this);
}
@@ -1277,6 +1400,7 @@ static void destroy(private_stroke_list_t *this)
*/
stroke_list_t *stroke_list_create(stroke_attribute_t *attribute)
{
+<<<<<<< HEAD
private_stroke_list_t *this = malloc_thing(private_stroke_list_t);
this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list;
@@ -1286,6 +1410,21 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute)
this->uptime = time_monotonic(NULL);
this->attribute = attribute;
+=======
+ private_stroke_list_t *this;
+
+ INIT(this,
+ .public = {
+
+ .list = _list,
+ .status = _status,
+ .leases = _leases,
+ .destroy = _destroy,
+ },
+ .uptime = time_monotonic(NULL),
+ .attribute = attribute,
+ );
+>>>>>>> upstream/4.5.1
return &this->public;
}
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 4361e5050..81274b599 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -36,10 +36,15 @@ struct private_stroke_plugin_t {
stroke_socket_t *socket;
};
+<<<<<<< HEAD
/**
* Implementation of stroke_plugin_t.destroy
*/
static void destroy(private_stroke_plugin_t *this)
+=======
+METHOD(plugin_t, destroy, void,
+ private_stroke_plugin_t *this)
+>>>>>>> upstream/4.5.1
{
this->socket->destroy(this->socket);
free(this);
@@ -50,11 +55,25 @@ static void destroy(private_stroke_plugin_t *this)
*/
plugin_t *stroke_plugin_create()
{
+<<<<<<< HEAD
private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t);
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
this->socket = stroke_socket_create();
+=======
+ private_stroke_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ .socket = stroke_socket_create(),
+ );
+
+>>>>>>> upstream/4.5.1
if (this->socket == NULL)
{
free(this);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 0a5110fd3..e9ed86d09 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -151,6 +151,10 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
pop_string(msg, &end->ca);
pop_string(msg, &end->ca2);
pop_string(msg, &end->groups);
+<<<<<<< HEAD
+=======
+ pop_string(msg, &end->cert_policy);
+>>>>>>> upstream/4.5.1
pop_string(msg, &end->updown);
DBG2(DBG_CFG, " %s=%s", label, end->address);
@@ -246,6 +250,20 @@ static void stroke_terminate_srcip(private_stroke_socket_t *this,
}
/**
+<<<<<<< HEAD
+=======
+ * rekey a connection by name/id
+ */
+static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
+{
+ pop_string(msg, &msg->terminate.name);
+ DBG1(DBG_CFG, "received stroke: rekey '%s'", msg->rekey.name);
+
+ this->control->rekey(this->control, msg, out);
+}
+
+/**
+>>>>>>> upstream/4.5.1
* route a policy (install SPD entries)
*/
static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
@@ -348,6 +366,17 @@ static void stroke_purge(private_stroke_socket_t *this,
{
lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE);
}
+<<<<<<< HEAD
+=======
+ if (msg->purge.flags & PURGE_CRLS)
+ {
+ lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL);
+ }
+ if (msg->purge.flags & PURGE_CERTS)
+ {
+ lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
+ }
+>>>>>>> upstream/4.5.1
if (msg->purge.flags & PURGE_IKE)
{
this->control->purge_ike(this->control, msg, out);
@@ -510,6 +539,12 @@ static job_requeue_t process(stroke_job_context_t *ctx)
case STR_TERMINATE_SRCIP:
stroke_terminate_srcip(this, msg, out);
break;
+<<<<<<< HEAD
+=======
+ case STR_REKEY:
+ stroke_rekey(this, msg, out);
+ break;
+>>>>>>> upstream/4.5.1
case STR_STATUS:
stroke_status(this, msg, out, FALSE);
break;
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-25 12:38:15 +0000