diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
| commit | 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (patch) | |
| tree | bf1d05a2e37dbd1911b86fcc026fbe49b0239c71 /src/libcharon | |
| parent | 7585facf05d927eb6df3929ce09ed5e60d905437 (diff) | |
| download | vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.tar.gz vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.zip | |
Imported Upstream version 5.0.3
Diffstat (limited to 'src/libcharon')
198 files changed, 10286 insertions, 2671 deletions
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index b2d6c3128..66606f937 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -2,7 +2,7 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) # copy-n-paste from Makefile.am -LOCAL_SRC_FILES := \ +libcharon_la_SOURCES := \ bus/bus.c bus/bus.h \ bus/listeners/listener.h \ bus/listeners/logger.h \ @@ -62,7 +62,7 @@ processing/jobs/start_action_job.c processing/jobs/start_action_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ -sa/eap/eap_method.c sa/eap/eap_method.h \ +sa/eap/eap_method.c sa/eap/eap_method.h sa/eap/eap_inner_method.h \ sa/eap/eap_manager.c sa/eap/eap_manager.h \ sa/xauth/xauth_method.c sa/xauth/xauth_method.h \ sa/xauth/xauth_manager.c sa/xauth/xauth_manager.h \ @@ -77,7 +77,7 @@ sa/shunt_manager.c sa/shunt_manager.h \ sa/trap_manager.c sa/trap_manager.h \ sa/task.c sa/task.h -LOCAL_SRC_FILES += \ +libcharon_la_SOURCES += \ sa/ikev2/keymat_v2.c sa/ikev2/keymat_v2.h \ sa/ikev2/task_manager_v2.c sa/ikev2/task_manager_v2.h \ sa/ikev2/authenticators/eap_authenticator.c sa/ikev2/authenticators/eap_authenticator.h \ @@ -100,7 +100,7 @@ sa/ikev2/tasks/ike_reauth.c sa/ikev2/tasks/ike_reauth.h \ sa/ikev2/tasks/ike_auth_lifetime.c sa/ikev2/tasks/ike_auth_lifetime.h \ sa/ikev2/tasks/ike_vendor.c sa/ikev2/tasks/ike_vendor.h -LOCAL_SRC_FILES += \ +libcharon_la_SOURCES += \ sa/ikev1/keymat_v1.c sa/ikev1/keymat_v1.h \ sa/ikev1/task_manager_v1.c sa/ikev1/task_manager_v1.h \ sa/ikev1/authenticators/psk_v1_authenticator.c sa/ikev1/authenticators/psk_v1_authenticator.h \ @@ -123,11 +123,12 @@ sa/ikev1/tasks/mode_config.c sa/ikev1/tasks/mode_config.h \ processing/jobs/dpd_timeout_job.c processing/jobs/dpd_timeout_job.h \ processing/jobs/adopt_children_job.c processing/jobs/adopt_children_job.h +LOCAL_SRC_FILES := $(filter %.c,$(libcharon_la_SOURCES)) + # adding the plugin source files -LOCAL_SRC_FILES += $(call add_plugin, android) -ifneq ($(call plugin_enabled, android),) -LOCAL_C_INCLUDES += frameworks/base/cmds/keystore +LOCAL_SRC_FILES += $(call add_plugin, android-dns) +ifneq ($(call plugin_enabled, android-dns),) LOCAL_SHARED_LIBRARIES += libcutils endif diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 5203890ff..f0736c5ca 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -60,7 +60,7 @@ processing/jobs/start_action_job.c processing/jobs/start_action_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ -sa/eap/eap_method.c sa/eap/eap_method.h \ +sa/eap/eap_method.c sa/eap/eap_method.h sa/eap/eap_inner_method.h \ sa/eap/eap_manager.c sa/eap/eap_manager.h \ sa/xauth/xauth_method.c sa/xauth/xauth_method.h \ sa/xauth/xauth_manager.c sa/xauth/xauth_manager.h \ @@ -212,6 +212,13 @@ if MONOLITHIC endif endif +if USE_IPSECKEY + SUBDIRS += plugins/ipseckey +if MONOLITHIC + libcharon_la_LIBADD += plugins/ipseckey/libstrongswan-ipseckey.la +endif +endif + if USE_UPDOWN SUBDIRS += plugins/updown if MONOLITHIC @@ -450,10 +457,10 @@ if MONOLITHIC endif endif -if USE_ANDROID - SUBDIRS += plugins/android +if USE_ANDROID_DNS + SUBDIRS += plugins/android_dns if MONOLITHIC - libcharon_la_LIBADD += plugins/android/libstrongswan-android.la + libcharon_la_LIBADD += plugins/android_dns/libstrongswan-android-dns.la endif endif @@ -506,6 +513,13 @@ if MONOLITHIC endif endif +if USE_SYSTIME_FIX + SUBDIRS += plugins/systime_fix +if MONOLITHIC + libcharon_la_LIBADD += plugins/systime_fix/libstrongswan-systime-fix.la +endif +endif + if USE_LED SUBDIRS += plugins/led if MONOLITHIC @@ -582,3 +596,10 @@ if MONOLITHIC libcharon_la_LIBADD += plugins/xauth_pam/libstrongswan-xauth-pam.la endif endif + +if USE_XAUTH_NOAUTH + SUBDIRS += plugins/xauth_noauth +if MONOLITHIC + libcharon_la_LIBADD += plugins/xauth_noauth/libstrongswan-xauth-noauth.la +endif +endif diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 063bc6d11..e772528d1 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -104,108 +121,114 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_15 = plugins/smp/libstrongswan-smp.la @USE_SQL_TRUE@am__append_16 = plugins/sql @MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_17 = plugins/sql/libstrongswan-sql.la -@USE_UPDOWN_TRUE@am__append_18 = plugins/updown -@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_19 = plugins/updown/libstrongswan-updown.la -@USE_EAP_IDENTITY_TRUE@am__append_20 = plugins/eap_identity -@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_21 = plugins/eap_identity/libstrongswan-eap-identity.la -@USE_EAP_SIM_TRUE@am__append_22 = plugins/eap_sim -@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_23 = plugins/eap_sim/libstrongswan-eap-sim.la -@USE_EAP_SIM_FILE_TRUE@am__append_24 = plugins/eap_sim_file -@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_25 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la -@USE_EAP_SIM_PCSC_TRUE@am__append_26 = plugins/eap_sim_pcsc -@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_27 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la -@USE_EAP_SIMAKA_SQL_TRUE@am__append_28 = plugins/eap_simaka_sql -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_29 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_30 = plugins/eap_simaka_pseudonym -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_32 = plugins/eap_simaka_reauth -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la -@USE_EAP_AKA_TRUE@am__append_34 = plugins/eap_aka -@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_35 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_36 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_37 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_38 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_39 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_40 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_41 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_42 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_44 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_DYNAMIC_TRUE@am__append_45 = plugins/eap_dynamic -@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_46 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la -@USE_EAP_RADIUS_TRUE@am__append_47 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_48 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_49 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_50 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_51 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_52 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_PEAP_TRUE@am__append_53 = plugins/eap_peap -@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_54 = plugins/eap_peap/libstrongswan-eap-peap.la -@USE_EAP_TNC_TRUE@am__append_55 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_56 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_57 = $(top_builddir)/src/libtls/libtls.la -@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_58 = $(top_builddir)/src/libradius/libradius.la -@USE_TNC_IFMAP_TRUE@am__append_59 = plugins/tnc_ifmap -@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_60 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la -@USE_TNC_PDP_TRUE@am__append_61 = plugins/tnc_pdp -@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_62 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la -@USE_TNC_IMC_TRUE@am__append_63 = plugins/tnc_imc -@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_64 = plugins/tnc_imc/libstrongswan-tnc-imc.la -@USE_TNC_IMV_TRUE@am__append_65 = plugins/tnc_imv -@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_66 = plugins/tnc_imv/libstrongswan-tnc-imv.la -@USE_TNC_TNCCS_TRUE@am__append_67 = plugins/tnc_tnccs -@MONOLITHIC_TRUE@@USE_TNC_TNCCS_TRUE@am__append_68 = plugins/tnc_tnccs/libstrongswan-tnc-tnccs.la -@USE_TNCCS_11_TRUE@am__append_69 = plugins/tnccs_11 -@MONOLITHIC_TRUE@@USE_TNCCS_11_TRUE@am__append_70 = plugins/tnccs_11/libstrongswan-tnccs-11.la -@USE_TNCCS_20_TRUE@am__append_71 = plugins/tnccs_20 -@MONOLITHIC_TRUE@@USE_TNCCS_20_TRUE@am__append_72 = plugins/tnccs_20/libstrongswan-tnccs-20.la -@USE_TNCCS_DYNAMIC_TRUE@am__append_73 = plugins/tnccs_dynamic -@MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_74 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la -@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_75 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_77 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_78 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli/libstrongswan-medcli.la -@USE_DHCP_TRUE@am__append_80 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_81 = plugins/dhcp/libstrongswan-dhcp.la -@USE_ANDROID_TRUE@am__append_82 = plugins/android -@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_83 = plugins/android/libstrongswan-android.la -@USE_ANDROID_LOG_TRUE@am__append_84 = plugins/android_log -@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_85 = plugins/android_log/libstrongswan-android-log.la -@USE_MAEMO_TRUE@am__append_86 = plugins/maemo -@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_87 = plugins/maemo/libstrongswan-maemo.la -@USE_HA_TRUE@am__append_88 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_89 = plugins/ha/libstrongswan-ha.la -@USE_WHITELIST_TRUE@am__append_90 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_91 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_92 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_93 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_94 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_95 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_96 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_97 = plugins/certexpire/libstrongswan-certexpire.la -@USE_LED_TRUE@am__append_98 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_99 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_100 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_101 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_102 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_103 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_104 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_105 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_106 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_107 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_108 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_109 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_110 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_111 = plugins/unity/libstrongswan-unity.la -@USE_UNIT_TESTS_TRUE@am__append_112 = plugins/unit_tester -@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_113 = plugins/unit_tester/libstrongswan-unit-tester.la -@USE_XAUTH_GENERIC_TRUE@am__append_114 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_115 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_116 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_117 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_118 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_119 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_IPSECKEY_TRUE@am__append_18 = plugins/ipseckey +@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_19 = plugins/ipseckey/libstrongswan-ipseckey.la +@USE_UPDOWN_TRUE@am__append_20 = plugins/updown +@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_21 = plugins/updown/libstrongswan-updown.la +@USE_EAP_IDENTITY_TRUE@am__append_22 = plugins/eap_identity +@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_23 = plugins/eap_identity/libstrongswan-eap-identity.la +@USE_EAP_SIM_TRUE@am__append_24 = plugins/eap_sim +@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_25 = plugins/eap_sim/libstrongswan-eap-sim.la +@USE_EAP_SIM_FILE_TRUE@am__append_26 = plugins/eap_sim_file +@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_27 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la +@USE_EAP_SIM_PCSC_TRUE@am__append_28 = plugins/eap_sim_pcsc +@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_29 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la +@USE_EAP_SIMAKA_SQL_TRUE@am__append_30 = plugins/eap_simaka_sql +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_31 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = plugins/eap_simaka_pseudonym +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_33 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = plugins/eap_simaka_reauth +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_35 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +@USE_EAP_AKA_TRUE@am__append_36 = plugins/eap_aka +@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_37 = plugins/eap_aka/libstrongswan-eap-aka.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_38 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_39 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_40 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_41 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_42 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_43 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_44 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_45 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_46 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_DYNAMIC_TRUE@am__append_47 = plugins/eap_dynamic +@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_48 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la +@USE_EAP_RADIUS_TRUE@am__append_49 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_50 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_51 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_52 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_53 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_54 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_55 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_56 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_57 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_58 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_59 = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_60 = $(top_builddir)/src/libradius/libradius.la +@USE_TNC_IFMAP_TRUE@am__append_61 = plugins/tnc_ifmap +@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_62 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la +@USE_TNC_PDP_TRUE@am__append_63 = plugins/tnc_pdp +@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_64 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la +@USE_TNC_IMC_TRUE@am__append_65 = plugins/tnc_imc +@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_66 = plugins/tnc_imc/libstrongswan-tnc-imc.la +@USE_TNC_IMV_TRUE@am__append_67 = plugins/tnc_imv +@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_68 = plugins/tnc_imv/libstrongswan-tnc-imv.la +@USE_TNC_TNCCS_TRUE@am__append_69 = plugins/tnc_tnccs +@MONOLITHIC_TRUE@@USE_TNC_TNCCS_TRUE@am__append_70 = plugins/tnc_tnccs/libstrongswan-tnc-tnccs.la +@USE_TNCCS_11_TRUE@am__append_71 = plugins/tnccs_11 +@MONOLITHIC_TRUE@@USE_TNCCS_11_TRUE@am__append_72 = plugins/tnccs_11/libstrongswan-tnccs-11.la +@USE_TNCCS_20_TRUE@am__append_73 = plugins/tnccs_20 +@MONOLITHIC_TRUE@@USE_TNCCS_20_TRUE@am__append_74 = plugins/tnccs_20/libstrongswan-tnccs-20.la +@USE_TNCCS_DYNAMIC_TRUE@am__append_75 = plugins/tnccs_dynamic +@MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_76 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la +@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_77 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_MEDSRV_TRUE@am__append_78 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_79 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_80 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_81 = plugins/medcli/libstrongswan-medcli.la +@USE_DHCP_TRUE@am__append_82 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_83 = plugins/dhcp/libstrongswan-dhcp.la +@USE_ANDROID_DNS_TRUE@am__append_84 = plugins/android_dns +@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_85 = plugins/android_dns/libstrongswan-android-dns.la +@USE_ANDROID_LOG_TRUE@am__append_86 = plugins/android_log +@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_87 = plugins/android_log/libstrongswan-android-log.la +@USE_MAEMO_TRUE@am__append_88 = plugins/maemo +@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_89 = plugins/maemo/libstrongswan-maemo.la +@USE_HA_TRUE@am__append_90 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_91 = plugins/ha/libstrongswan-ha.la +@USE_WHITELIST_TRUE@am__append_92 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_93 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_94 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_95 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_96 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_97 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_98 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_99 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_100 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_101 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_102 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_103 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_104 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_105 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_106 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_107 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_108 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_109 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_110 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_111 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_112 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_113 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_114 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_115 = plugins/unity/libstrongswan-unity.la +@USE_UNIT_TESTS_TRUE@am__append_116 = plugins/unit_tester +@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_117 = plugins/unit_tester/libstrongswan-unit-tester.la +@USE_XAUTH_GENERIC_TRUE@am__append_118 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_119 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_120 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_121 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_122 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_123 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_124 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_125 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la subdir = src/libcharon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -261,21 +284,22 @@ libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_19) $(am__append_21) $(am__append_23) \ $(am__append_25) $(am__append_27) $(am__append_29) \ $(am__append_31) $(am__append_33) $(am__append_35) \ - $(am__append_37) $(am__append_38) $(am__append_40) \ + $(am__append_37) $(am__append_39) $(am__append_40) \ $(am__append_42) $(am__append_44) $(am__append_46) \ $(am__append_48) $(am__append_50) $(am__append_52) \ - $(am__append_54) $(am__append_56) $(am__append_57) \ - $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_59) $(am__append_60) $(am__append_62) \ $(am__append_64) $(am__append_66) $(am__append_68) \ $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_75) $(am__append_77) $(am__append_79) \ + $(am__append_76) $(am__append_77) $(am__append_79) \ $(am__append_81) $(am__append_83) $(am__append_85) \ $(am__append_87) $(am__append_89) $(am__append_91) \ $(am__append_93) $(am__append_95) $(am__append_97) \ $(am__append_99) $(am__append_101) $(am__append_103) \ $(am__append_105) $(am__append_107) $(am__append_109) \ $(am__append_111) $(am__append_113) $(am__append_115) \ - $(am__append_117) $(am__append_119) + $(am__append_117) $(am__append_119) $(am__append_121) \ + $(am__append_123) $(am__append_125) am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ bus/listeners/listener.h bus/listeners/logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ @@ -358,7 +382,8 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h sa/eap/eap_method.c \ - sa/eap/eap_method.h sa/eap/eap_manager.c sa/eap/eap_manager.h \ + sa/eap/eap_method.h sa/eap/eap_inner_method.h \ + sa/eap/eap_manager.c sa/eap/eap_manager.h \ sa/xauth/xauth_method.c sa/xauth/xauth_method.h \ sa/xauth/xauth_manager.c sa/xauth/xauth_manager.h \ sa/authenticator.c sa/authenticator.h sa/child_sa.c \ @@ -496,6 +521,11 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ @@ -505,23 +535,24 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/socket_dynamic plugins/farp plugins/stroke plugins/smp \ - plugins/sql plugins/updown plugins/eap_identity \ - plugins/eap_sim plugins/eap_sim_file plugins/eap_sim_pcsc \ - plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ - plugins/eap_simaka_reauth plugins/eap_aka \ - plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ - plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \ - plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ - plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \ - plugins/tnc_imc plugins/tnc_imv plugins/tnc_tnccs \ - plugins/tnccs_11 plugins/tnccs_20 plugins/tnccs_dynamic \ - plugins/medsrv plugins/medcli plugins/dhcp plugins/android \ - plugins/android_log plugins/maemo plugins/ha plugins/whitelist \ - plugins/lookip plugins/error_notify plugins/certexpire \ + plugins/sql plugins/ipseckey plugins/updown \ + plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \ + plugins/eap_sim_pcsc plugins/eap_simaka_sql \ + plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ + plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \ + plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_dynamic \ + plugins/eap_radius plugins/eap_tls plugins/eap_ttls \ + plugins/eap_peap plugins/eap_tnc plugins/tnc_ifmap \ + plugins/tnc_pdp plugins/tnc_imc plugins/tnc_imv \ + plugins/tnc_tnccs plugins/tnccs_11 plugins/tnccs_20 \ + plugins/tnccs_dynamic plugins/medsrv plugins/medcli \ + plugins/dhcp plugins/android_dns plugins/android_log \ + plugins/maemo plugins/ha plugins/whitelist plugins/lookip \ + plugins/error_notify plugins/certexpire plugins/systime_fix \ plugins/led plugins/duplicheck plugins/coupling \ plugins/radattr plugins/uci plugins/addrblock plugins/unity \ plugins/unit_tester plugins/xauth_generic plugins/xauth_eap \ - plugins/xauth_pam + plugins/xauth_pam plugins/xauth_noauth DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -561,6 +592,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -577,6 +610,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -645,8 +679,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -702,7 +734,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -818,7 +849,8 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h sa/eap/eap_method.c \ - sa/eap/eap_method.h sa/eap/eap_manager.c sa/eap/eap_manager.h \ + sa/eap/eap_method.h sa/eap/eap_inner_method.h \ + sa/eap/eap_manager.c sa/eap/eap_manager.h \ sa/xauth/xauth_method.c sa/xauth/xauth_method.h \ sa/xauth/xauth_manager.c sa/xauth/xauth_manager.h \ sa/authenticator.c sa/authenticator.h sa/child_sa.c \ @@ -844,21 +876,22 @@ libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \ $(am__append_17) $(am__append_19) $(am__append_21) \ $(am__append_23) $(am__append_25) $(am__append_27) \ $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_38) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ $(am__append_40) $(am__append_42) $(am__append_44) \ $(am__append_46) $(am__append_48) $(am__append_50) \ $(am__append_52) $(am__append_54) $(am__append_56) \ - $(am__append_57) $(am__append_58) $(am__append_60) \ + $(am__append_58) $(am__append_59) $(am__append_60) \ $(am__append_62) $(am__append_64) $(am__append_66) \ $(am__append_68) $(am__append_70) $(am__append_72) \ - $(am__append_74) $(am__append_75) $(am__append_77) \ + $(am__append_74) $(am__append_76) $(am__append_77) \ $(am__append_79) $(am__append_81) $(am__append_83) \ $(am__append_85) $(am__append_87) $(am__append_89) \ $(am__append_91) $(am__append_93) $(am__append_95) \ $(am__append_97) $(am__append_99) $(am__append_101) \ $(am__append_103) $(am__append_105) $(am__append_107) \ $(am__append_109) $(am__append_111) $(am__append_113) \ - $(am__append_115) $(am__append_117) $(am__append_119) + $(am__append_115) $(am__append_117) $(am__append_119) \ + $(am__append_121) $(am__append_123) $(am__append_125) EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_4) $(am__append_6) \ @MONOLITHIC_FALSE@ $(am__append_8) $(am__append_10) \ @@ -868,16 +901,16 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_24) $(am__append_26) \ @MONOLITHIC_FALSE@ $(am__append_28) $(am__append_30) \ @MONOLITHIC_FALSE@ $(am__append_32) $(am__append_34) \ -@MONOLITHIC_FALSE@ $(am__append_36) $(am__append_39) \ +@MONOLITHIC_FALSE@ $(am__append_36) $(am__append_38) \ @MONOLITHIC_FALSE@ $(am__append_41) $(am__append_43) \ @MONOLITHIC_FALSE@ $(am__append_45) $(am__append_47) \ @MONOLITHIC_FALSE@ $(am__append_49) $(am__append_51) \ @MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \ -@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ +@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_FALSE@ $(am__append_76) $(am__append_78) \ +@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_78) \ @MONOLITHIC_FALSE@ $(am__append_80) $(am__append_82) \ @MONOLITHIC_FALSE@ $(am__append_84) $(am__append_86) \ @MONOLITHIC_FALSE@ $(am__append_88) $(am__append_90) \ @@ -887,7 +920,9 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_104) $(am__append_106) \ @MONOLITHIC_FALSE@ $(am__append_108) $(am__append_110) \ @MONOLITHIC_FALSE@ $(am__append_112) $(am__append_114) \ -@MONOLITHIC_FALSE@ $(am__append_116) $(am__append_118) +@MONOLITHIC_FALSE@ $(am__append_116) $(am__append_118) \ +@MONOLITHIC_FALSE@ $(am__append_120) $(am__append_122) \ +@MONOLITHIC_FALSE@ $(am__append_124) # build optional plugins ######################## @@ -899,16 +934,16 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_24) $(am__append_26) \ @MONOLITHIC_TRUE@ $(am__append_28) $(am__append_30) \ @MONOLITHIC_TRUE@ $(am__append_32) $(am__append_34) \ -@MONOLITHIC_TRUE@ $(am__append_36) $(am__append_39) \ +@MONOLITHIC_TRUE@ $(am__append_36) $(am__append_38) \ @MONOLITHIC_TRUE@ $(am__append_41) $(am__append_43) \ @MONOLITHIC_TRUE@ $(am__append_45) $(am__append_47) \ @MONOLITHIC_TRUE@ $(am__append_49) $(am__append_51) \ @MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \ -@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ +@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_TRUE@ $(am__append_76) $(am__append_78) \ +@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_78) \ @MONOLITHIC_TRUE@ $(am__append_80) $(am__append_82) \ @MONOLITHIC_TRUE@ $(am__append_84) $(am__append_86) \ @MONOLITHIC_TRUE@ $(am__append_88) $(am__append_90) \ @@ -918,7 +953,9 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_104) $(am__append_106) \ @MONOLITHIC_TRUE@ $(am__append_108) $(am__append_110) \ @MONOLITHIC_TRUE@ $(am__append_112) $(am__append_114) \ -@MONOLITHIC_TRUE@ $(am__append_116) $(am__append_118) +@MONOLITHIC_TRUE@ $(am__append_116) $(am__append_118) \ +@MONOLITHIC_TRUE@ $(am__append_120) $(am__append_122) \ +@MONOLITHIC_TRUE@ $(am__append_124) all: all-recursive .SUFFIXES: @@ -955,7 +992,6 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__aclocal_m4_deps): install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(ipseclibdir)" || $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -963,6 +999,8 @@ install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ } @@ -2141,13 +2179,10 @@ distdir: $(DISTFILES) done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 4645bbde6..18d57bce1 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -103,7 +103,7 @@ enum alert_t { ALERT_PARSE_ERROR_BODY, /** sending a retransmit for a message, argument is packet_t */ ALERT_RETRANSMIT_SEND, - /** sending retransmits timed out, argument is packet_t */ + /** sending retransmits timed out, argument is packet_t, if available */ ALERT_RETRANSMIT_SEND_TIMEOUT, /** received a retransmit for a message, argument is message_t */ ALERT_RETRANSMIT_RECEIVE, @@ -130,6 +130,8 @@ enum alert_t { ALERT_VIP_FAILURE, /** an authorize() hook failed, no argument */ ALERT_AUTHORIZATION_FAILED, + /** IKE_SA hit the hard lifetime limit before it could be rekeyed */ + ALERT_IKE_SA_EXPIRED, }; /** diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 5e5fbba42..54a054e40 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -95,6 +95,11 @@ struct private_ike_cfg_t { fragmentation_t fragmentation; /** + * DSCP value to use on sent IKE packets + */ + u_int8_t dscp; + + /** * List of proposals to use */ linked_list_t *proposals; @@ -156,6 +161,12 @@ METHOD(ike_cfg_t, get_other_port, u_int16_t, return this->other_port; } +METHOD(ike_cfg_t, get_dscp, u_int8_t, + private_ike_cfg_t *this) +{ + return this->dscp; +} + METHOD(ike_cfg_t, add_proposal, void, private_ike_cfg_t *this, proposal_t *proposal) { @@ -312,7 +323,7 @@ METHOD(ike_cfg_t, destroy, void, ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, char *other, bool other_allow_any, u_int16_t other_port, - fragmentation_t fragmentation) + fragmentation_t fragmentation, u_int8_t dscp) { private_ike_cfg_t *this; @@ -326,6 +337,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, .get_other_addr = _get_other_addr, .get_my_port = _get_my_port, .get_other_port = _get_other_port, + .get_dscp = _get_dscp, .add_proposal = _add_proposal, .get_proposals = _get_proposals, .select_proposal = _select_proposal, @@ -345,6 +357,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, .other_allow_any = other_allow_any, .my_port = my_port, .other_port = other_port, + .dscp = dscp, .proposals = linked_list_create(), ); diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 5a7fae1e9..719ceb9dd 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -108,6 +108,13 @@ struct ike_cfg_t { u_int16_t (*get_other_port)(ike_cfg_t *this); /** + * Get the DSCP value to use for IKE packets send from connections. + * + * @return DSCP value + */ + u_int8_t (*get_dscp)(ike_cfg_t *this); + + /** * Adds a proposal to the list. * * The first added proposal has the highest priority, the last @@ -205,11 +212,12 @@ struct ike_cfg_t { * @param other_allow_any allow override of remote address by any address * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating * @param fragmentation use IKEv1 fragmentation + * @param dscp DSCP value to send IKE packets with * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, char *me, bool my_allow_any, u_int16_t my_port, char *other, bool other_allow_any, u_int16_t other_port, - fragmentation_t fragmentation); + fragmentation_t fragmentation, u_int8_t dscp); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 77d73dba9..0ee99c4b7 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -363,7 +363,10 @@ METHOD(job_t, initiate_execute, job_requeue_t, if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS) { - listener->status = SUCCESS; + if (!listener->logger.callback) + { + listener->status = SUCCESS; + } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } else @@ -454,7 +457,10 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, } else { - listener->status = SUCCESS; + if (!listener->logger.callback) + { + listener->status = SUCCESS; + } charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); } @@ -561,7 +567,10 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa), child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME) { - listener->status = SUCCESS; + if (!listener->logger.callback) + { + listener->status = SUCCESS; + } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } else @@ -657,4 +666,3 @@ controller_t *controller_create(void) return &this->public; } - diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 28fdda735..749c326a5 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -62,7 +62,7 @@ /** * Max number of NAT-D payloads per IKEv1 message */ -#define MAX_NAT_D_PAYLOADS 5 +#define MAX_NAT_D_PAYLOADS 10 /** * A payload rule defines the rules for a payload @@ -151,7 +151,7 @@ static payload_rule_t ike_sa_init_r_rules[] = { {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, {NONCE, 1, 1, FALSE, FALSE}, - {CERTIFICATE_REQUEST, 0, 1, FALSE, FALSE}, + {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; @@ -181,7 +181,7 @@ static payload_rule_t ike_auth_i_rules[] = { {AUTHENTICATION, 0, 1, TRUE, TRUE}, {ID_INITIATOR, 0, 1, TRUE, FALSE}, {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE}, + {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, TRUE, FALSE}, {ID_RESPONDER, 0, 1, TRUE, FALSE}, #ifdef ME {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index d168e1c12..f7a13d728 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_ "ME_CONNECT_FAILED"); ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_NOTIFY_STATUS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -108,8 +108,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, "IPSEC_REPLAY_COUNTER_SYNC", "SECURE PASSWORD_METHOD", "PSK_PERSIST", - "PSK_CONFIRM"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM, + "PSK_CONFIRM", + "ERX_SUPPORTED"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -170,7 +171,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S "ME_CONN_FAIL"); ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_STATUS"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -213,8 +214,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATU "RPL_CTR_SYN", "SEC_PASSWD", "PSK_PST", - "PSK_CFM"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM, + "PSK_CFM", + "ERX_SUP"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 498c659b1..847fddc69 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -140,9 +140,11 @@ enum notify_type_t { IPSEC_REPLAY_COUNTER_SYNC = 16423, /* Secure password methods, RFC 6467 */ SECURE_PASSWORD_METHOD = 16424, - /* PACE - draft-kuegler-ipsecme-pace-ikev2 */ + /* PACE, RFC 6631 */ PSK_PERSIST = 16425, PSK_CONFIRM = 16426, + /* EAP Re-authentication Extension, RFC 6867 */ + ERX_SUPPORTED = 16427, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 15f791b95..334823db9 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -114,7 +114,11 @@ METHOD(payload_t, verify, status_t, { if (this->start_port > this->end_port) { - return FAILED; + /* OPAQUE ports are the only exception */ + if (this->start_port != 0xffff && this->end_port != 0) + { + return FAILED; + } } switch (this->ts_type) { diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index f683cf818..6b2c2bf5b 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this, this->last_cookie = now; return TRUE; } - if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY) + if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY) { /* We don't disable cookies unless we haven't seen IKE_SA_INITs * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 5bc6d1ec3..52cd6186e 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_addrblock_la_SOURCES) DIST_SOURCES = $(libstrongswan_addrblock_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -356,7 +378,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -364,6 +385,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/android/Makefile.am b/src/libcharon/plugins/android/Makefile.am deleted file mode 100644 index b10cd9527..000000000 --- a/src/libcharon/plugins/android/Makefile.am +++ /dev/null @@ -1,20 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon - -AM_CFLAGS = -rdynamic - -if MONOLITHIC -noinst_LTLIBRARIES = libstrongswan-android.la -else -plugin_LTLIBRARIES = libstrongswan-android.la -endif - -libstrongswan_android_la_SOURCES = \ - android_plugin.c android_plugin.h \ - android_service.c android_service.h \ - android_handler.c android_handler.h \ - android_creds.c android_creds.h - -libstrongswan_android_la_LDFLAGS = -module -avoid-version -libstrongswan_android_la_LIBADD = -lcutils diff --git a/src/libcharon/plugins/android/android_creds.c b/src/libcharon/plugins/android/android_creds.c deleted file mode 100644 index 601c91e7b..000000000 --- a/src/libcharon/plugins/android/android_creds.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <keystore_get.h> - -#include "android_creds.h" - -#include <daemon.h> -#include <threading/rwlock.h> - -typedef struct private_android_creds_t private_android_creds_t; - -/** - * Private data of an android_creds_t object - */ -struct private_android_creds_t { - - /** - * Public interface - */ - android_creds_t public; - - /** - * List of trusted certificates, certificate_t* - */ - linked_list_t *certs; - - /** - * User name (ID) - */ - identification_t *user; - - /** - * User password - */ - char *pass; - - /** - * read/write lock - */ - rwlock_t *lock; - -}; - -/** - * Certificate enumerator data - */ -typedef struct { - private_android_creds_t *this; - key_type_t key; - identification_t *id; -} cert_data_t; - -/** - * Filter function for certificates enumerator - */ -static bool cert_filter(cert_data_t *data, certificate_t **in, - certificate_t **out) -{ - certificate_t *cert = *in; - public_key_t *public; - - public = cert->get_public_key(cert); - if (!public) - { - return FALSE; - } - if (data->key != KEY_ANY && public->get_type(public) != data->key) - { - public->destroy(public); - return FALSE; - } - if (data->id && data->id->get_type(data->id) == ID_KEY_ID && - public->has_fingerprint(public, data->id->get_encoding(data->id))) - { - public->destroy(public); - *out = cert; - return TRUE; - } - public->destroy(public); - if (data->id && !cert->has_subject(cert, data->id)) - { - return FALSE; - } - *out = cert; - return TRUE; -} - -/** - * Destroy certificate enumerator data - */ -static void cert_data_destroy(cert_data_t *this) -{ - this->this->lock->unlock(this->this->lock); - free(this); -} - -METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, - private_android_creds_t *this, certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) -{ - if (cert == CERT_X509 || cert == CERT_ANY) - { - cert_data_t *data; - this->lock->read_lock(this->lock); - INIT(data, .this = this, .id = id, .key = key); - return enumerator_create_filter( - this->certs->create_enumerator(this->certs), - (void*)cert_filter, data, (void*)cert_data_destroy); - } - return NULL; -} - -/** - * Shared key enumerator implementation - */ -typedef struct { - enumerator_t public; - private_android_creds_t *this; - shared_key_t *key; - bool done; -} shared_enumerator_t; - -METHOD(enumerator_t, shared_enumerate, bool, - shared_enumerator_t *this, shared_key_t **key, id_match_t *me, - id_match_t *other) -{ - if (this->done) - { - return FALSE; - } - *key = this->key; - *me = ID_MATCH_PERFECT; - *other = ID_MATCH_ANY; - this->done = TRUE; - return TRUE; -} - -METHOD(enumerator_t, shared_destroy, void, - shared_enumerator_t *this) -{ - this->key->destroy(this->key); - this->this->lock->unlock(this->this->lock); - free(this); -} - -METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, - private_android_creds_t *this, shared_key_type_t type, - identification_t *me, identification_t *other) -{ - shared_enumerator_t *enumerator; - - this->lock->read_lock(this->lock); - - if (!this->user || !this->pass) - { - this->lock->unlock(this->lock); - return NULL; - } - if (type != SHARED_EAP && type != SHARED_IKE) - { - this->lock->unlock(this->lock); - return NULL; - } - if (me && !me->equals(me, this->user)) - { - this->lock->unlock(this->lock); - return NULL; - } - - INIT(enumerator, - .public = { - .enumerate = (void*)_shared_enumerate, - .destroy = _shared_destroy, - }, - .this = this, - .done = FALSE, - .key = shared_key_create(type, chunk_clone(chunk_create(this->pass, - strlen(this->pass)))), - ); - return &enumerator->public; -} - -METHOD(android_creds_t, add_certificate, bool, - private_android_creds_t *this, char *name) -{ - certificate_t *cert = NULL; - bool status = FALSE; - chunk_t chunk; -#ifdef KEYSTORE_MESSAGE_SIZE - /* most current interface, the eclair interface (without key length) is - * currently not supported */ - char value[KEYSTORE_MESSAGE_SIZE]; - chunk.ptr = value; - chunk.len = keystore_get(name, strlen(name), chunk.ptr); - if (chunk.len > 0) -#else - /* 1.6 interface, allocates memory */ - chunk.ptr = keystore_get(name, &chunk.len); - if (chunk.ptr) -#endif /* KEYSTORE_MESSAGE_SIZE */ - { - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_PEM, chunk, BUILD_END); - if (cert) - { - this->lock->write_lock(this->lock); - this->certs->insert_last(this->certs, cert); - this->lock->unlock(this->lock); - status = TRUE; - } -#ifndef KEYSTORE_MESSAGE_SIZE - free(chunk.ptr); -#endif /* KEYSTORE_MESSAGE_SIZE */ - } - return status; -} - -METHOD(android_creds_t, set_username_password, void, - private_android_creds_t *this, identification_t *id, char *password) -{ - this->lock->write_lock(this->lock); - DESTROY_IF(this->user); - this->user = id->clone(id); - free(this->pass); - this->pass = strdupnull(password); - this->lock->unlock(this->lock); -} - -METHOD(android_creds_t, clear, void, - private_android_creds_t *this) -{ - certificate_t *cert; - this->lock->write_lock(this->lock); - while (this->certs->remove_last(this->certs, (void**)&cert) == SUCCESS) - { - cert->destroy(cert); - } - DESTROY_IF(this->user); - free(this->pass); - this->user = NULL; - this->pass = NULL; - this->lock->unlock(this->lock); -} - -METHOD(android_creds_t, destroy, void, - private_android_creds_t *this) -{ - clear(this); - this->certs->destroy(this->certs); - this->lock->destroy(this->lock); - free(this); -} - -/** - * Described in header. - */ -android_creds_t *android_creds_create() -{ - private_android_creds_t *this; - - INIT(this, - .public = { - .set = { - .create_cert_enumerator = _create_cert_enumerator, - .create_shared_enumerator = _create_shared_enumerator, - .create_private_enumerator = (void*)return_null, - .create_cdp_enumerator = (void*)return_null, - .cache_cert = (void*)nop, - }, - .add_certificate = _add_certificate, - .set_username_password = _set_username_password, - .clear = _clear, - .destroy = _destroy, - }, - .certs = linked_list_create(), - .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), - ); - - return &this->public; -} - diff --git a/src/libcharon/plugins/android/android_creds.h b/src/libcharon/plugins/android/android_creds.h deleted file mode 100644 index 0f7b8e0ea..000000000 --- a/src/libcharon/plugins/android/android_creds.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup android_creds android_creds - * @{ @ingroup android - */ - -#ifndef ANDROID_CREDS_H_ -#define ANDROID_CREDS_H_ - -#include <credentials/credential_set.h> - -typedef struct android_creds_t android_creds_t; - -/** - * Android credentials helper. - */ -struct android_creds_t { - - /** - * Implements credential_set_t - */ - credential_set_t set; - - /** - * Add a trusted CA certificate from the Android keystore to serve by - * this set. - * - * @param name name/ID of the certificate in the keystore - * @return FALSE if the certificate does not exist or is invalid - */ - bool (*add_certificate)(android_creds_t *this, char *name); - - /** - * Set the username and password for authentication. - * - * @param id ID of the user - * @param password password to use for authentication - */ - void (*set_username_password)(android_creds_t *this, identification_t *id, - char *password); - - /** - * Clear the stored credentials. - */ - void (*clear)(android_creds_t *this); - - /** - * Destroy a android_creds instance. - */ - void (*destroy)(android_creds_t *this); - -}; - -/** - * Create an android_creds instance. - */ -android_creds_t *android_creds_create(); - -#endif /** ANDROID_CREDS_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c deleted file mode 100644 index 6af35e5df..000000000 --- a/src/libcharon/plugins/android/android_service.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <unistd.h> -#include <cutils/sockets.h> -#include <cutils/properties.h> -#include <signal.h> - -#include "android_service.h" - -#include <daemon.h> -#include <threading/thread.h> -#include <processing/jobs/callback_job.h> - -typedef struct private_android_service_t private_android_service_t; - -/** - * private data of Android service - */ -struct private_android_service_t { - - /** - * public interface - */ - android_service_t public; - - /** - * current IKE_SA - */ - ike_sa_t *ike_sa; - - /** - * android credentials - */ - android_creds_t *creds; - - /** - * android control socket - */ - int control; - -}; - -/** - * Some of the error codes defined in VpnManager.java - */ -typedef enum { - /** Error code to indicate an error from authentication. */ - VPN_ERROR_AUTH = 51, - /** Error code to indicate the connection attempt failed. */ - VPN_ERROR_CONNECTION_FAILED = 101, - /** Error code to indicate an error of remote server hanging up. */ - VPN_ERROR_REMOTE_HUNG_UP = 7, - /** Error code to indicate an error of losing connectivity. */ - VPN_ERROR_CONNECTION_LOST = 103, -} android_vpn_errors_t; - -/** - * send a status code back to the Android app - */ -static void send_status(private_android_service_t *this, u_char code) -{ - DBG1(DBG_CFG, "status of Android plugin changed: %d", code); - send(this->control, &code, 1, 0); -} - -METHOD(listener_t, ike_updown, bool, - private_android_service_t *this, ike_sa_t *ike_sa, bool up) -{ - /* this callback is only registered during initiation, so if the IKE_SA - * goes down we assume an authentication error */ - if (this->ike_sa == ike_sa && !up) - { - send_status(this, VPN_ERROR_AUTH); - return FALSE; - } - return TRUE; -} - -METHOD(listener_t, child_state_change, bool, - private_android_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, - child_sa_state_t state) -{ - /* this callback is only registered during initiation, so we still have - * the control socket open */ - if (this->ike_sa == ike_sa && state == CHILD_DESTROYING) - { - send_status(this, VPN_ERROR_CONNECTION_FAILED); - return FALSE; - } - return TRUE; -} - -/** - * Callback used to shutdown the daemon - */ -static job_requeue_t shutdown_callback(void *data) -{ - kill(0, SIGTERM); - return JOB_REQUEUE_NONE; -} - -METHOD(listener_t, child_updown, bool, - private_android_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, - bool up) -{ - if (this->ike_sa == ike_sa) - { - if (up) - { - /* disable the hooks registered to catch initiation failures */ - this->public.listener.ike_updown = NULL; - this->public.listener.child_state_change = NULL; - property_set("vpn.status", "ok"); - } - else - { - callback_job_t *job; - /* the control socket is closed as soon as vpn.status is set to "ok" - * and the daemon proxy then only checks for terminated daemons to - * detect lost connections, so... */ - DBG1(DBG_CFG, "connection lost, raising delayed SIGTERM"); - /* to avoid any conflicts we send the SIGTERM not directly from this - * callback, but from a different thread. we also delay it to avoid - * a race condition during a regular shutdown */ - job = callback_job_create(shutdown_callback, NULL, NULL, NULL); - lib->scheduler->schedule_job(lib->scheduler, (job_t*)job, 1); - return FALSE; - } - } - return TRUE; -} - -METHOD(listener_t, ike_rekey, bool, - private_android_service_t *this, ike_sa_t *old, ike_sa_t *new) -{ - if (this->ike_sa == old) - { - this->ike_sa = new; - } - return TRUE; -} - -/** - * Read a string argument from the Android control socket - */ -static char *read_argument(int fd, u_char length) -{ - int offset = 0; - char *data = malloc(length + 1); - while (offset < length) - { - int n = recv(fd, &data[offset], length - offset, 0); - if (n < 0) - { - DBG1(DBG_CFG, "failed to read argument from Android" - " control socket: %s", strerror(errno)); - free(data); - return NULL; - } - offset += n; - } - data[length] = '\0'; - DBG3(DBG_CFG, "received argument from Android control socket: %s", data); - return data; -} - -/** - * handle the request received from the Android control socket - */ -static job_requeue_t initiate(private_android_service_t *this) -{ - bool oldstate; - int fd, i = 0; - char *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL; - identification_t *gateway = NULL, *user = NULL; - ike_cfg_t *ike_cfg; - peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg; - traffic_selector_t *ts; - ike_sa_t *ike_sa; - auth_cfg_t *auth; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800, /* 3h */ - .rekey = 10200, /* 2h50min */ - .jitter = 300 /* 5min */ - } - }; - - fd = accept(this->control, NULL, 0); - if (fd < 0) - { - DBG1(DBG_CFG, "accept on Android control socket failed: %s", - strerror(errno)); - return JOB_REQUEUE_NONE; - } - /* the original control socket is not used anymore */ - close(this->control); - this->control = fd; - - while (TRUE) - { - u_char length; - if (recv(fd, &length, 1, 0) != 1) - { - DBG1(DBG_CFG, "failed to read from Android control socket: %s", - strerror(errno)); - return JOB_REQUEUE_NONE; - } - - if (length == 0xFF) - { /* last argument */ - break; - } - else - { - switch (i++) - { - case 0: /* gateway */ - hostname = read_argument(fd, length); - break; - case 1: /* CA certificate name */ - cacert = read_argument(fd, length); - break; - case 2: /* username */ - username = read_argument(fd, length); - break; - case 3: /* password */ - password = read_argument(fd, length); - break; - } - } - } - - if (cacert) - { - if (!this->creds->add_certificate(this->creds, cacert)) - { - DBG1(DBG_CFG, "failed to load CA certificate"); - } - /* if this is a server cert we could use the cert subject as id - * but we have to test first if that possible to configure */ - } - - gateway = identification_create_from_string(hostname); - DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway); - - if (username) - { - user = identification_create_from_string(username); - this->creds->set_username_password(this->creds, user, password); - } - - ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE, - charon->socket->get_port(charon->socket, FALSE), - hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); - - peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED, - UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, /* mobike, aggressive */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ - peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); - - auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - auth->add(auth, AUTH_RULE_IDENTITY, user); - peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); - auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); - auth->add(auth, AUTH_RULE_IDENTITY, gateway); - peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - - child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); - ts = traffic_selector_create_dynamic(0, 0, 65535); - child_cfg->add_traffic_selector(child_cfg, TRUE, ts); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", - 0, "255.255.255.255", 65535); - child_cfg->add_traffic_selector(child_cfg, FALSE, ts); - peer_cfg->add_child_cfg(peer_cfg, child_cfg); - - /* get us an IKE_SA */ - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, - peer_cfg); - if (!ike_sa) - { - peer_cfg->destroy(peer_cfg); - send_status(this, VPN_ERROR_CONNECTION_FAILED); - return JOB_REQUEUE_NONE; - } - - if (!ike_sa->get_peer_cfg(ike_sa)) - { - ike_sa->set_peer_cfg(ike_sa, peer_cfg); - } - peer_cfg->destroy(peer_cfg); - - /* store the IKE_SA so we can track its progress */ - this->ike_sa = ike_sa; - - /* confirm that we received the request */ - send_status(this, i); - - /* get an additional reference because initiate consumes one */ - child_cfg->get_ref(child_cfg); - if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) - { - DBG1(DBG_CFG, "failed to initiate tunnel"); - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, - ike_sa); - send_status(this, VPN_ERROR_CONNECTION_FAILED); - return JOB_REQUEUE_NONE; - } - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - return JOB_REQUEUE_NONE; -} - -METHOD(android_service_t, destroy, void, - private_android_service_t *this) -{ - charon->bus->remove_listener(charon->bus, &this->public.listener); - close(this->control); - free(this); -} - -/** - * See header - */ -android_service_t *android_service_create(android_creds_t *creds) -{ - private_android_service_t *this; - - INIT(this, - .public = { - .listener = { - .ike_updown = _ike_updown, - .child_state_change = _child_state_change, - .child_updown = _child_updown, - .ike_rekey = _ike_rekey, - }, - .destroy = _destroy, - }, - .creds = creds, - ); - - this->control = android_get_control_socket("charon"); - if (this->control == -1) - { - DBG1(DBG_CFG, "failed to get Android control socket"); - free(this); - return NULL; - } - - if (listen(this->control, 1) < 0) - { - DBG1(DBG_CFG, "failed to listen on Android control socket: %s", - strerror(errno)); - close(this->control); - free(this); - return NULL; - } - - charon->bus->add_listener(charon->bus, &this->public.listener); - lib->processor->queue_job(lib->processor, - (job_t*)callback_job_create((callback_job_cb_t)initiate, this, - NULL, NULL)); - - return &this->public; -} - diff --git a/src/libcharon/plugins/android/android_service.h b/src/libcharon/plugins/android/android_service.h deleted file mode 100644 index d096d6cd5..000000000 --- a/src/libcharon/plugins/android/android_service.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup android_service android_service - * @{ @ingroup android - */ - -#ifndef ANDROID_SERVICE_H_ -#define ANDROID_SERVICE_H_ - -typedef struct android_service_t android_service_t; - -#include <bus/listeners/listener.h> - -#include "android_creds.h" - -/** - * Service that interacts with the Android Settings frontend. - */ -struct android_service_t { - - /** - * Implements listener_t. - */ - listener_t listener; - - /** - * Destroy a android_service_t. - */ - void (*destroy)(android_service_t *this); - -}; - -/** - * Create an Android service instance. - * - * @param creds Android credentials - */ -android_service_t *android_service_create(android_creds_t *creds); - -#endif /** ANDROID_SERVICE_H_ @}*/ diff --git a/src/libcharon/plugins/android_dns/Makefile.am b/src/libcharon/plugins/android_dns/Makefile.am new file mode 100644 index 000000000..0d25f11d7 --- /dev/null +++ b/src/libcharon/plugins/android_dns/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-android-dns.la +else +plugin_LTLIBRARIES = libstrongswan-android-dns.la +endif + +libstrongswan_android_dns_la_SOURCES = \ + android_dns_plugin.c android_dns_plugin.h \ + android_dns_handler.c android_dns_handler.h + +libstrongswan_android_dns_la_LDFLAGS = -module -avoid-version +libstrongswan_android_dns_la_LIBADD = -lcutils
\ No newline at end of file diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in new file mode 100644 index 000000000..4a76714d2 --- /dev/null +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -0,0 +1,660 @@ +# Makefile.in generated by automake 1.11.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/android_dns +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_android_dns_la_DEPENDENCIES = +am_libstrongswan_android_dns_la_OBJECTS = android_dns_plugin.lo \ + android_dns_handler.lo +libstrongswan_android_dns_la_OBJECTS = \ + $(am_libstrongswan_android_dns_la_OBJECTS) +libstrongswan_android_dns_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_android_dns_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_android_dns_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_android_dns_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_android_dns_la_SOURCES) +DIST_SOURCES = $(libstrongswan_android_dns_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-android-dns.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-android-dns.la +libstrongswan_android_dns_la_SOURCES = \ + android_dns_plugin.c android_dns_plugin.h \ + android_dns_handler.c android_dns_handler.h + +libstrongswan_android_dns_la_LDFLAGS = -module -avoid-version +libstrongswan_android_dns_la_LIBADD = -lcutils +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-android-dns.la: $(libstrongswan_android_dns_la_OBJECTS) $(libstrongswan_android_dns_la_DEPENDENCIES) $(EXTRA_libstrongswan_android_dns_la_DEPENDENCIES) + $(libstrongswan_android_dns_la_LINK) $(am_libstrongswan_android_dns_la_rpath) $(libstrongswan_android_dns_la_OBJECTS) $(libstrongswan_android_dns_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_dns_handler.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_dns_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/android/android_handler.c b/src/libcharon/plugins/android_dns/android_dns_handler.c index 29dbbbfd0..526810355 100644 --- a/src/libcharon/plugins/android/android_handler.c +++ b/src/libcharon/plugins/android_dns/android_dns_handler.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2011 Tobias Brunner + * Copyright (C) 2010-2013 Tobias Brunner * Copyright (C) 2010 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -14,41 +14,35 @@ * for more details. */ -#include "android_handler.h" +#include "android_dns_handler.h" #include <networking/host.h> #include <collections/linked_list.h> #include <cutils/properties.h> -typedef struct private_android_handler_t private_android_handler_t; +typedef struct private_android_dns_handler_t private_android_dns_handler_t; /** - * Private data of an android_handler_t object. + * Private data of an android_dns_handler_t object. */ -struct private_android_handler_t { +struct private_android_dns_handler_t { /** - * Public android_handler_t interface. + * Public interface */ - android_handler_t public; + android_dns_handler_t public; /** * List of registered DNS servers */ linked_list_t *dns; - - /** - * Whether the VPN frontend is used - */ - bool frontend; }; /** - * Prefixes to be used when installing DNS servers + * Prefix to be used when installing DNS servers */ #define DNS_PREFIX_DEFAULT "net" -#define DNS_PREFIX_FRONTEND "vpn" /** * Struct to store a pair of old and installed DNS servers @@ -63,7 +57,7 @@ typedef struct { /** * Destroy a pair of old and installed DNS servers */ -void destroy_dns_pair(dns_pair_t *this) +static void destroy_dns_pair(dns_pair_t *this) { DESTROY_IF(this->dns); DESTROY_IF(this->old); @@ -73,7 +67,7 @@ void destroy_dns_pair(dns_pair_t *this) /** * Filter pairs of DNS servers */ -bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out) +static bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out) { *out = (*in)->dns; return TRUE; @@ -82,11 +76,11 @@ bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out) /** * Read DNS server property with a given index */ -host_t *get_dns_server(private_android_handler_t *this, int index) +static host_t *get_dns_server(private_android_dns_handler_t *this, int index) { host_t *dns = NULL; char key[10], value[PROPERTY_VALUE_MAX], - *prefix = this->frontend ? DNS_PREFIX_FRONTEND : DNS_PREFIX_DEFAULT; + *prefix = DNS_PREFIX_DEFAULT; if (snprintf(key, sizeof(key), "%s.dns%d", prefix, index) >= sizeof(key)) { @@ -103,10 +97,11 @@ host_t *get_dns_server(private_android_handler_t *this, int index) /** * Set DNS server property with a given index */ -bool set_dns_server(private_android_handler_t *this, int index, host_t *dns) +static bool set_dns_server(private_android_dns_handler_t *this, int index, + host_t *dns) { char key[10], value[PROPERTY_VALUE_MAX], - *prefix = this->frontend ? DNS_PREFIX_FRONTEND : DNS_PREFIX_DEFAULT; + *prefix = DNS_PREFIX_DEFAULT; if (snprintf(key, sizeof(key), "%s.dns%d", prefix, index) >= sizeof(key)) { @@ -133,7 +128,7 @@ bool set_dns_server(private_android_handler_t *this, int index, host_t *dns) } METHOD(attribute_handler_t, handle, bool, - private_android_handler_t *this, identification_t *id, + private_android_dns_handler_t *this, identification_t *id, configuration_attribute_type_t type, chunk_t data) { switch (type) @@ -163,7 +158,7 @@ METHOD(attribute_handler_t, handle, bool, } METHOD(attribute_handler_t, release, void, - private_android_handler_t *this, identification_t *server, + private_android_dns_handler_t *this, identification_t *server, configuration_attribute_type_t type, chunk_t data) { if (type == INTERNAL_IP4_DNS) @@ -197,7 +192,8 @@ METHOD(enumerator_t, enumerate_dns, bool, } METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, - android_handler_t *this, identification_t *id, linked_list_t *vips) + private_android_dns_handler_t *this, identification_t *id, + linked_list_t *vips) { enumerator_t *enumerator; @@ -208,8 +204,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, return enumerator; } -METHOD(android_handler_t, destroy, void, - private_android_handler_t *this) +METHOD(android_dns_handler_t, destroy, void, + private_android_dns_handler_t *this) { this->dns->destroy_function(this->dns, (void*)destroy_dns_pair); free(this); @@ -218,9 +214,9 @@ METHOD(android_handler_t, destroy, void, /** * See header */ -android_handler_t *android_handler_create(bool frontend) +android_dns_handler_t *android_dns_handler_create() { - private_android_handler_t *this; + private_android_dns_handler_t *this; INIT(this, .public = { @@ -232,7 +228,6 @@ android_handler_t *android_handler_create(bool frontend) .destroy = _destroy, }, .dns = linked_list_create(), - .frontend = frontend, ); return &this->public; diff --git a/src/libcharon/plugins/android/android_handler.h b/src/libcharon/plugins/android_dns/android_dns_handler.h index 0170958ee..d7b089dca 100644 --- a/src/libcharon/plugins/android/android_handler.h +++ b/src/libcharon/plugins/android_dns/android_dns_handler.h @@ -15,21 +15,21 @@ */ /** - * @defgroup android_handler android_handler - * @{ @ingroup android + * @defgroup android_dns_handler android_dns_handler + * @{ @ingroup android_dns */ -#ifndef ANDROID_HANDLER_H_ -#define ANDROID_HANDLER_H_ +#ifndef ANDROID_DNS_HANDLER_H_ +#define ANDROID_DNS_HANDLER_H_ #include <attributes/attribute_handler.h> -typedef struct android_handler_t android_handler_t; +typedef struct android_dns_handler_t android_dns_handler_t; /** * Android specific DNS attribute handler. */ -struct android_handler_t { +struct android_dns_handler_t { /** * Implements attribute_handler_t. @@ -37,16 +37,14 @@ struct android_handler_t { attribute_handler_t handler; /** - * Destroy a android_handler_t. + * Destroy a android_dns_handler_t. */ - void (*destroy)(android_handler_t *this); + void (*destroy)(android_dns_handler_t *this); }; /** - * Create a android_handler instance. - * - * @param frontend TRUE if the VPN frontend is used + * Create an android_dns_handler_t instance. */ -android_handler_t *android_handler_create(bool frontend); +android_dns_handler_t *android_dns_handler_create(); -#endif /** ANDROID_HANDLER_H_ @}*/ +#endif /** ANDROID_DNS_HANDLER_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android_dns/android_dns_plugin.c index c0f58e9b4..4e2b5f58b 100644 --- a/src/libcharon/plugins/android/android_plugin.c +++ b/src/libcharon/plugins/android_dns/android_dns_plugin.c @@ -1,6 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner - * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010-2013 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,66 +13,51 @@ * for more details. */ -#include "android_plugin.h" -#include "android_handler.h" -#include "android_creds.h" -#include "android_service.h" +#include "android_dns_plugin.h" +#include "android_dns_handler.h" #include <hydra.h> #include <daemon.h> -typedef struct private_android_plugin_t private_android_plugin_t; +typedef struct private_android_dns_plugin_t private_android_dns_plugin_t; /** - * Private data of an android_plugin_t object. + * Private data of an android_dns_plugin_t object. */ -struct private_android_plugin_t { +struct private_android_dns_plugin_t { /** - * Public android_plugin_t interface. + * Public interface */ - android_plugin_t public; + android_dns_plugin_t public; /** * Android specific DNS handler */ - android_handler_t *handler; - - /** - * Android specific credential set - */ - android_creds_t *creds; - - /** - * Service that interacts with the Android Settings frontend - */ - android_service_t *service; + android_dns_handler_t *handler; }; METHOD(plugin_t, get_name, char*, - private_android_plugin_t *this) + private_android_dns_plugin_t *this) { - return "android"; + return "android-dns"; } METHOD(plugin_t, destroy, void, - private_android_plugin_t *this) + private_android_dns_plugin_t *this) { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); - lib->credmgr->remove_set(lib->credmgr, &this->creds->set); - this->creds->destroy(this->creds); this->handler->destroy(this->handler); - DESTROY_IF(this->service); free(this); } /** * See header */ -plugin_t *android_plugin_create() +plugin_t *android_dns_plugin_create() { - private_android_plugin_t *this; + private_android_dns_plugin_t *this; INIT(this, .public = { @@ -83,15 +67,10 @@ plugin_t *android_plugin_create() .destroy = _destroy, }, }, - .creds = android_creds_create(), + .handler = android_dns_handler_create(), ); - this->service = android_service_create(this->creds); - this->handler = android_handler_create(this->service != NULL); - - lib->credmgr->add_set(lib->credmgr, &this->creds->set); hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); return &this->public.plugin; } - diff --git a/src/libcharon/plugins/android/android_plugin.h b/src/libcharon/plugins/android_dns/android_dns_plugin.h index 987f2aa37..e9e57dc24 100644 --- a/src/libcharon/plugins/android/android_plugin.h +++ b/src/libcharon/plugins/android_dns/android_dns_plugin.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Martin Willi + * Copyright (C) 2013 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,24 +14,24 @@ */ /** - * @defgroup android android + * @defgroup android_dns android_dns * @ingroup cplugins * - * @defgroup android_plugin android_plugin - * @{ @ingroup android + * @defgroup android_dns_plugin android_dns_plugin + * @{ @ingroup android_dns */ -#ifndef ANDROID_PLUGIN_H_ -#define ANDROID_PLUGIN_H_ +#ifndef ANDROID_DNS_PLUGIN_H_ +#define ANDROID_DNS_PLUGIN_H_ #include <plugins/plugin.h> -typedef struct android_plugin_t android_plugin_t; +typedef struct android_dns_plugin_t android_dns_plugin_t; /** - * Plugin providing functionality specific to the Android platform. + * Plugin providing an Android-specific handler for DNS servers. */ -struct android_plugin_t { +struct android_dns_plugin_t { /** * Implements plugin interface. @@ -39,4 +39,4 @@ struct android_plugin_t { plugin_t plugin; }; -#endif /** ANDROID_PLUGIN_H_ @}*/ +#endif /** ANDROID_DNS_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 5875e6202..73459ac92 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_android_log_la_SOURCES) DIST_SOURCES = $(libstrongswan_android_log_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index 50000ce5e..6868c52a1 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_certexpire_la_SOURCES) DIST_SOURCES = $(libstrongswan_certexpire_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -358,7 +380,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -366,6 +387,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 7eaadf74f..e191dc6c7 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_coupling_la_SOURCES) DIST_SOURCES = $(libstrongswan_coupling_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -354,7 +376,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -362,6 +383,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index f25f02845..717180379 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -105,6 +122,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_dhcp_la_SOURCES) DIST_SOURCES = $(libstrongswan_dhcp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -121,6 +143,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -137,6 +161,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -205,8 +230,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -262,7 +285,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -353,7 +375,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -361,6 +382,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 0577b25ac..d1b5dfbe6 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -115,6 +132,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ SOURCES = $(libstrongswan_duplicheck_la_SOURCES) $(duplicheck_SOURCES) DIST_SOURCES = $(libstrongswan_duplicheck_la_SOURCES) \ $(duplicheck_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -131,6 +153,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -147,6 +171,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -215,8 +240,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -272,7 +295,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -365,7 +387,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -373,6 +394,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -398,8 +421,11 @@ libstrongswan-duplicheck.la: $(libstrongswan_duplicheck_la_OBJECTS) $(libstrongs $(libstrongswan_duplicheck_la_LINK) $(am_libstrongswan_duplicheck_la_rpath) $(libstrongswan_duplicheck_la_OBJECTS) $(libstrongswan_duplicheck_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c index 1b0df1e8b..30a723d36 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_listener.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c @@ -60,8 +60,8 @@ struct private_duplicheck_listener_t { typedef struct { /** peer identity */ identification_t *id; - /** IKE_SA identifier */ - ike_sa_id_t *sa; + /** list of IKE_SA identifiers, ike_sa_id_t */ + linked_list_t *sas; } entry_t; /** @@ -70,7 +70,7 @@ typedef struct { static void entry_destroy(entry_t *this) { this->id->destroy(this->id); - this->sa->destroy(this->sa); + this->sas->destroy_offset(this->sas, offsetof(ike_sa_id_t, destroy)); free(this); } @@ -90,27 +90,101 @@ static bool equals(identification_t *a, identification_t *b) return a->equals(a, b); } -METHOD(listener_t, ike_rekey, bool, - private_duplicheck_listener_t *this, ike_sa_t *old, ike_sa_t *new) +/** + * Put an IKE_SA identifier to hashtable + */ +static void put(hashtable_t *table, identification_t *id, ike_sa_id_t *sa) { - identification_t *id; - ike_sa_id_t *sa; entry_t *entry; - sa = new->get_id(new); - id = new->get_other_id(new); + entry = table->get(table, id); + if (!entry) + { + INIT(entry, + .id = id->clone(id), + .sas = linked_list_create(), + ); + table->put(table, entry->id, entry); + } + entry->sas->insert_last(entry->sas, sa->clone(sa)); +} - INIT(entry, - .id = id->clone(id), - .sa = sa->clone(sa), - ); - this->mutex->lock(this->mutex); - entry = this->active->put(this->active, entry->id, entry); - this->mutex->unlock(this->mutex); +/** + * Purge an entry from table if it has no IKE_SA identifiers + */ +static void remove_if_empty(hashtable_t *table, entry_t *entry) +{ + if (entry->sas->get_count(entry->sas) == 0) + { + entry = table->remove(table, entry->id); + if (entry) + { + entry_destroy(entry); + } + } +} + +/** + * Remove the first entry found in the table for the given id + */ +static ike_sa_id_t *remove_first(hashtable_t *table, identification_t *id) +{ + ike_sa_id_t *sa = NULL; + entry_t *entry; + + entry = table->get(table, id); + if (entry) + { + entry->sas->remove_first(entry->sas, (void**)&sa); + remove_if_empty(table, entry); + } + return sa; +} + +/** + * Remove a specific IKE_SA ID for the given identity + */ +static bool remove_specific(hashtable_t *table, identification_t *id, + ike_sa_id_t *sa) +{ + enumerator_t *enumerator; + bool found = FALSE; + entry_t *entry; + ike_sa_id_t *current; + + entry = table->get(table, id); if (entry) { - entry_destroy(entry); + enumerator = entry->sas->create_enumerator(entry->sas); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (sa->equals(sa, current)) + { + entry->sas->remove_at(entry->sas, enumerator); + current->destroy(current); + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + if (found) + { + remove_if_empty(table, entry); + } } + return found; +} + +METHOD(listener_t, ike_rekey, bool, + private_duplicheck_listener_t *this, ike_sa_t *old, ike_sa_t *new) +{ + this->mutex->lock(this->mutex); + + remove_specific(this->active, old->get_other_id(old), old->get_id(old)); + put(this->active, new->get_other_id(new), new->get_id(new)); + + this->mutex->unlock(this->mutex); + return TRUE; } @@ -119,58 +193,41 @@ METHOD(listener_t, ike_updown, bool, { identification_t *id; ike_sa_id_t *sa; - entry_t *entry; - job_t *job; - sa = ike_sa->get_id(ike_sa); id = ike_sa->get_other_id(ike_sa); + this->mutex->lock(this->mutex); if (up) { - INIT(entry, - .id = id->clone(id), - .sa = sa->clone(sa), - ); - this->mutex->lock(this->mutex); - entry = this->active->put(this->active, entry->id, entry); - this->mutex->unlock(this->mutex); - if (entry) + /* another IKE_SA for this identity active? */ + sa = remove_first(this->active, id); + if (sa) { DBG1(DBG_CFG, "detected duplicate IKE_SA for '%Y', " "triggering delete for old IKE_SA", id); - job = (job_t*)delete_ike_sa_job_create(entry->sa, TRUE); - this->mutex->lock(this->mutex); - entry = this->checking->put(this->checking, entry->id, entry); - this->mutex->unlock(this->mutex); - lib->processor->queue_job(lib->processor, job); - if (entry) - { - entry_destroy(entry); - } + put(this->checking, id, sa); + lib->processor->queue_job(lib->processor, + (job_t*)delete_ike_sa_job_create(sa, TRUE)); + sa->destroy(sa); } + /* register IKE_SA as the new active */ + sa = ike_sa->get_id(ike_sa); + put(this->active, id, sa); } else { - this->mutex->lock(this->mutex); - entry = this->checking->remove(this->checking, id); - this->mutex->unlock(this->mutex); - if (entry) + sa = ike_sa->get_id(ike_sa); + /* check if closing an IKE_SA currently in checking state */ + if (remove_specific(this->checking, id, sa)) { DBG1(DBG_CFG, "delete for duplicate IKE_SA '%Y' timed out, " "keeping new IKE_SA", id); - entry_destroy(entry); - } - else - { - this->mutex->lock(this->mutex); - entry = this->active->remove(this->active, id); - this->mutex->unlock(this->mutex); - if (entry) - { - entry_destroy(entry); - } } + /* check normal close of IKE_SA */ + remove_specific(this->active, id, sa); } + this->mutex->unlock(this->mutex); + return TRUE; } @@ -181,29 +238,32 @@ METHOD(listener_t, message_hook, bool, if (incoming && plain && !message->get_request(message)) { identification_t *id; - entry_t *entry; + ike_sa_id_t *sa; id = ike_sa->get_other_id(ike_sa); + sa = ike_sa->get_id(ike_sa); + this->mutex->lock(this->mutex); - entry = this->checking->remove(this->checking, id); - this->mutex->unlock(this->mutex); - if (entry) + if (remove_specific(this->checking, id, sa)) { DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', " "deleting new IKE_SA", id); charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); - entry_destroy(entry); - this->mutex->lock(this->mutex); - entry = this->active->remove(this->active, id); - this->mutex->unlock(this->mutex); - if (entry) + sa = remove_first(this->active, id); + if (sa) { lib->processor->queue_job(lib->processor, - (job_t*)delete_ike_sa_job_create(entry->sa, TRUE)); - entry_destroy(entry); + (job_t*)delete_ike_sa_job_create(sa, TRUE)); + sa->destroy(sa); } + this->mutex->unlock(this->mutex); + this->notify->send(this->notify, id); } + else + { + this->mutex->unlock(this->mutex); + } } return TRUE; } diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index b0be409aa..4d162b4eb 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_aka_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_aka_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -357,7 +379,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -365,6 +386,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 1b805a050..947b58f01 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_aka_3gpp2_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_aka_3gpp2_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 7e55847d6..1789b28e9 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_dynamic_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_dynamic_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -354,7 +376,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -362,6 +383,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 3bff722d3..5241a5c7d 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -106,6 +123,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_gtc_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_gtc_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -122,6 +144,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -138,6 +162,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -206,8 +231,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -263,7 +286,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -352,7 +374,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -360,6 +381,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index f7e768aa1..e8d2e2b64 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_identity_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_identity_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -354,7 +376,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -362,6 +383,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 9b344967b..1a31f27f1 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -106,6 +123,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_md5_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_md5_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -122,6 +144,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -138,6 +162,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -206,8 +231,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -263,7 +286,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -352,7 +374,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -360,6 +381,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 82ea844a0..930f87013 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index e6ccb9e17..c0411cb1e 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -109,6 +126,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_peap_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_peap_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -125,6 +147,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +165,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +234,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +289,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am index 181497ab5..628adbeb3 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.am +++ b/src/libcharon/plugins/eap_radius/Makefile.am @@ -15,6 +15,7 @@ libstrongswan_eap_radius_la_SOURCES = \ eap_radius_plugin.h eap_radius_plugin.c \ eap_radius.h eap_radius.c \ eap_radius_accounting.h eap_radius_accounting.c \ + eap_radius_provider.h eap_radius_provider.c \ eap_radius_dae.h eap_radius_dae.c \ eap_radius_forward.h eap_radius_forward.c diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 86d26390f..a686dde90 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -84,8 +101,8 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) @MONOLITHIC_FALSE@libstrongswan_eap_radius_la_DEPENDENCIES = \ @MONOLITHIC_FALSE@ $(top_builddir)/src/libradius/libradius.la am_libstrongswan_eap_radius_la_OBJECTS = eap_radius_plugin.lo \ - eap_radius.lo eap_radius_accounting.lo eap_radius_dae.lo \ - eap_radius_forward.lo + eap_radius.lo eap_radius_accounting.lo eap_radius_provider.lo \ + eap_radius_dae.lo eap_radius_forward.lo libstrongswan_eap_radius_la_OBJECTS = \ $(am_libstrongswan_eap_radius_la_OBJECTS) libstrongswan_eap_radius_la_LINK = $(LIBTOOL) --tag=CC \ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_radius_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_radius_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -312,6 +334,7 @@ libstrongswan_eap_radius_la_SOURCES = \ eap_radius_plugin.h eap_radius_plugin.c \ eap_radius.h eap_radius.c \ eap_radius_accounting.h eap_radius_accounting.c \ + eap_radius_provider.h eap_radius_provider.c \ eap_radius_dae.h eap_radius_dae.c \ eap_radius_forward.h eap_radius_forward.c @@ -361,7 +384,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -369,6 +391,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -404,6 +428,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_dae.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_forward.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_provider.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 6009d3a1f..59340df01 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -16,6 +16,8 @@ #include "eap_radius.h" #include "eap_radius_plugin.h" #include "eap_radius_forward.h" +#include "eap_radius_provider.h" +#include "eap_radius_accounting.h" #include <radius_message.h> #include <radius_client.h> @@ -155,17 +157,67 @@ static bool radius2ike(private_eap_radius_t *this, return FALSE; } +/** + * Add a set of RADIUS attributes to a request message + */ +static void add_radius_request_attrs(private_eap_radius_t *this, + radius_message_t *request) +{ + ike_sa_t *ike_sa; + host_t *host; + char buf[40]; + u_int32_t value; + chunk_t chunk; + + chunk = chunk_from_str(this->id_prefix); + chunk = chunk_cata("cc", chunk, this->peer->get_encoding(this->peer)); + request->add(request, RAT_USER_NAME, chunk); + + /* virtual NAS-Port-Type */ + value = htonl(5); + request->add(request, RAT_NAS_PORT_TYPE, chunk_from_thing(value)); + /* framed ServiceType */ + value = htonl(2); + request->add(request, RAT_SERVICE_TYPE, chunk_from_thing(value)); + + ike_sa = charon->bus->get_sa(charon->bus); + if (ike_sa) + { + value = htonl(ike_sa->get_unique_id(ike_sa)); + request->add(request, RAT_NAS_PORT, chunk_from_thing(value)); + request->add(request, RAT_NAS_PORT_ID, + chunk_from_str(ike_sa->get_name(ike_sa))); + + host = ike_sa->get_my_host(ike_sa); + chunk = host->get_address(host); + switch (host->get_family(host)) + { + case AF_INET: + request->add(request, RAT_NAS_IP_ADDRESS, chunk); + break; + case AF_INET6: + request->add(request, RAT_NAS_IPV6_ADDRESS, chunk); + default: + break; + } + snprintf(buf, sizeof(buf), "%#H", host); + request->add(request, RAT_CALLED_STATION_ID, chunk_from_str(buf)); + host = ike_sa->get_other_host(ike_sa); + snprintf(buf, sizeof(buf), "%#H", host); + request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf)); + } + + eap_radius_forward_from_ike(request); +} + METHOD(eap_method_t, initiate, status_t, private_eap_radius_t *this, eap_payload_t **out) { radius_message_t *request, *response; status_t status = FAILED; - chunk_t username; request = radius_message_create(RMC_ACCESS_REQUEST); - username = chunk_create(this->id_prefix, strlen(this->id_prefix)); - username = chunk_cata("cc", username, this->peer->get_encoding(this->peer)); - request->add(request, RAT_USER_NAME, username); + add_radius_request_attrs(this, request); if (this->eap_start) { @@ -175,7 +227,6 @@ METHOD(eap_method_t, initiate, status_t, { add_eap_identity(this, request); } - eap_radius_forward_from_ike(request); response = this->client->request(this->client, request); if (response) @@ -203,7 +254,7 @@ METHOD(eap_method_t, initiate, status_t, } else { - charon->bus->alert(charon->bus, ALERT_RADIUS_NOT_RESPONDING); + eap_radius_handle_timeout(NULL); } request->destroy(request); return status; @@ -303,7 +354,7 @@ static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg) } /** - * Handle Session-Timeout attribte + * Handle Session-Timeout attribte and Interim updates */ static void process_timeout(private_eap_radius_t *this, radius_message_t *msg) { @@ -312,19 +363,78 @@ static void process_timeout(private_eap_radius_t *this, radius_message_t *msg) chunk_t data; int type; - enumerator = msg->create_enumerator(msg); - while (enumerator->enumerate(enumerator, &type, &data)) + ike_sa = charon->bus->get_sa(charon->bus); + if (ike_sa) { - if (type == RAT_SESSION_TIMEOUT && data.len == 4) + enumerator = msg->create_enumerator(msg); + while (enumerator->enumerate(enumerator, &type, &data)) { - ike_sa = charon->bus->get_sa(charon->bus); - if (ike_sa) + if (type == RAT_SESSION_TIMEOUT && data.len == 4) { ike_sa->set_auth_lifetime(ike_sa, untoh32(data.ptr)); } + else if (type == RAT_ACCT_INTERIM_INTERVAL && data.len == 4) + { + eap_radius_accounting_start_interim(ike_sa, untoh32(data.ptr)); + } } + enumerator->destroy(enumerator); + } +} + +/** + * Handle Framed-IP-Address and other IKE configuration attributes + */ +static void process_cfg_attributes(private_eap_radius_t *this, + radius_message_t *msg) +{ + eap_radius_provider_t *provider; + enumerator_t *enumerator; + ike_sa_t *ike_sa; + host_t *host; + chunk_t data; + int type, vendor; + + ike_sa = charon->bus->get_sa(charon->bus); + provider = eap_radius_provider_get(); + if (provider && ike_sa) + { + enumerator = msg->create_enumerator(msg); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == RAT_FRAMED_IP_ADDRESS && data.len == 4) + { + host = host_create_from_chunk(AF_INET, data, 0); + if (host) + { + provider->add_framed_ip(provider, this->peer, host); + } + } + } + enumerator->destroy(enumerator); + + enumerator = msg->create_vendor_enumerator(msg); + while (enumerator->enumerate(enumerator, &vendor, &type, &data)) + { + if (vendor == PEN_ALTIGA /* aka Cisco VPN3000 */) + { + switch (type) + { + case 15: /* CVPN3000-IPSec-Banner1 */ + case 36: /* CVPN3000-IPSec-Banner2 */ + if (ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY)) + { + provider->add_attribute(provider, this->peer, + UNITY_BANNER, data); + } + break; + default: + break; + } + } + } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); } METHOD(eap_method_t, process, status_t, @@ -335,7 +445,8 @@ METHOD(eap_method_t, process, status_t, chunk_t data; request = radius_message_create(RMC_ACCESS_REQUEST); - request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); + add_radius_request_attrs(this, request); + data = in->get_data(in); DBG3(DBG_IKE, "%N payload %B", eap_type_names, this->type, &data); @@ -348,7 +459,6 @@ METHOD(eap_method_t, process, status_t, } request->add(request, RAT_EAP_MESSAGE, data); - eap_radius_forward_from_ike(request); response = this->client->request(this->client, request); if (response) { @@ -373,6 +483,7 @@ METHOD(eap_method_t, process, status_t, process_filter_id(this, response); } process_timeout(this, response); + process_cfg_attributes(this, response); DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful", this->peer); status = SUCCESS; @@ -490,4 +601,3 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer this->server = server->clone(server); return &this->public; } - diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 3c72c122d..ec78c8ef2 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -23,6 +23,7 @@ #include <daemon.h> #include <collections/hashtable.h> #include <threading/mutex.h> +#include <processing/jobs/callback_job.h> typedef struct private_eap_radius_accounting_t private_eap_radius_accounting_t; @@ -37,7 +38,7 @@ struct private_eap_radius_accounting_t { eap_radius_accounting_t public; /** - * Hashtable with sessions, IKE_SA unique id => entry_t + * Hashtable with sessions, ike_sa_id_t => entry_t */ hashtable_t *sessions; @@ -53,20 +54,70 @@ struct private_eap_radius_accounting_t { }; /** + * Singleton instance of accounting + */ +static private_eap_radius_accounting_t *singleton = NULL; + +/** + * Acct-Terminate-Cause + */ +typedef enum { + ACCT_CAUSE_USER_REQUEST = 1, + ACCT_CAUSE_LOST_CARRIER = 2, + ACCT_CAUSE_LOST_SERVICE = 3, + ACCT_CAUSE_IDLE_TIMEOUT = 4, + ACCT_CAUSE_SESSION_TIMEOUT = 5, + ACCT_CAUSE_ADMIN_RESET = 6, + ACCT_CAUSE_ADMIN_REBOOT = 7, + ACCT_CAUSE_PORT_ERROR = 8, + ACCT_CAUSE_NAS_ERROR = 9, + ACCT_CAUSE_NAS_REQUEST = 10, + ACCT_CAUSE_NAS_REBOOT = 11, + ACCT_CAUSE_PORT_UNNEEDED = 12, + ACCT_CAUSE_PORT_PREEMPTED = 13, + ACCT_CAUSE_PORT_SUSPENDED = 14, + ACCT_CAUSE_SERVICE_UNAVAILABLE = 15, + ACCT_CAUSE_CALLBACK = 16, + ACCT_CAUSE_USER_ERROR = 17, + ACCT_CAUSE_HOST_REQUEST = 18, +} radius_acct_terminate_cause_t; + +/** * Hashtable entry with usage stats */ typedef struct { + /** IKE_SA identifier this entry is stored under */ + ike_sa_id_t *id; /** RADIUS accounting session ID */ char sid[16]; - /** number of octets sent */ - u_int64_t sent; - /** number of octets received */ - u_int64_t received; + /** number of sent/received octets/packets */ + struct { + u_int64_t sent; + u_int64_t received; + } bytes, packets; /** session creation time */ time_t created; + /** terminate cause */ + radius_acct_terminate_cause_t cause; + /* interim interval and timestamp of last update */ + struct { + u_int32_t interval; + time_t last; + } interim; + /** did we send Accounting-Start */ + bool start_sent; } entry_t; /** + * Destroy an entry_t + */ +static void destroy_entry(entry_t *this) +{ + this->id->destroy(this->id); + free(this); +} + +/** * Accounting message status types */ typedef enum { @@ -80,17 +131,17 @@ typedef enum { /** * Hashtable hash function */ -static u_int hash(uintptr_t key) +static u_int hash(ike_sa_id_t *key) { - return key; + return key->get_responder_spi(key); } /** * Hashtable equals function */ -static bool equals(uintptr_t a, uintptr_t b) +static bool equals(ike_sa_id_t *a, ike_sa_id_t *b) { - return a == b; + return a->equals(a, b); } /** @@ -99,19 +150,20 @@ static bool equals(uintptr_t a, uintptr_t b) static void update_usage(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa) { - u_int64_t sent, received; + u_int64_t bytes_in, bytes_out, packets_in, packets_out; entry_t *entry; - child_sa->get_usestats(child_sa, FALSE, NULL, &sent); - child_sa->get_usestats(child_sa, TRUE, NULL, &received); + child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, &packets_out); + child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in, &packets_in); this->mutex->lock(this->mutex); - entry = this->sessions->get(this->sessions, - (void*)(uintptr_t)ike_sa->get_unique_id(ike_sa)); + entry = this->sessions->get(this->sessions, ike_sa->get_id(ike_sa)); if (entry) { - entry->sent += sent; - entry->received += received; + entry->bytes.sent += bytes_out; + entry->bytes.received += bytes_in; + entry->packets.sent += packets_out; + entry->packets.received += packets_in; } this->mutex->unlock(this->mutex); } @@ -135,10 +187,6 @@ static bool send_message(private_eap_radius_accounting_t *this, ack = response->get_code(response) == RMC_ACCOUNTING_RESPONSE; response->destroy(response); } - else - { - charon->bus->alert(charon->bus, ALERT_RADIUS_NOT_RESPONDING); - } client->destroy(client); } return ack; @@ -150,14 +198,43 @@ static bool send_message(private_eap_radius_accounting_t *this, static void add_ike_sa_parameters(radius_message_t *message, ike_sa_t *ike_sa) { enumerator_t *enumerator; - host_t *vip; + host_t *vip, *host; char buf[64]; chunk_t data; + u_int32_t value; + + /* virtual NAS-Port-Type */ + value = htonl(5); + message->add(message, RAT_NAS_PORT_TYPE, chunk_from_thing(value)); + /* framed ServiceType */ + value = htonl(2); + message->add(message, RAT_SERVICE_TYPE, chunk_from_thing(value)); + + value = htonl(ike_sa->get_unique_id(ike_sa)); + message->add(message, RAT_NAS_PORT, chunk_from_thing(value)); + message->add(message, RAT_NAS_PORT_ID, + chunk_from_str(ike_sa->get_name(ike_sa))); + + host = ike_sa->get_my_host(ike_sa); + data = host->get_address(host); + switch (host->get_family(host)) + { + case AF_INET: + message->add(message, RAT_NAS_IP_ADDRESS, data); + break; + case AF_INET6: + message->add(message, RAT_NAS_IPV6_ADDRESS, data); + default: + break; + } + snprintf(buf, sizeof(buf), "%#H", host); + message->add(message, RAT_CALLED_STATION_ID, chunk_from_str(buf)); + host = ike_sa->get_other_host(ike_sa); + snprintf(buf, sizeof(buf), "%#H", host); + message->add(message, RAT_CALLING_STATION_ID, chunk_from_str(buf)); snprintf(buf, sizeof(buf), "%Y", ike_sa->get_other_eap_id(ike_sa)); - message->add(message, RAT_USER_NAME, chunk_create(buf, strlen(buf))); - snprintf(buf, sizeof(buf), "%#H", ike_sa->get_other_host(ike_sa)); - message->add(message, RAT_CALLING_STATION_ID, chunk_create(buf, strlen(buf))); + message->add(message, RAT_USER_NAME, chunk_from_str(buf)); enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE); while (enumerator->enumerate(enumerator, &vip)) @@ -182,34 +259,207 @@ static void add_ike_sa_parameters(radius_message_t *message, ike_sa_t *ike_sa) } /** + * Get an existing or create a new entry from the locked session table + */ +static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this, + ike_sa_t *ike_sa) +{ + ike_sa_id_t *id; + entry_t *entry; + time_t now; + + entry = this->sessions->get(this->sessions, ike_sa->get_id(ike_sa)); + if (!entry) + { + now = time_monotonic(NULL); + id = ike_sa->get_id(ike_sa); + + INIT(entry, + .id = id->clone(id), + .created = now, + .interim = { + .last = now, + }, + /* default terminate cause, if none other catched */ + .cause = ACCT_CAUSE_USER_REQUEST, + ); + snprintf(entry->sid, sizeof(entry->sid), "%u-%u", + this->prefix, ike_sa->get_unique_id(ike_sa)); + this->sessions->put(this->sessions, entry->id, entry); + } + return entry; +} + +/* forward declaration */ +static void schedule_interim(private_eap_radius_accounting_t *this, + entry_t *entry); + +/** + * Data passed to send_interim() using callback job + */ +typedef struct { + /** reference to radius accounting */ + private_eap_radius_accounting_t *this; + /** IKE_SA identifier to send interim update to */ + ike_sa_id_t *id; +} interim_data_t; + +/** + * Clean up interim data + */ +void destroy_interim_data(interim_data_t *this) +{ + this->id->destroy(this->id); + free(this); +} + +/** + * Send an interim update for entry of given IKE_SA identifier + */ +static job_requeue_t send_interim(interim_data_t *data) +{ + private_eap_radius_accounting_t *this = data->this; + u_int64_t bytes_in = 0, bytes_out = 0, packets_in = 0, packets_out = 0; + u_int64_t bytes, packets; + radius_message_t *message = NULL; + enumerator_t *enumerator; + child_sa_t *child_sa; + ike_sa_t *ike_sa; + entry_t *entry; + u_int32_t value; + + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, data->id); + if (!ike_sa) + { + return JOB_REQUEUE_NONE; + } + enumerator = ike_sa->create_child_sa_enumerator(ike_sa); + while (enumerator->enumerate(enumerator, &child_sa)) + { + child_sa->get_usestats(child_sa, FALSE, NULL, &bytes, &packets); + bytes_out += bytes; + packets_out += packets; + child_sa->get_usestats(child_sa, TRUE, NULL, &bytes, &packets); + bytes_in += bytes; + packets_in += packets; + } + enumerator->destroy(enumerator); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + + /* avoid any races by returning IKE_SA before acquiring lock */ + + this->mutex->lock(this->mutex); + entry = this->sessions->get(this->sessions, data->id); + if (entry) + { + entry->interim.last = time_monotonic(NULL); + + bytes_in += entry->bytes.received; + bytes_out += entry->bytes.sent; + packets_in += entry->packets.received; + packets_out += entry->packets.sent; + + message = radius_message_create(RMC_ACCOUNTING_REQUEST); + value = htonl(ACCT_STATUS_INTERIM_UPDATE); + message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value)); + message->add(message, RAT_ACCT_SESSION_ID, + chunk_create(entry->sid, strlen(entry->sid))); + add_ike_sa_parameters(message, ike_sa); + + value = htonl(bytes_out); + message->add(message, RAT_ACCT_OUTPUT_OCTETS, chunk_from_thing(value)); + value = htonl(bytes_out >> 32); + if (value) + { + message->add(message, RAT_ACCT_OUTPUT_GIGAWORDS, + chunk_from_thing(value)); + } + value = htonl(packets_out); + message->add(message, RAT_ACCT_OUTPUT_PACKETS, chunk_from_thing(value)); + + value = htonl(bytes_in); + message->add(message, RAT_ACCT_INPUT_OCTETS, chunk_from_thing(value)); + value = htonl(bytes_in >> 32); + if (value) + { + message->add(message, RAT_ACCT_INPUT_GIGAWORDS, + chunk_from_thing(value)); + } + value = htonl(packets_in); + message->add(message, RAT_ACCT_INPUT_PACKETS, chunk_from_thing(value)); + + value = htonl(entry->interim.last - entry->created); + message->add(message, RAT_ACCT_SESSION_TIME, chunk_from_thing(value)); + + schedule_interim(this, entry); + } + this->mutex->unlock(this->mutex); + + if (message) + { + if (!send_message(this, message)) + { + eap_radius_handle_timeout(data->id); + } + message->destroy(message); + } + return JOB_REQUEUE_NONE; +} + +/** + * Schedule interim update for given entry + */ +static void schedule_interim(private_eap_radius_accounting_t *this, + entry_t *entry) +{ + if (entry->interim.interval) + { + interim_data_t *data; + timeval_t tv = { + .tv_sec = entry->interim.last + entry->interim.interval, + }; + + INIT(data, + .this = this, + .id = entry->id->clone(entry->id), + ); + lib->scheduler->schedule_job_tv(lib->scheduler, + (job_t*)callback_job_create_with_prio( + (callback_job_cb_t)send_interim, + data, (void*)destroy_interim_data, + (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL), tv); + } +} + +/** * Send an accounting start message */ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) { radius_message_t *message; entry_t *entry; - u_int32_t id, value; + u_int32_t value; - id = ike_sa->get_unique_id(ike_sa); - INIT(entry, - .created = time_monotonic(NULL), - ); - snprintf(entry->sid, sizeof(entry->sid), "%u-%u", this->prefix, id); + this->mutex->lock(this->mutex); + + entry = get_or_create_entry(this, ike_sa); + entry->start_sent = TRUE; message = radius_message_create(RMC_ACCOUNTING_REQUEST); value = htonl(ACCT_STATUS_START); message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value)); message->add(message, RAT_ACCT_SESSION_ID, chunk_create(entry->sid, strlen(entry->sid))); + + schedule_interim(this, entry); + this->mutex->unlock(this->mutex); + add_ike_sa_parameters(message, ike_sa); - if (send_message(this, message)) + if (!send_message(this, message)) { - this->mutex->lock(this->mutex); - entry = this->sessions->put(this->sessions, (void*)(uintptr_t)id, entry); - this->mutex->unlock(this->mutex); + eap_radius_handle_timeout(ike_sa->get_id(ike_sa)); } message->destroy(message); - free(entry); } /** @@ -219,45 +469,91 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) { radius_message_t *message; entry_t *entry; - u_int32_t id, value; + u_int32_t value; - id = ike_sa->get_unique_id(ike_sa); this->mutex->lock(this->mutex); - entry = this->sessions->remove(this->sessions, (void*)(uintptr_t)id); + entry = this->sessions->remove(this->sessions, ike_sa->get_id(ike_sa)); this->mutex->unlock(this->mutex); if (entry) { + if (!entry->start_sent) + { /* we tried to authenticate this peer, but never sent a start */ + destroy_entry(entry); + return; + } message = radius_message_create(RMC_ACCOUNTING_REQUEST); value = htonl(ACCT_STATUS_STOP); message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value)); message->add(message, RAT_ACCT_SESSION_ID, chunk_create(entry->sid, strlen(entry->sid))); add_ike_sa_parameters(message, ike_sa); - value = htonl(entry->sent); + + value = htonl(entry->bytes.sent); message->add(message, RAT_ACCT_OUTPUT_OCTETS, chunk_from_thing(value)); - value = htonl(entry->sent >> 32); + value = htonl(entry->bytes.sent >> 32); if (value) { message->add(message, RAT_ACCT_OUTPUT_GIGAWORDS, chunk_from_thing(value)); } - value = htonl(entry->received); + value = htonl(entry->packets.sent); + message->add(message, RAT_ACCT_OUTPUT_PACKETS, chunk_from_thing(value)); + + value = htonl(entry->bytes.received); message->add(message, RAT_ACCT_INPUT_OCTETS, chunk_from_thing(value)); - value = htonl(entry->received >> 32); + value = htonl(entry->bytes.received >> 32); if (value) { message->add(message, RAT_ACCT_INPUT_GIGAWORDS, chunk_from_thing(value)); } + value = htonl(entry->packets.received); + message->add(message, RAT_ACCT_INPUT_PACKETS, chunk_from_thing(value)); + value = htonl(time_monotonic(NULL) - entry->created); message->add(message, RAT_ACCT_SESSION_TIME, chunk_from_thing(value)); - send_message(this, message); + + value = htonl(entry->cause); + message->add(message, RAT_ACCT_TERMINATE_CAUSE, chunk_from_thing(value)); + + if (!send_message(this, message)) + { + eap_radius_handle_timeout(NULL); + } message->destroy(message); - free(entry); + destroy_entry(entry); } } +METHOD(listener_t, alert, bool, + private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, alert_t alert, + va_list args) +{ + radius_acct_terminate_cause_t cause; + entry_t *entry; + + switch (alert) + { + case ALERT_IKE_SA_EXPIRED: + cause = ACCT_CAUSE_SESSION_TIMEOUT; + break; + case ALERT_RETRANSMIT_SEND_TIMEOUT: + cause = ACCT_CAUSE_LOST_SERVICE; + break; + default: + return TRUE; + } + this->mutex->lock(this->mutex); + entry = this->sessions->get(this->sessions, ike_sa->get_id(ike_sa)); + if (entry) + { + entry->cause = cause; + } + this->mutex->unlock(this->mutex); + return TRUE; +} + METHOD(listener_t, ike_updown, bool, private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, bool up) { @@ -307,15 +603,20 @@ METHOD(listener_t, ike_rekey, bool, entry_t *entry; this->mutex->lock(this->mutex); - entry = this->sessions->remove(this->sessions, - (void*)(uintptr_t)old->get_unique_id(old)); + entry = this->sessions->remove(this->sessions, old->get_id(old)); if (entry) { - entry = this->sessions->put(this->sessions, - (void*)(uintptr_t)new->get_unique_id(new), entry); + /* update IKE_SA identifier */ + entry->id->destroy(entry->id); + entry->id = new->get_id(new); + entry->id = entry->id->clone(entry->id); + /* fire new interim update job, old gets invalid */ + schedule_interim(this, entry); + + entry = this->sessions->put(this->sessions, entry->id, entry); if (entry) { - free(entry); + destroy_entry(entry); } } this->mutex->unlock(this->mutex); @@ -346,6 +647,8 @@ METHOD(listener_t, child_updown, bool, METHOD(eap_radius_accounting_t, destroy, void, private_eap_radius_accounting_t *this) { + charon->bus->remove_listener(charon->bus, &this->public.listener); + singleton = NULL; this->mutex->destroy(this->mutex); this->sessions->destroy(this->sessions); free(this); @@ -361,6 +664,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() INIT(this, .public = { .listener = { + .alert = _alert, .ike_updown = _ike_updown, .ike_rekey = _ike_rekey, .message = _message_hook, @@ -376,5 +680,28 @@ eap_radius_accounting_t *eap_radius_accounting_create() .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); + if (lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.accounting", FALSE, charon->name)) + { + singleton = this; + charon->bus->add_listener(charon->bus, &this->public.listener); + } return &this->public; } + +/** + * See header + */ +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval) +{ + if (singleton) + { + entry_t *entry; + + DBG1(DBG_CFG, "scheduling RADIUS Interim-Updates every %us", interval); + singleton->mutex->lock(singleton->mutex); + entry = get_or_create_entry(singleton, ike_sa); + entry->interim.interval = interval; + singleton->mutex->unlock(singleton->mutex); + } +} diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h index 811a5bb90..8d4f9a0e1 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h @@ -46,4 +46,12 @@ struct eap_radius_accounting_t { */ eap_radius_accounting_t *eap_radius_accounting_create(); +/** + * Schedule Accounting interim updates for the given IKE_SA. + * + * @param ike_sa IKE_SA to send updates for + * @param interval interval for interim updates + */ +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval); + #endif /** EAP_RADIUS_ACCOUNTING_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index 9d4bbe1f3..3baf46731 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -19,12 +19,15 @@ #include "eap_radius_accounting.h" #include "eap_radius_dae.h" #include "eap_radius_forward.h" +#include "eap_radius_provider.h" #include <radius_client.h> #include <radius_config.h> -#include <daemon.h> +#include <hydra.h> #include <threading/rwlock.h> +#include <processing/jobs/callback_job.h> +#include <processing/jobs/delete_ike_sa_job.h> /** * Default RADIUS server port for authentication @@ -64,6 +67,11 @@ struct private_eap_radius_plugin_t { eap_radius_accounting_t *accounting; /** + * IKE attribute provider + */ + eap_radius_provider_t *provider; + + /** * Dynamic authorization extensions */ eap_radius_dae_t *dae; @@ -207,6 +215,9 @@ METHOD(plugin_t, reload, bool, METHOD(plugin_t, destroy, void, private_eap_radius_plugin_t *this) { + hydra->attributes->remove_provider(hydra->attributes, + &this->provider->provider); + this->provider->destroy(this->provider); if (this->forward) { charon->bus->remove_listener(charon->bus, &this->forward->listener); @@ -216,7 +227,6 @@ METHOD(plugin_t, destroy, void, this->configs->destroy_offset(this->configs, offsetof(radius_config_t, destroy)); this->lock->destroy(this->lock); - charon->bus->remove_listener(charon->bus, &this->accounting->listener); this->accounting->destroy(this->accounting); free(this); instance = NULL; @@ -242,17 +252,13 @@ plugin_t *eap_radius_plugin_create() .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .accounting = eap_radius_accounting_create(), .forward = eap_radius_forward_create(), + .provider = eap_radius_provider_create(), ); load_configs(this); instance = this; if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.accounting", FALSE, charon->name)) - { - charon->bus->add_listener(charon->bus, &this->accounting->listener); - } - if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.dae.enable", FALSE, charon->name)) { this->dae = eap_radius_dae_create(this->accounting); @@ -261,6 +267,8 @@ plugin_t *eap_radius_plugin_create() { charon->bus->add_listener(charon->bus, &this->forward->listener); } + hydra->attributes->add_provider(hydra->attributes, + &this->provider->provider); return &this->public.plugin; } @@ -308,3 +316,47 @@ radius_client_t *eap_radius_create_client() return NULL; } +/** + * Job to delete all active IKE_SAs + */ +static job_requeue_t delete_all_async(void *data) +{ + enumerator_t *enumerator; + ike_sa_t *ike_sa; + + enumerator = charon->ike_sa_manager->create_enumerator( + charon->ike_sa_manager, TRUE); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + lib->processor->queue_job(lib->processor, + (job_t*)delete_ike_sa_job_create(ike_sa->get_id(ike_sa), TRUE)); + } + enumerator->destroy(enumerator); + + return JOB_REQUEUE_NONE; +} + +/** + * See header. + */ +void eap_radius_handle_timeout(ike_sa_id_t *id) +{ + charon->bus->alert(charon->bus, ALERT_RADIUS_NOT_RESPONDING); + + if (lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.close_all_on_timeout", + FALSE, charon->name)) + { + DBG1(DBG_CFG, "deleting all IKE_SAs after RADIUS timeout"); + lib->processor->queue_job(lib->processor, + (job_t*)callback_job_create_with_prio( + (callback_job_cb_t)delete_all_async, NULL, NULL, + (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); + } + else if (id) + { + DBG1(DBG_CFG, "deleting IKE_SA after RADIUS timeout"); + lib->processor->queue_job(lib->processor, + (job_t*)delete_ike_sa_job_create(id, TRUE)); + } +} diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h index 1570bd566..80fa209d6 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h @@ -27,6 +27,7 @@ #include <plugins/plugin.h> #include <radius_client.h> +#include <daemon.h> typedef struct eap_radius_plugin_t eap_radius_plugin_t; @@ -51,4 +52,14 @@ struct eap_radius_plugin_t { */ radius_client_t *eap_radius_create_client(); +/** + * Handle a RADIUS request timeout. + * + * If an IKE_SA is given, it gets deleted (unless the policy says to delete + * any established IKE_SA). + * + * @param id associated IKE_SA where timeout happened, or NULL + */ +void eap_radius_handle_timeout(ike_sa_id_t *id); + #endif /** EAP_RADIUS_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c new file mode 100644 index 000000000..6087313b5 --- /dev/null +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -0,0 +1,486 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_radius_provider.h" + +#include <daemon.h> +#include <collections/hashtable.h> +#include <threading/mutex.h> + +typedef struct private_eap_radius_provider_t private_eap_radius_provider_t; +typedef struct private_listener_t private_listener_t; + +/** + * Private data of registered listener + */ +struct private_listener_t { + + /** + * Implements listener_t interface + */ + listener_t public; + + /** + * Leases not acquired yet, identification_t => entry_t + */ + hashtable_t *unclaimed; + + /** + * Leases acquired, identification_t => entry_t + */ + hashtable_t *claimed; + + /** + * Mutex to lock leases + */ + mutex_t *mutex; +}; + +/** + * Private data of an eap_radius_provider_t object. + */ +struct private_eap_radius_provider_t { + + /** + * Public eap_radius_provider_t interface. + */ + eap_radius_provider_t public; + + /** + * Additionally implements the listener_t interface + */ + private_listener_t listener; +}; + +/** + * Singleton instance of provider + */ +static eap_radius_provider_t *singleton = NULL; + +/** + * Configuration attribute in an entry + */ +typedef struct { + /** type of attribute */ + configuration_attribute_type_t type; + /** attribute data */ + chunk_t data; +} attr_t; + +/** + * Destroy an attr_t + */ +static void destroy_attr(attr_t *this) +{ + free(this->data.ptr); + free(this); +} + +/** + * Hashtable entry with leases and attributes + */ +typedef struct { + /** identity we assigned the IP lease */ + identification_t *id; + /** list of IP leases received from AAA, as host_t */ + linked_list_t *addrs; + /** list of configuration attributes, as attr_t */ + linked_list_t *attrs; +} entry_t; + +/** + * destroy an entry_t + */ +static void destroy_entry(entry_t *this) +{ + this->id->destroy(this->id); + this->addrs->destroy_offset(this->addrs, offsetof(host_t, destroy)); + this->attrs->destroy_function(this->attrs, (void*)destroy_attr); + free(this); +} + +/** + * Get or create an entry from a locked hashtable + */ +static entry_t* get_or_create_entry(hashtable_t *hashtable, identification_t *id) +{ + entry_t *entry; + + entry = hashtable->get(hashtable, id); + if (!entry) + { + INIT(entry, + .id = id->clone(id), + .addrs = linked_list_create(), + .attrs = linked_list_create(), + ); + hashtable->put(hashtable, entry->id, entry); + } + return entry; +} + +/** + * Put an entry to hashtable, or destroy it ife empty + */ +static void put_or_destroy_entry(hashtable_t *hashtable, entry_t *entry) +{ + if (entry->addrs->get_count(entry->addrs) > 0 || + entry->attrs->get_count(entry->attrs) > 0) + { + hashtable->put(hashtable, entry->id, entry); + } + else + { + destroy_entry(entry); + } +} + +/** + * Hashtable hash function + */ +static u_int hash(identification_t *id) +{ + return chunk_hash_inc(id->get_encoding(id), id->get_type(id)); +} + +/** + * Hashtable equals function + */ +static bool equals(identification_t *a, identification_t *b) +{ + return a->equals(a, b); +} + +/** + * Insert an address entry to a locked claimed/unclaimed hashtable + */ +static void add_addr(private_eap_radius_provider_t *this, + hashtable_t *hashtable, identification_t *id, host_t *host) +{ + entry_t *entry; + + entry = get_or_create_entry(hashtable, id); + entry->addrs->insert_last(entry->addrs, host); +} + +/** + * Remove the next address from the locked hashtable stored for given id + */ +static host_t* remove_addr(private_eap_radius_provider_t *this, + hashtable_t *hashtable, identification_t *id) +{ + entry_t *entry; + host_t *addr = NULL; + + entry = hashtable->remove(hashtable, id); + if (entry) + { + entry->addrs->remove_first(entry->addrs, (void**)&addr); + put_or_destroy_entry(hashtable, entry); + } + return addr; +} + +/** + * Insert an attribute entry to a locked claimed/unclaimed hashtable + */ +static void add_attr(private_eap_radius_provider_t *this, + hashtable_t *hashtable, identification_t *id, attr_t *attr) +{ + entry_t *entry; + + entry = get_or_create_entry(hashtable, id); + entry->attrs->insert_last(entry->attrs, attr); +} + +/** + * Remove the next attribute from the locked hashtable stored for given id + */ +static attr_t* remove_attr(private_eap_radius_provider_t *this, + hashtable_t *hashtable, identification_t *id) +{ + entry_t *entry; + attr_t *attr = NULL; + + entry = hashtable->remove(hashtable, id); + if (entry) + { + entry->attrs->remove_first(entry->attrs, (void**)&attr); + put_or_destroy_entry(hashtable, entry); + } + return attr; +} + +/** + * Clean up unclaimed leases assigned for an IKE_SA + */ +static void release_unclaimed(private_listener_t *this, ike_sa_t *ike_sa) +{ + identification_t *id; + entry_t *entry; + + id = ike_sa->get_other_eap_id(ike_sa); + this->mutex->lock(this->mutex); + entry = this->unclaimed->remove(this->unclaimed, id); + this->mutex->unlock(this->mutex); + if (entry) + { + destroy_entry(entry); + } +} + +METHOD(listener_t, message_hook, bool, + private_listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain) +{ + if (plain && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && + !incoming && !message->get_request(message)) + { + if ((ike_sa->get_version(ike_sa) == IKEV1 && + message->get_exchange_type(message) == TRANSACTION) || + (ike_sa->get_version(ike_sa) == IKEV2 && + message->get_exchange_type(message) == IKE_AUTH)) + { + /* if the addresses have not been claimed yet, they won't. Release + * these resources. */ + release_unclaimed(this, ike_sa); + } + } + return TRUE; +} + +METHOD(listener_t, ike_updown, bool, + private_listener_t *this, ike_sa_t *ike_sa, bool up) +{ + if (!up) + { + /* if the message hook does not apply because of a failed exchange + * or something, make sure we release any resources now */ + release_unclaimed(this, ike_sa); + } + return TRUE; +} + +METHOD(attribute_provider_t, acquire_address, host_t*, + private_eap_radius_provider_t *this, linked_list_t *pools, + identification_t *id, host_t *requested) +{ + enumerator_t *enumerator; + host_t *addr = NULL; + char *name; + + enumerator = pools->create_enumerator(pools); + while (enumerator->enumerate(enumerator, &name)) + { + if (streq(name, "radius")) + { + this->listener.mutex->lock(this->listener.mutex); + addr = remove_addr(this, this->listener.unclaimed, id); + if (addr) + { + add_addr(this, this->listener.claimed, id, addr->clone(addr)); + } + this->listener.mutex->unlock(this->listener.mutex); + break; + } + } + enumerator->destroy(enumerator); + + return addr; +} + +METHOD(attribute_provider_t, release_address, bool, + private_eap_radius_provider_t *this, linked_list_t *pools, host_t *address, + identification_t *id) +{ + enumerator_t *enumerator; + host_t *found = NULL; + char *name; + + enumerator = pools->create_enumerator(pools); + while (enumerator->enumerate(enumerator, &name)) + { + if (streq(name, "radius")) + { + this->listener.mutex->lock(this->listener.mutex); + found = remove_addr(this, this->listener.claimed, id); + this->listener.mutex->unlock(this->listener.mutex); + break; + } + } + enumerator->destroy(enumerator); + + if (found) + { + found->destroy(found); + return TRUE; + } + return FALSE; +} + +/** + * Enumerator implementation over attributes + */ +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** list of attributes to enumerate */ + linked_list_t *list; + /** currently enumerating attribute */ + attr_t *current; +} attribute_enumerator_t; + + +METHOD(enumerator_t, attribute_enumerate, bool, + attribute_enumerator_t *this, configuration_attribute_type_t *type, + chunk_t *data) +{ + if (this->current) + { + destroy_attr(this->current); + this->current = NULL; + } + if (this->list->remove_first(this->list, (void**)&this->current) == SUCCESS) + { + *type = this->current->type; + *data = this->current->data; + return TRUE; + } + return FALSE; +} + +METHOD(enumerator_t, attribute_destroy, void, + attribute_enumerator_t *this) +{ + if (this->current) + { + destroy_attr(this->current); + } + this->list->destroy_function(this->list, (void*)destroy_attr); + free(this); +} + +METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, + private_eap_radius_provider_t *this, linked_list_t *pools, + identification_t *id, linked_list_t *vips) +{ + attribute_enumerator_t *enumerator; + attr_t *attr; + + INIT(enumerator, + .public = { + .enumerate = (void*)_attribute_enumerate, + .destroy = _attribute_destroy, + }, + .list = linked_list_create(), + ); + + /* we forward attributes regardless of pool configurations */ + this->listener.mutex->lock(this->listener.mutex); + while (TRUE) + { + attr = remove_attr(this, this->listener.unclaimed, id); + if (!attr) + { + break; + } + enumerator->list->insert_last(enumerator->list, attr); + } + this->listener.mutex->unlock(this->listener.mutex); + + return &enumerator->public; +} + +METHOD(eap_radius_provider_t, add_framed_ip, void, + private_eap_radius_provider_t *this, identification_t *id, host_t *ip) +{ + this->listener.mutex->lock(this->listener.mutex); + add_addr(this, this->listener.unclaimed, id, ip); + this->listener.mutex->unlock(this->listener.mutex); +} + +METHOD(eap_radius_provider_t, add_attribute, void, + private_eap_radius_provider_t *this, identification_t *id, + configuration_attribute_type_t type, chunk_t data) +{ + attr_t *attr; + + INIT(attr, + .type = type, + .data = chunk_clone(data), + ); + this->listener.mutex->lock(this->listener.mutex); + add_attr(this, this->listener.unclaimed, id, attr); + this->listener.mutex->unlock(this->listener.mutex); +} + +METHOD(eap_radius_provider_t, destroy, void, + private_eap_radius_provider_t *this) +{ + singleton = NULL; + charon->bus->remove_listener(charon->bus, &this->listener.public); + this->listener.mutex->destroy(this->listener.mutex); + this->listener.claimed->destroy(this->listener.claimed); + this->listener.unclaimed->destroy(this->listener.unclaimed); + free(this); +} + +/** + * See header + */ +eap_radius_provider_t *eap_radius_provider_create() +{ + if (!singleton) + { + private_eap_radius_provider_t *this; + + INIT(this, + .public = { + .provider = { + .acquire_address = _acquire_address, + .release_address = _release_address, + .create_attribute_enumerator = _create_attribute_enumerator, + }, + .add_framed_ip = _add_framed_ip, + .add_attribute = _add_attribute, + .destroy = _destroy, + }, + .listener = { + .public = { + .ike_updown = _ike_updown, + .message = _message_hook, + }, + .claimed = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 32), + .unclaimed = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 32), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + }, + ); + + charon->bus->add_listener(charon->bus, &this->listener.public); + + singleton = &this->public; + } + return singleton; +} + +/** + * See header + */ +eap_radius_provider_t *eap_radius_provider_get() +{ + return singleton; +} diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.h b/src/libcharon/plugins/eap_radius/eap_radius_provider.h new file mode 100644 index 000000000..a0b4a6b62 --- /dev/null +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_radius_provider eap_radius_provider + * @{ @ingroup eap_radius + */ + +#ifndef EAP_RADIUS_PROVIDER_H_ +#define EAP_RADIUS_PROVIDER_H_ + +#include <attributes/attributes.h> +#include <attributes/attribute_provider.h> + +typedef struct eap_radius_provider_t eap_radius_provider_t; + +/** + * IKE configuration attribute fed by RADIUS attributes + */ +struct eap_radius_provider_t { + + /** + * Implements attribute_provider_t + */ + attribute_provider_t provider; + + /** + * Add a received Framed-IP-Address to the provider to serve to client. + * + * @param id client identity + * @param ip IP address received from RADIUS server, gets owned + */ + void (*add_framed_ip)(eap_radius_provider_t *this, identification_t *id, + host_t *ip); + + /** + * Add a configuration attribute received from RADIUS to forward. + * + * @param id client identity + * @param type attribute type + * @param data attribute data + */ + void (*add_attribute)(eap_radius_provider_t *this, identification_t *id, + configuration_attribute_type_t type, chunk_t data); + + /** + * Destroy a eap_radius_provider_t. + */ + void (*destroy)(eap_radius_provider_t *this); +}; + +/** + * Create a eap_radius_provider instance. + */ +eap_radius_provider_t *eap_radius_provider_create(); + +/** + * Get singleton instance previously created with eap_radius_provider_create(). + */ +eap_radius_provider_t *eap_radius_provider_get(); + +#endif /** EAP_RADIUS_PROVIDER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 8cf79e503..e4657bb64 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_sim_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_sim_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -357,7 +379,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -365,6 +386,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 781087d3b..5816de4ef 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_sim_file_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_sim_file_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 168b0e3d6..2876af72f 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -111,6 +128,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_sim_pcsc_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_sim_pcsc_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -127,6 +149,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -143,6 +167,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -211,8 +236,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -268,7 +291,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 63ef0db8e..6f2467fad 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -111,6 +128,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_simaka_pseudonym_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_simaka_pseudonym_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -127,6 +149,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -143,6 +167,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -211,8 +236,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -268,7 +291,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index daf329ce2..366c554d7 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_simaka_reauth_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_simaka_reauth_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -359,7 +381,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -367,6 +388,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index b72fc42e9..0b63da04e 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -109,6 +126,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_simaka_sql_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_simaka_sql_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -125,6 +147,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +165,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +234,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +289,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -358,7 +380,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -366,6 +387,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 095eff6cf..bc7157e6b 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -107,6 +124,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_tls_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_tls_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +145,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +163,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +232,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +287,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -354,7 +376,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -362,6 +383,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 60a6d6de6..30a858102 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_tnc_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_tnc_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -363,7 +385,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -371,6 +392,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index ffa1bae39..7363ade1d 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,8 @@ #include <utils/debug.h> #include <daemon.h> +#include <tncifimv.h> + /** * Maximum size of an EAP-TNC message */ @@ -44,15 +46,50 @@ struct private_eap_tnc_t { eap_tnc_t public; /** + * Outer EAP authentication type + */ + eap_type_t auth_type; + + /** * TLS stack, wrapped by EAP helper */ tls_eap_t *tls_eap; + + /** + * TNCCS instance running over EAP-TNC + */ + tnccs_t *tnccs; + }; METHOD(eap_method_t, initiate, status_t, private_eap_tnc_t *this, eap_payload_t **out) { chunk_t data; + u_int32_t auth_type; + + /* Determine TNC Client Authentication Type */ + switch (this->auth_type) + { + case EAP_TLS: + case EAP_TTLS: + case EAP_PEAP: + auth_type = TNC_AUTH_CERT; + break; + case EAP_MD5: + case EAP_MSCHAPV2: + case EAP_GTC: + case EAP_OTP: + auth_type = TNC_AUTH_PASSWORD; + break; + case EAP_SIM: + case EAP_AKA: + auth_type = TNC_AUTH_SIM; + break; + default: + auth_type = TNC_AUTH_UNKNOWN; + } + this->tnccs->set_auth_type(this->tnccs, auth_type); if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE) { @@ -122,6 +159,18 @@ METHOD(eap_method_t, destroy, void, free(this); } +METHOD(eap_inner_method_t, get_auth_type, eap_type_t, + private_eap_tnc_t *this) +{ + return this->auth_type; +} + +METHOD(eap_inner_method_t, set_auth_type, void, + private_eap_tnc_t *this, eap_type_t type) +{ + this->auth_type = type; +} + /** * Generic private constructor */ @@ -132,19 +181,22 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, int max_msg_count; char* protocol; tnccs_type_t type; - tnccs_t *tnccs; INIT(this, .public = { - .eap_method = { - .initiate = _initiate, - .process = _process, - .get_type = _get_type, - .is_mutual = _is_mutual, - .get_msk = _get_msk, - .get_identifier = _get_identifier, - .set_identifier = _set_identifier, - .destroy = _destroy, + .eap_inner_method = { + .eap_method = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + .get_auth_type = _get_auth_type, + .set_auth_type = _set_auth_type, }, }, ); @@ -172,10 +224,11 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, free(this); return NULL; } - tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server); - this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, - EAP_TNC_MAX_MESSAGE_LEN, - max_msg_count, FALSE); + this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server, + server, peer, TNC_IFT_EAP_1_1); + this->tls_eap = tls_eap_create(EAP_TNC, &this->tnccs->tls, + EAP_TNC_MAX_MESSAGE_LEN, + max_msg_count, FALSE); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.h b/src/libcharon/plugins/eap_tnc/eap_tnc.h index 09abe60fc..8c881f6cf 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.h +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.h @@ -23,7 +23,7 @@ typedef struct eap_tnc_t eap_tnc_t; -#include <sa/eap/eap_method.h> +#include <sa/eap/eap_inner_method.h> /** * Implementation of the eap_method_t interface using EAP-TNC. @@ -31,9 +31,9 @@ typedef struct eap_tnc_t eap_tnc_t; struct eap_tnc_t { /** - * Implemented eap_method_t interface. + * Implemented eap_inner_method_t interface. */ - eap_method_t eap_method; + eap_inner_method_t eap_inner_method; }; /** diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index f3ec17b0f..df5bc442e 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_eap_ttls_la_SOURCES) DIST_SOURCES = $(libstrongswan_eap_ttls_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -362,7 +384,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -370,6 +391,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c index 464de17ba..eef8d6682 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c @@ -20,6 +20,7 @@ #include <daemon.h> #include <sa/eap/eap_method.h> +#include <sa/eap/eap_inner_method.h> typedef struct private_eap_ttls_server_t private_eap_ttls_server_t; @@ -108,8 +109,11 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this) /** * If configured, start EAP-TNC protocol */ -static status_t start_phase2_tnc(private_eap_ttls_server_t *this) +static status_t start_phase2_tnc(private_eap_ttls_server_t *this, + eap_type_t auth_type) { + eap_inner_method_t *inner_method; + if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings, "%s.plugins.eap-ttls.phase2_tnc", FALSE, charon->name)) { @@ -121,6 +125,9 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this) DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC); return FAILED; } + inner_method = (eap_inner_method_t *)this->method; + inner_method->set_auth_type(inner_method, auth_type); + this->start_phase2_tnc = FALSE; if (this->method->initiate(this->method, &this->out) == NEED_MORE) { @@ -237,7 +244,7 @@ METHOD(tls_application_t, process, status_t, if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-ttls.request_peer_auth", FALSE, charon->name)) { - return start_phase2_tnc(this); + return start_phase2_tnc(this, EAP_TLS); } else { @@ -265,7 +272,7 @@ METHOD(tls_application_t, process, status_t, this->method = NULL; /* continue phase2 with EAP-TNC? */ - return start_phase2_tnc(this); + return start_phase2_tnc(this, type); case NEED_MORE: break; case FAILED: diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 814304dce..ba7ec3ecf 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -116,6 +133,11 @@ SOURCES = $(libstrongswan_error_notify_la_SOURCES) \ $(error_notify_SOURCES) DIST_SOURCES = $(libstrongswan_error_notify_la_SOURCES) \ $(error_notify_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -132,6 +154,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -148,6 +172,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -216,8 +241,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -273,7 +296,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -368,7 +390,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -376,6 +397,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -401,8 +424,11 @@ libstrongswan-error-notify.la: $(libstrongswan_error_notify_la_OBJECTS) $(libstr $(libstrongswan_error_notify_la_LINK) $(am_libstrongswan_error_notify_la_rpath) $(libstrongswan_error_notify_la_OBJECTS) $(libstrongswan_error_notify_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c index fe3b6355d..3ea657ba5 100644 --- a/src/libcharon/plugins/error_notify/error_notify_socket.c +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -176,6 +176,12 @@ static job_requeue_t accept_(private_error_notify_socket_t *this) METHOD(error_notify_socket_t, destroy, void, private_error_notify_socket_t *this) { + uintptr_t fd; + + while (this->connected->remove_last(this->connected, (void*)&fd) == SUCCESS) + { + close(fd); + } this->connected->destroy(this->connected); this->mutex->destroy(this->mutex); close(this->socket); diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 2e5cf9f64..2596f9f20 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -105,6 +122,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_farp_la_SOURCES) DIST_SOURCES = $(libstrongswan_farp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -121,6 +143,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -137,6 +161,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -205,8 +230,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -262,7 +285,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -351,7 +373,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -359,6 +380,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index aa533165f..466cce320 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -107,6 +124,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_ha_la_SOURCES) DIST_SOURCES = $(libstrongswan_ha_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +145,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +163,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +232,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +287,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -364,7 +386,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -372,6 +393,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c index 981def6a3..d26c38325 100644 --- a/src/libcharon/plugins/ha/ha_attribute.c +++ b/src/libcharon/plugins/ha/ha_attribute.c @@ -174,7 +174,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, host_t *requested) { enumerator_t *enumerator; - pool_t *pool; + pool_t *pool = NULL; int offset = -1, byte, bit; host_t *address; char *name; diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index 688e09bdc..cab38c63d 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -90,6 +90,11 @@ struct private_ha_segments_t { * Timeout for heartbeats received from other node */ int heartbeat_timeout; + + /** + * Interval to check for autobalance, 0 to disable + */ + int autobalance; }; /** @@ -289,12 +294,13 @@ static void start_watchdog(private_ha_segments_t *this) METHOD(ha_segments_t, handle_status, void, private_ha_segments_t *this, segment_mask_t mask) { - segment_mask_t missing; + segment_mask_t missing, twice; int i; this->mutex->lock(this->mutex); missing = ~(this->active | mask); + twice = this->active & mask; for (i = 1; i <= this->count; i++) { @@ -311,6 +317,19 @@ METHOD(ha_segments_t, handle_status, void, enable_disable(this, i, FALSE, TRUE); } } + if (twice & SEGMENTS_BIT(i)) + { + if (this->node == i % 2) + { + DBG1(DBG_CFG, "HA segment %d was handled twice, taking", i); + enable_disable(this, i, TRUE, TRUE); + } + else + { + DBG1(DBG_CFG, "HA segment %d was handled twice, dropping", i); + enable_disable(this, i, FALSE, TRUE); + } + } } this->condvar->signal(this->condvar); @@ -333,6 +352,7 @@ static job_requeue_t send_status(private_ha_segments_t *this) message = ha_message_create(HA_STATUS); + this->mutex->lock(this->mutex); for (i = 1; i <= this->count; i++) { if (this->active & SEGMENTS_BIT(i)) @@ -340,6 +360,7 @@ static job_requeue_t send_status(private_ha_segments_t *this) message->add_attribute(message, HA_SEGMENT, i); } } + this->mutex->unlock(this->mutex); this->socket->push(this->socket, message); message->destroy(message); @@ -348,6 +369,64 @@ static job_requeue_t send_status(private_ha_segments_t *this) return JOB_RESCHEDULE_MS(this->heartbeat_delay); } +/** + * Start the heartbeat sending task + */ +static void start_heartbeat(private_ha_segments_t *this) +{ + lib->processor->queue_job(lib->processor, + (job_t*)callback_job_create_with_prio((callback_job_cb_t)send_status, + this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); +} + +/** + * Take a segment if we are handling less than half of segments + */ +static job_requeue_t autobalance(private_ha_segments_t *this) +{ + int i, active = 0; + + this->mutex->lock(this->mutex); + + for (i = 1; i <= this->count; i++) + { + if (this->active & SEGMENTS_BIT(i)) + { + active++; + } + } + if (active < this->count / 2) + { + for (i = 1; i <= this->count; i++) + { + if (!(this->active & SEGMENTS_BIT(i))) + { + DBG1(DBG_CFG, "autobalancing HA (%d/%d active), taking %d", + active, this->count, i); + enable_disable(this, i, TRUE, TRUE); + /* we claim only one in each interval */ + break; + } + } + } + + this->mutex->unlock(this->mutex); + + return JOB_RESCHEDULE(this->autobalance); +} + +/** + * Schedule autobalancing + */ +static void start_autobalance(private_ha_segments_t *this) +{ + DBG1(DBG_CFG, "scheduling HA autobalance every %ds", this->autobalance); + lib->scheduler->schedule_job(lib->scheduler, + (job_t*)callback_job_create_with_prio((callback_job_cb_t)autobalance, + this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL), + this->autobalance); +} + METHOD(ha_segments_t, is_active, bool, private_ha_segments_t *this, u_int segment) { @@ -395,16 +474,21 @@ ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel, .heartbeat_timeout = lib->settings->get_int(lib->settings, "%s.plugins.ha.heartbeat_timeout", DEFAULT_HEARTBEAT_TIMEOUT, charon->name), + .autobalance = lib->settings->get_int(lib->settings, + "%s.plugins.ha.autobalance", 0, charon->name), ); if (monitor) { DBG1(DBG_CFG, "starting HA heartbeat, delay %dms, timeout %dms", this->heartbeat_delay, this->heartbeat_timeout); - send_status(this); + start_heartbeat(this); start_watchdog(this); } + if (this->autobalance) + { + start_autobalance(this); + } return &this->public; } - diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 130c86e48..e6a09a76e 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -205,7 +205,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, /* create config and backend */ ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local, FALSE, charon->socket->get_port(charon->socket, FALSE), - remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); + remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND, UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30, @@ -288,4 +288,3 @@ ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret) return &this->public; } - diff --git a/src/libcharon/plugins/ipseckey/Makefile.am b/src/libcharon/plugins/ipseckey/Makefile.am new file mode 100644 index 000000000..0614017a0 --- /dev/null +++ b/src/libcharon/plugins/ipseckey/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ipseckey.la +else +plugin_LTLIBRARIES = libstrongswan-ipseckey.la +endif + +libstrongswan_ipseckey_la_SOURCES = \ + ipseckey_plugin.h ipseckey_plugin.c \ + ipseckey_cred.h ipseckey_cred.c \ + ipseckey.h ipseckey.c + +libstrongswan_ipseckey_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in new file mode 100644 index 000000000..fd50854fc --- /dev/null +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -0,0 +1,662 @@ +# Makefile.in generated by automake 1.11.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/ipseckey +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ipseckey_la_LIBADD = +am_libstrongswan_ipseckey_la_OBJECTS = ipseckey_plugin.lo \ + ipseckey_cred.lo ipseckey.lo +libstrongswan_ipseckey_la_OBJECTS = \ + $(am_libstrongswan_ipseckey_la_OBJECTS) +libstrongswan_ipseckey_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ipseckey_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ipseckey_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ipseckey_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_ipseckey_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ipseckey_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ipseckey.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ipseckey.la +libstrongswan_ipseckey_la_SOURCES = \ + ipseckey_plugin.h ipseckey_plugin.c \ + ipseckey_cred.h ipseckey_cred.c \ + ipseckey.h ipseckey.c + +libstrongswan_ipseckey_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-ipseckey.la: $(libstrongswan_ipseckey_la_OBJECTS) $(libstrongswan_ipseckey_la_DEPENDENCIES) $(EXTRA_libstrongswan_ipseckey_la_DEPENDENCIES) + $(libstrongswan_ipseckey_la_LINK) $(am_libstrongswan_ipseckey_la_rpath) $(libstrongswan_ipseckey_la_OBJECTS) $(libstrongswan_ipseckey_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipseckey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipseckey_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipseckey_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c new file mode 100644 index 000000000..ca126d772 --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey.c @@ -0,0 +1,209 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ipseckey.h" + +#include <library.h> +#include <utils/debug.h> +#include <bio/bio_reader.h> + +typedef struct private_ipseckey_t private_ipseckey_t; + +/** +* private data of the ipseckey +*/ +struct private_ipseckey_t { + + /** + * public functions + */ + ipseckey_t public; + + /** + * Precedence + */ + u_int8_t precedence; + + /** + * Gateway type + */ + u_int8_t gateway_type; + + /** + * Algorithm + */ + u_int8_t algorithm; + + /** + * Gateway + */ + chunk_t gateway; + + /** + * Public key + */ + chunk_t public_key; +}; + +METHOD(ipseckey_t, get_precedence, u_int8_t, + private_ipseckey_t *this) +{ + return this->precedence; +} + +METHOD(ipseckey_t, get_gateway_type, ipseckey_gw_type_t, + private_ipseckey_t *this) +{ + return this->gateway_type; +} + +METHOD(ipseckey_t, get_algorithm, ipseckey_algorithm_t, + private_ipseckey_t *this) +{ + return this->algorithm; +} + +METHOD(ipseckey_t, get_gateway, chunk_t, + private_ipseckey_t *this) +{ + return this->gateway; +} + +METHOD(ipseckey_t, get_public_key, chunk_t, + private_ipseckey_t *this) +{ + return this->public_key; +} + +METHOD(ipseckey_t, destroy, void, + private_ipseckey_t *this) +{ + chunk_free(&this->gateway); + chunk_free(&this->public_key); + free(this); +} + +/* + * See header + */ +ipseckey_t *ipseckey_create_frm_rr(rr_t *rr) +{ + private_ipseckey_t *this; + bio_reader_t *reader = NULL; + u_int8_t label; + chunk_t tmp; + + INIT(this, + .public = { + .get_precedence = _get_precedence, + .get_gateway_type = _get_gateway_type, + .get_algorithm = _get_algorithm, + .get_gateway = _get_gateway, + .get_public_key = _get_public_key, + .destroy = _destroy, + }, + ); + + if (rr->get_type(rr) != RR_TYPE_IPSECKEY) + { + DBG1(DBG_CFG, "unable to create an ipseckey out of an RR " + "whose type is not IPSECKEY"); + free(this); + return NULL; + } + + /** Parse the content (RDATA field) of the RR */ + reader = bio_reader_create(rr->get_rdata(rr)); + if (!reader->read_uint8(reader, &this->precedence) || + !reader->read_uint8(reader, &this->gateway_type) || + !reader->read_uint8(reader, &this->algorithm)) + { + DBG1(DBG_CFG, "ipseckey RR has a wrong format"); + reader->destroy(reader); + free(this); + return NULL; + } + + switch (this->gateway_type) + { + case IPSECKEY_GW_TP_NOT_PRESENT: + break; + + case IPSECKEY_GW_TP_IPV4: + if (!reader->read_data(reader, 4, &this->gateway)) + { + DBG1(DBG_CFG, "ipseckey gateway field does not contain an " + "IPv4 address as expected"); + reader->destroy(reader); + free(this); + return NULL; + } + this->gateway = chunk_clone(this->gateway); + break; + + case IPSECKEY_GW_TP_IPV6: + if (!reader->read_data(reader, 16, &this->gateway)) + { + DBG1(DBG_CFG, "ipseckey gateway field does not contain an " + "IPv6 address as expected"); + reader->destroy(reader); + free(this); + return NULL; + } + this->gateway = chunk_clone(this->gateway); + break; + + case IPSECKEY_GW_TP_WR_ENC_DNAME: + /** + * Uncompressed domain name as defined in RFC 1035 chapter 3. + * + * TODO: Currently we ignore wire encoded domain names. + * + */ + while (reader->read_uint8(reader, &label) && + label != 0 && label < 192) + { + if (!reader->read_data(reader, label, &tmp)) + { + DBG1(DBG_CFG, "wrong wire encoded domain name format " + "in ipseckey gateway field"); + reader->destroy(reader); + free(this); + return NULL; + } + } + break; + + default: + DBG1(DBG_CFG, "unable to parse ipseckey gateway field"); + reader->destroy(reader); + free(this); + return NULL; + } + + if (!reader->read_data(reader, reader->remaining(reader), + &this->public_key)) + { + DBG1(DBG_CFG, "failed to read ipseckey public key field"); + reader->destroy(reader); + chunk_free(&this->gateway); + free(this); + return NULL; + } + this->public_key = chunk_clone(this->public_key); + reader->destroy(reader); + return &this->public; +} + diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h new file mode 100644 index 000000000..5885daeee --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey.h @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ipseckey_i ipseckey + * @{ @ingroup ipseckey + */ + +#ifndef IPSECKEY_H_ +#define IPSECKEY_H_ + +typedef struct ipseckey_t ipseckey_t; +typedef enum ipseckey_algorithm_t ipseckey_algorithm_t; +typedef enum ipseckey_gw_type_t ipseckey_gw_type_t; + +#include <library.h> + +/** + * IPSECKEY gateway types as defined in RFC 4025. + */ +enum ipseckey_gw_type_t { + /** No gateway is present */ + IPSECKEY_GW_TP_NOT_PRESENT = 0, + /** A 4-byte IPv4 address is present */ + IPSECKEY_GW_TP_IPV4 = 1, + /** A 16-byte IPv6 address is present */ + IPSECKEY_GW_TP_IPV6 = 2, + /** A wire-encoded domain name is present */ + IPSECKEY_GW_TP_WR_ENC_DNAME = 3, +}; + +/** + * IPSECKEY algorithms as defined in RFC 4025. + */ +enum ipseckey_algorithm_t { + /** No key present */ + IPSECKEY_ALGORITHM_NONE = 0, + /** DSA key */ + IPSECKEY_ALGORITHM_DSA = 1, + /** RSA key */ + IPSECKEY_ALGORITHM_RSA = 2, +}; + +/** + * An IPSECKEY. + * + * Represents an IPSECKEY as defined in RFC 4025: + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | precedence | gateway type | algorithm | gateway | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------------+ + + * ~ gateway ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | / + * / public key / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + * + * + * Note: RFC 4025 defines that the algorithm field has a length of 7 bits. + * We use 8 bits instead, because the use of 7 bits is very uncommon + * in internet protocols and might be an error in RFC 4025 + * (also the BIND DNS server uses 8 bits for the algorithm field of the + * IPSECKEY resource records). + * + */ +struct ipseckey_t { + + /** + * Get the precedence of the IPSECKEY. + * + * @return precedence + */ + u_int8_t (*get_precedence)(ipseckey_t *this); + + /** + * Get the type of the gateway. + * + * The "gateway type" determines the format of the gateway field + * of the IPSECKEY. + * + * @return gateway type + */ + ipseckey_gw_type_t (*get_gateway_type)(ipseckey_t *this); + + /** + * Get the algorithm. + * + * The "algorithm" determines the format of the public key field + * of the IPSECKEY. + * + * @return algorithm + */ + ipseckey_algorithm_t (*get_algorithm)(ipseckey_t *this); + + /** + * Get the content of the gateway field as chunk. + * + * The content is in network byte order and its format depends on the + * gateway type. + * + * The data pointed by the chunk is still owned by the IPSECKEY. + * Clone it if necessary. + * + * @return gateway field as chunk + */ + chunk_t (*get_gateway)(ipseckey_t *this); + + /** + * Get the content of the public key field as chunk. + * + * The format of the public key depends on the algorithm type. + * + * The data pointed by the chunk is still owned by the IPSECKEY. + * Clone it if necessary. + * + * @return public key field as chunk + */ + chunk_t (*get_public_key)(ipseckey_t *this); + + /** + * Destroy the IPSECKEY. + */ + void (*destroy) (ipseckey_t *this); +}; + +/** + * Create an ipseckey instance out of a resource record. + * + * @param rr resource record which contains an IPSECKEY + * @return ipseckey, NULL on failure + */ +ipseckey_t *ipseckey_create_frm_rr(rr_t *rr); + +#endif /** IPSECKEY_H_ @}*/ diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c new file mode 100644 index 000000000..e8722f12c --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -0,0 +1,263 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> + +#include "ipseckey_cred.h" +#include "ipseckey.h" + +#include <bio/bio_reader.h> +#include <daemon.h> + +typedef struct private_ipseckey_cred_t private_ipseckey_cred_t; + +/** + * Private data of an ipseckey_cred_t object + */ +struct private_ipseckey_cred_t { + + /** + * Public part + */ + ipseckey_cred_t public; + + /** + * DNS resolver + */ + resolver_t *res; +}; + +/** + * enumerator over certificates + */ +typedef struct { + /** implements enumerator interface */ + enumerator_t public; + /** inner enumerator (enumerates IPSECKEY resource records) */ + enumerator_t *inner; + /** response of the DNS resolver which contains the IPSECKEYs */ + resolver_response_t *response; + /* IPSECKEYs are not valid before this point in time */ + time_t notBefore; + /* IPSECKEYs are not valid after this point in time */ + time_t notAfter; + /* identity to which the IPSECKEY belongs */ + identification_t *identity; +} cert_enumerator_t; + +METHOD(enumerator_t, cert_enumerator_enumerate, bool, + cert_enumerator_t *this, certificate_t **cert) +{ + rr_t *cur_rr = NULL; + ipseckey_t *cur_ipseckey = NULL; + chunk_t pub_key; + public_key_t * key = NULL; + bool supported_ipseckey_found = FALSE; + + /* Get the next supported IPSECKEY using the inner enumerator. */ + while (this->inner->enumerate(this->inner, &cur_rr) && + !supported_ipseckey_found) + { + supported_ipseckey_found = TRUE; + + cur_ipseckey = ipseckey_create_frm_rr(cur_rr); + + if (!cur_ipseckey) + { + DBG1(DBG_CFG, "failed to parse ipseckey - skipping this key"); + supported_ipseckey_found = FALSE; + } + + if (cur_ipseckey && + cur_ipseckey->get_algorithm(cur_ipseckey) != IPSECKEY_ALGORITHM_RSA) + { + DBG1(DBG_CFG, "unsupported ipseckey algorithm -skipping this key"); + cur_ipseckey->destroy(cur_ipseckey); + supported_ipseckey_found = FALSE; + } + } + + if (supported_ipseckey_found) + { + /* + * Wrap the key of the IPSECKEY in a certificate and return this + * certificate. + */ + pub_key = cur_ipseckey->get_public_key(cur_ipseckey); + + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_DNSKEY, pub_key, + BUILD_END); + + if (!key) + { + DBG1(DBG_CFG, "failed to create public key from ipseckey"); + cur_ipseckey->destroy(cur_ipseckey); + return FALSE; + } + + *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, + BUILD_PUBLIC_KEY, key, + BUILD_SUBJECT, this->identity, + BUILD_NOT_BEFORE_TIME, this->notBefore, + BUILD_NOT_AFTER_TIME, this->notAfter, + BUILD_END); + return TRUE; + } + + return FALSE; +} + +METHOD(enumerator_t, cert_enumerator_destroy, void, + cert_enumerator_t *this) +{ + this->inner->destroy(this->inner); + this->response->destroy(this->response); + free(this); +} + +METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, + private_ipseckey_cred_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + char *fqdn = NULL; + resolver_response_t *response = NULL; + rr_set_t *rrset = NULL; + enumerator_t *rrsig_enum = NULL; + rr_t *rrsig = NULL; + bio_reader_t *reader = NULL; + chunk_t ignore; + u_int32_t nBefore, nAfter; + cert_enumerator_t *e; + + if (id && id->get_type(id) == ID_FQDN) + { + /** Query the DNS for the required IPSECKEY RRs */ + + if (0 >= asprintf(&fqdn, "%Y", id)) + { + DBG1(DBG_CFG, "empty FQDN string"); + return enumerator_create_empty(); + } + + DBG1(DBG_CFG, "performing a DNS query for IPSECKEY RRs of '%s'", + fqdn); + response = this->res->query(this->res, fqdn, RR_CLASS_IN, + RR_TYPE_IPSECKEY); + if (!response) + { + DBG1(DBG_CFG, " query for IPSECKEY RRs failed"); + free(fqdn); + return enumerator_create_empty(); + } + + if (!response->has_data(response) || + !response->query_name_exist(response)) + { + DBG1(DBG_CFG, " unable to retrieve IPSECKEY RRs from the DNS"); + response->destroy(response); + free(fqdn); + return enumerator_create_empty(); + } + + if (!(response->get_security_state(response) == SECURE)) + { + DBG1(DBG_CFG, " DNSSEC state of IPSECKEY RRs is not secure"); + response->destroy(response); + free(fqdn); + return enumerator_create_empty(); + } + + free(fqdn); + + /** Determine the validity period of the retrieved IPSECKEYs + * + * We use the "Signature Inception" and "Signature Expiration" field + * of the first RRSIG RR to determine the validity period of the + * IPSECKEY RRs. TODO: Take multiple RRSIGs into account. + */ + rrset = response->get_rr_set(response); + rrsig_enum = rrset->create_rrsig_enumerator(rrset); + if (!rrsig_enum || !rrsig_enum->enumerate(rrsig_enum, &rrsig)) + { + DBG1(DBG_CFG, " unable to determine the validity period of " + "IPSECKEY RRs because no RRSIGs are present"); + DESTROY_IF(rrsig_enum); + response->destroy(response); + return enumerator_create_empty(); + } + + /** + * Parse the RRSIG for its validity period (RFC 4034) + */ + reader = bio_reader_create(rrsig->get_rdata(rrsig)); + reader->read_data(reader, 8, &ignore); + reader->read_uint32(reader, &nAfter); + reader->read_uint32(reader, &nBefore); + reader->destroy(reader); + + /*Create and return an iterator over the retrieved IPSECKEYs */ + INIT(e, + .public = { + .enumerate = (void*)_cert_enumerator_enumerate, + .destroy = _cert_enumerator_destroy, + }, + .inner = response->get_rr_set(response)->create_rr_enumerator( + response->get_rr_set(response)), + .response = response, + .notBefore = nBefore, + .notAfter = nAfter, + .identity = id, + ); + + return &e->public; + } + + + return enumerator_create_empty(); +} + +METHOD(ipseckey_cred_t, destroy, void, + private_ipseckey_cred_t *this) +{ + this->res->destroy(this->res); + free(this); +} + +/** + * Described in header. + */ +ipseckey_cred_t *ipseckey_cred_create(resolver_t *res) +{ + private_ipseckey_cred_t *this; + + INIT(this, + .public = { + .set = { + .create_private_enumerator = (void*)return_null, + .create_cert_enumerator = _create_cert_enumerator, + .create_shared_enumerator = (void*)return_null, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .destroy = _destroy, + }, + .res = res, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.h b/src/libcharon/plugins/ipseckey/ipseckey_cred.h new file mode 100644 index 000000000..440020f5d --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ipseckey_cred_i ipseckey_cred + * @{ @ingroup ipseckey + */ + +#ifndef IPSECKEY_CRED_H_ +#define IPSECKEY_CRED_H_ + +#include <credentials/credential_set.h> +#include <resolver/resolver.h> + +typedef struct ipseckey_cred_t ipseckey_cred_t; + +/** + * IPSECKEY credential set. + * + * The ipseckey credential set contains IPSECKEYs as certificates of type + * pubkey_cert_t. + */ +struct ipseckey_cred_t { + + /** + * Implements credential_set_t interface + */ + credential_set_t set; + + /** + * Destroy the ipseckey_cred. + */ + void (*destroy)(ipseckey_cred_t *this); +}; + +/** + * Create an ipseckey_cred instance which uses the given resolver + * to query the DNS for IPSECKEY resource records. + * + * @param res resolver to use + * @return credential set + */ +ipseckey_cred_t *ipseckey_cred_create(resolver_t *res); + +#endif /** IPSECKEY_CRED_H_ @}*/ diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c new file mode 100644 index 000000000..9593cf939 --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ipseckey_plugin.h" + +#include <daemon.h> +#include "ipseckey_cred.h" + +typedef struct private_ipseckey_plugin_t private_ipseckey_plugin_t; + + +/** + * private data of the ipseckey plugin + */ +struct private_ipseckey_plugin_t { + + /** + * implements plugin interface + */ + ipseckey_plugin_t public; + + /** + * DNS resolver instance + */ + resolver_t *res; + + /** + * credential set + */ + ipseckey_cred_t *cred; + + /** + * IPSECKEY based authentication enabled + */ + bool enabled; +}; + +METHOD(plugin_t, get_name, char*, + private_ipseckey_plugin_t *this) +{ + return "ipseckey"; +} + +METHOD(plugin_t, destroy, void, + private_ipseckey_plugin_t *this) +{ + if (this->enabled) + { + lib->credmgr->remove_set(lib->credmgr, &this->cred->set); + } + DESTROY_IF(this->res); + DESTROY_IF(this->cred); + free(this); +} + +/* + * see header file + */ +plugin_t *ipseckey_plugin_create() +{ + private_ipseckey_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .res = lib->resolver->create(lib->resolver), + .enabled = lib->settings->get_bool(lib->settings, + "%s.plugins.ipseckey.enable", FALSE, charon->name), + ); + + if (!this->res) + { + DBG1(DBG_CFG, "failed to create a DNS resolver instance"); + destroy(this); + return NULL; + } + + if (this->enabled) + { + this->cred = ipseckey_cred_create(this->res); + lib->credmgr->add_set(lib->credmgr, &this->cred->set); + } + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.h b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h new file mode 100644 index 000000000..95acc79dd --- /dev/null +++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ipseckey ipseckey + * @ingroup cplugins + * + * @defgroup ipseckey_plugin ipseckey_plugin + * @{ @ingroup ipseckey + */ + +#ifndef IPSECKEY_PLUGIN_H_ +#define IPSECKEY_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct ipseckey_plugin_t ipseckey_plugin_t; + +/** + * IPSECKEY plugin + * + * The IPSECKEY plugin registers a credential set for IPSECKEYs. + * + * With this credential set it is possible to authenticate tunnel endpoints + * using IPSECKEY resource records which are retrieved from the DNS in a secure + * way (DNSSEC). + */ +struct ipseckey_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** IPSECKEY_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 63ce51f11..f10dbb96f 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -104,6 +121,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_led_la_SOURCES) DIST_SOURCES = $(libstrongswan_led_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -120,6 +142,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -136,6 +160,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -204,8 +229,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -261,7 +284,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -350,7 +372,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -358,6 +379,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index e238f443c..e382b266c 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -118,6 +135,11 @@ SOURCES = $(libstrongswan_load_tester_la_SOURCES) \ $(load_tester_SOURCES) DIST_SOURCES = $(libstrongswan_load_tester_la_SOURCES) \ $(load_tester_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -134,6 +156,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -150,6 +174,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -218,8 +243,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -275,7 +298,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -373,7 +395,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -381,6 +402,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -406,8 +429,11 @@ libstrongswan-load-tester.la: $(libstrongswan_load_tester_la_OBJECTS) $(libstron $(libstrongswan_load_tester_la_LINK) $(am_libstrongswan_load_tester_la_rpath) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index c6288c5d9..a64affde8 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -64,6 +64,11 @@ struct private_load_tester_config_t { proposal_t *proposal; /** + * ESP proposal + */ + proposal_t *esp; + + /** * Authentication method(s) to use/expect from initiator */ char *initiator_auth; @@ -154,6 +159,11 @@ struct private_load_tester_config_t { int prefix; /** + * Keep addresses until shutdown? + */ + bool keep; + + /** * Hashtable with leases in "pools", host_t => entry_t */ hashtable_t *leases; @@ -205,31 +215,77 @@ static bool equals(host_t *a, host_t *b) */ static void load_addrs(private_load_tester_config_t *this) { - enumerator_t *enumerator; - host_t *net; + enumerator_t *enumerator, *tokens; + host_t *from, *to; int bits; - char *iface, *cidr; + char *iface, *token, *pos; mem_pool_t *pool; - + this->keep = lib->settings->get_bool(lib->settings, + "%s.plugins.load-tester.addrs_keep", FALSE, charon->name); this->prefix = lib->settings->get_int(lib->settings, "%s.plugins.load-tester.addrs_prefix", 16, charon->name); enumerator = lib->settings->create_key_value_enumerator(lib->settings, "%s.plugins.load-tester.addrs", charon->name); - while (enumerator->enumerate(enumerator, &iface, &cidr)) + while (enumerator->enumerate(enumerator, &iface, &token)) { - net = host_create_from_subnet(cidr, &bits); - if (net) - { - DBG1(DBG_CFG, "loaded load-tester addresses %s", cidr); - pool = mem_pool_create(iface, net, bits); - net->destroy(net); - this->pools->insert_last(this->pools, pool); - } - else + tokens = enumerator_create_token(token, ",", " "); + while (tokens->enumerate(tokens, &token)) { - DBG1(DBG_CFG, "parsing load-tester addresses %s failed", cidr); + pos = strchr(token, '-'); + if (pos) + { /* range */ + *(pos++) = '\0'; + /* trim whitespace */ + while (*pos == ' ') + { + pos++; + } + while (token[strlen(token) - 1] == ' ') + { + token[strlen(token) - 1] = '\0'; + } + from = host_create_from_string(token, 0); + to = host_create_from_string(pos, 0); + if (from && to) + { + pool = mem_pool_create_range(iface, from, to); + if (pool) + { + DBG1(DBG_CFG, "loaded load-tester address range " + "%H-%H on %s", from, to, iface); + this->pools->insert_last(this->pools, pool); + } + from->destroy(from); + to->destroy(to); + } + else + { + DBG1(DBG_CFG, "parsing load-tester address range %s-%s " + "failed, skipped", token, pos); + DESTROY_IF(from); + DESTROY_IF(to); + } + } + else + { /* subnet */ + from = host_create_from_subnet(token, &bits); + if (from) + { + DBG1(DBG_CFG, "loaded load-tester address pool %H/%d on %s", + from, bits, iface); + pool = mem_pool_create(iface, from, bits); + from->destroy(from); + this->pools->insert_last(this->pools, pool); + } + else + { + DBG1(DBG_CFG, "parsing load-tester address %s failed, " + "skipped", token); + } + } } + tokens->destroy(tokens); } enumerator->destroy(enumerator); } @@ -369,7 +425,7 @@ static void add_ts(char *string, child_cfg_t *cfg, bool local) if (string) { - ts = traffic_selector_create_from_cidr(string, 0, 0); + ts = traffic_selector_create_from_cidr(string, 0, 0, 65535); if (!ts) { DBG1(DBG_CFG, "parsing TS string '%s' failed", string); @@ -450,7 +506,6 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; peer_cfg_t *peer_cfg; - proposal_t *proposal; char local[32], *remote; host_t *addr; lifetime_cfg_t lifetime = { @@ -491,7 +546,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) ike_cfg = ike_cfg_create(this->version, TRUE, FALSE, local, FALSE, this->port + num - 1, remote, FALSE, IKEV2_NATT_PORT, - FRAGMENTATION_NO); + FRAGMENTATION_NO, 0); } else { @@ -499,7 +554,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) local, FALSE, charon->socket->get_port(charon->socket, FALSE), remote, FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO); + FRAGMENTATION_NO, 0); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", ike_cfg, @@ -532,8 +587,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); - proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); - child_cfg->add_proposal(child_cfg, proposal); + child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp)); if (num) { /* initiator */ @@ -589,6 +643,11 @@ METHOD(load_tester_config_t, delete_ip, void, mem_pool_t *pool; entry_t *entry; + if (this->keep) + { + return; + } + this->mutex->lock(this->mutex); entry = this->leases->remove(this->leases, ip); this->mutex->unlock(this->mutex); @@ -610,14 +669,53 @@ METHOD(load_tester_config_t, delete_ip, void, } } +/** + * Clean up leases for allocated external addresses, if have been kept + */ +static void cleanup_leases(private_load_tester_config_t *this) +{ + enumerator_t *pools, *leases; + mem_pool_t *pool; + identification_t *id; + host_t *addr; + entry_t *entry; + bool online; + + pools = this->pools->create_enumerator(this->pools); + while (pools->enumerate(pools, &pool)) + { + leases = pool->create_lease_enumerator(pool); + while (leases->enumerate(leases, &id, &addr, &online)) + { + if (online) + { + hydra->kernel_interface->del_ip(hydra->kernel_interface, + addr, this->prefix, FALSE); + entry = this->leases->remove(this->leases, addr); + if (entry) + { + entry_destroy(entry); + } + } + } + leases->destroy(leases); + } + pools->destroy(pools); +} + METHOD(load_tester_config_t, destroy, void, private_load_tester_config_t *this) { + if (this->keep) + { + cleanup_leases(this); + } this->mutex->destroy(this->mutex); this->leases->destroy(this->leases); this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy)); this->peer_cfg->destroy(this->peer_cfg); DESTROY_IF(this->proposal); + DESTROY_IF(this->esp); DESTROY_IF(this->vip); free(this); } @@ -667,6 +765,15 @@ load_tester_config_t *load_tester_config_create() this->proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768"); } + this->esp = proposal_create_from_string(PROTO_ESP, + lib->settings->get_str(lib->settings, + "%s.plugins.load-tester.esp", "aes128-sha1", + charon->name)); + if (!this->esp) + { /* fallback */ + this->esp = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); + } + this->ike_rekey = lib->settings->get_int(lib->settings, "%s.plugins.load-tester.ike_rekey", 0, charon->name); this->child_rekey = lib->settings->get_int(lib->settings, diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index ded6b2d20..4f84845a3 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -70,7 +70,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, METHOD(kernel_ipsec_t, query_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + u_int32_t spi, u_int8_t protocol, mark_t mark, + u_int64_t *bytes, u_int64_t *packets) { return NOT_SUPPORTED; } @@ -145,4 +146,3 @@ load_tester_ipsec_t *load_tester_ipsec_create() return &this->public; } - diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c index 0192c8ff9..7e832ddc0 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.c +++ b/src/libcharon/plugins/load_tester/load_tester_listener.c @@ -133,4 +133,3 @@ load_tester_listener_t *load_tester_listener_create(u_int shutdown_on, return &this->public; } - diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index 26ab61ba8..3b7d3247c 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -113,6 +130,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_lookip_la_SOURCES) $(lookip_SOURCES) DIST_SOURCES = $(libstrongswan_lookip_la_SOURCES) $(lookip_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -129,6 +151,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -145,6 +169,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -213,8 +238,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -270,7 +293,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -363,7 +385,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -371,6 +392,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -396,8 +419,11 @@ libstrongswan-lookip.la: $(libstrongswan_lookip_la_OBJECTS) $(libstrongswan_look $(libstrongswan_lookip_la_LINK) $(am_libstrongswan_lookip_la_rpath) $(libstrongswan_lookip_la_OBJECTS) $(libstrongswan_lookip_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index bd6f08e9b..2e511a0a8 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_maemo_la_SOURCES) DIST_SOURCES = $(libstrongswan_maemo_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac DATA = $(dbusservice_DATA) ETAGS = etags CTAGS = ctags @@ -125,6 +147,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +165,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +234,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +289,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -360,7 +382,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -368,6 +389,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -429,8 +452,11 @@ clean-libtool: -rm -rf .libs _libs install-dbusserviceDATA: $(dbusservice_DATA) @$(NORMAL_INSTALL) - test -z "$(dbusservicedir)" || $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \ + fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 806e4cd65..d7539c2da 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -325,7 +325,8 @@ static gboolean initiate_connection(private_maemo_service_t *this, ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); + hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, + 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(this->current, ike_cfg, @@ -524,4 +525,3 @@ maemo_service_t *maemo_service_create() return &this->public; } - diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index afccfee91..af003c463 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -107,6 +124,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_medcli_la_SOURCES) DIST_SOURCES = $(libstrongswan_medcli_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +145,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +163,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +232,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +287,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -356,7 +378,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -364,6 +385,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 4be3dea02..2bff70307 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -63,7 +63,7 @@ static traffic_selector_t *ts_from_string(char *str) { traffic_selector_t *ts; - ts = traffic_selector_create_from_cidr(str, 0, 0); + ts = traffic_selector_create_from_cidr(str, 0, 0, 65535); if (ts) { return ts; @@ -105,7 +105,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), - address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO); + address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", ike_cfg, @@ -381,7 +381,7 @@ medcli_config_t *medcli_config_create(database_t *db) "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), "0.0.0.0", FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO), + FRAGMENTATION_NO, 0), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); @@ -389,4 +389,3 @@ medcli_config_t *medcli_config_create(database_t *db) return &this->public; } - diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 5d65aadc5..f679b11f1 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -107,6 +124,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_medsrv_la_SOURCES) DIST_SOURCES = $(libstrongswan_medsrv_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +145,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +163,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +232,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +287,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index be14380ea..06339220a 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -143,10 +143,9 @@ medsrv_config_t *medsrv_config_create(database_t *db) "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE), "0.0.0.0", FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO), + FRAGMENTATION_NO, 0), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); return &this->public; } - diff --git a/src/libcharon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h index fc8b0e972..03a41a7ce 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.h +++ b/src/libcharon/plugins/medsrv/medsrv_config.h @@ -15,7 +15,7 @@ /** * @defgroup medsrv_config_i medsrv_config - * @{ @ingroup medsrv + * @{ @ingroup medsrv_p */ #ifndef MEDSRV_CONFIG_H_ diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h index d08adf3bf..2079601af 100644 --- a/src/libcharon/plugins/medsrv/medsrv_creds.h +++ b/src/libcharon/plugins/medsrv/medsrv_creds.h @@ -15,7 +15,7 @@ /** * @defgroup medsrv_creds_i medsrv_creds - * @{ @ingroup medsrv + * @{ @ingroup medsrv_p */ #ifndef MEDSRV_CREDS_H_ diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h index 8736822ee..179fa3b3a 100644 --- a/src/libcharon/plugins/medsrv/medsrv_plugin.h +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h @@ -14,11 +14,11 @@ */ /** - * @defgroup medsrv medsrv + * @defgroup medsrv_p medsrv * @ingroup cplugins * * @defgroup medsrv_plugin medsrv_plugin - * @{ @ingroup medsrv + * @{ @ingroup medsrv_p */ #ifndef MEDSRV_PLUGIN_H_ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index b22a74e94..84faa1db6 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_radattr_la_SOURCES) DIST_SOURCES = $(libstrongswan_radattr_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 433d019c1..72f7deead 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -105,6 +122,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_smp_la_SOURCES) DIST_SOURCES = $(libstrongswan_smp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -121,6 +143,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -137,6 +161,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -205,8 +230,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -262,7 +285,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -352,7 +374,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -360,6 +381,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 5e947a7e9..e73d2003a 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_socket_default_la_SOURCES) DIST_SOURCES = $(libstrongswan_socket_default_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 51432c960..c0b744a68 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -55,6 +55,9 @@ #ifndef SOL_IPV6 #define SOL_IPV6 IPPROTO_IPV6 #endif +#ifndef IPV6_TCLASS +#define IPV6_TCLASS 67 +#endif /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that * previously defined IPV6_PKTINFO */ @@ -113,6 +116,26 @@ struct private_socket_default_socket_t { int ipv6_natt; /** + * DSCP value set on IPv4 socket + */ + u_int8_t dscp4; + + /** + * DSCP value set on IPv4 socket for NAT-T (4500 or natt) + */ + u_int8_t dscp4_natt; + + /** + * DSCP value set on IPv6 socket (500 or port) + */ + u_int8_t dscp6; + + /** + * DSCP value set on IPv6 socket for NAT-T (4500 or natt) + */ + u_int8_t dscp6_natt; + + /** * Maximum packet size to receive */ int max_packet; @@ -310,6 +333,7 @@ METHOD(socket_t, sender, status_t, struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; + u_int8_t *dscp; src = packet->get_source(packet); dst = packet->get_destination(packet); @@ -322,24 +346,34 @@ METHOD(socket_t, sender, status_t, family = dst->get_family(dst); if (sport == 0 || sport == this->port) { - if (family == AF_INET) - { - skt = this->ipv4; - } - else + switch (family) { - skt = this->ipv6; + case AF_INET: + skt = this->ipv4; + dscp = &this->dscp4; + break; + case AF_INET6: + skt = this->ipv6; + dscp = &this->dscp6; + break; + default: + return FAILED; } } else if (sport == this->natt) { - if (family == AF_INET) - { - skt = this->ipv4_natt; - } - else + switch (family) { - skt = this->ipv6_natt; + case AF_INET: + skt = this->ipv4_natt; + dscp = &this->dscp4_natt; + break; + case AF_INET6: + skt = this->ipv6_natt; + dscp = &this->dscp6_natt; + break; + default: + return FAILED; } } else @@ -348,6 +382,43 @@ METHOD(socket_t, sender, status_t, return FAILED; } + /* setting DSCP values per-packet in a cmsg seems not to be supported + * on Linux. We instead setsockopt() before sending it, this should be + * safe as only a single thread calls send(). */ + if (*dscp != packet->get_dscp(packet)) + { + if (family == AF_INET) + { + u_int8_t ds4; + + ds4 = packet->get_dscp(packet) << 2; + if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0) + { + *dscp = packet->get_dscp(packet); + } + else + { + DBG1(DBG_NET, "unable to set IP_TOS on socket: %s", + strerror(errno)); + } + } + else + { + u_int ds6; + + ds6 = packet->get_dscp(packet) << 2; + if (setsockopt(skt, SOL_IPV6, IPV6_TCLASS, &ds6, sizeof(ds6)) == 0) + { + *dscp = packet->get_dscp(packet); + } + else + { + DBG1(DBG_NET, "unable to set IPV6_TCLASS on socket: %s", + strerror(errno)); + } + } + } + memset(&msg, 0, sizeof(struct msghdr)); msg.msg_name = dst->get_sockaddr(dst);; msg.msg_namelen = *dst->get_sockaddr_len(dst); @@ -433,22 +504,24 @@ static int open_socket(private_socket_default_socket_t *this, int family, u_int16_t *port) { int on = TRUE; - struct sockaddr_storage addr; + union { + struct sockaddr sockaddr; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + } addr; socklen_t addrlen; u_int sol, pktinfo = 0; int skt; memset(&addr, 0, sizeof(addr)); - addr.ss_family = family; + addr.sockaddr.sa_family = family; /* precalculate constants depending on address family */ switch (family) { case AF_INET: - { - struct sockaddr_in *sin = (struct sockaddr_in *)&addr; - htoun32(&sin->sin_addr.s_addr, INADDR_ANY); - htoun16(&sin->sin_port, *port); - addrlen = sizeof(struct sockaddr_in); + addr.sin.sin_addr.s_addr = htonl(INADDR_ANY); + addr.sin.sin_port = htons(*port); + addrlen = sizeof(addr.sin); sol = SOL_IP; #ifdef IP_PKTINFO pktinfo = IP_PKTINFO; @@ -456,17 +529,13 @@ static int open_socket(private_socket_default_socket_t *this, pktinfo = IP_RECVDSTADDR; #endif break; - } case AF_INET6: - { - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr; - memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any)); - htoun16(&sin6->sin6_port, *port); - addrlen = sizeof(struct sockaddr_in6); + memcpy(&addr.sin6.sin6_addr, &in6addr_any, sizeof(in6addr_any)); + addr.sin6.sin6_port = htons(*port); + addrlen = sizeof(addr.sin6); sol = SOL_IPV6; pktinfo = IPV6_RECVPKTINFO; break; - } default: return 0; } @@ -485,7 +554,7 @@ static int open_socket(private_socket_default_socket_t *this, } /* bind the socket */ - if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0) + if (bind(skt, &addr.sockaddr, addrlen) < 0) { DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno)); close(skt); @@ -495,7 +564,7 @@ static int open_socket(private_socket_default_socket_t *this, /* retrieve randomly allocated port if needed */ if (*port == 0) { - if (getsockname(skt, (struct sockaddr *)&addr, &addrlen) < 0) + if (getsockname(skt, &addr.sockaddr, &addrlen) < 0) { DBG1(DBG_NET, "unable to determine port: %s", strerror(errno)); close(skt); @@ -504,17 +573,11 @@ static int open_socket(private_socket_default_socket_t *this, switch (family) { case AF_INET: - { - struct sockaddr_in *sin = (struct sockaddr_in *)&addr; - *port = untoh16(&sin->sin_port); + *port = ntohs(addr.sin.sin_port); break; - } case AF_INET6: - { - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr; - *port = untoh16(&sin6->sin6_port); + *port = ntohs(addr.sin6.sin6_port); break; - } } } @@ -642,4 +705,3 @@ socket_default_socket_t *socket_default_socket_create() return &this->public; } - diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index e3fe4334a..855c307a8 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES) DIST_SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 22868fce7..95fe34802 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -105,6 +122,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_sql_la_SOURCES) DIST_SOURCES = $(libstrongswan_sql_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -121,6 +143,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -137,6 +161,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -205,8 +230,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -262,7 +285,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -351,7 +373,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -359,6 +380,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 37bd86671..c3471a078 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -262,7 +262,7 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, local, FALSE, charon->socket->get_port(charon->socket, FALSE), remote, FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO); + FRAGMENTATION_NO, 0); add_ike_proposals(this, ike_cfg, id); return ike_cfg; } @@ -620,4 +620,3 @@ sql_config_t *sql_config_create(database_t *db) return &this->public; } - diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 38924708a..77497e2b9 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -109,6 +126,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_stroke_la_SOURCES) DIST_SOURCES = $(libstrongswan_stroke_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -125,6 +147,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +165,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +234,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +289,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -368,7 +390,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -376,6 +397,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 9f6124dc9..86f0fe431 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -234,7 +234,8 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.other.address, msg->add_conn.other.allow_any, msg->add_conn.other.ikeport, - msg->add_conn.fragmentation); + msg->add_conn.fragmentation, + msg->add_conn.ikedscp); add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); return ike_cfg; } @@ -447,39 +448,43 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, identity = identification_create_from_string(id); if (cert) { - certificate = this->cred->load_peer(this->cred, cert); - if (certificate) + enumerator_t *enumerator; + bool has_subject = FALSE; + certificate_t *first = NULL; + + enumerator = enumerator_create_token(cert, ",", " "); + while (enumerator->enumerate(enumerator, &cert)) { - if (local) - { - this->ca->check_for_hash_and_url(this->ca, certificate); - } - cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); - if (identity->get_type(identity) == ID_ANY || - !certificate->has_subject(certificate, identity)) + certificate = this->cred->load_peer(this->cred, cert); + if (certificate) { - DBG1(DBG_CFG, " id '%Y' not confirmed by certificate, " - "defaulting to '%Y'", identity, - certificate->get_subject(certificate)); - identity->destroy(identity); - identity = certificate->get_subject(certificate); - identity = identity->clone(identity); + if (local) + { + this->ca->check_for_hash_and_url(this->ca, certificate); + } + cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); + if (!first) + { + first = certificate; + } + if (identity->get_type(identity) != ID_ANY && + certificate->has_subject(certificate, identity)) + { + has_subject = TRUE; + } } } - } - if (identity->get_type(identity) != ID_ANY) - { - cfg->add(cfg, AUTH_RULE_IDENTITY, identity); - if (loose) + enumerator->destroy(enumerator); + + if (first && !has_subject) { - cfg->add(cfg, AUTH_RULE_IDENTITY_LOOSE, TRUE); + DBG1(DBG_CFG, " id '%Y' not confirmed by certificate, " + "defaulting to '%Y'", identity, first->get_subject(first)); + identity->destroy(identity); + identity = first->get_subject(first); + identity = identity->clone(identity); } } - else - { - identity->destroy(identity); - } - /* add raw RSA public key */ pubkey = end->rsakey; if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert")) @@ -491,6 +496,18 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); } } + if (identity->get_type(identity) != ID_ANY) + { + cfg->add(cfg, AUTH_RULE_IDENTITY, identity); + if (loose) + { + cfg->add(cfg, AUTH_RULE_IDENTITY_LOOSE, TRUE); + } + } + else + { + identity->destroy(identity); + } /* CA constraint */ if (ca) @@ -877,7 +894,7 @@ static void add_ts(private_stroke_config_t *this, if (end->tohost) { ts = traffic_selector_create_dynamic(end->protocol, - end->port ? end->port : 0, end->port ? end->port : 65535); + end->from_port, end->to_port); child_cfg->add_traffic_selector(child_cfg, local, ts); } else @@ -890,7 +907,7 @@ static void add_ts(private_stroke_config_t *this, if (net) { ts = traffic_selector_create_from_subnet(net, 0, end->protocol, - end->port); + end->from_port, end->to_port); child_cfg->add_traffic_selector(child_cfg, local, ts); } } @@ -902,8 +919,8 @@ static void add_ts(private_stroke_config_t *this, enumerator = enumerator_create_token(end->subnets, ",", " "); while (enumerator->enumerate(enumerator, &subnet)) { - ts = traffic_selector_create_from_cidr(subnet, - end->protocol, end->port); + ts = traffic_selector_create_from_cidr(subnet, end->protocol, + end->from_port, end->to_port); if (ts) { child_cfg->add_traffic_selector(child_cfg, local, ts); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 233d4088f..91130d1ee 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -33,6 +33,11 @@ struct private_stroke_control_t { * public functions */ stroke_control_t public; + + /** + * Timeout for stroke commands, im ms + */ + u_int timeout; }; @@ -97,8 +102,8 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) /** * call the charon controller to initiate the connection */ -static void charon_initiate(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, - stroke_msg_t *msg, FILE *out) +static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg, + child_cfg_t *child_cfg, stroke_msg_t *msg, FILE *out) { if (msg->output_verbosity < 0) { @@ -108,9 +113,27 @@ static void charon_initiate(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, else { stroke_log_info_t info = { msg->output_verbosity, out }; + status_t status; - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->initiate(charon->controller, + peer_cfg, child_cfg, (controller_cb_t)stroke_log, + &info, this->timeout); + switch (status) + { + case SUCCESS: + fprintf(out, "connection '%s' established successfully\n", + msg->initiate.name); + break; + case OUT_OF_RES: + fprintf(out, "connection '%s' not established after %dms, " + "detaching\n", msg->initiate.name, this->timeout); + break; + default: + case FAILED: + fprintf(out, "establishing connection '%s' failed\n", + msg->initiate.name); + break; + } } } @@ -133,7 +156,7 @@ METHOD(stroke_control_t, initiate, void, while (enumerator->enumerate(enumerator, &child_cfg)) { empty = FALSE; - charon_initiate(peer_cfg->get_ref(peer_cfg), + charon_initiate(this, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), msg, out); } enumerator->destroy(enumerator); @@ -169,7 +192,7 @@ METHOD(stroke_control_t, initiate, void, return; } } - charon_initiate(peer_cfg, child_cfg, msg, out); + charon_initiate(this, peer_cfg, child_cfg, msg, out); } /** @@ -239,6 +262,41 @@ static bool parse_specifier(char *string, u_int32_t *id, return TRUE; } +/** + * Report the result of a terminate() call to console + */ +static void report_terminate_status(private_stroke_control_t *this, + status_t status, FILE *out, u_int32_t id, bool child) +{ + char *prefix, *postfix; + + if (child) + { + prefix = "CHILD_SA {"; + postfix = "}"; + } + else + { + prefix = "IKE_SA ["; + postfix = "]"; + } + + switch (status) + { + case SUCCESS: + fprintf(out, "%s%d%s closed successfully\n", prefix, id, postfix); + break; + case OUT_OF_RES: + fprintf(out, "%s%d%s not closed after %dms, detaching\n", + prefix, id, postfix, this->timeout); + break; + default: + case FAILED: + fprintf(out, "closing %s%d%s failed\n", prefix, id, postfix); + break; + } +} + METHOD(stroke_control_t, terminate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { @@ -250,6 +308,7 @@ METHOD(stroke_control_t, terminate, void, linked_list_t *ike_list, *child_list; stroke_log_info_t info; uintptr_t del; + status_t status; if (!parse_specifier(msg->terminate.name, &id, &name, &child, &all)) { @@ -264,15 +323,15 @@ METHOD(stroke_control_t, terminate, void, { if (child) { - charon->controller->terminate_child(charon->controller, id, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->terminate_child(charon->controller, id, + (controller_cb_t)stroke_log, &info, this->timeout); } else { - charon->controller->terminate_ike(charon->controller, id, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->terminate_ike(charon->controller, id, + (controller_cb_t)stroke_log, &info, this->timeout); } - return; + return report_terminate_status(this, status, out, id, child); } ike_list = linked_list_create(); @@ -320,16 +379,18 @@ METHOD(stroke_control_t, terminate, void, enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { - charon->controller->terminate_child(charon->controller, del, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->terminate_child(charon->controller, del, + (controller_cb_t)stroke_log, &info, this->timeout); + report_terminate_status(this, status, out, del, TRUE); } enumerator->destroy(enumerator); enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { - charon->controller->terminate_ike(charon->controller, del, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->terminate_ike(charon->controller, del, + (controller_cb_t)stroke_log, &info, this->timeout); + report_terminate_status(this, status, out, del, FALSE); } enumerator->destroy(enumerator); @@ -487,6 +548,7 @@ METHOD(stroke_control_t, purge_ike, void, linked_list_t *list; uintptr_t del; stroke_log_info_t info; + status_t status; info.out = out; info.level = msg->output_verbosity; @@ -509,8 +571,9 @@ METHOD(stroke_control_t, purge_ike, void, enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { - charon->controller->terminate_ike(charon->controller, del, - (controller_cb_t)stroke_log, &info, 0); + status = charon->controller->terminate_ike(charon->controller, del, + (controller_cb_t)stroke_log, &info, this->timeout); + report_terminate_status(this, status, out, del, TRUE); } enumerator->destroy(enumerator); list->destroy(list); @@ -670,8 +733,9 @@ stroke_control_t *stroke_control_create() .unroute = _unroute, .destroy = _destroy, }, + .timeout = lib->settings->get_int(lib->settings, + "%s.plugins.stroke.timeout", 0, charon->name), ); return &this->public; } - diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c index 56eda945a..5fa1fb165 100644 --- a/src/libcharon/plugins/stroke/stroke_counter.c +++ b/src/libcharon/plugins/stroke/stroke_counter.c @@ -16,6 +16,7 @@ #include "stroke_counter.h" #include <threading/spinlock.h> +#include <collections/hashtable.h> ENUM(stroke_counter_type_names, COUNTER_INIT_IKE_SA_REKEY, COUNTER_OUT_INFORMATIONAL_RSP, @@ -55,16 +56,98 @@ struct private_stroke_counter_t { stroke_counter_t public; /** - * Counter values + * Global counter values */ u_int64_t counter[COUNTER_MAX]; /** + * Counters for specific connection names, char* => entry_t + */ + hashtable_t *conns; + + /** * Lock for counter values */ spinlock_t *lock; }; +/** + * Counters for a specific connection name + */ +typedef struct { + /** connection name */ + char *name; + /** counter values for connection */ + u_int64_t counter[COUNTER_MAX]; +} entry_t; + +/** + * Destroy named entry + */ +static void destroy_entry(entry_t *this) +{ + free(this->name); + free(this); +} + +/** + * Hashtable hash function + */ +static u_int hash(char *name) +{ + return chunk_hash(chunk_from_str(name)); +} + +/** + * Hashtable equals function + */ +static bool equals(char *a, char *b) +{ + return streq(a, b); +} + +/** + * Get the name of an IKE_SA, but return NULL if it is not known yet + */ +static char *get_ike_sa_name(ike_sa_t *ike_sa) +{ + peer_cfg_t *peer_cfg; + + if (ike_sa) + { + peer_cfg = ike_sa->get_peer_cfg(ike_sa); + if (peer_cfg) + { + return peer_cfg->get_name(peer_cfg); + } + } + return NULL; +} + +/** + * Increase a counter for a named entry + */ +static void count_named(private_stroke_counter_t *this, + ike_sa_t *ike_sa, stroke_counter_type_t type) +{ + entry_t *entry; + char *name; + + name = get_ike_sa_name(ike_sa); + if (name) + { + entry = this->conns->get(this->conns, name); + if (!entry) + { + INIT(entry, + .name = strdup(name), + ); + this->conns->put(this->conns, entry->name, entry); + } + entry->counter[type]++; + } +} + METHOD(listener_t, alert, bool, private_stroke_counter_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args) @@ -86,6 +169,7 @@ METHOD(listener_t, alert, bool, this->lock->lock(this->lock); this->counter[type]++; + count_named(this, ike_sa, type); this->lock->unlock(this->lock); return TRUE; @@ -109,6 +193,7 @@ METHOD(listener_t, ike_rekey, bool, this->lock->lock(this->lock); this->counter[type]++; + count_named(this, old, type); this->lock->unlock(this->lock); return TRUE; @@ -120,6 +205,7 @@ METHOD(listener_t, child_rekey, bool, { this->lock->lock(this->lock); this->counter[COUNTER_CHILD_SA_REKEY]++; + count_named(this, ike_sa, COUNTER_CHILD_SA_REKEY); this->lock->unlock(this->lock); return TRUE; @@ -194,18 +280,94 @@ METHOD(listener_t, message_hook, bool, this->lock->lock(this->lock); this->counter[type]++; + count_named(this, ike_sa, type); this->lock->unlock(this->lock); return TRUE; } -METHOD(stroke_counter_t, print, void, - private_stroke_counter_t *this, FILE *out) +/** + * Print a single counter value to out + */ +static void print_counter(FILE *out, stroke_counter_type_t type, + u_int64_t counter) +{ + fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter); +} + +/** + * Print IKE counters for a specific connection + */ +static void print_one(private_stroke_counter_t *this, FILE *out, char *name) +{ + u_int64_t counter[COUNTER_MAX]; + entry_t *entry; + int i; + + this->lock->lock(this->lock); + entry = this->conns->get(this->conns, name); + if (entry) + { + for (i = 0; i < countof(this->counter); i++) + { + counter[i] = entry->counter[i]; + } + } + this->lock->unlock(this->lock); + + if (entry) + { + fprintf(out, "\nList of IKE counters for '%s':\n\n", name); + for (i = 0; i < countof(this->counter); i++) + { + print_counter(out, i, counter[i]); + } + } + else + { + fprintf(out, "No IKE counters found for '%s'\n", name); + } +} + +/** + * Print counters for all connections + */ +static void print_all(private_stroke_counter_t *this, FILE *out) +{ + enumerator_t *enumerator; + entry_t *entry; + linked_list_t *list; + char *name; + + list = linked_list_create(); + + this->lock->lock(this->lock); + enumerator = this->conns->create_enumerator(this->conns); + while (enumerator->enumerate(enumerator, &name, &entry)) + { + list->insert_last(list, strdup(name)); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &name)) + { + print_one(this, out, name); + } + enumerator->destroy(enumerator); + + list->destroy_function(list, free); +} + +/** + * Print global counters + */ +static void print_global(private_stroke_counter_t *this, FILE *out) { u_int64_t counter[COUNTER_MAX]; int i; - /* Take a snapshot to have congruent results, */ this->lock->lock(this->lock); for (i = 0; i < countof(this->counter); i++) { @@ -215,16 +377,61 @@ METHOD(stroke_counter_t, print, void, fprintf(out, "\nList of IKE counters:\n\n"); - /* but do blocking write without the lock. */ for (i = 0; i < countof(this->counter); i++) { - fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, i, counter[i]); + print_counter(out, i, counter[i]); } } +METHOD(stroke_counter_t, print, void, + private_stroke_counter_t *this, FILE *out, char *name) +{ + if (name) + { + if (streq(name, "all")) + { + return print_all(this, out); + } + return print_one(this, out, name); + } + return print_global(this, out); +} + +METHOD(stroke_counter_t, reset, void, + private_stroke_counter_t *this, char *name) +{ + this->lock->lock(this->lock); + if (name) + { + entry_t *entry; + + entry = this->conns->remove(this->conns, name); + if (entry) + { + destroy_entry(entry); + } + } + else + { + memset(&this->counter, 0, sizeof(this->counter)); + } + this->lock->unlock(this->lock); +} + METHOD(stroke_counter_t, destroy, void, private_stroke_counter_t *this) { + enumerator_t *enumerator; + char *name; + entry_t *entry; + + enumerator = this->conns->create_enumerator(this->conns); + while (enumerator->enumerate(enumerator, &name, &entry)) + { + destroy_entry(entry); + } + enumerator->destroy(enumerator); + this->conns->destroy(this->conns); this->lock->destroy(this->lock); free(this); } @@ -245,8 +452,11 @@ stroke_counter_t *stroke_counter_create() .message = _message_hook, }, .print = _print, + .reset = _reset, .destroy = _destroy, }, + .conns = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 4), .lock = spinlock_create(), ); diff --git a/src/libcharon/plugins/stroke/stroke_counter.h b/src/libcharon/plugins/stroke/stroke_counter.h index efaae0d6f..fecf39f56 100644 --- a/src/libcharon/plugins/stroke/stroke_counter.h +++ b/src/libcharon/plugins/stroke/stroke_counter.h @@ -87,8 +87,16 @@ struct stroke_counter_t { * Print counter values to an output stream. * * @param out output stream to write to + * @param name connection name to get counters for, NULL for global */ - void (*print)(stroke_counter_t *this, FILE *out); + void (*print)(stroke_counter_t *this, FILE *out, char *name); + + /** + * Reset global or connection specific counters. + * + * @param name name of connection counters to reset, NULL for global + */ + void (*reset)(stroke_counter_t *this, char *name); /** * Destroy a stroke_counter_t. diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index c401bc6f1..eda746f7e 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -701,7 +701,7 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, /** * Load a smartcard with a PIN */ -static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, +static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, FILE *prompt) { chunk_t sc = chunk_empty, secret = chunk_empty; @@ -796,7 +796,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); - this->creds->add_key(this->creds, key); + secrets->add_key(secrets, key); } return TRUE; } @@ -804,7 +804,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, /** * Load a private key */ -static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, +static bool load_private(mem_cred_t *secrets, chunk_t line, int line_nr, FILE *prompt, key_type_t key_type) { char path[PATH_MAX]; @@ -894,7 +894,7 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, { DBG1(DBG_CFG, " loaded %N private key from '%s'", key_type_names, key->get_type(key), path); - this->creds->add_key(this->creds, key); + secrets->add_key(secrets, key); } else { @@ -906,7 +906,7 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, /** * Load a shared key */ -static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, +static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr, shared_key_type_t type, chunk_t ids) { shared_key_t *shared_key; @@ -961,15 +961,15 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, owners->insert_last(owners, identification_create_from_encoding(ID_ANY, chunk_empty)); } - this->creds->add_shared_list(this->creds, shared_key, owners); + secrets->add_shared_list(secrets, shared_key, owners); return TRUE; } /** * reload ipsec.secrets */ -static void load_secrets(private_stroke_cred_t *this, char *file, int level, - FILE *prompt) +static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets, + char *file, int level, FILE *prompt) { int line_nr = 0, fd; chunk_t src, line; @@ -991,6 +991,11 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, close(fd); return; } + if (sb.st_size == 0) + { /* skip empty files, as mmap() complains */ + close(fd); + return; + } addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (addr == MAP_FAILED) { @@ -1000,9 +1005,9 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } src = chunk_create(addr, sb.st_size); - if (level == 0) - { /* flush secrets on non-recursive invocation */ - this->creds->clear_secrets(this->creds); + if (!secrets) + { + secrets = mem_cred_create(); } while (fetchline(&src, &line)) @@ -1072,14 +1077,15 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) { - load_secrets(this, *expanded, level + 1, prompt); + load_secrets(this, secrets, *expanded, level + 1, + prompt); } } globfree(&buf); } #else /* HAVE_GLOB_H */ /* if glob(3) is not available, try to load pattern directly */ - load_secrets(this, pattern, level + 1, prompt); + load_secrets(this, secrets, pattern, level + 1, prompt); #endif /* HAVE_GLOB_H */ continue; } @@ -1109,7 +1115,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } if (match("RSA", &token) || match("ECDSA", &token)) { - if (!load_private(this, line, line_nr, prompt, + if (!load_private(secrets, line, line_nr, prompt, match("RSA", &token) ? KEY_RSA : KEY_ECDSA)) { break; @@ -1117,7 +1123,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } else if (match("PIN", &token)) { - if (!load_pin(this, line, line_nr, prompt)) + if (!load_pin(secrets, line, line_nr, prompt)) { break; } @@ -1127,7 +1133,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, (match("NTLM", &token) && (type = SHARED_NT_HASH)) || (match("XAUTH", &token) && (type = SHARED_EAP))) { - if (!load_shared(this, line, line_nr, type, ids)) + if (!load_shared(secrets, line, line_nr, type, ids)) { break; } @@ -1141,6 +1147,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } munmap(addr, sb.st_size); close(fd); + + if (level == 0) + { /* replace secrets in active credential set */ + this->creds->replace_secrets(this->creds, secrets, FALSE); + secrets->destroy(secrets); + } } /** @@ -1175,7 +1187,7 @@ METHOD(stroke_cred_t, reread, void, if (msg->reread.flags & REREAD_SECRETS) { DBG1(DBG_CFG, "rereading secrets"); - load_secrets(this, SECRETS_FILE, 0, prompt); + load_secrets(this, NULL, SECRETS_FILE, 0, prompt); } if (msg->reread.flags & REREAD_CACERTS) { @@ -1258,8 +1270,7 @@ stroke_cred_t *stroke_cred_create() FALSE, charon->name); load_certs(this); - load_secrets(this, SECRETS_FILE, 0, NULL); + load_secrets(this, NULL, SECRETS_FILE, 0, NULL); return &this->public; } - diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index b3a20a6c7..a2e1c80a5 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -205,7 +205,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { time_t use_in, use_out, rekey, now; - u_int64_t bytes_in, bytes_out; + u_int64_t bytes_in, bytes_out, packets_in, packets_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); @@ -273,18 +273,24 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } - child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); + child_sa->get_usestats(child_sa, TRUE, + &use_in, &bytes_in, &packets_in); fprintf(out, ", %" PRIu64 " bytes_i", bytes_in); if (use_in) { - fprintf(out, " (%" PRIu64 "s ago)", (u_int64_t)(now - use_in)); + fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", + packets_in, (packets_in == 1) ? "": "s", + (u_int64_t)(now - use_in)); } - child_sa->get_usestats(child_sa, FALSE, &use_out, &bytes_out); + child_sa->get_usestats(child_sa, FALSE, + &use_out, &bytes_out, &packets_out); fprintf(out, ", %" PRIu64 " bytes_o", bytes_out); if (use_out) { - fprintf(out, " (%" PRIu64 "s ago)", (u_int64_t)(now - use_out)); + fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", + packets_out, (packets_out == 1) ? "": "s", + (u_int64_t)(now - use_out)); } fprintf(out, ", rekeying "); @@ -1242,7 +1248,7 @@ static void list_algs(FILE *out) int len; fprintf(out, "\n"); - fprintf(out, "List of registered IKEv2 Algorithms:\n"); + fprintf(out, "List of registered IKE algorithms:\n"); fprintf(out, "\n encryption:"); len = 13; enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); @@ -1541,4 +1547,3 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) return &this->public; } - diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 2771f0146..aa5c73b8b 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -388,17 +388,14 @@ static void stroke_status(private_stroke_socket_t *this, /** * list various information */ -static void stroke_list(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) +static void stroke_list(private_stroke_socket_t *this, stroke_msg_t *msg, + FILE *out) { if (msg->list.flags & LIST_CAINFOS) { this->ca->list(this->ca, msg, out); } this->list->list(this->list, msg, out); - if (msg->list.flags & LIST_COUNTERS) - { - this->counter->print(this->counter, out); - } } /** @@ -505,6 +502,24 @@ static void stroke_user_creds(private_stroke_socket_t *this, } /** + * Print stroke counter values + */ +static void stroke_counters(private_stroke_socket_t *this, + stroke_msg_t *msg, FILE *out) +{ + pop_string(msg, &msg->counters.name); + + if (msg->counters.reset) + { + this->counter->reset(this->counter, msg->counters.name); + } + else + { + this->counter->print(this->counter, out, msg->counters.name); + } +} + +/** * set the verbosity debug output */ static void stroke_loglevel(private_stroke_socket_t *this, @@ -516,11 +531,18 @@ static void stroke_loglevel(private_stroke_socket_t *this, DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); - group = enum_from_name(debug_names, msg->loglevel.type); - if ((int)group < 0) + if (strcaseeq(msg->loglevel.type, "any")) { - fprintf(out, "invalid type (%s)!\n", msg->loglevel.type); - return; + group = DBG_ANY; + } + else + { + group = enum_from_name(debug_names, msg->loglevel.type); + if ((int)group < 0) + { + fprintf(out, "invalid type (%s)!\n", msg->loglevel.type); + return; + } } charon->set_level(charon, group, msg->loglevel.level); } @@ -665,6 +687,9 @@ static job_requeue_t process(stroke_job_context_t *ctx) case STR_USER_CREDS: stroke_user_creds(this, msg, out); break; + case STR_COUNTERS: + stroke_counters(this, msg, out); + break; default: DBG1(DBG_CFG, "received unknown stroke"); break; @@ -855,4 +880,3 @@ stroke_socket_t *stroke_socket_create() return &this->public; } - diff --git a/src/libcharon/plugins/systime_fix/Makefile.am b/src/libcharon/plugins/systime_fix/Makefile.am new file mode 100644 index 000000000..a1f843db7 --- /dev/null +++ b/src/libcharon/plugins/systime_fix/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-systime-fix.la +else +plugin_LTLIBRARIES = libstrongswan-systime-fix.la +endif + +libstrongswan_systime_fix_la_SOURCES = \ + systime_fix_validator.h systime_fix_validator.c \ + systime_fix_plugin.h systime_fix_plugin.c + +libstrongswan_systime_fix_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in new file mode 100644 index 000000000..56dc0b366 --- /dev/null +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -0,0 +1,658 @@ +# Makefile.in generated by automake 1.11.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/systime_fix +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_systime_fix_la_LIBADD = +am_libstrongswan_systime_fix_la_OBJECTS = systime_fix_validator.lo \ + systime_fix_plugin.lo +libstrongswan_systime_fix_la_OBJECTS = \ + $(am_libstrongswan_systime_fix_la_OBJECTS) +libstrongswan_systime_fix_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_systime_fix_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_systime_fix_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_systime_fix_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_systime_fix_la_SOURCES) +DIST_SOURCES = $(libstrongswan_systime_fix_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-systime-fix.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-systime-fix.la +libstrongswan_systime_fix_la_SOURCES = \ + systime_fix_validator.h systime_fix_validator.c \ + systime_fix_plugin.h systime_fix_plugin.c + +libstrongswan_systime_fix_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-systime-fix.la: $(libstrongswan_systime_fix_la_OBJECTS) $(libstrongswan_systime_fix_la_DEPENDENCIES) $(EXTRA_libstrongswan_systime_fix_la_DEPENDENCIES) + $(libstrongswan_systime_fix_la_LINK) $(am_libstrongswan_systime_fix_la_rpath) $(libstrongswan_systime_fix_la_OBJECTS) $(libstrongswan_systime_fix_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/systime_fix_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/systime_fix_validator.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c new file mode 100644 index 000000000..7727ba03b --- /dev/null +++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "systime_fix_plugin.h" +#include "systime_fix_validator.h" + +#include <daemon.h> +#include <processing/jobs/callback_job.h> +#include <processing/jobs/delete_ike_sa_job.h> +#include <processing/jobs/rekey_ike_sa_job.h> + +#include <time.h> + +/** + * Defining _XOPEN_SOURCE is difficult with libstrongswan includes, + * declare function explicitly. + */ +char *strptime(const char *s, const char *format, struct tm *tm); + +typedef struct private_systime_fix_plugin_t private_systime_fix_plugin_t; + +/** + * Private data of systime_fix plugin + */ +struct private_systime_fix_plugin_t { + + /** + * Implements plugin interface + */ + systime_fix_plugin_t public; + + /** + * Certificate lifetime validator + */ + systime_fix_validator_t *validator; + + /** + * Interval we check for a now-valid system time, in seconds. 0 if disabled + */ + u_int interval; + + /** + * Timestamp where we start considering system time valid + */ + time_t threshold; + + /** + * Do we trigger reauth or delete when finding expired certificates? + */ + bool reauth; +}; + +METHOD(plugin_t, get_name, char*, + private_systime_fix_plugin_t *this) +{ + return "systime-fix"; +} + +METHOD(plugin_t, destroy, void, + private_systime_fix_plugin_t *this) +{ + if (this->validator) + { + lib->credmgr->remove_validator(lib->credmgr, &this->validator->validator); + this->validator->destroy(this->validator); + } + free(this); +} + +/** + * Check if all certificates associated to an IKE_SA have valid lifetimes + */ +static bool has_invalid_certs(ike_sa_t *ike_sa) +{ + enumerator_t *cfgs, *items; + certificate_t *cert; + auth_rule_t type; + auth_cfg_t *auth; + time_t not_before, not_after; + bool valid = TRUE; + + cfgs = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE); + while (valid && cfgs->enumerate(cfgs, &auth)) + { + items = auth->create_enumerator(auth); + while (valid && items->enumerate(items, &type, &cert)) + { + switch (type) + { + case AUTH_RULE_SUBJECT_CERT: + case AUTH_RULE_IM_CERT: + case AUTH_RULE_CA_CERT: + if (!cert->get_validity(cert, NULL, ¬_before, ¬_after)) + { + DBG1(DBG_CFG, "certificate '%Y' invalid " + "(valid from %T to %T)", cert->get_subject(cert), + ¬_before, FALSE, ¬_after, FALSE); + valid = FALSE; + } + break; + default: + break; + } + } + items->destroy(items); + } + cfgs->destroy(cfgs); + + if (valid) + { + DBG1(DBG_CFG, "all certificates have valid lifetimes"); + } + return !valid; +} + +/** + * Check system time, reevaluate certificates + */ +static job_requeue_t check_systime(private_systime_fix_plugin_t *this) +{ + enumerator_t *enumerator; + ike_sa_t *ike_sa; + char *action; + job_t *job; + + if (time(NULL) < this->threshold) + { + DBG2(DBG_CFG, "systime not valid, rechecking in %ds", this->interval); + lib->scheduler->schedule_job(lib->scheduler, (job_t*) + callback_job_create((callback_job_cb_t)check_systime, this, + NULL, NULL), this->interval); + return JOB_REQUEUE_NONE; + } + + DBG1(DBG_CFG, "system time got valid, rechecking certificates"); + + enumerator = charon->ike_sa_manager->create_enumerator( + charon->ike_sa_manager, TRUE); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + if (has_invalid_certs(ike_sa)) + { + if (this->reauth) + { + action = "reauthenticating"; + job = &rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), + TRUE)->job_interface; + } + else + { + action = "deleting"; + job = &delete_ike_sa_job_create(ike_sa->get_id(ike_sa), + TRUE)->job_interface; + } + DBG1(DBG_CFG, "%s[%d] has certificates not valid, %s IKE_SA", + ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), + action); + lib->processor->queue_job(lib->processor, job); + } + } + enumerator->destroy(enumerator); + + return JOB_REQUEUE_NONE; +} + +/** + * Load cert lifetime validator configuration + */ +static bool load_validator(private_systime_fix_plugin_t *this) +{ + struct tm tm = { + .tm_mday = 1, + }; + char *str, *fmt; + + fmt = lib->settings->get_str(lib->settings, + "%s.plugins.%s.threshold_format", "%Y", charon->name, get_name(this)); + str = lib->settings->get_str(lib->settings, + "%s.plugins.%s.threshold", NULL, charon->name, get_name(this)); + if (!str) + { + DBG1(DBG_CFG, "no threshold configured for %s, disabled", + get_name(this)); + return FALSE; + } + if (strptime(str, fmt, &tm) == NULL) + { + DBG1(DBG_CFG, "threshold for %s invalid, disabled", get_name(this)); + return FALSE; + } + this->threshold = mktime(&tm); + if (this->threshold == -1) + { + DBG1(DBG_CFG, "converting threshold for %s failed, disabled", + get_name(this)); + return FALSE; + } + if (time(NULL) >= this->threshold) + { + DBG1(DBG_CFG, "system time looks good, disabling %s", get_name(this)); + return FALSE; + } + + DBG1(DBG_CFG, "enabling %s, threshold: %s", get_name(this), asctime(&tm)); + this->validator = systime_fix_validator_create(this->threshold); + lib->credmgr->add_validator(lib->credmgr, &this->validator->validator); + + return TRUE; +} + +/** + * Plugin constructor + */ +plugin_t *systime_fix_plugin_create() +{ + private_systime_fix_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .interval = lib->settings->get_int(lib->settings, + "%s.plugins.%s.interval", 0, charon->name, get_name(this)), + .reauth = lib->settings->get_bool(lib->settings, + "%s.plugins.%s.reauth", FALSE, charon->name, get_name(this)), + ); + + if (load_validator(this)) + { + if (this->interval != 0) + { + DBG1(DBG_CFG, "starting systime check, interval: %ds", + this->interval); + lib->scheduler->schedule_job(lib->scheduler, (job_t*) + callback_job_create((callback_job_cb_t)check_systime, this, + NULL, NULL), this->interval); + } + } + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.h b/src/libcharon/plugins/systime_fix/systime_fix_plugin.h new file mode 100644 index 000000000..402659539 --- /dev/null +++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup systime_fix systime_fix + * @ingroup cplugins + * + * @defgroup systime_fix_plugin systime_fix_plugin + * @{ @ingroup systime_fix + */ + +#ifndef SYSTIME_FIX_PLUGIN_H_ +#define SYSTIME_FIX_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct systime_fix_plugin_t systime_fix_plugin_t; + +/** + * Plugin handling cert lifetimes gracefully if system time is out of sync. + */ +struct systime_fix_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** SYSTIME_FIX_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/systime_fix/systime_fix_validator.c b/src/libcharon/plugins/systime_fix/systime_fix_validator.c new file mode 100644 index 000000000..340e86cbc --- /dev/null +++ b/src/libcharon/plugins/systime_fix/systime_fix_validator.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "systime_fix_validator.h" + +#include <errno.h> +#include <time.h> + +#include <daemon.h> + +typedef struct private_systime_fix_validator_t private_systime_fix_validator_t; + +/** + * Private data of an systime_fix_validator_t object. + */ +struct private_systime_fix_validator_t { + + /** + * Public systime_fix_validator_t interface. + */ + systime_fix_validator_t public; + + /** + * Timestamp where we start to consider system time valid + */ + time_t threshold; +}; + +METHOD(cert_validator_t, check_lifetime, status_t, + private_systime_fix_validator_t *this, certificate_t *cert, + int pathlen, bool anchor, auth_cfg_t *auth) +{ + if (time(NULL) < this->threshold) + { + /* our system time seems to be invalid, accept certificate */ + if (pathlen) + { /* report only once per validated chain */ + DBG1(DBG_CFG, "system time out of sync, skipping certificate " + "lifetime check"); + } + return SUCCESS; + } + /* validate this certificate normally */ + return NEED_MORE; +} + +METHOD(systime_fix_validator_t, destroy, void, + private_systime_fix_validator_t *this) +{ + free(this); +} + +/** + * See header + */ +systime_fix_validator_t *systime_fix_validator_create(time_t threshold) +{ + private_systime_fix_validator_t *this; + + INIT(this, + .public = { + .validator = { + .check_lifetime = _check_lifetime, + }, + .destroy = _destroy, + }, + .threshold = threshold, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/systime_fix/systime_fix_validator.h b/src/libcharon/plugins/systime_fix/systime_fix_validator.h new file mode 100644 index 000000000..3e651fd91 --- /dev/null +++ b/src/libcharon/plugins/systime_fix/systime_fix_validator.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup systime_fix_validator systime_fix_validator + * @{ @ingroup systime_fix + */ + +#ifndef SYSTIME_FIX_VALIDATOR_H_ +#define SYSTIME_FIX_VALIDATOR_H_ + +#include <credentials/cert_validator.h> + +typedef struct systime_fix_validator_t systime_fix_validator_t; + +/** + * Validator that accepts cert lifetimes if system time is out of sync. + */ +struct systime_fix_validator_t { + + /** + * Implements cert_validator_t interface. + */ + cert_validator_t validator; + + /** + * Destroy a systime_fix_validator_t. + */ + void (*destroy)(systime_fix_validator_t *this); +}; + +/** + * Create a systime_fix_validator instance. + */ +systime_fix_validator_t *systime_fix_validator_create(); + +#endif /** SYSTIME_FIX_VALIDATOR_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.am b/src/libcharon/plugins/tnc_ifmap/Makefile.am index b8a57b119..36d9316d7 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.am +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.am @@ -1,21 +1,29 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon ${axis2c_CFLAGS} +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + ${xml_CFLAGS} AM_CFLAGS = -rdynamic -libstrongswan_tnc_ifmap_la_LIBADD = ${axis2c_LIBS} -laxutil -laxis2_engine -laxis2_http_sender - if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-ifmap.la else plugin_LTLIBRARIES = libstrongswan-tnc-ifmap.la endif +libstrongswan_tnc_ifmap_la_LIBADD = \ + $(top_builddir)/src/libtls/libtls.la ${xml_LIBS} + libstrongswan_tnc_ifmap_la_SOURCES = \ tnc_ifmap_plugin.h tnc_ifmap_plugin.c \ tnc_ifmap_listener.h tnc_ifmap_listener.c \ - tnc_ifmap_soap.h tnc_ifmap_soap.c + tnc_ifmap_soap.h tnc_ifmap_soap.c \ + tnc_ifmap_soap_msg.h tnc_ifmap_soap_msg.c \ + tnc_ifmap_http.h tnc_ifmap_http.c \ + tnc_ifmap_renew_session_job.h tnc_ifmap_renew_session_job.c libstrongswan_tnc_ifmap_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 6d2802c65..96912c618 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -82,9 +99,11 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = -libstrongswan_tnc_ifmap_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +libstrongswan_tnc_ifmap_la_DEPENDENCIES = \ + $(top_builddir)/src/libtls/libtls.la $(am__DEPENDENCIES_1) am_libstrongswan_tnc_ifmap_la_OBJECTS = tnc_ifmap_plugin.lo \ - tnc_ifmap_listener.lo tnc_ifmap_soap.lo + tnc_ifmap_listener.lo tnc_ifmap_soap.lo tnc_ifmap_soap_msg.lo \ + tnc_ifmap_http.lo tnc_ifmap_renew_session_job.lo libstrongswan_tnc_ifmap_la_OBJECTS = \ $(am_libstrongswan_tnc_ifmap_la_OBJECTS) libstrongswan_tnc_ifmap_la_LINK = $(LIBTOOL) --tag=CC \ @@ -109,6 +128,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnc_ifmap_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnc_ifmap_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -125,6 +149,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +167,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +236,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +291,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -300,17 +324,26 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon ${axis2c_CFLAGS} +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + ${xml_CFLAGS} AM_CFLAGS = -rdynamic -libstrongswan_tnc_ifmap_la_LIBADD = ${axis2c_LIBS} -laxutil -laxis2_engine -laxis2_http_sender @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-ifmap.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-ifmap.la +libstrongswan_tnc_ifmap_la_LIBADD = \ + $(top_builddir)/src/libtls/libtls.la ${xml_LIBS} + libstrongswan_tnc_ifmap_la_SOURCES = \ tnc_ifmap_plugin.h tnc_ifmap_plugin.c \ tnc_ifmap_listener.h tnc_ifmap_listener.c \ - tnc_ifmap_soap.h tnc_ifmap_soap.c + tnc_ifmap_soap.h tnc_ifmap_soap.c \ + tnc_ifmap_soap_msg.h tnc_ifmap_soap_msg.c \ + tnc_ifmap_http.h tnc_ifmap_http.c \ + tnc_ifmap_renew_session_job.h tnc_ifmap_renew_session_job.c libstrongswan_tnc_ifmap_la_LDFLAGS = -module -avoid-version all: all-am @@ -358,7 +391,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -366,6 +398,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -396,9 +430,12 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_http.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_listener.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_renew_session_job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_soap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_ifmap_soap_msg.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.c new file mode 100644 index 000000000..9105b7b4d --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.c @@ -0,0 +1,244 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE /* for asprintf() */ + +#include "tnc_ifmap_http.h" + +#include <utils/debug.h> +#include <utils/lexparser.h> + +#include <stdio.h> + +typedef struct private_tnc_ifmap_http_t private_tnc_ifmap_http_t; + +/** + * Private data of an tnc_ifmap_http_t object. + */ +struct private_tnc_ifmap_http_t { + + /** + * Public tnc_ifmap_http_t interface. + */ + tnc_ifmap_http_t public; + + /** + * HTTPS Server URI with https:// prefix removed + */ + char *uri; + + /** + * Optional base64-encoded username:password for HTTP Basic Authentication + */ + chunk_t user_pass; + + /** + * HTTP chunked mode + */ + bool chunked; + +}; + +METHOD(tnc_ifmap_http_t, build, status_t, + private_tnc_ifmap_http_t *this, chunk_t *in, chunk_t *out) +{ + char *host, *path, *request, auth[128]; + int len; + + /* Duplicate host[/path] string since we are going to manipulate it */ + len = strlen(this->uri) + 2; + host = malloc(len); + memset(host, '\0', len); + strcpy(host, this->uri); + + /* Extract appended path or set to root */ + path = strchr(host, '/'); + if (!path) + { + path = host + len - 2; + *path = '/'; + } + + /* Use Basic Authentication? */ + if (this->user_pass.len) + { + snprintf(auth, sizeof(auth), "Authorization: Basic %.*s\r\n", + this->user_pass.len, this->user_pass.ptr); + } + else + { + *auth = '\0'; + } + + /* Write HTTP POST request, TODO break up into chunks */ + len = asprintf(&request, + "POST %s HTTP/1.1\r\n" + "Host: %.*s\r\n" + "%s" + "Content-Type: application/soap+xml;charset=utf-8\r\n" + "Content-Length: %d\r\n" + "\r\n" + "%.*s", path, (path-host), host, auth, in->len, in->len, in->ptr); + free(host); + + if (len == -1) + { + return FAILED; + } + *out = chunk_create(request, len); + DBG3(DBG_TLS, "sending HTTP POST request %B", out); + + return SUCCESS; +} + +static bool process_header(chunk_t *in, bool *chunked, u_int *content_len) +{ + chunk_t line, version, parameter; + int code; + u_int len; + + /* Process HTTP protocol version */ + if (!fetchline(in, &line) || !extract_token(&version, ' ', &line) || + !match("HTTP/1.1", &version) || sscanf(line.ptr, "%d", &code) != 1) + { + DBG1(DBG_TNC, "malformed http response header"); + return FALSE; + } + if (code != 200) + { + DBG1(DBG_TNC, "http response returns error code %d", code); + return FALSE; + } + + *content_len = 0; + *chunked = FALSE; + + /* Process HTTP header line by line until the HTTP body is reached */ + while (fetchline(in, &line)) + { + if (line.len == 0) + { + break; + } + if (extract_token(¶meter, ':', &line) && eat_whitespace(&line)) + { + if (match("Content-Length", ¶meter)) + { + if (sscanf(line.ptr, "%u", &len) == 1) + { + *content_len = len; + } + } + else if (match("Transfer-Encoding", ¶meter) && + match("chunked", &line)) + { + *chunked = TRUE; + } + } + } + + return TRUE; +} + +METHOD(tnc_ifmap_http_t, process, status_t, + private_tnc_ifmap_http_t *this, chunk_t *in, chunk_t *out) +{ + u_int len = 0; + chunk_t line, out_chunk; + + DBG3(DBG_TLS, "receiving HTTP response %B", in); + + if (!this->chunked) + { + if (!process_header(in, &this->chunked, &len)) + { + return FAILED; + } + } + + while (in->len) + { + if (this->chunked) + { + if (!fetchline(in, &line) || sscanf(line.ptr, "%x", &len) != 1) + { + return FAILED; + } + DBG3(DBG_TLS, "received HTTP response is chunked (%u bytes)", len); + + /* Received last chunk? */ + if (len == 0) + { + return SUCCESS; + } + } + + /* Check size of of remaining HTTP body */ + if (len > in->len) + { + DBG1(DBG_TNC, "insufficient data in HTTP body"); + return FAILED; + } + + if (this->chunked) + { + out_chunk = *in; + out_chunk.len = len; + *out = chunk_cat("mc", *out, out_chunk); + *in = chunk_skip(*in, len); + if (!fetchline(in, &line) || line.len > 0) + { + return FAILED; + } + } + else + { + if (len) + { + in->len = len; + } + *out = chunk_clone(*in); + return SUCCESS; + } + } + return NEED_MORE; +} + +METHOD(tnc_ifmap_http_t, destroy, void, + private_tnc_ifmap_http_t *this) +{ + free(this); +} + +/** + * See header + */ +tnc_ifmap_http_t *tnc_ifmap_http_create(char *uri, chunk_t user_pass) +{ + private_tnc_ifmap_http_t *this; + + INIT(this, + .public = { + .build = _build, + .process = _process, + .destroy = _destroy, + }, + .uri = uri, + .user_pass = user_pass, + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.h new file mode 100644 index 000000000..3d3084744 --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_http.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnc_ifmap_http tnc_ifmap_http + * @{ @ingroup tnc_ifmap + */ + +#ifndef TNC_IFMAP_HTTP_H_ +#define TNC_IFMAP_HTTP_H_ + +#include <library.h> +#include <tls_socket.h> + +#include <libxml/parser.h> + +typedef struct tnc_ifmap_http_t tnc_ifmap_http_t; + +/** + * Interface for building and processing HTTP messages + */ +struct tnc_ifmap_http_t { + + /** + * Build a HTTP POST message + * + * @param in input data + * @param out HTTP POST request + * @result status return code + */ + status_t (*build)(tnc_ifmap_http_t *this, chunk_t *in, chunk_t *out); + + /** + * Receive a HTTP [chunked] response + * + * @param in [chunked] HTTP response + * @param out output data + * @result status return code + */ + status_t (*process)(tnc_ifmap_http_t *this, chunk_t *in, chunk_t *out); + + /** + * Destroy a tnc_ifmap_http_t object. + */ + void (*destroy)(tnc_ifmap_http_t *this); +}; + +/** + * Create a tnc_ifmap_http instance. + * + * @param uri HTTPS URI with https:// prefix removed + * @param user_pass Optional username:password for HTTP Basic Authentication + */ +tnc_ifmap_http_t *tnc_ifmap_http_create(char *uri, chunk_t user_pass); + +#endif /** TNC_IFMAP_HTTP_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c index 9cd1ec381..4b2538e34 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,11 +15,14 @@ #include "tnc_ifmap_listener.h" #include "tnc_ifmap_soap.h" +#include "tnc_ifmap_renew_session_job.h" #include <daemon.h> #include <hydra.h> #include <utils/debug.h> +#define IFMAP_RENEW_SESSION_INTERVAL 150 + typedef struct private_tnc_ifmap_listener_t private_tnc_ifmap_listener_t; /** @@ -117,7 +120,14 @@ METHOD(listener_t, alert, bool, METHOD(tnc_ifmap_listener_t, destroy, void, private_tnc_ifmap_listener_t *this) { - DESTROY_IF(this->ifmap); + if (this->ifmap) + { + if (this->ifmap->get_session_id(this->ifmap)) + { + this->ifmap->endSession(this->ifmap); + } + this->ifmap->destroy(this->ifmap); + } free(this); } @@ -127,6 +137,8 @@ METHOD(tnc_ifmap_listener_t, destroy, void, tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload) { private_tnc_ifmap_listener_t *this; + job_t *job; + u_int32_t reschedule; INIT(this, .public = { @@ -168,6 +180,15 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload) } } + /* schedule periodic transmission of IF-MAP renewSession request */ + reschedule = lib->settings->get_int(lib->settings, + "%s.plugins.tnc-ifmap.renew_session_interval", + IFMAP_RENEW_SESSION_INTERVAL, charon->name); + + job = (job_t*)tnc_ifmap_renew_session_job_create( + this->ifmap->get_ref(this->ifmap), reschedule); + lib->scheduler->schedule_job(lib->scheduler, job, reschedule); + return &this->public; } diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h index 878505b38..4ecccf4df 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c index de4d12e0b..85ad49bd8 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -42,6 +42,46 @@ METHOD(plugin_t, get_name, char*, return "tnc-ifmap"; } +/** + * Register tnc_ifmap plugin features + */ +static bool register_tnc_ifmap(private_tnc_ifmap_plugin_t *this, + plugin_feature_t *feature, bool reg, void *data) +{ + if (reg) + { + this->listener = tnc_ifmap_listener_create(FALSE); + if (!this->listener) + { + return FALSE; + } + charon->bus->add_listener(charon->bus, &this->listener->listener); + } + else + { + if (this->listener) + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + } + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + tnc_ifmap_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)register_tnc_ifmap, NULL), + PLUGIN_PROVIDE(CUSTOM, "tnc-ifmap-2.1"), + PLUGIN_SDEPEND(CERT_DECODE, CERT_X509), + PLUGIN_SDEPEND(PRIVKEY, KEY_RSA), + PLUGIN_SDEPEND(CUSTOM, "stroke"), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, reload, bool, private_tnc_ifmap_plugin_t *this) { @@ -56,19 +96,14 @@ METHOD(plugin_t, reload, bool, { return FALSE; } - charon->bus->add_listener(charon->bus, &this->listener->listener); + return TRUE; } METHOD(plugin_t, destroy, void, private_tnc_ifmap_plugin_t *this) { - if (this->listener) - { - charon->bus->remove_listener(charon->bus, &this->listener->listener); - this->listener->destroy(this->listener); - } free(this); } @@ -83,17 +118,13 @@ plugin_t *tnc_ifmap_plugin_create() .public = { .plugin = { .get_name = _get_name, + .get_features = _get_features, .reload = _reload, .destroy = _destroy, }, }, - .listener = tnc_ifmap_listener_create(FALSE), ); - if (this->listener) - { - charon->bus->add_listener(charon->bus, &this->listener->listener); - } return &this->public.plugin; } diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h index 8172be7c9..d3bba7f9c 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c new file mode 100644 index 000000000..f2c00a528 --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stdlib.h> + +#include "tnc_ifmap_renew_session_job.h" + +#include <daemon.h> + + +typedef struct private_tnc_ifmap_renew_session_job_t private_tnc_ifmap_renew_session_job_t; + +/** + * Private data + */ +struct private_tnc_ifmap_renew_session_job_t { + + /** + * public tnc_ifmap_renew_session_job_t interface + */ + tnc_ifmap_renew_session_job_t public; + + /** + * TNC IF-MAP 2.0 SOAP interface + */ + tnc_ifmap_soap_t *ifmap; + + /** + * Reschedule time interval in seconds + */ + u_int32_t reschedule; +}; + +METHOD(job_t, destroy, void, + private_tnc_ifmap_renew_session_job_t *this) +{ + this->ifmap->destroy(this->ifmap); + free(this); +} + +METHOD(job_t, execute, job_requeue_t, + private_tnc_ifmap_renew_session_job_t *this) +{ + char *session_id; + + if (this->ifmap->orphaned(this->ifmap)) + { + session_id = this->ifmap->get_session_id(this->ifmap); + DBG2(DBG_TNC, "removing orphaned ifmap renewSession job for '%s'", + session_id); + return JOB_REQUEUE_NONE; + } + else + { + if (!this->ifmap->renewSession(this->ifmap)) + { + DBG1(DBG_TNC, "sending ifmap renewSession failed"); + /* TODO take some action */ + } + return JOB_RESCHEDULE(this->reschedule); + } +} + +METHOD(job_t, get_priority, job_priority_t, + private_tnc_ifmap_renew_session_job_t *this) +{ + return JOB_PRIO_MEDIUM; +} + +/* + * Described in header + */ +tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( + tnc_ifmap_soap_t *ifmap, u_int32_t reschedule) +{ + private_tnc_ifmap_renew_session_job_t *this; + + INIT(this, + .public = { + .job_interface = { + .execute = _execute, + .get_priority = _get_priority, + .destroy = _destroy, + }, + }, + .ifmap = ifmap, + .reschedule = reschedule, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h new file mode 100644 index 000000000..91e8fe404 --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnc_ifmap_renew_session_job tnc_ifmap_renew_session_job + * @{ @ingroup cjobs + */ + +#ifndef TNC_IFMAP_RENEW_SESSION_JOB_H_ +#define TNC_IFMAP_RENEW_SESSION_JOB_H_ + +typedef struct tnc_ifmap_renew_session_job_t tnc_ifmap_renew_session_job_t; + +#include "tnc_ifmap_soap.h" + +#include <library.h> +#include <processing/jobs/job.h> + +/** + * Job periodically sending an IF-MAP RenewSession request. + */ +struct tnc_ifmap_renew_session_job_t { + + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * Creates an tnc_ifmap_renew_session job. + * + * @param ifmap TNC IF-MAP object + * @param reschedule reschedule time in seconds + */ +tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( + tnc_ifmap_soap_t *ifmap, u_int32_t reschedule); + +#endif /** TNC_IFMAP_RENEW_SESSION_JOB_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index 33480bb85..8d5da5812 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,20 +14,23 @@ */ #include "tnc_ifmap_soap.h" +#include "tnc_ifmap_soap_msg.h" #include <utils/debug.h> +#include <credentials/sets/mem_cred.h> #include <daemon.h> -#include <axis2_util.h> -#include <axis2_client.h> -#include <axis2_http_transport.h> -#include <axis2_http_transport_sender.h> -#include <axiom_soap.h> +#include <tls_socket.h> -#define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2" -#define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2" -#define IFMAP_LOGFILE "strongswan_ifmap.log" -#define IFMAP_SERVER "https://localhost:8443/" +#include <errno.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/socket.h> + +#define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2" +#define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2" +#define IFMAP_URI "https://localhost:8444/imap" +#define IFMAP_NO_FD -1 typedef struct private_tnc_ifmap_soap_t private_tnc_ifmap_soap_t; @@ -42,116 +45,91 @@ struct private_tnc_ifmap_soap_t { tnc_ifmap_soap_t public; /** - * Axis2/C environment + * SOAP Session ID */ - axutil_env_t *env; + xmlChar *session_id; /** - * Axis2 service client + * IF-MAP Publisher ID */ - axis2_svc_client_t* svc_client; + xmlChar *ifmap_publisher_id; /** - * SOAP Session ID + * IF-MAP namespace */ - char *session_id; + xmlNsPtr ns; /** - * IF-MAP Publisher ID + * IF-MAP metadata namespace */ - char *ifmap_publisher_id; + xmlNsPtr ns_meta; /** * PEP and PDP device name */ char *device_name; -}; - -/** - * Send request and receive result via SOAP - */ -static axiom_element_t* send_receive(private_tnc_ifmap_soap_t *this, - char *request_qname, axiom_node_t *request, - char *receipt_qname, axiom_node_t **result) - -{ - axiom_node_t *parent, *node; - axiom_element_t *parent_el, *el; - axutil_qname_t *qname; + /** + * HTTPS Server URI with https:// prefix removed + */ + char *uri; - /* send request and receive result */ - DBG2(DBG_TNC, "sending ifmap %s", request_qname); + /** + * Optional base64-encoded username:password for HTTP Basic Authentication + */ + chunk_t user_pass; - parent = axis2_svc_client_send_receive(this->svc_client, this->env, request); - if (!parent) - { - DBG1(DBG_TNC, "no ifmap %s received from MAP server", receipt_qname); - return NULL; - } - DBG2(DBG_TNC, "received ifmap %s", receipt_qname); + /** + * IF-MAP Server (IP address and port) + */ + host_t *host; - /* extract the parent element */ - parent_el = (axiom_element_t*)axiom_node_get_data_element(parent, this->env); + /** + * TLS socket + */ + tls_socket_t *tls; - /* look for a child node with the given receipt qname */ - qname = axutil_qname_create_from_string(this->env, strdup(receipt_qname)); - el = axiom_element_get_first_child_with_qname(parent_el, this->env, qname, - parent, &node); - axutil_qname_free(qname, this->env); + /** + * File descriptor for secure TCP socket + */ + int fd; - if (el) - { - if (result) - { - *result = parent; - } - else - { - /* no further processing requested */ - axiom_node_free_tree(parent, this->env); - } - return el; - } - DBG1(DBG_TNC, "child node with qname '%s' not found", receipt_qname); + /** + * In memory credential set + */ + mem_cred_t *creds; - /* free parent in the error case */ - axiom_node_free_tree(parent, this->env); + /** + * reference count + */ + refcount_t ref; - return NULL; -} +}; METHOD(tnc_ifmap_soap_t, newSession, bool, private_tnc_ifmap_soap_t *this) { - axiom_node_t *request, *result; - axiom_element_t *el; - axiom_namespace_t *ns; - axis2_char_t *value; - + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request, result; - /* build newSession request */ - ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap"); - el = axiom_element_create(this->env, NULL, "newSession", ns, &request); + /*build newSession request */ + request = xmlNewNode(NULL, "newSession"); + this->ns = xmlNewNs(request, IFMAP_NS, "ifmap"); + xmlSetNs(request, this->ns); - /* send newSession request and receive newSessionResult */ - el = send_receive(this, "newSession", request, "newSessionResult", &result); - if (!el) + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + if (!soap_msg->post(soap_msg, request, "newSessionResult", &result)) { + soap_msg->destroy(soap_msg); return FALSE; } - /* get session-id */ - value = axiom_element_get_attribute_value_by_name(el, this->env, - "session-id"); - this->session_id = strdup(value); - - /* get ifmap-publisher-id */ - value = axiom_element_get_attribute_value_by_name(el, this->env, - "ifmap-publisher-id"); - this->ifmap_publisher_id = strdup(value); + /* get session-id and ifmap-publisher-id properties */ + this->session_id = xmlGetProp(result, "session-id"); + this->ifmap_publisher_id = xmlGetProp(result, "ifmap-publisher-id"); + soap_msg->destroy(soap_msg); - DBG1(DBG_TNC, "session-id: %s, ifmap-publisher-id: %s", + DBG1(DBG_TNC, "created ifmap session '%s' as publisher '%s'", this->session_id, this->ifmap_publisher_id); /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */ @@ -160,51 +138,63 @@ METHOD(tnc_ifmap_soap_t, newSession, bool, this->ifmap_publisher_id, charon->name); this->device_name = strdup(this->device_name); - /* free result */ - axiom_node_free_tree(result, this->env); - return this->session_id && this->ifmap_publisher_id; } +METHOD(tnc_ifmap_soap_t, renewSession, bool, + private_tnc_ifmap_soap_t *this) +{ + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request; + bool success; + + /* build renewSession request */ + request = xmlNewNode(NULL, "renewSession"); + this->ns = xmlNewNs(request, IFMAP_NS, "ifmap"); + xmlSetNs(request, this->ns); + xmlNewProp(request, "session-id", this->session_id); + + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "renewSessionResult", NULL); + soap_msg->destroy(soap_msg); + + return success; +} + METHOD(tnc_ifmap_soap_t, purgePublisher, bool, private_tnc_ifmap_soap_t *this) { - axiom_node_t *request; - axiom_element_t *el; - axiom_namespace_t *ns; - axiom_attribute_t *attr; + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request; + bool success; /* build purgePublisher request */ - ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap"); - el = axiom_element_create(this->env, NULL, "purgePublisher", ns, &request); - attr = axiom_attribute_create(this->env, "session-id", - this->session_id, NULL); - axiom_element_add_attribute(el, this->env, attr, request); - attr = axiom_attribute_create(this->env, "ifmap-publisher-id", - this->ifmap_publisher_id, NULL); - axiom_element_add_attribute(el, this->env, attr, request); - - /* send purgePublisher request and receive purgePublisherReceived */ - return send_receive(this, "purgePublisher", request, - "purgePublisherReceived", NULL); + request = xmlNewNode(NULL, "purgePublisher"); + this->ns = xmlNewNs(request, IFMAP_NS, "ifmap"); + xmlSetNs(request, this->ns); + xmlNewProp(request, "session-id", this->session_id); + xmlNewProp(request, "ifmap-publisher-id", this->ifmap_publisher_id); + + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "purgePublisherReceived", NULL); + soap_msg->destroy(soap_msg); + + return success; } /** * Create an access-request based on device_name and ike_sa_id */ -static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this, - u_int32_t id) +static xmlNodePtr create_access_request(private_tnc_ifmap_soap_t *this, + u_int32_t id) { - axiom_element_t *el; - axiom_node_t *node; - axiom_attribute_t *attr; + xmlNodePtr node; char buf[BUF_LEN]; - el = axiom_element_create(this->env, NULL, "access-request", NULL, &node); + node = xmlNewNode(NULL, "access-request"); snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id); - attr = axiom_attribute_create(this->env, "name", buf, NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "name", buf); return node; } @@ -212,27 +202,22 @@ static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this, /** * Create an identity */ -static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this, - identification_t *id, bool is_user) +static xmlNodePtr create_identity(private_tnc_ifmap_soap_t *this, + identification_t *id, bool is_user) { - axiom_element_t *el; - axiom_node_t *node; - axiom_attribute_t *attr; + xmlNodePtr node; char buf[BUF_LEN], *id_type; - el = axiom_element_create(this->env, NULL, "identity", NULL, &node); + node = xmlNewNode(NULL, "identity"); snprintf(buf, BUF_LEN, "%Y", id); - attr = axiom_attribute_create(this->env, "name", buf, NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "name", buf); switch (id->get_type(id)) { case ID_IPV4_ADDR: id_type = "other"; - attr = axiom_attribute_create(this->env, "other-type-definition", - "36906:ipv4-address", NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "other-type-definition", "36906:ipv4-address"); break; case ID_FQDN: id_type = is_user ? "username" : "dns-name"; @@ -242,27 +227,93 @@ static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this, break; case ID_IPV6_ADDR: id_type = "other"; - attr = axiom_attribute_create(this->env, "other-type-definition", - "36906:ipv6-address", NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "other-type-definition", "36906:ipv6-address"); break; case ID_DER_ASN1_DN: id_type = "distinguished-name"; break; case ID_KEY_ID: id_type = "other"; - attr = axiom_attribute_create(this->env, "other-type-definition", - "36906:key-id", NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "other-type-definition", "36906:key-id"); break; default: id_type = "other"; - attr = axiom_attribute_create(this->env, "other-type-definition", - "36906:other", NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "other-type-definition", "36906:other"); } - attr = axiom_attribute_create(this->env, "type", id_type, NULL); - axiom_element_add_attribute(el, this->env, attr, node); + xmlNewProp(node, "type", id_type); + + return node; +} + +/** + * Create enforcement-report metadata + */ +static xmlNodePtr create_enforcement_report(private_tnc_ifmap_soap_t *this, + xmlChar *action, xmlChar *reason) +{ + xmlNodePtr node, node2, node3; + + node = xmlNewNode(NULL, "metadata"); + node2 = xmlNewNode(this->ns_meta, "enforcement-report"); + xmlAddChild(node, node2); + xmlNewProp(node2, "ifmap-cardinality", "multiValue"); + + node3 = xmlNewNode(NULL, "enforcement-action"); + xmlAddChild(node2, node3); + xmlNodeAddContent(node3, action); + + node3 = xmlNewNode(NULL, "enforcement-reason"); + xmlAddChild(node2, node3); + xmlNodeAddContent(node3, reason); + + return node; +} + +/** + * Create delete filter + */ +static xmlNodePtr create_delete_filter(private_tnc_ifmap_soap_t *this, + char *metadata) +{ + xmlNodePtr node; + char buf[BUF_LEN]; + + node = xmlNewNode(NULL, "delete"); + + snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']", + metadata, this->ifmap_publisher_id); + xmlNewProp(node, "filter", buf); + + return node; +} + +/** + * Create a publish request + */ +static xmlNodePtr create_publish_request(private_tnc_ifmap_soap_t *this) +{ + xmlNodePtr request; + + request = xmlNewNode(NULL, "publish"); + this->ns = xmlNewNs(request, IFMAP_NS, "ifmap"); + xmlSetNs(request, this->ns); + this->ns_meta = xmlNewNs(request, IFMAP_META_NS, "meta"); + xmlNewProp(request, "session-id", this->session_id); + + return request; +} + +/** + * Create a device + */ +static xmlNodePtr create_device(private_tnc_ifmap_soap_t *this) +{ + xmlNodePtr node, node2; + + node = xmlNewNode(NULL, "device"); + node2 = xmlNewNode(NULL, "name"); + xmlAddChild(node, node2); + xmlNodeAddContent(node2, this->device_name); return node; } @@ -270,15 +321,13 @@ static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this, /** * Create an ip-address */ -static axiom_node_t* create_ip_address(private_tnc_ifmap_soap_t *this, - host_t *host) +static xmlNodePtr create_ip_address(private_tnc_ifmap_soap_t *this, + host_t *host) { - axiom_element_t *el; - axiom_node_t *node; - axiom_attribute_t *attr; + xmlNodePtr node; char buf[BUF_LEN]; - el = axiom_element_create(this->env, NULL, "ip-address", NULL, &node); + node = xmlNewNode(NULL, "ip-address"); if (host->get_family(host) == AF_INET6) { @@ -309,29 +358,9 @@ static axiom_node_t* create_ip_address(private_tnc_ifmap_soap_t *this, { snprintf(buf, BUF_LEN, "%H", host); } - attr = axiom_attribute_create(this->env, "value", buf, NULL); - axiom_element_add_attribute(el, this->env, attr, node); - - attr = axiom_attribute_create(this->env, "type", - host->get_family(host) == AF_INET ? "IPv4" : "IPv6", NULL); - axiom_element_add_attribute(el, this->env, attr, node); - - return node; -} - -/** - * Create a device - */ -static axiom_node_t* create_device(private_tnc_ifmap_soap_t *this) -{ - axiom_element_t *el; - axiom_node_t *node, *node2, *node3; - axiom_text_t *text; - el = axiom_element_create(this->env, NULL, "device", NULL, &node); - el = axiom_element_create(this->env, NULL, "name", NULL, &node2); - axiom_node_add_child(node, this->env, node2); - text = axiom_text_create(this->env, node2, this->device_name, &node3); + xmlNewProp(node, "value", buf); + xmlNewProp(node, "type", host->get_family(host) == AF_INET ? "IPv4" : "IPv6"); return node; } @@ -339,22 +368,15 @@ static axiom_node_t* create_device(private_tnc_ifmap_soap_t *this) /** * Create metadata */ -static axiom_node_t* create_metadata(private_tnc_ifmap_soap_t *this, - char *metadata) +static xmlNodePtr create_metadata(private_tnc_ifmap_soap_t *this, + xmlChar *metadata) { - axiom_element_t *el; - axiom_node_t *node, *node2; - axiom_attribute_t *attr; - axiom_namespace_t *ns_meta; - - el = axiom_element_create(this->env, NULL, "metadata", NULL, &node); - ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta"); + xmlNodePtr node, node2; - el = axiom_element_create(this->env, NULL, metadata, ns_meta, &node2); - axiom_node_add_child(node, this->env, node2); - attr = axiom_attribute_create(this->env, "ifmap-cardinality", "singleValue", - NULL); - axiom_element_add_attribute(el, this->env, attr, node2); + node = xmlNewNode(NULL, "metadata"); + node2 = xmlNewNode(this->ns_meta, metadata); + xmlAddChild(node, node2); + xmlNewProp(node2, "ifmap-cardinality", "singleValue"); return node; } @@ -362,130 +384,45 @@ static axiom_node_t* create_metadata(private_tnc_ifmap_soap_t *this, /** * Create capability metadata */ -static axiom_node_t* create_capability(private_tnc_ifmap_soap_t *this, - identification_t *name) +static xmlNodePtr create_capability(private_tnc_ifmap_soap_t *this, + identification_t *name) { - axiom_element_t *el; - axiom_node_t *node, *node2, *node3; - axiom_namespace_t *ns_meta; - axiom_attribute_t *attr; - axiom_text_t *text; + xmlNodePtr node, node2; char buf[BUF_LEN]; - ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta"); - el = axiom_element_create(this->env, NULL, "capability", ns_meta, &node); - attr = axiom_attribute_create(this->env, "ifmap-cardinality", "multiValue", - NULL); - axiom_element_add_attribute(el, this->env, attr, node); + node = xmlNewNode(this->ns_meta, "capability"); + xmlNewProp(node, "ifmap-cardinality", "multiValue"); - el = axiom_element_create(this->env, NULL, "name", NULL, &node2); - axiom_node_add_child(node, this->env, node2); + node2 = xmlNewNode(NULL, "name"); + xmlAddChild(node, node2); snprintf(buf, BUF_LEN, "%Y", name); - text = axiom_text_create(this->env, node2, buf, &node3); + xmlNodeAddContent(node2, buf); - el = axiom_element_create(this->env, NULL, "administrative-domain", NULL, &node2); - axiom_node_add_child(node, this->env, node2); - text = axiom_text_create(this->env, node2, "strongswan", &node3); + node2 = xmlNewNode(NULL, "administrative-domain"); + xmlAddChild(node, node2); + xmlNodeAddContent(node2, "strongswan"); return node; } -/** - * Create enforcement-report metadata - */ -static axiom_node_t* create_enforcement_report(private_tnc_ifmap_soap_t *this, - char *action, char *reason) -{ - axiom_element_t *el; - axiom_node_t *node, *node2, *node3, *node4; - axiom_namespace_t *ns_meta; - axiom_attribute_t *attr; - axiom_text_t *text; - - el = axiom_element_create(this->env, NULL, "metadata", NULL, &node); - - ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta"); - el = axiom_element_create(this->env, NULL, "enforcement-report", ns_meta, - &node2); - attr = axiom_attribute_create(this->env, "ifmap-cardinality", - "multiValue", NULL); - axiom_element_add_attribute(el, this->env, attr, node2); - axiom_node_add_child(node, this->env, node2); - - el = axiom_element_create(this->env, NULL, "enforcement-action", NULL, - &node3); - axiom_node_add_child(node2, this->env, node3); - text = axiom_text_create(this->env, node3, action, &node4); - - el = axiom_element_create(this->env, NULL, "enforcement-reason", NULL, - &node3); - axiom_node_add_child(node2, this->env, node3); - text = axiom_text_create(this->env, node3, reason, &node4); - - return node; -} - -/** - * Create delete filter - */ -static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this, - char *metadata) -{ - axiom_element_t *el; - axiom_node_t *node; - axiom_attribute_t *attr; - char buf[BUF_LEN]; - - el = axiom_element_create(this->env, NULL, "delete", NULL, &node); - - snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']", - metadata, this->ifmap_publisher_id); - attr = axiom_attribute_create(this->env, "filter", buf, NULL); - axiom_element_add_attribute(el, this->env, attr, node); - - return node; -} - -/** - * Create a publish request - */ -static axiom_node_t* create_publish_request(private_tnc_ifmap_soap_t *this) -{ - axiom_element_t *el; - axiom_node_t *request; - axiom_namespace_t *ns, *ns_meta; - axiom_attribute_t *attr; - - ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap"); - el = axiom_element_create(this->env, NULL, "publish", ns, &request); - ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta"); - axiom_element_declare_namespace(el, this->env, request, ns_meta); - attr = axiom_attribute_create(this->env, "session-id", this->session_id, - NULL); - axiom_element_add_attribute(el, this->env, attr, request); - - return request; -} - METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool up) { - axiom_node_t *request, *node, *node2; - axiom_element_t *el; - + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request, node, node2 = NULL; enumerator_t *e1, *e2; auth_rule_t type; identification_t *id, *eap_id, *group; host_t *host; auth_cfg_t *auth; u_int32_t ike_sa_id; - bool is_user = FALSE, first = TRUE; + bool is_user = FALSE, first = TRUE, success; /* extract relevant data from IKE_SA*/ ike_sa_id = ike_sa->get_unique_id(ike_sa); + host = ike_sa->get_other_host(ike_sa); id = ike_sa->get_other_id(ike_sa); eap_id = ike_sa->get_other_eap_id(ike_sa); - host = ike_sa->get_other_host(ike_sa); /* in the presence of an EAP Identity, treat it as a username */ if (!id->equals(id, eap_id)) @@ -501,11 +438,9 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, if (up) { node = create_delete_filter(this, "enforcement-report"); - axiom_node_add_child(request, this->env, node); - axiom_node_add_child(node, this->env, - create_ip_address(this, host)); - axiom_node_add_child(node, this->env, - create_device(this)); + xmlAddChild(request, node); + xmlAddChild(node, create_ip_address(this, host)); + xmlAddChild(node, create_device(this)); } /** @@ -513,47 +448,41 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, */ if (up) { - el = axiom_element_create(this->env, NULL, "update", NULL, &node); + node = xmlNewNode(NULL, "update"); } else { node = create_delete_filter(this, "authenticated-as"); } - axiom_node_add_child(request, this->env, node); + xmlAddChild(request, node); /* add access-request, identity and [if up] metadata */ - axiom_node_add_child(node, this->env, - create_access_request(this, ike_sa_id)); - axiom_node_add_child(node, this->env, - create_identity(this, id, is_user)); + xmlAddChild(node, create_access_request(this, ike_sa_id)); + xmlAddChild(node, create_identity(this, id, is_user)); if (up) { - axiom_node_add_child(node, this->env, - create_metadata(this, "authenticated-as")); + xmlAddChild(node, create_metadata(this, "authenticated-as")); } /** - * update or delete access-request-ip metadata + * update or delete access-request-ip metadata for physical IP address */ if (up) { - el = axiom_element_create(this->env, NULL, "update", NULL, &node); + node = xmlNewNode(NULL, "update"); } else { node = create_delete_filter(this, "access-request-ip"); } - axiom_node_add_child(request, this->env, node); + xmlAddChild(request, node); /* add access-request, ip-address and [if up] metadata */ - axiom_node_add_child(node, this->env, - create_access_request(this, ike_sa_id)); - axiom_node_add_child(node, this->env, - create_ip_address(this, host)); + xmlAddChild(node, create_access_request(this, ike_sa_id)); + xmlAddChild(node, create_ip_address(this, host)); if (up) { - axiom_node_add_child(node, this->env, - create_metadata(this, "access-request-ip")); + xmlAddChild(node, create_metadata(this, "access-request-ip")); } /** @@ -561,23 +490,20 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, */ if (up) { - el = axiom_element_create(this->env, NULL, "update", NULL, &node); + node = xmlNewNode(NULL, "update"); } else { node = create_delete_filter(this, "authenticated-by"); } - axiom_node_add_child(request, this->env, node); + xmlAddChild(request, node); /* add access-request, device and [if up] metadata */ - axiom_node_add_child(node, this->env, - create_access_request(this, ike_sa_id)); - axiom_node_add_child(node, this->env, - create_device(this)); + xmlAddChild(node, create_access_request(this, ike_sa_id)); + xmlAddChild(node, create_device(this)); if (up) { - axiom_node_add_child(node, this->env, - create_metadata(this, "authenticated-by")); + xmlAddChild(node, create_metadata(this, "authenticated-by")); } /** @@ -598,230 +524,315 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, if (up) { - el = axiom_element_create(this->env, NULL, "update", - NULL, &node); + node = xmlNewNode(NULL, "update"); } else { node = create_delete_filter(this, "capability"); } - axiom_node_add_child(request, this->env, node); + xmlAddChild(request, node); /* add access-request */ - axiom_node_add_child(node, this->env, - create_access_request(this, ike_sa_id)); + xmlAddChild(node, create_access_request(this, ike_sa_id)); if (!up) { break; } - el = axiom_element_create(this->env, NULL, "metadata", NULL, - &node2); - axiom_node_add_child(node, this->env, node2); + node2 = xmlNewNode(NULL, "metadata"); + xmlAddChild(node, node2); } - axiom_node_add_child(node2, this->env, - create_capability(this, group)); + xmlAddChild(node2, create_capability(this, group)); } } e2->destroy(e2); } e1->destroy(e1); - /* send publish request and receive publishReceived */ - return send_receive(this, "publish", request, "publishReceived", NULL); + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "publishReceived", NULL); + soap_msg->destroy(soap_msg); + + return success; } METHOD(tnc_ifmap_soap_t, publish_device_ip, bool, private_tnc_ifmap_soap_t *this, host_t *host) { - axiom_node_t *request, *node; - axiom_element_t *el; + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request, update; + bool success; /* build publish update request */ request = create_publish_request(this); - el = axiom_element_create(this->env, NULL, "update", NULL, &node); - axiom_node_add_child(request, this->env, node); + update = xmlNewNode(NULL, "update"); + xmlAddChild(request, update); /* add device, ip-address and metadata */ - axiom_node_add_child(node, this->env, - create_device(this)); - axiom_node_add_child(node, this->env, - create_ip_address(this, host)); - axiom_node_add_child(node, this->env, - create_metadata(this, "device-ip")); - - /* send publish request and receive publishReceived */ - return send_receive(this, "publish", request, "publishReceived", NULL); + xmlAddChild(update, create_device(this)); + xmlAddChild(update, create_ip_address(this, host)); + xmlAddChild(update, create_metadata(this, "device-ip")); + + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "publishReceived", NULL); + soap_msg->destroy(soap_msg); + + return success; } METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool, private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason) { - axiom_node_t *request, *node; - axiom_element_t *el; + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request, update; + bool success; /* build publish update request */ request = create_publish_request(this); - el = axiom_element_create(this->env, NULL, "update", NULL, &node); - axiom_node_add_child(request, this->env, node); + update = xmlNewNode(NULL, "update"); + xmlAddChild(request, update); /* add ip-address and metadata */ - axiom_node_add_child(node, this->env, - create_ip_address(this, host)); - axiom_node_add_child(node, this->env, - create_device(this)); - axiom_node_add_child(node, this->env, - create_enforcement_report(this, action, reason)); - - /* send publish request and receive publishReceived */ - return send_receive(this, "publish", request, "publishReceived", NULL); + xmlAddChild(update, create_ip_address(this, host)); + xmlAddChild(update, create_device(this)); + xmlAddChild(update, create_enforcement_report(this, action, reason)); + + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "publishReceived", NULL); + soap_msg->destroy(soap_msg); + + return success; } METHOD(tnc_ifmap_soap_t, endSession, bool, private_tnc_ifmap_soap_t *this) { - axiom_node_t *request; - axiom_element_t *el; - axiom_namespace_t *ns; - axiom_attribute_t *attr; + tnc_ifmap_soap_msg_t *soap_msg; + xmlNodePtr request; + bool success; /* build endSession request */ - ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap"); - el = axiom_element_create(this->env, NULL, "endSession", ns, &request); - attr = axiom_attribute_create(this->env, "session-id", this->session_id, NULL); - axiom_element_add_attribute(el, this->env, attr, request); + request = xmlNewNode(NULL, "endSession"); + this->ns = xmlNewNs(request, IFMAP_NS, "ifmap"); + xmlSetNs(request, this->ns); + xmlNewProp(request, "session-id", this->session_id); + + soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls); + success = soap_msg->post(soap_msg, request, "endSessionResult", NULL); + soap_msg->destroy(soap_msg); + + DBG1(DBG_TNC, "ended ifmap session '%s' as publisher '%s'", + this->session_id, this->ifmap_publisher_id); - /* send endSession request and receive end SessionResult */ - return send_receive(this, "endSession", request, "endSessionResult", NULL); + return success; +} + +METHOD(tnc_ifmap_soap_t, get_session_id, char*, + private_tnc_ifmap_soap_t *this) +{ + return this->session_id; +} + +METHOD(tnc_ifmap_soap_t, orphaned, bool, + private_tnc_ifmap_soap_t *this) +{ + return this->ref == 1; +} + +METHOD(tnc_ifmap_soap_t, get_ref, tnc_ifmap_soap_t*, + private_tnc_ifmap_soap_t *this) +{ + ref_get(&this->ref); + return &this->public; } METHOD(tnc_ifmap_soap_t, destroy, void, private_tnc_ifmap_soap_t *this) { - if (this->session_id) - { - endSession(this); - free(this->session_id); - free(this->ifmap_publisher_id); - free(this->device_name); - } - if (this->svc_client) + if (ref_put(&this->ref)) { - axis2_svc_client_free(this->svc_client, this->env); - } - if (this->env) - { - axutil_env_free(this->env); + if (this->session_id) + { + xmlFree(this->session_id); + xmlFree(this->ifmap_publisher_id); + free(this->device_name); + } + DESTROY_IF(this->tls); + DESTROY_IF(this->host); + + if (this->fd != IFMAP_NO_FD) + { + close(this->fd); + } + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); + this->creds->destroy(this->creds); + free(this->user_pass.ptr); + free(this); } - free(this); } -static bool axis2c_init(private_tnc_ifmap_soap_t *this) +static bool soap_init(private_tnc_ifmap_soap_t *this) { - axis2_char_t *server, *server_cert, *key_file, *client_home; - axis2_char_t *ssl_passphrase, *username, *password; - axis2_endpoint_ref_t* endpoint_ref = NULL; - axis2_options_t *options = NULL; - axis2_transport_in_desc_t *transport_in; - axis2_transport_out_desc_t *transport_out; - axis2_transport_sender_t *transport_sender; - axutil_property_t* property; - - /* Getting configuration parameters from strongswan.conf */ - client_home = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.client_home", - AXIS2_GETENV("AXIS2C_HOME"), charon->name); - server = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.server", IFMAP_SERVER, charon->name); + char *server_uri, *server_str, *port_str, *uri_str; + char *server_cert, *client_cert, *client_key, *user_pass; + int port; + auth_cfg_t *auth; + certificate_t *cert; + private_key_t *key; + identification_t *server_id, *client_id = NULL; + + /* getting configuration parameters from strongswan.conf */ + server_uri = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, charon->name); server_cert = lib->settings->get_str(lib->settings, "%s.plugins.tnc-ifmap.server_cert", NULL, charon->name); - key_file = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.key_file", NULL, charon->name); - ssl_passphrase = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.ssl_passphrase", NULL, charon->name); - username = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.username", NULL, charon->name); - password = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.password", NULL, charon->name); - + client_cert = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-ifmap.client_cert", NULL, charon->name); + client_key = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-ifmap.client_key", NULL, charon->name); + user_pass = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-ifmap.username_password", NULL, charon->name); + + /* load [self-signed] MAP server certificate */ if (!server_cert) { DBG1(DBG_TNC, "MAP server certificate not defined"); return FALSE; } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, server_cert, BUILD_END); + if (!cert) + { + DBG1(DBG_TNC, "loading MAP server certificate from '%s' failed", + server_cert); + return FALSE; + } + DBG1(DBG_TNC, "loaded MAP server certificate from '%s'", server_cert); + server_id = cert->get_subject(cert); + this->creds->add_cert(this->creds, TRUE, cert); - if (!key_file && (!username || !password)) + /* check availability of client credentials */ + if (!client_cert && !user_pass) { - DBG1(DBG_TNC, "MAP client keyfile or %s%s%s not defined", - (!username) ? "username" : "", - (!username && ! password) ? " and " : "", - (!password) ? "password" : ""); + DBG1(DBG_TNC, "neither MAP client certificate " + "nor username:password defined"); return FALSE; } - /* Create Axis2/C environment and options */ - this->env = axutil_env_create_all(IFMAP_LOGFILE, AXIS2_LOG_LEVEL_TRACE); - options = axis2_options_create(this->env); + if (client_cert) + { + /* load MAP client certificate */ + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, client_cert, BUILD_END); + if (!cert) + { + DBG1(DBG_TNC, "loading MAP client certificate from '%s' failed", + client_cert); + return FALSE; + } + DBG1(DBG_TNC, "loaded MAP client certificate from '%s'", client_cert); + this->creds->add_cert(this->creds, TRUE, cert); + + /* load MAP client private key */ + if (client_key) + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_FROM_FILE, client_key, BUILD_END); + if (!key) + { + DBG1(DBG_TNC, "loading MAP client private key from '%s' failed", + client_key); + return FALSE; + } + DBG1(DBG_TNC, "loaded MAP client RSA private key from '%s'", + client_key); + this->creds->add_key(this->creds, key); + } + + /* set client ID to certificate distinguished name */ + client_id = cert->get_subject(cert); + + /* check if we have a private key matching the certificate */ + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert); + key = lib->credmgr->get_private(lib->credmgr, KEY_RSA, client_id, auth); + auth->destroy(auth); + if (!key) + { + DBG1(DBG_TNC, "no RSA private key matching MAP client certificate"); + return FALSE; + } + } + else + { + /* set base64-encoded username:password for HTTP Basic Authentication */ + this->user_pass = chunk_to_base64(chunk_from_str(user_pass), NULL); + } + + /* remove HTTPS prefix if any */ + if (strlen(server_uri) >= 8 && strncaseeq(server_uri, "https://", 8)) + { + server_uri += 8; + } + this->uri = server_uri; - /* Set path to the MAP server certificate */ - property =axutil_property_create_with_args(this->env, 0, 0, 0, - server_cert); - axis2_options_set_property(options, this->env, - AXIS2_SSL_SERVER_CERT, property); + /* duplicate server string since we are going to manipulate it */ + server_str = strdup(server_uri); - if (key_file) + /* extract server name and port from server URI */ + port_str = strchr(server_str, ':'); + if (port_str) { - /* Set path to the MAP client certificate */ - property =axutil_property_create_with_args(this->env, 0, 0, 0, - key_file); - axis2_options_set_property(options, this->env, - AXIS2_SSL_KEY_FILE, property); - if (ssl_passphrase) + *port_str++ = '\0'; + if (sscanf(port_str, "%d", &port) != 1) { - /* Provide SSL passphrase */ - property =axutil_property_create_with_args(this->env, 0, 0, 0, - ssl_passphrase); - axis2_options_set_property(options, this->env, - AXIS2_SSL_PASSPHRASE, property); + DBG1(DBG_TNC, "parsing server port %s failed", port_str); + free(server_str); + return FALSE; } } else { - /* Set up HTTP Basic MAP client authentication */ - axis2_options_set_http_auth_info(options, this->env, - username, password, "Basic"); + /* use default https port */ + port = 443; + uri_str = strchr(server_str, '/'); + if (uri_str) + { + *uri_str = '\0'; + } } - /* Define the MAP server as the to endpoint reference */ - endpoint_ref = axis2_endpoint_ref_create(this->env, server); - axis2_options_set_to(options, this->env, endpoint_ref); - - /* Set up https transport */ - transport_in = axis2_transport_in_desc_create(this->env, - AXIS2_TRANSPORT_ENUM_HTTPS); - transport_out = axis2_transport_out_desc_create(this->env, - AXIS2_TRANSPORT_ENUM_HTTPS); - transport_sender = axis2_http_transport_sender_create(this->env); - axis2_transport_out_desc_set_sender(transport_out, this->env, - transport_sender); - axis2_options_set_transport_in(options, this->env, transport_in); - axis2_options_set_transport_out(options, this->env, transport_out); - - /* Create the axis2 service client */ - this->svc_client = axis2_svc_client_create(this->env, client_home); - if (!this->svc_client) + /* open TCP socket and connect to MAP server */ + this->host = host_create_from_dns(server_str, 0, port); + if (!this->host) { - DBG1(DBG_TNC, "could not create axis2 service client"); - AXIS2_LOG_ERROR(this->env->log, AXIS2_LOG_SI, - "Stub invoke FAILED: Error code: %d :: %s", - this->env->error->error_number, - AXIS2_ERROR_GET_MESSAGE(this->env->error)); - destroy(this); + DBG1(DBG_TNC, "resolving hostname %s failed", server_str); + free(server_str); return FALSE; } + free(server_str); - axis2_svc_client_set_options(this->svc_client, this->env, options); - DBG1(DBG_TNC, "connecting as MAP client '%s' to MAP server at '%s'", - username, server); + this->fd = socket(this->host->get_family(this->host), SOCK_STREAM, 0); + if (this->fd == IFMAP_NO_FD) + { + DBG1(DBG_TNC, "opening socket failed: %s", strerror(errno)); + return FALSE; + } + + if (connect(this->fd, this->host->get_sockaddr(this->host), + *this->host->get_sockaddr_len(this->host)) == -1) + { + DBG1(DBG_TNC, "connecting to %#H failed: %s", + this->host, strerror(errno)); + return FALSE; + } + + /* open TLS socket */ + this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL); + if (!this->tls) + { + DBG1(DBG_TNC, "creating TLS socket failed"); + return FALSE; + } return TRUE; } @@ -836,16 +847,25 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create() INIT(this, .public = { .newSession = _newSession, + .renewSession = _renewSession, .purgePublisher = _purgePublisher, .publish_ike_sa = _publish_ike_sa, .publish_device_ip = _publish_device_ip, .publish_enforcement_report = _publish_enforcement_report, .endSession = _endSession, + .get_session_id = _get_session_id, + .orphaned = _orphaned, + .get_ref = _get_ref, .destroy = _destroy, }, + .fd = IFMAP_NO_FD, + .creds = mem_cred_create(), + .ref = 1, ); - if (!axis2c_init(this)) + lib->credmgr->add_set(lib->credmgr, &this->creds->set); + + if (!soap_init(this)) { destroy(this); return NULL; diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h index 4efdc779f..4a0434a54 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -40,6 +40,13 @@ struct tnc_ifmap_soap_t { bool (*newSession)(tnc_ifmap_soap_t *this); /** + * Check if the IF-MAP session is still active + * + * @return TRUE if command was successful + */ + bool (*renewSession)(tnc_ifmap_soap_t *this); + + /** * Purges all metadata published by this publisher * * @return TRUE if command was successful @@ -82,6 +89,27 @@ struct tnc_ifmap_soap_t { bool (*endSession)(tnc_ifmap_soap_t *this); /** + * Get ID of IF-MAP session + * + * @return IF-MAP session ID + */ + char* (*get_session_id)(tnc_ifmap_soap_t *this); + + /** + * Check for an orphaned IF-MAP session + * + * @return TRUE if IF-MAP session is orphaned + */ + bool (*orphaned)(tnc_ifmap_soap_t *this); + + /** + * Get a reference to an IF-MAP session + * + * @return referenced IF-MAP session + */ + tnc_ifmap_soap_t* (*get_ref)(tnc_ifmap_soap_t *this); + + /** * Destroy a tnc_ifmap_soap_t. */ void (*destroy)(tnc_ifmap_soap_t *this); diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c new file mode 100644 index 000000000..b86288683 --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnc_ifmap_soap_msg.h" +#include "tnc_ifmap_http.h" + +#include <utils/debug.h> + +#define SOAP_NS "http://www.w3.org/2003/05/soap-envelope" + +typedef struct private_tnc_ifmap_soap_msg_t private_tnc_ifmap_soap_msg_t; + +/** + * Private data of an tnc_ifmap_soap_msg_t object. + */ +struct private_tnc_ifmap_soap_msg_t { + + /** + * Public tnc_ifmap_soap_msg_t interface. + */ + tnc_ifmap_soap_msg_t public; + + /** + * HTTP POST request builder and response processing + */ + tnc_ifmap_http_t *http; + + /** + * TLS socket + */ + tls_socket_t *tls; + + /** + * XML Document + */ + xmlDocPtr doc; + +}; + +/** + * Find a child node with a given name + */ +static xmlNodePtr find_child(xmlNodePtr parent, const xmlChar* name) +{ + xmlNodePtr child; + + child = parent->xmlChildrenNode; + while (child) + { + if (xmlStrcmp(child->name, name) == 0) + { + return child; + } + child = child->next; + } + + DBG1(DBG_TNC, "child node \"%s\" not found", name); + return NULL; +} + +METHOD(tnc_ifmap_soap_msg_t, post, bool, + private_tnc_ifmap_soap_msg_t *this, xmlNodePtr request, char *result_name, + xmlNodePtr *result) +{ + xmlDocPtr doc; + xmlNodePtr env, body, cur, response; + xmlNsPtr ns; + xmlChar *xml_str, *errorCode, *errorString; + int xml_len, len, written; + chunk_t xml, http; + char buf[4096]; + status_t status; + + DBG2(DBG_TNC, "sending ifmap %s", request->name); + + /* Generate XML Document containing SOAP Envelope */ + doc = xmlNewDoc("1.0"); + env =xmlNewNode(NULL, "Envelope"); + ns = xmlNewNs(env, SOAP_NS, "env"); + xmlSetNs(env, ns); + xmlDocSetRootElement(doc, env); + + /* Add SOAP Body containing IF-MAP request */ + body = xmlNewNode(ns, "Body"); + xmlAddChild(body, request); + xmlAddChild(env, body); + + /* Convert XML Document into a character string */ + xmlDocDumpFormatMemory(doc, &xml_str, &xml_len, 1); + xmlFreeDoc(doc); + DBG3(DBG_TNC, "%.*s", xml_len, xml_str); + xml = chunk_create(xml_str, xml_len); + + /* Send SOAP-XML request via HTTPS POST */ + do + { + status = this->http->build(this->http, &xml, &http); + if (status == FAILED) + { + break; + } + written = this->tls->write(this->tls, http.ptr, http.len); + free(http.ptr); + if (written != http.len) + { + status = FAILED; + break; + } + } + while (status == NEED_MORE); + + xmlFree(xml_str); + if (status != SUCCESS) + { + return FALSE; + } + + /* Receive SOAP-XML response via [chunked] HTTPS */ + xml = chunk_empty; + do + { + len = this->tls->read(this->tls, buf, sizeof(buf), TRUE); + if (len <= 0) + { + return FALSE; + } + http = chunk_create(buf, len); + + status = this->http->process(this->http, &http, &xml); + if (status == FAILED) + { + free(xml.ptr); + return FALSE; + } + } + while (status == NEED_MORE); + + DBG3(DBG_TNC, "parsing XML message %B", &xml); + this->doc = xmlParseMemory(xml.ptr, xml.len); + free(xml.ptr); + + if (!this->doc) + { + DBG1(DBG_TNC, "failed to parse XML message"); + return FALSE; + } + + /* check out XML document */ + cur = xmlDocGetRootElement(this->doc); + if (!cur) + { + DBG1(DBG_TNC, "empty XML message"); + return FALSE; + } + + /* get XML Document type is a SOAP Envelope */ + if (xmlStrcmp(cur->name, "Envelope")) + { + DBG1(DBG_TNC, "XML message does not contain a SOAP Envelope"); + return FALSE; + } + + /* get SOAP Body */ + cur = find_child(cur, "Body"); + if (!cur) + { + return FALSE; + } + + /* get IF-MAP response */ + response = find_child(cur, "response"); + if (!response) + { + return FALSE; + } + + /* get IF-MAP result */ + cur = find_child(response, result_name); + if (!cur) + { + cur = find_child(response, "errorResult"); + if (cur) + { + DBG1(DBG_TNC, "received errorResult"); + + errorCode = xmlGetProp(cur, "errorCode"); + if (errorCode) + { + DBG1(DBG_TNC, " %s", errorCode); + xmlFree(errorCode); + } + + cur = find_child(cur, "errorString"); + if (cur) + { + errorString = xmlNodeGetContent(cur); + if (errorString) + { + DBG1(DBG_TNC, " %s", errorString); + xmlFree(errorString); + } + } + } + return FALSE; + } + + if (result) + { + *result = cur; + } + return TRUE; +} + +METHOD(tnc_ifmap_soap_msg_t, destroy, void, + private_tnc_ifmap_soap_msg_t *this) +{ + this->http->destroy(this->http); + if (this->doc) + { + xmlFreeDoc(this->doc); + } + free(this); +} + +/** + * See header + */ +tnc_ifmap_soap_msg_t *tnc_ifmap_soap_msg_create(char *uri, chunk_t user_pass, + tls_socket_t *tls) +{ + private_tnc_ifmap_soap_msg_t *this; + + INIT(this, + .public = { + .post = _post, + .destroy = _destroy, + }, + .http = tnc_ifmap_http_create(uri, user_pass), + .tls = tls, + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.h new file mode 100644 index 000000000..4f809ba1a --- /dev/null +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnc_ifmap_soap_msg tnc_ifmap_soap_msg + * @{ @ingroup tnc_ifmap + */ + +#ifndef TNC_IFMAP_SOAP_MSG_H_ +#define TNC_IFMAP_SOAP_MSG_H_ + +#include <library.h> +#include <tls_socket.h> + +#include <libxml/parser.h> + +typedef struct tnc_ifmap_soap_msg_t tnc_ifmap_soap_msg_t; + +/** + * Interface for sending and receiving SOAP-XML messages + */ +struct tnc_ifmap_soap_msg_t { + + /** + * Post an IF-MAP request in a SOAP-XML message and return a result + * + * @param request XML-encoded IF-MAP request + * @param result_name name of the IF-MAP result + * @param result XML-encoded IF-MAP result + */ + bool (*post)(tnc_ifmap_soap_msg_t *this, xmlNodePtr request, + char *result_name, xmlNodePtr* result); + + /** + * Destroy a tnc_ifmap_soap_msg_t object. + */ + void (*destroy)(tnc_ifmap_soap_msg_t *this); +}; + +/** + * Create a tnc_ifmap_soap_msg instance. + * + * @param uri HTTPS URI with https:// prefix removed + * @param user_pass Optional username:password for HTTP Basic Authentication + * @param tls TLS socket protecting the SOAP message + */ +tnc_ifmap_soap_msg_t *tnc_ifmap_soap_msg_create(char *uri, chunk_t user_pass, + tls_socket_t *tls); + +#endif /** TNC_IFMAP_SOAP_MSG_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_imc/Makefile.am b/src/libcharon/plugins/tnc_imc/Makefile.am index 5e2c30df9..eba280690 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.am +++ b/src/libcharon/plugins/tnc_imc/Makefile.am @@ -4,7 +4,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtnccs + -I$(top_srcdir)/src/libtnccs \ + -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in index b21cbb348..4e0a18310 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.in +++ b/src/libcharon/plugins/tnc_imc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -109,6 +126,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnc_imc_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnc_imc_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -125,6 +147,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,6 +165,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -209,8 +234,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -266,7 +289,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -305,7 +327,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtnccs + -I$(top_srcdir)/src/libtnccs \ + -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la @@ -364,7 +387,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -372,6 +394,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnc_imv/Makefile.am b/src/libcharon/plugins/tnc_imv/Makefile.am index eca3b377b..90b3507ce 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.am +++ b/src/libcharon/plugins/tnc_imv/Makefile.am @@ -4,7 +4,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtnccs + -I$(top_srcdir)/src/libtnccs \ + -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic diff --git a/src/libcharon/plugins/tnc_imv/Makefile.in b/src/libcharon/plugins/tnc_imv/Makefile.in index 6e0133c2d..37964757f 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.in +++ b/src/libcharon/plugins/tnc_imv/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnc_imv_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnc_imv_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -306,7 +328,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtnccs + -I$(top_srcdir)/src/libtnccs \ + -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imv.la @@ -366,7 +389,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -374,6 +396,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index ac764a163..0db60a288 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnc_pdp_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnc_pdp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -365,7 +387,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -373,6 +394,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 39939d34e..422c28bc9 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -378,7 +378,10 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, } this->connections->add(this->connections, nas_id, user_name, peer, method); - method->initiate(method, &out); + if (method->initiate(method, &out) == NEED_MORE) + { + send_response(this, request, code, out, group, msk, source); + } } else { @@ -428,16 +431,16 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, in->get_identifier(in)); } charon->bus->set_sa(charon->bus, NULL); + send_response(this, request, code, out, group, msk, source); + this->connections->unlock(this->connections); } - send_response(this, request, code, out, group, msk, source); - out->destroy(out); - if (code == RMC_ACCESS_ACCEPT || code == RMC_ACCESS_REJECT) { this->connections->remove(this->connections, nas_id, user_name); } + out->destroy(out); end: free(message.ptr); in->destroy(in); @@ -648,4 +651,3 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) return &this->public; } - diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c index 0a960635b..f789c31d2 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c @@ -17,6 +17,15 @@ #include <collections/linked_list.h> #include <utils/debug.h> +#include <threading/rwlock.h> +#include <processing/jobs/callback_job.h> + +#include <daemon.h> + +/** + * Default PDP connection timeout, in s + */ +#define DEFAULT_TIMEOUT 30 typedef struct private_tnc_pdp_connections_t private_tnc_pdp_connections_t; typedef struct entry_t entry_t; @@ -32,9 +41,19 @@ struct private_tnc_pdp_connections_t { tnc_pdp_connections_t public; /** - * List of TNC PEP RADIUS Connections + * TNC PEP RADIUS Connections */ linked_list_t *list; + + /** + * Lock to access PEP connection list + */ + rwlock_t *lock; + + /** + * Connection timeout before we kill non-completed connections, in s + */ + int timeout; }; /** @@ -61,6 +80,11 @@ struct entry_t { * IKE SA used for bus communication */ ike_sa_t *ike_sa; + + /** + * Timestamp this entry has been created + */ + time_t created; }; /** @@ -105,6 +129,35 @@ static void dbg_nas_user(chunk_t nas_id, chunk_t user_name, bool not, char *op) } } +/** + * Check if any connection has timed out + */ +static job_requeue_t check_timeouts(private_tnc_pdp_connections_t *this) +{ + enumerator_t *enumerator; + entry_t *entry; + time_t now; + + now = time_monotonic(NULL); + + this->lock->write_lock(this->lock); + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->created + this->timeout <= now) + { + DBG1(DBG_CFG, "RADIUS connection timed out after %d seconds", + this->timeout); + this->list->remove_at(this->list, enumerator); + free_entry(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + return JOB_REQUEUE_NONE; +} + METHOD(tnc_pdp_connections_t, add, void, private_tnc_pdp_connections_t *this, chunk_t nas_id, chunk_t user_name, identification_t *peer, eap_method_t *method) @@ -120,6 +173,7 @@ METHOD(tnc_pdp_connections_t, add, void, ike_sa_id->destroy(ike_sa_id); ike_sa->set_other_id(ike_sa, peer); + this->lock->read_lock(this->lock); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &entry)) { @@ -131,20 +185,33 @@ METHOD(tnc_pdp_connections_t, add, void, DBG1(DBG_CFG, "removed stale RADIUS connection"); entry->method = method; entry->ike_sa = ike_sa; + entry->created = time_monotonic(NULL); break; } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); if (!found) { - entry = malloc_thing(entry_t); - entry->nas_id = chunk_clone(nas_id); - entry->user_name = chunk_clone(user_name); - entry->method = method; - entry->ike_sa = ike_sa; + INIT(entry, + .nas_id = chunk_clone(nas_id), + .user_name = chunk_clone(user_name), + .method = method, + .ike_sa = ike_sa, + .created = time_monotonic(NULL), + ); + this->lock->write_lock(this->lock); this->list->insert_last(this->list, entry); + this->lock->unlock(this->lock); } + + /* schedule timeout checking */ + lib->scheduler->schedule_job_ms(lib->scheduler, + (job_t*)callback_job_create((callback_job_cb_t)check_timeouts, + this, NULL, (callback_job_cancel_t)return_false), + this->timeout * 1000); + dbg_nas_user(nas_id, user_name, FALSE, "created"); } @@ -154,6 +221,7 @@ METHOD(tnc_pdp_connections_t, remove_, void, enumerator_t *enumerator; entry_t *entry; + this->lock->write_lock(this->lock); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &entry)) { @@ -166,6 +234,7 @@ METHOD(tnc_pdp_connections_t, remove_, void, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } METHOD(tnc_pdp_connections_t, get_state, eap_method_t*, @@ -176,6 +245,7 @@ METHOD(tnc_pdp_connections_t, get_state, eap_method_t*, entry_t *entry; eap_method_t *found = NULL; + this->lock->read_lock(this->lock); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &entry)) { @@ -187,14 +257,25 @@ METHOD(tnc_pdp_connections_t, get_state, eap_method_t*, } } enumerator->destroy(enumerator); + if (!found) + { + this->lock->unlock(this->lock); + } dbg_nas_user(nas_id, user_name, !found, "found"); return found; } +METHOD(tnc_pdp_connections_t, unlock, void, + private_tnc_pdp_connections_t *this) +{ + this->lock->unlock(this->lock); +} + METHOD(tnc_pdp_connections_t, destroy, void, private_tnc_pdp_connections_t *this) { + this->lock->destroy(this->lock); this->list->destroy_function(this->list, (void*)free_entry); free(this); } @@ -211,11 +292,14 @@ tnc_pdp_connections_t *tnc_pdp_connections_create(void) .add = _add, .remove = _remove_, .get_state = _get_state, + .unlock = _unlock, .destroy = _destroy, }, .list = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + .timeout = lib->settings->get_int(lib->settings, + "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, charon->name), ); return &this->public; } - diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h index 16492020e..442f29ce9 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h @@ -53,7 +53,10 @@ struct tnc_pdp_connections_t { chunk_t user_name); /** - * Get the EAP method and IKE_SA of a registered TNC PEP RADIUS Connection + * Get the EAP method and IKE_SA of a registered TNC PEP RADIUS Connection. + * + * If this call succeeds, the connection manager is locked. Call unlock + * after using the return objects. * * @param nas_id NAS identifier of Policy Enforcement Point * @param user_name User name of TNC Client @@ -64,6 +67,11 @@ struct tnc_pdp_connections_t { chunk_t user_name, ike_sa_t **ike_sa); /** + * Unlock connections after successfully calling get_state(). + */ + void (*unlock)(tnc_pdp_connections_t *this); + + /** * Destroys a tnc_pdp_connections_t object. */ void (*destroy)(tnc_pdp_connections_t *this); diff --git a/src/libcharon/plugins/tnc_tnccs/Makefile.am b/src/libcharon/plugins/tnc_tnccs/Makefile.am index c7fc02f7c..9ee9e86ad 100644 --- a/src/libcharon/plugins/tnc_tnccs/Makefile.am +++ b/src/libcharon/plugins/tnc_tnccs/Makefile.am @@ -1,6 +1,7 @@ INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtnccs diff --git a/src/libcharon/plugins/tnc_tnccs/Makefile.in b/src/libcharon/plugins/tnc_tnccs/Makefile.in index f4bc7a6e5..7ca6df3c8 100644 --- a/src/libcharon/plugins/tnc_tnccs/Makefile.in +++ b/src/libcharon/plugins/tnc_tnccs/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnc_tnccs_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnc_tnccs_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -303,6 +325,7 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtnccs @@ -363,7 +386,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -371,6 +393,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c index 0b623d6ff..8db3731b2 100644 --- a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,6 +13,8 @@ * for more details. */ +#define _GNU_SOURCE /* for asprintf() */ + #include "tnc_tnccs_manager.h" #include <tnc/tnc.h> @@ -20,10 +22,18 @@ #include <tnc/imc/imc_manager.h> #include <tnc/imv/imv_manager.h> +#include <tncif_identity.h> + +#include <tls.h> + #include <utils/debug.h> +#include <pen/pen.h> +#include <bio/bio_writer.h> #include <collections/linked_list.h> #include <threading/rwlock.h> +#include <stdio.h> + typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t; typedef struct tnccs_entry_t tnccs_entry_t; typedef struct tnccs_connection_entry_t tnccs_connection_entry_t; @@ -158,7 +168,9 @@ METHOD(tnccs_manager_t, remove_method, void, } METHOD(tnccs_manager_t, create_instance, tnccs_t*, - private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server) + private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server, + identification_t *server, identification_t *peer, + tnc_ift_type_t transport) { enumerator_t *enumerator; tnccs_entry_t *entry; @@ -170,7 +182,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*, { if (type == entry->type) { - protocol = entry->constructor(is_server); + protocol = entry->constructor(is_server, server, peer, transport); if (protocol) { break; @@ -442,6 +454,44 @@ static TNC_Result str_attribute(TNC_UInt32 buffer_len, } } +/** + * Write the value of a TNC identity list into the buffer + */ +static TNC_Result identity_attribute(TNC_UInt32 buffer_len, + TNC_BufferReference buffer, + TNC_UInt32 *value_len, + linked_list_t *list) +{ + bio_writer_t *writer; + enumerator_t *enumerator; + u_int32_t count; + chunk_t value; + tncif_identity_t *tnc_id; + TNC_Result result = TNC_RESULT_INVALID_PARAMETER; + + count = list->get_count(list); + writer = bio_writer_create(4 + TNCIF_IDENTITY_MIN_SIZE * count); + writer->write_uint32(writer, count); + + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &tnc_id)) + { + tnc_id->build(tnc_id, writer); + } + enumerator->destroy(enumerator); + + value = writer->get_buf(writer); + *value_len = value.len; + if (buffer && buffer_len >= value.len) + { + memcpy(buffer, value.ptr, value.len); + result = TNC_RESULT_SUCCESS; + } + writer->destroy(writer); + + return result; +} + METHOD(tnccs_manager_t, get_attribute, TNC_Result, private_tnc_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id, @@ -487,6 +537,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, /* these attributes are supported */ case TNC_ATTRIBUTEID_PRIMARY_IMV_ID: + case TNC_ATTRIBUTEID_AR_IDENTITIES: attribute_match = TRUE; break; @@ -616,15 +667,110 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, version = "1.0"; break; default: - return TNC_RESULT_INVALID_PARAMETER; + return TNC_RESULT_INVALID_PARAMETER; } return str_attribute(buffer_len, buffer, value_len, version); } case TNC_ATTRIBUTEID_IFT_PROTOCOL: - return str_attribute(buffer_len, buffer, value_len, - "IF-T for Tunneled EAP"); + { + char *protocol; + + switch (entry->tnccs->get_transport(entry->tnccs)) + { + case TNC_IFT_EAP_1_0: + case TNC_IFT_EAP_1_1: + case TNC_IFT_EAP_2_0: + protocol = "IF-T for Tunneled EAP"; + break; + case TNC_IFT_TLS_1_0: + case TNC_IFT_TLS_2_0: + protocol = "IF-T for TLS"; + break; + default: + return TNC_RESULT_INVALID_PARAMETER; + } + return str_attribute(buffer_len, buffer, value_len, protocol); + } case TNC_ATTRIBUTEID_IFT_VERSION: - return str_attribute(buffer_len, buffer, value_len, "1.1"); + { + char *version; + + switch (entry->tnccs->get_transport(entry->tnccs)) + { + case TNC_IFT_EAP_1_0: + case TNC_IFT_TLS_1_0: + version = "1.0"; + break; + case TNC_IFT_EAP_1_1: + version = "1.1"; + break; + case TNC_IFT_EAP_2_0: + case TNC_IFT_TLS_2_0: + version = "2.0"; + break; + default: + return TNC_RESULT_INVALID_PARAMETER; + } + return str_attribute(buffer_len, buffer, value_len, version); + } + case TNC_ATTRIBUTEID_AR_IDENTITIES: + { + linked_list_t *list; + identification_t *peer; + tnccs_t *tnccs; + tncif_identity_t *tnc_id; + u_int32_t id_type, subject_type; + chunk_t id_value; + char *id_str; + TNC_Result result; + + list = linked_list_create(); + tnccs = entry->tnccs; + peer = tnccs->tls.get_peer_id(&tnccs->tls); + if (peer) + { + switch (peer->get_type(peer)) + { + case ID_IPV4_ADDR: + id_type = TNC_ID_IPV4_ADDR; + subject_type = TNC_SUBJECT_MACHINE; + break; + case ID_IPV6_ADDR: + id_type = TNC_ID_IPV6_ADDR; + subject_type = TNC_SUBJECT_MACHINE; + break; + case ID_FQDN: + id_type = TNC_ID_USERNAME; + subject_type = TNC_SUBJECT_USER; + break; + case ID_RFC822_ADDR: + id_type = TNC_ID_RFC822_ADDR; + subject_type = TNC_SUBJECT_USER; + break; + case ID_DER_ASN1_DN: + id_type = TNC_ID_ASN1_DN; + subject_type = TNC_SUBJECT_USER; + break; + default: + id_type = TNC_ID_UNKNOWN; + subject_type = TNC_SUBJECT_UNKNOWN; + } + if (id_type != TNC_ID_UNKNOWN && + asprintf(&id_str, "%Y", peer) >= 0) + { + id_value = chunk_from_str(id_str); + tnc_id = tncif_identity_create( + pen_type_create(PEN_TCG, id_type), id_value, + pen_type_create(PEN_TCG, subject_type), + pen_type_create(PEN_TCG, + tnccs->get_auth_type(tnccs))); + list->insert_last(list, tnc_id); + } + } + result = identity_attribute(buffer_len, buffer, value_len, list); + list->destroy_offset(list, offsetof(tncif_identity_t, destroy)); + return result; + } default: return TNC_RESULT_INVALID_PARAMETER; } diff --git a/src/libcharon/plugins/tnccs_11/Makefile.in b/src/libcharon/plugins/tnccs_11/Makefile.in index be091b134..c74704f2d 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.in +++ b/src/libcharon/plugins/tnccs_11/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -116,6 +133,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnccs_11_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnccs_11_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -132,6 +154,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -148,6 +172,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -216,8 +241,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -273,7 +296,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -377,7 +399,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -385,6 +406,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c b/src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c index b27458fde..660ba179d 100644 --- a/src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c +++ b/src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c @@ -23,6 +23,10 @@ #include <libxml/parser.h> +#define TNCCS_NS "http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#" +#define SCHEMA_NS "http://www.w3.org/2001/XMLSchema-instance" +#define TNCCS_XSD "https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd" + typedef struct private_tnccs_batch_t private_tnccs_batch_t; /** @@ -91,7 +95,7 @@ METHOD(tnccs_batch_t, build, void, int buf_size; xmlDocDumpFormatMemory(this->doc, &xmlbuf, &buf_size, 1); - this->encoding = chunk_create((u_char*)xmlbuf, buf_size); + this->encoding = chunk_create(xmlbuf, buf_size); this->encoding = chunk_clone(this->encoding); xmlFree(xmlbuf); } @@ -125,8 +129,7 @@ METHOD(tnccs_batch_t, process, status_t, } /* check TNCCS namespace */ - ns = xmlSearchNsByHref(this->doc, cur, (const xmlChar*) - "http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#"); + ns = xmlSearchNsByHref(this->doc, cur, TNCCS_NS); if (!ns) { error_type = TNCCS_ERROR_MALFORMED_BATCH; @@ -135,7 +138,7 @@ METHOD(tnccs_batch_t, process, status_t, } /* check XML document type */ - if (xmlStrcmp(cur->name, (const xmlChar*)"TNCCS-Batch")) + if (xmlStrcmp(cur->name, "TNCCS-Batch")) { error_type = TNCCS_ERROR_MALFORMED_BATCH; error_msg = buf; @@ -145,7 +148,7 @@ METHOD(tnccs_batch_t, process, status_t, } /* check presence of BatchID property */ - batchid = xmlGetProp(cur, (const xmlChar*)"BatchId"); + batchid = xmlGetProp(cur, "BatchId"); if (!batchid) { error_type = TNCCS_ERROR_INVALID_BATCH_ID; @@ -166,7 +169,7 @@ METHOD(tnccs_batch_t, process, status_t, } /* check presence of Recipient property */ - recipient = xmlGetProp(cur, (const xmlChar*)"Recipient"); + recipient = xmlGetProp(cur, "Recipient"); if (!recipient) { error_type = TNCCS_ERROR_INVALID_RECIPIENT_TYPE; @@ -175,12 +178,12 @@ METHOD(tnccs_batch_t, process, status_t, } /* check recipient */ - if (!streq((char*)recipient, this->is_server ? "TNCS" : "TNCC")) + if (!streq(recipient, this->is_server ? "TNCS" : "TNCC")) { error_type = TNCCS_ERROR_INVALID_RECIPIENT_TYPE; error_msg = buf; snprintf(buf, BUF_LEN, "message recipient expected '%s', got '%s'", - this->is_server ? "TNCS" : "TNCC", (char*)recipient); + this->is_server ? "TNCS" : "TNCC", recipient); xmlFree(recipient); goto fatal; } @@ -201,7 +204,7 @@ METHOD(tnccs_batch_t, process, status_t, if (cur->ns != ns) { DBG1(DBG_TNC, "ignoring message node '%s' having wrong namespace", - (char*)cur->name); + cur->name); continue; } @@ -260,8 +263,8 @@ tnccs_batch_t* tnccs_batch_create(bool is_server, int batch_id) { private_tnccs_batch_t *this; xmlNodePtr n; + xmlNsPtr ns_xsi; char buf[12]; - const char *recipient; INIT(this, .public = { @@ -277,19 +280,17 @@ tnccs_batch_t* tnccs_batch_create(bool is_server, int batch_id) .messages = linked_list_create(), .errors = linked_list_create(), .batch_id = batch_id, - .doc = xmlNewDoc(BAD_CAST "1.0"), + .doc = xmlNewDoc("1.0"), ); DBG2(DBG_TNC, "creating TNCCS Batch #%d", this->batch_id); - n = xmlNewNode(NULL, BAD_CAST "TNCCS-Batch"); + n = xmlNewNode(NULL, "TNCCS-Batch"); + xmlNewNs(n, TNCCS_NS, NULL); + ns_xsi = xmlNewNs(n, SCHEMA_NS, "xsi"); snprintf(buf, sizeof(buf), "%d", batch_id); - recipient = this->is_server ? "TNCC" : "TNCS"; - xmlNewProp(n, BAD_CAST "BatchId", BAD_CAST buf); - xmlNewProp(n, BAD_CAST "Recipient", BAD_CAST recipient); - xmlNewProp(n, BAD_CAST "xmlns", BAD_CAST "http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#"); - xmlNewProp(n, BAD_CAST "xmlns:xsi", BAD_CAST "http://www.w3.org/2001/XMLSchema-instance"); - xmlNewProp(n, BAD_CAST "xsi:schemaLocation", BAD_CAST "http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS# " - "https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd"); + xmlNewProp(n, "BatchId", buf); + xmlNewProp(n, "Recipient", this->is_server ? "TNCC" : "TNCS"); + xmlNewNsProp(n, ns_xsi, "schemaLocation", TNCCS_NS " " TNCCS_XSD); xmlDocSetRootElement(this->doc, n); return &this->public; diff --git a/src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c b/src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c index cf3e58451..f0e821c8c 100644 --- a/src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c @@ -181,16 +181,16 @@ tnccs_msg_t *imc_imv_msg_create_from_node(xmlNodePtr node, linked_list_t *errors cur = node->xmlChildrenNode; while (cur) { - if (streq((char*)cur->name, "Type") && cur->ns == ns) + if (streq(cur->name, "Type") && cur->ns == ns) { content = xmlNodeGetContent(cur); - this->msg_type = strtoul((char*)content, NULL, 16); + this->msg_type = strtoul(content, NULL, 16); xmlFree(content); } - else if (streq((char*)cur->name, "Base64") && cur->ns == ns) + else if (streq(cur->name, "Base64") && cur->ns == ns) { content = xmlNodeGetContent(cur); - b64_body = chunk_create((char*)content, strlen((char*)content)); + b64_body = chunk_create(content, strlen(content)); this->msg_body = decode_base64(b64_body); xmlFree(content); } @@ -221,21 +221,21 @@ tnccs_msg_t *imc_imv_msg_create(TNC_MessageType msg_type, chunk_t msg_body) .get_msg_body = _get_msg_body, }, .type = IMC_IMV_MSG, - .node = xmlNewNode(NULL, BAD_CAST "IMC-IMV-Message"), + .node = xmlNewNode(NULL, "IMC-IMV-Message"), .msg_type = msg_type, .msg_body = chunk_clone(msg_body), ); /* add the message type number in hex */ - n = xmlNewNode(NULL, BAD_CAST "Type"); + n = xmlNewNode(NULL, "Type"); snprintf(buf, 10, "%08x", this->msg_type); - xmlNodeSetContent(n, BAD_CAST buf); + xmlNodeSetContent(n, buf); xmlAddChild(this->node, n); /* encode the message as a Base64 node */ - n = xmlNewNode(NULL, BAD_CAST "Base64"); + n = xmlNewNode(NULL, "Base64"); b64_body = encode_base64(this->msg_body); - xmlNodeSetContent(n, BAD_CAST b64_body.ptr); + xmlNodeSetContent(n, b64_body.ptr); xmlAddChild(this->node, n); free(b64_body.ptr); diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.c index ba92c26b1..86b7c6aa5 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.c @@ -125,11 +125,11 @@ tnccs_msg_t *tnccs_error_msg_create_from_node(xmlNodePtr node) .error_type = TNCCS_ERROR_OTHER, ); - error_type_name = xmlGetProp(node, (const xmlChar*)"type"); + error_type_name = xmlGetProp(node, "type"); if (error_type_name) { this->error_type = enum_from_name(tnccs_error_type_names, - (char*)error_type_name); + error_type_name); if (this->error_type == -1) { this->error_type = TNCCS_ERROR_OTHER; @@ -140,7 +140,7 @@ tnccs_msg_t *tnccs_error_msg_create_from_node(xmlNodePtr node) error_msg = xmlNodeGetContent(node); if (error_msg) { - this->error_msg = strdup((char*)error_msg); + this->error_msg = strdup(error_msg); xmlFree(error_msg); } @@ -167,24 +167,23 @@ tnccs_msg_t *tnccs_error_msg_create(tnccs_error_type_t type, char *msg) }, .type = TNCCS_MSG_ERROR, .ref = 1, - .node = xmlNewNode(NULL, BAD_CAST "TNCC-TNCS-Message"), + .node = xmlNewNode(NULL, "TNCC-TNCS-Message"), .error_type = type, .error_msg = strdup(msg), ); DBG1(DBG_TNC, "%s", msg); - n = xmlNewNode(NULL, BAD_CAST "Type"); - xmlNodeSetContent(n, BAD_CAST "00000002"); + n = xmlNewNode(NULL, "Type"); + xmlNodeSetContent(n, "00000002"); xmlAddChild(this->node, n); - n = xmlNewNode(NULL, BAD_CAST "XML"); + n = xmlNewNode(NULL, "XML"); xmlAddChild(this->node, n); - n2 = xmlNewNode(NULL, BAD_CAST enum_to_name(tnccs_msg_type_names, this->type)); - xmlNewProp(n2, BAD_CAST "type", - BAD_CAST enum_to_name(tnccs_error_type_names, type)); - xmlNodeSetContent(n2, BAD_CAST msg); + n2 = xmlNewNode(NULL, enum_to_name(tnccs_msg_type_names, this->type)); + xmlNewProp(n2, "type", enum_to_name(tnccs_error_type_names, type)); + xmlNodeSetContent(n2, msg); xmlAddChild(n, n2); return &this->public.tnccs_msg_interface; diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_msg.c index 79c663905..fa5ce8239 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_msg.c @@ -57,15 +57,15 @@ tnccs_msg_t* tnccs_msg_create_from_node(xmlNodePtr node, linked_list_t *errors) while (cur) { - if (streq((char*)cur->name, "Type") && cur->ns == ns) + if (streq(cur->name, "Type") && cur->ns == ns) { xmlChar *content = xmlNodeGetContent(cur); - type = strtol((char*)content, NULL, 16); + type = strtol(content, NULL, 16); xmlFree(content); found = TRUE; } - else if (streq((char*)cur->name, "XML") && cur->ns == ns) + else if (streq(cur->name, "XML") && cur->ns == ns) { xml_msg_node = cur->xmlChildrenNode; } diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c index e1c193e18..710269ba9 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c @@ -93,7 +93,7 @@ tnccs_msg_t *tnccs_preferred_language_msg_create_from_node(xmlNodePtr node, ); language = xmlNodeGetContent(node); - this->preferred_language = strdup((char*)language); + this->preferred_language = strdup(language); xmlFree(language); return &this->public.tnccs_msg_interface; @@ -117,20 +117,20 @@ tnccs_msg_t *tnccs_preferred_language_msg_create(char *language) .get_preferred_language = _get_preferred_language, }, .type = TNCCS_MSG_PREFERRED_LANGUAGE, - .node = xmlNewNode(NULL, BAD_CAST "TNCC-TNCS-Message"), + .node = xmlNewNode(NULL, "TNCC-TNCS-Message"), .preferred_language = strdup(language), ); /* add the message type number in hex */ - n = xmlNewNode(NULL, BAD_CAST "Type"); - xmlNodeSetContent(n, BAD_CAST "00000003"); + n = xmlNewNode(NULL, "Type"); + xmlNodeSetContent(n, "00000003"); xmlAddChild(this->node, n); - n = xmlNewNode(NULL, BAD_CAST "XML"); + n = xmlNewNode(NULL, "XML"); xmlAddChild(this->node, n); - n2 = xmlNewNode(NULL, BAD_CAST enum_to_name(tnccs_msg_type_names, this->type)); - xmlNodeSetContent(n2, BAD_CAST language); + n2 = xmlNewNode(NULL, enum_to_name(tnccs_msg_type_names, this->type)); + xmlNodeSetContent(n2, language); xmlAddChild(n, n2); return &this->public.tnccs_msg_interface; diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c index cf3c367d8..7c2f9b3f9 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c @@ -104,7 +104,7 @@ tnccs_msg_t *tnccs_reason_strings_msg_create_from_node(xmlNodePtr node, .node = node, ); - if (xmlStrcmp(node->name, (const xmlChar*)"TNCCS-ReasonStrings")) + if (xmlStrcmp(node->name, "TNCCS-ReasonStrings")) { error_msg = "TNCCS-ReasonStrings tag expected"; goto fatal; @@ -118,7 +118,7 @@ tnccs_msg_t *tnccs_reason_strings_msg_create_from_node(xmlNodePtr node, child = child->next; continue; } - if (xmlStrcmp(child->name, (const xmlChar*)"ReasonString")) + if (xmlStrcmp(child->name, "ReasonString")) { error_msg = "ReasonString tag expected"; goto fatal; @@ -126,15 +126,17 @@ tnccs_msg_t *tnccs_reason_strings_msg_create_from_node(xmlNodePtr node, break; } - lang_string = (char*)xmlGetProp(child, (const xmlChar*)"lang"); + lang_string = xmlGetProp(child, "lang"); if (!lang_string) { - lang_string = ""; + lang_string = strdup(""); } - this->language = chunk_create(strdup(lang_string), strlen(lang_string)); + this->language = chunk_clone(chunk_from_str(lang_string)); + xmlFree(lang_string); - reason_string = (char*)xmlNodeGetContent(child); - this->reason = chunk_create(strdup(reason_string), strlen(reason_string)); + reason_string = xmlNodeGetContent(child); + this->reason = chunk_clone(chunk_from_str(reason_string)); + xmlFree(reason_string); return &this->public.tnccs_msg_interface; @@ -163,7 +165,7 @@ tnccs_msg_t *tnccs_reason_strings_msg_create(chunk_t reason, chunk_t language) .get_reason = _get_reason, }, .type = TNCCS_MSG_REASON_STRINGS, - .node = xmlNewNode(NULL, BAD_CAST "TNCC-TNCS-Message"), + .node = xmlNewNode(NULL, "TNCC-TNCS-Message"), .reason = chunk_create_clone(malloc(reason.len + 1), reason), .language = chunk_create_clone(malloc(language.len + 1), language), ); @@ -173,20 +175,20 @@ tnccs_msg_t *tnccs_reason_strings_msg_create(chunk_t reason, chunk_t language) this->language.ptr[this->language.len] = '\0'; /* add the message type number in hex */ - n = xmlNewNode(NULL, BAD_CAST "Type"); - xmlNodeSetContent(n, BAD_CAST "00000004"); + n = xmlNewNode(NULL, "Type"); + xmlNodeSetContent(n, "00000004"); xmlAddChild(this->node, n); - n = xmlNewNode(NULL, BAD_CAST "XML"); + n = xmlNewNode(NULL, "XML"); xmlAddChild(this->node, n); - n2 = xmlNewNode(NULL, BAD_CAST enum_to_name(tnccs_msg_type_names, this->type)); + n2 = xmlNewNode(NULL, enum_to_name(tnccs_msg_type_names, this->type)); /* could add multiple reasons here, if we had them */ - n3 = xmlNewNode(NULL, BAD_CAST "ReasonString"); - xmlNewProp(n3, BAD_CAST "xml:lang", BAD_CAST this->language.ptr); - xmlNodeSetContent(n3, BAD_CAST this->reason.ptr); + n3 = xmlNewNode(NULL, "ReasonString"); + xmlNewProp(n3, "xml:lang", this->language.ptr); + xmlNodeSetContent(n3, this->reason.ptr); xmlAddChild(n2, n3); xmlAddChild(n, n2); diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.c index 32e123b2e..013e0c7ed 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.c @@ -95,21 +95,21 @@ tnccs_msg_t *tnccs_recommendation_msg_create_from_node(xmlNodePtr node, .node = node, ); - rec_string = xmlGetProp(node, (const xmlChar*)"type"); + rec_string = xmlGetProp(node, "type"); if (!rec_string) { error_msg = "type property in TNCCS-Recommendation is missing"; goto fatal; } - else if (streq((char*)rec_string, "allow")) + else if (streq(rec_string, "allow")) { this->rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW; } - else if (streq((char*)rec_string, "isolate")) + else if (streq(rec_string, "isolate")) { this->rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE; } - else if (streq((char*)rec_string, "none")) + else if (streq(rec_string, "none")) { this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS; } @@ -151,16 +151,16 @@ tnccs_msg_t *tnccs_recommendation_msg_create(TNC_IMV_Action_Recommendation rec) .get_recommendation = _get_recommendation, }, .type = TNCCS_MSG_RECOMMENDATION, - .node = xmlNewNode(NULL, BAD_CAST "TNCC-TNCS-Message"), + .node = xmlNewNode(NULL, "TNCC-TNCS-Message"), .rec = rec, ); /* add the message type number in hex */ - n = xmlNewNode(NULL, BAD_CAST "Type"); - xmlNodeSetContent(n, BAD_CAST "00000001"); + n = xmlNewNode(NULL, "Type"); + xmlNodeSetContent(n, "00000001"); xmlAddChild(this->node, n); - n = xmlNewNode(NULL, BAD_CAST "XML"); + n = xmlNewNode(NULL, "XML"); xmlAddChild(this->node, n); switch (rec) @@ -177,8 +177,8 @@ tnccs_msg_t *tnccs_recommendation_msg_create(TNC_IMV_Action_Recommendation rec) rec_string = "none"; } - n2 = xmlNewNode(NULL, BAD_CAST enum_to_name(tnccs_msg_type_names, this->type)); - xmlNewProp(n2, BAD_CAST "type", BAD_CAST rec_string); + n2 = xmlNewNode(NULL, enum_to_name(tnccs_msg_type_names, this->type)); + xmlNewProp(n2, BAD_CAST "type", rec_string); xmlNodeSetContent(n2, ""); xmlAddChild(n, n2); diff --git a/src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c b/src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c index fe288f01d..0d3e1c2a0 100644 --- a/src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c +++ b/src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c @@ -97,20 +97,20 @@ tnccs_msg_t *tnccs_tncs_contact_info_msg_create(void) }, }, .type = TNCCS_MSG_TNCS_CONTACT_INFO, - .node = xmlNewNode(NULL, BAD_CAST "TNCC-TNCS-Message"), + .node = xmlNewNode(NULL, "TNCC-TNCS-Message"), ); /* add the message type number in hex */ - n = xmlNewNode(NULL, BAD_CAST "Type"); - xmlNodeSetContent(n, BAD_CAST "00000005"); + n = xmlNewNode(NULL, "Type"); + xmlNodeSetContent(n, "00000005"); xmlAddChild(this->node, n); - n = xmlNewNode(NULL, BAD_CAST "XML"); + n = xmlNewNode(NULL, "XML"); xmlAddChild(this->node, n); /* TODO - n2 = xmlNewNode(NULL, BAD_CAST enum_to_name(tnccs_msg_type_names, this->type)); - xmlNodeSetContent(n2, BAD_CAST language); + n2 = xmlNewNode(NULL, enum_to_name(tnccs_msg_type_names, this->type)); + xmlNodeSetContent(n2, language); xmlAddChild(n, n2); */ diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index cfc29d6ab..53817c710 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -43,9 +43,9 @@ typedef struct private_tnccs_11_t private_tnccs_11_t; struct private_tnccs_11_t { /** - * Public tls_t interface. + * Public tnccs_t interface. */ - tls_t public; + tnccs_t public; /** * TNCC if TRUE, TNCS if FALSE @@ -53,6 +53,26 @@ struct private_tnccs_11_t { bool is_server; /** + * Server identity + */ + identification_t *server; + + /** + * Client identity + */ + identification_t *peer; + + /** + * Underlying TNC IF-T transport protocol + */ + tnc_ift_type_t transport; + + /** + * Type of TNC client authentication + */ + u_int32_t auth_type; + + /** * Connection ID assigned to this TNCCS connection */ TNC_ConnectionID connection_id; @@ -495,6 +515,18 @@ METHOD(tls_t, is_server, bool, return this->is_server; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_11_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_11_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_11_t *this) { @@ -528,29 +560,69 @@ METHOD(tls_t, destroy, void, { tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id, this->is_server); + this->server->destroy(this->server); + this->peer->destroy(this->peer); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); free(this); } +METHOD(tnccs_t, get_transport, tnc_ift_type_t, + private_tnccs_11_t *this) +{ + return this->transport; +} + +METHOD(tnccs_t, set_transport, void, + private_tnccs_11_t *this, tnc_ift_type_t transport) +{ + this->transport = transport; +} + +METHOD(tnccs_t, get_auth_type, u_int32_t, + private_tnccs_11_t *this) +{ + return this->auth_type; +} + +METHOD(tnccs_t, set_auth_type, void, + private_tnccs_11_t *this, u_int32_t auth_type) +{ + this->auth_type = auth_type; +} + /** * See header */ -tls_t *tnccs_11_create(bool is_server) +tnccs_t* tnccs_11_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport) { private_tnccs_11_t *this; INIT(this, .public = { - .process = _process, - .build = _build, - .is_server = _is_server, - .get_purpose = _get_purpose, - .is_complete = _is_complete, - .get_eap_msk = _get_eap_msk, - .destroy = _destroy, + .tls = { + .process = _process, + .build = _build, + .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, + .get_purpose = _get_purpose, + .is_complete = _is_complete, + .get_eap_msk = _get_eap_msk, + .destroy = _destroy, + }, + .get_transport = _get_transport, + .set_transport = _set_transport, + .get_auth_type = _get_auth_type, + .set_auth_type = _set_auth_type, }, .is_server = is_server, + .server = server->clone(server), + .peer = peer->clone(peer), + .transport = transport, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .max_msg_len = lib->settings->get_int(lib->settings, "%s.plugins.tnccs-11.max_message_size", 45000, diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.h b/src/libcharon/plugins/tnccs_11/tnccs_11.h index 7331fc8cd..531ebb611 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.h +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,14 +23,20 @@ #include <library.h> -#include <tls.h> +#include <tnc/tnccs/tnccs.h> /** * Create an instance of the TNC IF-TNCCS 1.1 protocol handler. * - * @param is_server TRUE to act as TNC Server, FALSE for TNC Client - * @return TNC_IF_TNCCS 1.1 protocol stack + * @param is_server TRUE to act as TNC Server, FALSE for TNC Client + * @param server Server identity + * @param peer Client identity + * @param transport Underlying IF-T transport protocol + * @return TNC_IF_TNCCS 1.1 protocol stack */ -tls_t *tnccs_11_create(bool is_server); +tnccs_t* tnccs_11_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport); #endif /** TNCCS_11_H_ @}*/ diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c b/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c index cd95afb1e..f534af008 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c @@ -30,8 +30,6 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_CALLBACK(tnccs_method_register, tnccs_11_create), PLUGIN_PROVIDE(CUSTOM, "tnccs-1.1"), - PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC), - PLUGIN_DEPENDS(EAP_PEER, EAP_TNC), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), }; *features = f; @@ -61,4 +59,3 @@ plugin_t *tnccs_11_plugin_create() return &this->plugin; } - diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in index 60c8e562e..f0cb9fa54 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.in +++ b/src/libcharon/plugins/tnccs_20/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -114,6 +131,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnccs_20_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnccs_20_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -130,6 +152,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -146,6 +170,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -214,8 +239,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -271,7 +294,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -380,7 +402,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -388,6 +409,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c index 3a2c70f5a..d87e0ccea 100644 --- a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -201,7 +201,7 @@ METHOD(pb_tnc_batch_t, build, void, } enumerator->destroy(enumerator); - this->encoding = chunk_clone(writer->get_buf(writer)); + this->encoding = writer->extract_buf(writer); writer->destroy(writer); } @@ -386,6 +386,13 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) } else { + if (msg_type == PB_MSG_EXPERIMENTAL && noskip_flag) + { + DBG1(DBG_TNC, "reject PB-Experimental message with NOSKIP flag set"); + msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF, + PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset); + goto fatal; + } if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE && pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag) { diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c index 2d2c1316b..aa5e9c723 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c @@ -166,6 +166,7 @@ METHOD(pb_tnc_msg_t, process, status_t, { DBG1(DBG_TNC, "PA Subtype 0x%08x is reserved", PA_RESERVED_SUBTYPE); *offset = 4; + return FAILED; } return SUCCESS; diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c index 63d94b94d..2ef8dd6cd 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c +++ b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c @@ -66,24 +66,24 @@ struct private_pb_remediation_parameters_msg_t { pb_tnc_msg_type_t type; /** - * Remediation Parameters Vendor ID + * Remediation Parameters Type */ - u_int32_t vendor_id; + pen_type_t parameters_type; /** - * Remediation Parameters Type + * Remediation Parameters */ - u_int32_t parameters_type; + chunk_t parameters; /** - * Remediation Parameters string + * Remediation String */ - chunk_t remediation_string; + chunk_t string; /** - * Language code + * Remediation Language Code */ - chunk_t language_code; + chunk_t lang_code; /** * Encoded message @@ -113,10 +113,9 @@ METHOD(pb_tnc_msg_t, build, void, return; } writer = bio_writer_create(64); - writer->write_uint32(writer, this->vendor_id); - writer->write_uint32(writer, this->parameters_type); - writer->write_data32(writer, this->remediation_string); - writer->write_data8 (writer, this->language_code); + writer->write_uint32(writer, this->parameters_type.vendor_id); + writer->write_uint32(writer, this->parameters_type.type); + writer->write_data32(writer, this->parameters); this->encoding = writer->get_buf(writer); this->encoding = chunk_clone(this->encoding); @@ -127,83 +126,103 @@ METHOD(pb_tnc_msg_t, process, status_t, private_pb_remediation_parameters_msg_t *this, u_int32_t *offset) { bio_reader_t *reader; + u_int8_t reserved; + status_t status = SUCCESS; + u_char *pos; + + *offset = 0; /* process message */ reader = bio_reader_create(this->encoding); - reader->read_uint32(reader, &this->vendor_id); - reader->read_uint32(reader, &this->parameters_type); + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &this->parameters_type.vendor_id); + reader->read_uint32(reader, &this->parameters_type.type); + reader->read_data (reader, reader->remaining(reader), &this->parameters); - if (!reader->read_data32(reader, &this->remediation_string)) + this->parameters = chunk_clone(this->parameters); + reader->destroy(reader); + + if (this->parameters_type.vendor_id == PEN_IETF && + this->parameters_type.type == PB_REMEDIATION_STRING) { - DBG1(DBG_TNC, "could not parse remediation string"); - reader->destroy(reader); + reader = bio_reader_create(this->parameters); + status = FAILED; *offset = 8; - return FAILED; - }; - this->remediation_string = chunk_clone(this->remediation_string); - if (this->remediation_string.len && - this->remediation_string.ptr[this->remediation_string.len-1] == '\0') - { - DBG1(DBG_TNC, "remediation string must not be null terminated"); + if (!reader->read_data32(reader, &this->string)) + { + DBG1(DBG_TNC, "insufficient data for remediation string"); + goto end; + }; + *offset += 4; + + pos = memchr(this->string.ptr, '\0', this->string.len); + if (pos) + { + DBG1(DBG_TNC, "nul termination in remediation string"); + *offset += (pos - this->string.ptr); + goto end; + } + *offset += this->string.len; + + if (!reader->read_data8(reader, &this->lang_code)) + { + DBG1(DBG_TNC, "insufficient data for remediation string lang code"); + goto end; + }; + *offset += 1; + + pos = memchr(this->lang_code.ptr, '\0', this->lang_code.len); + + if (pos) + { + DBG1(DBG_TNC, "nul termination in remediation string lang code"); + *offset += (pos - this->lang_code.ptr); + goto end; + } + status = SUCCESS; + +end: reader->destroy(reader); - *offset = 11 + this->remediation_string.len; - return FAILED; } - - if (!reader->read_data8(reader, &this->language_code)) - { - DBG1(DBG_TNC, "could not parse language code"); - reader->destroy(reader); - *offset = 12 + this->remediation_string.len; - return FAILED; - }; - this->language_code = chunk_clone(this->language_code); - reader->destroy(reader); - - if (this->language_code.len && - this->language_code.ptr[this->language_code.len-1] == '\0') - { - DBG1(DBG_TNC, "language code must not be null terminated"); - *offset = 12 + this->remediation_string.len + this->language_code.len; - return FAILED; - } - - return SUCCESS; + return status; } METHOD(pb_tnc_msg_t, destroy, void, private_pb_remediation_parameters_msg_t *this) { free(this->encoding.ptr); - free(this->remediation_string.ptr); - free(this->language_code.ptr); + free(this->parameters.ptr); free(this); } -METHOD(pb_remediation_parameters_msg_t, get_vendor_id, u_int32_t, - private_pb_remediation_parameters_msg_t *this, u_int32_t *type) +METHOD(pb_remediation_parameters_msg_t, get_parameters_type, pen_type_t, + private_pb_remediation_parameters_msg_t *this) { - *type = this->parameters_type; - return this->vendor_id; + return this->parameters_type; } -METHOD(pb_remediation_parameters_msg_t, get_remediation_string, chunk_t, +METHOD(pb_remediation_parameters_msg_t, get_parameters, chunk_t, private_pb_remediation_parameters_msg_t *this) { - return this->remediation_string; + return this->parameters; } -METHOD(pb_remediation_parameters_msg_t, get_language_code, chunk_t, - private_pb_remediation_parameters_msg_t *this) +METHOD(pb_remediation_parameters_msg_t, get_string, chunk_t, + private_pb_remediation_parameters_msg_t *this, chunk_t *lang_code) { - return this->language_code; + if (lang_code) + { + *lang_code = this->lang_code; + } + return this->string; } /** * See header */ -pb_tnc_msg_t *pb_remediation_parameters_msg_create_from_data(chunk_t data) +pb_tnc_msg_t* pb_remediation_parameters_msg_create(pen_type_t parameters_type, + chunk_t parameters) { private_pb_remediation_parameters_msg_t *this; @@ -216,24 +235,56 @@ pb_tnc_msg_t *pb_remediation_parameters_msg_create_from_data(chunk_t data) .process = _process, .destroy = _destroy, }, - .get_vendor_id = _get_vendor_id, - .get_remediation_string = _get_remediation_string, - .get_language_code = _get_language_code, + .get_parameters_type = _get_parameters_type, + .get_parameters = _get_parameters, + .get_uri = _get_parameters, + .get_string = _get_string, }, - .type = PB_MSG_REASON_STRING, - .encoding = chunk_clone(data), + .type = PB_MSG_REMEDIATION_PARAMETERS, + .parameters_type = parameters_type, + .parameters = chunk_clone(parameters), ); return &this->public.pb_interface; } /** + * Described in header. + */ +pb_tnc_msg_t* pb_remediation_parameters_msg_create_from_uri(chunk_t uri) +{ + pen_type_t type = { PEN_IETF, PB_REMEDIATION_URI }; + + return pb_remediation_parameters_msg_create(type, uri); +} + +/** + * Described in header. + */ +pb_tnc_msg_t* pb_remediation_parameters_msg_create_from_string(chunk_t string, + chunk_t lang_code) +{ + pb_tnc_msg_t *msg; + bio_writer_t *writer; + pen_type_t type = { PEN_IETF, PB_REMEDIATION_STRING }; + + /* limit language code to 255 octets */ + lang_code.len = min(255, lang_code.len); + + writer = bio_writer_create(4 + string.len + 1 + lang_code.len); + writer->write_data32(writer, string); + writer->write_data8 (writer, lang_code); + + msg = pb_remediation_parameters_msg_create(type, writer->get_buf(writer)); + writer->destroy(writer); + + return msg; +} + +/** * See header */ -pb_tnc_msg_t* pb_remediation_parameters_msg_create(u_int32_t vendor_id, - u_int32_t type, - chunk_t remediation_string, - chunk_t language_code) +pb_tnc_msg_t *pb_remediation_parameters_msg_create_from_data(chunk_t data) { private_pb_remediation_parameters_msg_t *this; @@ -246,16 +297,15 @@ pb_tnc_msg_t* pb_remediation_parameters_msg_create(u_int32_t vendor_id, .process = _process, .destroy = _destroy, }, - .get_vendor_id = _get_vendor_id, - .get_remediation_string = _get_remediation_string, - .get_language_code = _get_language_code, + .get_parameters_type = _get_parameters_type, + .get_parameters = _get_parameters, + .get_uri = _get_parameters, + .get_string = _get_string, }, - .type = PB_MSG_REASON_STRING, - .vendor_id = vendor_id, - .parameters_type = type, - .remediation_string = chunk_clone(remediation_string), - .language_code = chunk_clone(language_code), + .type = PB_MSG_REMEDIATION_PARAMETERS, + .encoding = chunk_clone(data), ); return &this->public.pb_interface; } + diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h index 258d495ec..f3a1c1009 100644 --- a/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h +++ b/src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ typedef struct pb_remediation_parameters_msg_t pb_remediation_parameters_msg_t; #include "pb_tnc_msg.h" +#include <pen/pen.h> + /** * PB-TNC Remediation Parameter Types as defined in section 4.8.1 of RFC 5793 */ @@ -50,41 +52,61 @@ struct pb_remediation_parameters_msg_t { pb_tnc_msg_t pb_interface; /** - * Get Remediation Parameters Vendor ID and Type + * Get the Remediation Parameters Type (Vendor ID and Type) * - * @param type Remediation Parameters Type - * @return Remediation Parameters Vendor ID + * @return Remediation Parameters Type */ - u_int32_t (*get_vendor_id)(pb_remediation_parameters_msg_t *this, - u_int32_t *type); + pen_type_t (*get_parameters_type)(pb_remediation_parameters_msg_t *this); /** - * Get Remediation String + * Get the Remediation Parameters * - * @return Remediation String + * @return Remediation Parameters */ - chunk_t (*get_remediation_string)(pb_remediation_parameters_msg_t *this); + chunk_t (*get_parameters)(pb_remediation_parameters_msg_t *this); /** - * Get Reason String Language Code + * Get the Remediation URI * - * @return Language Code + * @return Remediation URI */ - chunk_t (*get_language_code)(pb_remediation_parameters_msg_t *this); + chunk_t (*get_uri)(pb_remediation_parameters_msg_t *this); + + /** + * Get the Remediation String + * + * @param lang_code Optional Language Code + * @return Remediation String + */ + chunk_t (*get_string)(pb_remediation_parameters_msg_t *this, + chunk_t *lang_code); + }; /** - * Create a PB-Remediation-Parameters message from parameters + * Create a general PB-Remediation-Parameters message + * + * @param parameters_type Remediation Parameters Type + * @param parameters Remediation Parameters + */ +pb_tnc_msg_t* pb_remediation_parameters_msg_create(pen_type_t parameters_type, + chunk_t parameters); + +/** + * Create a PB-Remediation-Parameters message of IETF Type Remediation URI + * + * @param uri Remediation URI + */ +pb_tnc_msg_t* pb_remediation_parameters_msg_create_from_uri(chunk_t uri); + +/** + * Create a PB-Remediation-Parameters message of IETF Type Remediation String * - * @param vendor_id Remediation Parameters Vendor ID - * @param type Remediation Parameters Type - * @param remediation_string Remediation String - * @param language_code Language Code + * @param string Remediation String + * @param lang_code Remediation String Language Code */ -pb_tnc_msg_t* pb_remediation_parameters_msg_create(u_int32_t vendor_id, - u_int32_t type, - chunk_t remediation_string, - chunk_t language_code); +pb_tnc_msg_t* pb_remediation_parameters_msg_create_from_string(chunk_t string, + chunk_t lang_code); /** * Create an unprocessed PB-Remediation-Parameters message from raw data diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index 6239b152d..29a161e69 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Sansar Choinyanbuu - * Copyright (C) 2010-2012 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -48,9 +48,9 @@ typedef struct private_tnccs_20_t private_tnccs_20_t; struct private_tnccs_20_t { /** - * Public tls_t interface. + * Public tnccs_t interface. */ - tls_t public; + tnccs_t public; /** * TNCC if TRUE, TNCS if FALSE @@ -58,6 +58,26 @@ struct private_tnccs_20_t { bool is_server; /** + * Server identity + */ + identification_t *server; + + /** + * Client identity + */ + identification_t *peer; + + /** + * Underlying TNC IF-T transport protocol + */ + tnc_ift_type_t transport; + + /** + * Type of TNC client authentication + */ + u_int32_t auth_type; + + /** * PB-TNC State Machine */ pb_tnc_state_machine_t *state_machine; @@ -291,7 +311,36 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) } case PB_MSG_REMEDIATION_PARAMETERS: { - /* TODO : Remediation parameters message processing */ + pb_remediation_parameters_msg_t *rem_msg; + pen_type_t parameters_type; + chunk_t parameters, string, lang_code; + + rem_msg = (pb_remediation_parameters_msg_t*)msg; + parameters_type = rem_msg->get_parameters_type(rem_msg); + parameters = rem_msg->get_parameters(rem_msg); + + if (parameters_type.vendor_id == PEN_IETF) + { + switch (parameters_type.type) + { + case PB_REMEDIATION_URI: + DBG1(DBG_TNC, "remediation uri: %.*s", + parameters.len, parameters.ptr); + break; + case PB_REMEDIATION_STRING: + string = rem_msg->get_string(rem_msg, &lang_code); + DBG1(DBG_TNC, "remediation string: [%.*s]\n%.*s", + lang_code.len, lang_code.ptr, + string.len, string.ptr); + break; + default: + DBG1(DBG_TNC, "remediation parameters: %B", ¶meters); + } + } + else + { + DBG1(DBG_TNC, "remediation parameters: %B", ¶meters); + } break; } case PB_MSG_ERROR: @@ -356,9 +405,12 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) lang_msg = (pb_language_preference_msg_t*)msg; lang = lang_msg->get_language_preference(lang_msg); - DBG2(DBG_TNC, "setting language preference to '%.*s'", - (int)lang.len, lang.ptr); - this->recs->set_preferred_language(this->recs, lang); + if (this->recs) + { + DBG2(DBG_TNC, "setting language preference to '%.*s'", + (int)lang.len, lang.ptr); + this->recs->set_preferred_language(this->recs, lang); + } break; } case PB_MSG_REASON_STRING: @@ -759,6 +811,18 @@ METHOD(tls_t, is_server, bool, return this->is_server; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_20_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_20_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_20_t *this) { @@ -792,6 +856,8 @@ METHOD(tls_t, destroy, void, { tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id, this->is_server); + this->server->destroy(this->server); + this->peer->destroy(this->peer); this->state_machine->destroy(this->state_machine); this->mutex->destroy(this->mutex); this->messages->destroy_offset(this->messages, @@ -799,24 +865,62 @@ METHOD(tls_t, destroy, void, free(this); } +METHOD(tnccs_t, get_transport, tnc_ift_type_t, + private_tnccs_20_t *this) +{ + return this->transport; +} + +METHOD(tnccs_t, set_transport, void, + private_tnccs_20_t *this, tnc_ift_type_t transport) +{ + this->transport = transport; +} + +METHOD(tnccs_t, get_auth_type, u_int32_t, + private_tnccs_20_t *this) +{ + return this->auth_type; +} + +METHOD(tnccs_t, set_auth_type, void, + private_tnccs_20_t *this, u_int32_t auth_type) +{ + this->auth_type = auth_type; +} + /** * See header */ -tls_t *tnccs_20_create(bool is_server) +tnccs_t* tnccs_20_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport) { private_tnccs_20_t *this; INIT(this, .public = { - .process = _process, - .build = _build, - .is_server = _is_server, - .get_purpose = _get_purpose, - .is_complete = _is_complete, - .get_eap_msk = _get_eap_msk, - .destroy = _destroy, + .tls = { + .process = _process, + .build = _build, + .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, + .get_purpose = _get_purpose, + .is_complete = _is_complete, + .get_eap_msk = _get_eap_msk, + .destroy = _destroy, + }, + .get_transport = _get_transport, + .set_transport = _set_transport, + .get_auth_type = _get_auth_type, + .set_auth_type = _set_auth_type, }, .is_server = is_server, + .server = server->clone(server), + .peer = peer->clone(peer), + .transport = transport, .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .messages = linked_list_create(), diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.h b/src/libcharon/plugins/tnccs_20/tnccs_20.h index 400d1dc12..314935069 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.h +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Andreas Steffen + * Copyright (C) 2010-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,14 +23,20 @@ #include <library.h> -#include <tls.h> +#include <tnc/tnccs/tnccs.h> /** * Create an instance of the TNC IF-TNCCS 2.0 protocol handler. * - * @param is_server TRUE to act as TNC Server, FALSE for TNC Client - * @return TNC_IF_TNCCS 2.0 protocol stack + * @param is_server TRUE to act as TNC Server, FALSE for TNC Client + * @param server Server identity + * @param peer Client identity + * @param transport Underlying IF-T transport protocol + * @return TNC_IF_TNCCS 2.0 protocol stack */ -tls_t *tnccs_20_create(bool is_server); +tnccs_t* tnccs_20_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport); #endif /** TNCCS_20_H_ @}*/ diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c index 4f419ecf0..f74306c8c 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c @@ -30,8 +30,6 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_CALLBACK(tnccs_method_register, tnccs_20_create), PLUGIN_PROVIDE(CUSTOM, "tnccs-2.0"), - PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC), - PLUGIN_DEPENDS(EAP_PEER, EAP_TNC), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), }; *features = f; @@ -61,4 +59,3 @@ plugin_t *tnccs_20_plugin_create() return &this->plugin; } - diff --git a/src/libcharon/plugins/tnccs_dynamic/Makefile.in b/src/libcharon/plugins/tnccs_dynamic/Makefile.in index b17afda82..5f375516b 100644 --- a/src/libcharon/plugins/tnccs_dynamic/Makefile.in +++ b/src/libcharon/plugins/tnccs_dynamic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -110,6 +127,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_tnccs_dynamic_la_SOURCES) DIST_SOURCES = $(libstrongswan_tnccs_dynamic_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -126,6 +148,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -142,6 +166,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -210,8 +235,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -267,7 +290,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -363,7 +385,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -371,6 +392,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c index 03795a947..d4fc6a6f7 100644 --- a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c +++ b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -27,14 +27,35 @@ typedef struct private_tnccs_dynamic_t private_tnccs_dynamic_t; struct private_tnccs_dynamic_t { /** - * Public tls_t interface. + * Public tnccs_t interface. */ - tls_t public; + tnccs_t public; + + /** + * Server identity + */ + identification_t *server; + + /** + * Client identity + */ + identification_t *peer; /** * Detected TNC IF-TNCCS stack */ tls_t *tls; + + /** + * Underlying TNC IF-T transport protocol + */ + tnc_ift_type_t transport; + + /** + * Type of TNC client authentication + */ + u_int32_t auth_type; + }; /** @@ -66,6 +87,7 @@ METHOD(tls_t, process, status_t, private_tnccs_dynamic_t *this, void *buf, size_t buflen) { tnccs_type_t type; + tnccs_t *tnccs; if (!this->tls) { @@ -76,12 +98,15 @@ METHOD(tls_t, process, status_t, type = determine_tnccs_protocol(*(char*)buf); DBG1(DBG_TNC, "%N protocol detected dynamically", tnccs_type_names, type); - this->tls = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, type, TRUE); - if (!this->tls) + tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE, + this->server, this->peer, this->transport); + if (!tnccs) { DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type); return FAILED; } + tnccs->set_auth_type(tnccs, this->auth_type); + this->tls = &tnccs->tls; } return this->tls->process(this->tls, buf, buflen); } @@ -98,6 +123,18 @@ METHOD(tls_t, is_server, bool, return TRUE; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_dynamic_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_dynamic_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_dynamic_t *this) { @@ -120,26 +157,66 @@ METHOD(tls_t, destroy, void, private_tnccs_dynamic_t *this) { DESTROY_IF(this->tls); + this->server->destroy(this->server); + this->peer->destroy(this->peer); free(this); } +METHOD(tnccs_t, get_transport, tnc_ift_type_t, + private_tnccs_dynamic_t *this) +{ + return this->transport; +} + +METHOD(tnccs_t, set_transport, void, + private_tnccs_dynamic_t *this, tnc_ift_type_t transport) +{ + this->transport = transport; +} + +METHOD(tnccs_t, get_auth_type, u_int32_t, + private_tnccs_dynamic_t *this) +{ + return this->auth_type; +} + +METHOD(tnccs_t, set_auth_type, void, + private_tnccs_dynamic_t *this, u_int32_t auth_type) +{ + this->auth_type = auth_type; +} + /** * See header */ -tls_t *tnccs_dynamic_create(bool is_server) +tnccs_t* tnccs_dynamic_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport) { private_tnccs_dynamic_t *this; INIT(this, .public = { - .process = _process, - .build = _build, - .is_server = _is_server, - .get_purpose = _get_purpose, - .is_complete = _is_complete, - .get_eap_msk = _get_eap_msk, - .destroy = _destroy, + .tls = { + .process = _process, + .build = _build, + .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, + .get_purpose = _get_purpose, + .is_complete = _is_complete, + .get_eap_msk = _get_eap_msk, + .destroy = _destroy, + }, + .get_transport = _get_transport, + .set_transport = _set_transport, + .get_auth_type = _get_auth_type, + .set_auth_type = _set_auth_type, }, + .server = server->clone(server), + .peer = peer->clone(peer), + .transport = transport, ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h index 42410b17f..e4cff74b8 100644 --- a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h +++ b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2013 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,14 +23,20 @@ #include <library.h> -#include <tls.h> +#include <tnc/tnccs/tnccs.h> /** * Create an instance of a dynamic TNC IF-TNCCS protocol handler. * - * @param is_server TRUE to act as TNC Server, FALSE for TNC Client - * @return dynamic TNC IF-TNCCS protocol stack + * @param is_server TRUE to act as TNC Server, FALSE for TNC Client + * @param server Server identity + * @param peer Client identity + * @param transport Underlying IF-T transport protocol + * @return dynamic TNC IF-TNCCS protocol stack */ -tls_t *tnccs_dynamic_create(bool is_server); +tnccs_t* tnccs_dynamic_create(bool is_server, + identification_t *server, + identification_t *peer, + tnc_ift_type_t transport); #endif /** TNCCS_DYNAMIC_H_ @}*/ diff --git a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c index 6f581c543..aac57813a 100644 --- a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c +++ b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c @@ -32,8 +32,6 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(CUSTOM, "tnccs-dynamic"), PLUGIN_DEPENDS(CUSTOM, "tnccs-1.1"), PLUGIN_DEPENDS(CUSTOM, "tnccs-2.0"), - PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC), - PLUGIN_DEPENDS(EAP_PEER, EAP_TNC), }; *features = f; return countof(f); @@ -62,4 +60,3 @@ plugin_t *tnccs_dynamic_plugin_create() return &this->plugin; } - diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index aff566c08..b8e03e0a8 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -105,6 +122,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_uci_la_SOURCES) DIST_SOURCES = $(libstrongswan_uci_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -121,6 +143,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -137,6 +161,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -205,8 +230,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -262,7 +285,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -354,7 +376,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -362,6 +383,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index de0bf91af..b58d120c1 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -89,7 +89,7 @@ static traffic_selector_t *create_ts(char *string) { traffic_selector_t *ts; - ts = traffic_selector_create_from_cidr(string, 0, 0); + ts = traffic_selector_create_from_cidr(string, 0, 0, 65535); if (ts) { return ts; @@ -156,7 +156,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, local_addr, FALSE, charon->socket->get_port(charon->socket, FALSE), remote_addr, FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO); + FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, @@ -255,7 +255,7 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool, local_addr, FALSE, charon->socket->get_port(charon->socket, FALSE), remote_addr, FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO); + FRAGMENTATION_NO, 0); this->ike_cfg->add_proposal(this->ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); @@ -343,4 +343,3 @@ uci_config_t *uci_config_create(uci_parser_t *parser) return &this->public; } - diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 8e60d97b2..175cece27 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -111,6 +128,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_unit_tester_la_SOURCES) DIST_SOURCES = $(libstrongswan_unit_tester_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -127,6 +149,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -143,6 +167,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -211,8 +236,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -268,7 +291,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -371,7 +393,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -379,6 +400,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 5cb81fd51..4a9a81847 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -106,6 +123,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_unity_la_SOURCES) DIST_SOURCES = $(libstrongswan_unity_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -122,6 +144,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -138,6 +162,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -206,8 +231,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -263,7 +286,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index 31d13add2..9d145b93f 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -174,7 +174,6 @@ static job_requeue_t add_exclude_async(entry_t *entry) ike_sa_t *ike_sa; char name[128]; host_t *host; - bool has_vip = FALSE; ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, entry->sa, FALSE); @@ -187,23 +186,21 @@ static job_requeue_t add_exclude_async(entry_t *entry) FALSE, 0, 0, NULL, NULL, FALSE); child_cfg->add_traffic_selector(child_cfg, FALSE, entry->ts->clone(entry->ts)); + host = ike_sa->get_my_host(ike_sa); + child_cfg->add_traffic_selector(child_cfg, TRUE, + traffic_selector_create_from_subnet(host->clone(host), + 32, 0, 0, 65535)); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE); while (enumerator->enumerate(enumerator, &host)) { - has_vip = TRUE; child_cfg->add_traffic_selector(child_cfg, TRUE, - traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0)); + traffic_selector_create_from_subnet(host->clone(host), + 32, 0, 0, 65535)); } enumerator->destroy(enumerator); - if (!has_vip) - { - host = ike_sa->get_my_host(ike_sa); - child_cfg->add_traffic_selector(child_cfg, TRUE, - traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0)); - } - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - charon->shunts->install(charon->shunts, child_cfg); child_cfg->destroy(child_cfg); diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index f8df24116..25505db0b 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -107,6 +124,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_updown_la_SOURCES) DIST_SOURCES = $(libstrongswan_updown_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +145,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +163,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +232,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +287,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 5ca4fd36d..ca3c027ae 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,6 +17,23 @@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -115,6 +132,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ SOURCES = $(libstrongswan_whitelist_la_SOURCES) $(whitelist_SOURCES) DIST_SOURCES = $(libstrongswan_whitelist_la_SOURCES) \ $(whitelist_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -131,6 +153,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -147,6 +171,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -215,8 +240,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -272,7 +295,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -365,7 +387,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -373,6 +394,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -398,8 +421,11 @@ libstrongswan-whitelist.la: $(libstrongswan_whitelist_la_OBJECTS) $(libstrongswa $(libstrongswan_whitelist_la_LINK) $(am_libstrongswan_whitelist_la_rpath) $(libstrongswan_whitelist_la_OBJECTS) $(libstrongswan_whitelist_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index f5edbaeeb..0a74b2926 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_xauth_eap_la_SOURCES) DIST_SOURCES = $(libstrongswan_xauth_eap_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index ecd480fb5..7348ab8de 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_xauth_generic_la_SOURCES) DIST_SOURCES = $(libstrongswan_xauth_generic_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.am b/src/libcharon/plugins/xauth_noauth/Makefile.am new file mode 100644 index 000000000..b838af63a --- /dev/null +++ b/src/libcharon/plugins/xauth_noauth/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-xauth-noauth.la +else +plugin_LTLIBRARIES = libstrongswan-xauth-noauth.la +endif + +libstrongswan_xauth_noauth_la_SOURCES = \ + xauth_noauth_plugin.h xauth_noauth_plugin.c \ + xauth_noauth.h xauth_noauth.c + +libstrongswan_xauth_noauth_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 312e63f2a..c8f7a6a33 100644 --- a/src/libcharon/plugins/android/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -34,7 +51,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/libcharon/plugins/android +subdir = src/libcharon/plugins/xauth_noauth DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -81,17 +98,18 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libstrongswan_android_la_DEPENDENCIES = -am_libstrongswan_android_la_OBJECTS = android_plugin.lo \ - android_service.lo android_handler.lo android_creds.lo -libstrongswan_android_la_OBJECTS = \ - $(am_libstrongswan_android_la_OBJECTS) -libstrongswan_android_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_android_la_LDFLAGS) $(LDFLAGS) -o $@ -@MONOLITHIC_FALSE@am_libstrongswan_android_la_rpath = -rpath \ +libstrongswan_xauth_noauth_la_LIBADD = +am_libstrongswan_xauth_noauth_la_OBJECTS = xauth_noauth_plugin.lo \ + xauth_noauth.lo +libstrongswan_xauth_noauth_la_OBJECTS = \ + $(am_libstrongswan_xauth_noauth_la_OBJECTS) +libstrongswan_xauth_noauth_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_xauth_noauth_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_xauth_noauth_la_rpath = -rpath \ @MONOLITHIC_FALSE@ $(plugindir) -@MONOLITHIC_TRUE@am_libstrongswan_android_la_rpath = +@MONOLITHIC_TRUE@am_libstrongswan_xauth_noauth_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -105,8 +123,13 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_android_la_SOURCES) -DIST_SOURCES = $(libstrongswan_android_la_SOURCES) +SOURCES = $(libstrongswan_xauth_noauth_la_SOURCES) +DIST_SOURCES = $(libstrongswan_xauth_noauth_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -123,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -139,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -207,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -264,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -302,16 +325,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-android.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-android.la -libstrongswan_android_la_SOURCES = \ - android_plugin.c android_plugin.h \ - android_service.c android_service.h \ - android_handler.c android_handler.h \ - android_creds.c android_creds.h - -libstrongswan_android_la_LDFLAGS = -module -avoid-version -libstrongswan_android_la_LIBADD = -lcutils +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-xauth-noauth.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xauth-noauth.la +libstrongswan_xauth_noauth_la_SOURCES = \ + xauth_noauth_plugin.h xauth_noauth_plugin.c \ + xauth_noauth.h xauth_noauth.c + +libstrongswan_xauth_noauth_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -325,9 +345,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -357,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -365,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -386,8 +407,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-android.la: $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_DEPENDENCIES) $(EXTRA_libstrongswan_android_la_DEPENDENCIES) - $(libstrongswan_android_la_LINK) $(am_libstrongswan_android_la_rpath) $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_LIBADD) $(LIBS) +libstrongswan-xauth-noauth.la: $(libstrongswan_xauth_noauth_la_OBJECTS) $(libstrongswan_xauth_noauth_la_DEPENDENCIES) $(EXTRA_libstrongswan_xauth_noauth_la_DEPENDENCIES) + $(libstrongswan_xauth_noauth_la_LINK) $(am_libstrongswan_xauth_noauth_la_rpath) $(libstrongswan_xauth_noauth_la_OBJECTS) $(libstrongswan_xauth_noauth_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -395,10 +416,8 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_creds.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_handler.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_service.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_noauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_noauth_plugin.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c new file mode 100644 index 000000000..a9d95126a --- /dev/null +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xauth_noauth.h" + +#include <daemon.h> +#include <library.h> + +typedef struct private_xauth_noauth_t private_xauth_noauth_t; + +/** + * Private data of an xauth_noauth_t object. + */ +struct private_xauth_noauth_t { + + /** + * Public interface. + */ + xauth_noauth_t public; + + /** + * ID of the peer (not really used here) + */ + identification_t *peer; + +}; + +METHOD(xauth_method_t, initiate, status_t, + private_xauth_noauth_t *this, cp_payload_t **out) +{ + /* XAuth task handles the details for us */ + return SUCCESS; +} + +METHOD(xauth_method_t, process, status_t, + private_xauth_noauth_t *this, cp_payload_t *in, cp_payload_t **out) +{ + /* this should never be called */ + return FAILED; +} + +METHOD(xauth_method_t, get_identity, identification_t*, + private_xauth_noauth_t *this) +{ + /* this should never be called, but lets still return a valid ID */ + return this->peer; +} + +METHOD(xauth_method_t, destroy, void, + private_xauth_noauth_t *this) +{ + this->peer->destroy(this->peer); + free(this); +} + +/* + * Described in header. + */ +xauth_noauth_t *xauth_noauth_create_server(identification_t *server, + identification_t *peer) +{ + private_xauth_noauth_t *this; + + INIT(this, + .public = { + .xauth_method = { + .initiate = _initiate, + .process = _process, + .get_identity = _get_identity, + .destroy = _destroy, + }, + }, + .peer = identification_create_from_string("%any"), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h new file mode 100644 index 000000000..8984b0a7c --- /dev/null +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup xauth_noauth_i xauth_noauth + * @{ @ingroup xauth_noauth + */ + +#ifndef XAUTH_NOAUTH_H_ +#define XAUTH_NOAUTH_H_ + +typedef struct xauth_noauth_t xauth_noauth_t; + +#include <sa/xauth/xauth_method.h> + +/** + * Implementation of the xauth_method_t interface that does not actually do + * any authentication but simply concludes the XAuth exchange successfully. + */ +struct xauth_noauth_t { + + /** + * Implemented xauth_method_t interface. + */ + xauth_method_t xauth_method; +}; + +/** + * Creates the noauth XAuth method, acting as server. + * + * @param server ID of the XAuth server + * @param peer ID of the XAuth client + * @return xauth_noauth_t object + */ +xauth_noauth_t *xauth_noauth_create_server(identification_t *server, + identification_t *peer); + +#endif /** XAUTH_NOAUTH_H_ @}*/ diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c new file mode 100644 index 000000000..e7ee4dfe3 --- /dev/null +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xauth_noauth_plugin.h" +#include "xauth_noauth.h" + +#include <daemon.h> + +METHOD(plugin_t, get_name, char*, + xauth_noauth_plugin_t *this) +{ + return "xauth-noauth"; +} + +METHOD(plugin_t, get_features, int, + xauth_noauth_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK(xauth_method_register, xauth_noauth_create_server), + PLUGIN_PROVIDE(XAUTH_SERVER, "noauth"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + xauth_noauth_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *xauth_noauth_plugin_create() +{ + xauth_noauth_plugin_t *this; + + INIT(this, + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + ); + + return &this->plugin; +} diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h new file mode 100644 index 000000000..d174ac29c --- /dev/null +++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup xauth_noauth xauth_noauth + * @ingroup cplugins + * + * @defgroup xauth_noauth_plugin xauth_noauth_plugin + * @{ @ingroup xauth_noauth + */ + +#ifndef XAUTH_NOAUTH_PLUGIN_H_ +#define XAUTH_NOAUTH_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct xauth_noauth_plugin_t xauth_noauth_plugin_t; + +/** + * XAuth plugin that does not actually do any authentication but simply + * concludes the XAuth exchange successfully. This could be used to implement + * basic RSA authentication in cases where the client does not offer an option + * to disable XAuth. + */ +struct xauth_noauth_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** XAUTH_NOAUTH_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index b249b418f..0538a028f 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,6 +125,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libstrongswan_xauth_pam_la_SOURCES) DIST_SOURCES = $(libstrongswan_xauth_pam_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -124,6 +146,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -140,6 +164,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -208,8 +233,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -265,7 +288,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -355,7 +377,6 @@ clean-noinstLTLIBRARIES: done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -363,6 +384,8 @@ install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index 3a8c2e1cd..a394e9df9 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -76,11 +76,21 @@ METHOD(job_t, execute, job_requeue_t, } else { - /* destroy IKE_SA did not complete connecting phase */ + /* destroy IKE_SA only if it did not complete connecting phase */ if (ike_sa->get_state(ike_sa) != IKE_CONNECTING) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } + else if (ike_sa->get_version(ike_sa) == IKEV1 && + ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) + { /* as initiator we waited for the peer to initiate e.g. an + * XAuth exchange, reauth the SA to eventually trigger DPD */ + DBG1(DBG_JOB, "peer did not initiate expected exchange, " + "reestablishing IKE_SA"); + ike_sa->reauth(ike_sa); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } else { DBG1(DBG_JOB, "deleting half open IKE_SA after timeout"); diff --git a/src/libcharon/processing/jobs/dpd_timeout_job.c b/src/libcharon/processing/jobs/dpd_timeout_job.c index 64a9785a6..9cdce5cab 100644 --- a/src/libcharon/processing/jobs/dpd_timeout_job.c +++ b/src/libcharon/processing/jobs/dpd_timeout_job.c @@ -68,7 +68,7 @@ METHOD(job_t, execute, job_requeue_t, enumerator = ike_sa->create_child_sa_enumerator(ike_sa); while (enumerator->enumerate(enumerator, &child_sa)) { - child_sa->get_usestats(child_sa, TRUE, ¤t, NULL); + child_sa->get_usestats(child_sa, TRUE, ¤t, NULL, NULL); use_time = max(use_time, current); } enumerator->destroy(enumerator); @@ -77,6 +77,7 @@ METHOD(job_t, execute, job_requeue_t, if (use_time < this->check) { DBG1(DBG_JOB, "DPD check timed out, enforcing DPD action"); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, NULL); charon->bus->ike_updown(charon->bus, ike_sa, FALSE); ike_sa->reestablish(ike_sa); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index 3c56b0cd7..9ab69b417 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -75,8 +75,8 @@ METHOD(job_t, execute, job_requeue_t, { time_t in, out, diff; - child_sa->get_usestats(child_sa, TRUE, &in, NULL); - child_sa->get_usestats(child_sa, FALSE, &out, NULL); + child_sa->get_usestats(child_sa, TRUE, &in, NULL, NULL); + child_sa->get_usestats(child_sa, FALSE, &out, NULL, NULL); diff = time_monotonic(NULL) - max(in, out); @@ -155,4 +155,3 @@ inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, return &this->public; } - diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index f02d836cf..463ad2e22 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -182,6 +182,16 @@ struct private_child_sa_t { * last number of outbound bytes */ u_int64_t other_usebytes; + + /** + * last number of inbound packets + */ + u_int64_t my_usepackets; + + /** + * last number of outbound bytes + */ + u_int64_t other_usepackets; }; /** @@ -413,7 +423,7 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; - u_int64_t bytes; + u_int64_t bytes, packets; if (inbound) { @@ -422,12 +432,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) status = hydra->kernel_interface->query_sa(hydra->kernel_interface, this->other_addr, this->my_addr, this->my_spi, proto_ike2ip(this->protocol), this->mark_in, - &bytes); + &bytes, &packets); if (status == SUCCESS) { if (bytes > this->my_usebytes) { this->my_usebytes = bytes; + this->my_usepackets = packets; return SUCCESS; } return FAILED; @@ -441,12 +452,13 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) status = hydra->kernel_interface->query_sa(hydra->kernel_interface, this->my_addr, this->other_addr, this->other_spi, proto_ike2ip(this->protocol), this->mark_out, - &bytes); + &bytes, &packets); if (status == SUCCESS) { if (bytes > this->other_usebytes) { this->other_usebytes = bytes; + this->other_usepackets = packets; return SUCCESS; } return FAILED; @@ -512,7 +524,8 @@ static void update_usetime(private_child_sa_t *this, bool inbound) } METHOD(child_sa_t, get_usestats, void, - private_child_sa_t *this, bool inbound, time_t *time, u_int64_t *bytes) + private_child_sa_t *this, bool inbound, + time_t *time, u_int64_t *bytes, u_int64_t *packets) { if (update_usebytes(this, inbound) != FAILED) { @@ -529,6 +542,10 @@ METHOD(child_sa_t, get_usestats, void, { *bytes = inbound ? this->my_usebytes : this->other_usebytes; } + if (packets) + { + *packets = inbound ? this->my_usepackets : this->other_usepackets; + } } METHOD(child_sa_t, get_mark, mark_t, diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index dae3f2c18..44511edf8 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -270,9 +270,10 @@ struct child_sa_t { * @param inbound TRUE for inbound traffic, FALSE for outbound * @param[out] time time of last use in seconds (NULL to ignore) * @param[out] bytes number of processed bytes (NULL to ignore) + * @param[out] packets number of processed packets (NULL to ignore) */ void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, - u_int64_t *bytes); + u_int64_t *bytes, u_int64_t *packets); /** * Get the mark used with this CHILD_SA. diff --git a/src/libcharon/sa/eap/eap_inner_method.h b/src/libcharon/sa/eap/eap_inner_method.h new file mode 100644 index 000000000..500852965 --- /dev/null +++ b/src/libcharon/sa/eap/eap_inner_method.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_inner_method eap_inner_method + * @{ @ingroup eap + */ + +#ifndef EAP_INNER_METHOD_H_ +#define EAP_INNER_METHOD_H_ + +typedef struct eap_inner_method_t eap_inner_method_t; + +#include <library.h> + +#include "eap_method.h" + +/** + * Interface of a weak inner EAP method like EAP-TNC or PT-EAP + * that must be encapsulated in a strong TLS-based EAP method + */ +struct eap_inner_method_t { + + /* + * Public EAP method interface + */ + eap_method_t eap_method; + + /* + * Get type of outer EAP authentication method + * + * @return outer EAP authentication type + */ + eap_type_t (*get_auth_type)(eap_inner_method_t *this); + + /* + * Set type of outer EAP Client/Server authentication + * + * @param type outer EAP authentication type + */ + void (*set_auth_type)(eap_inner_method_t *this, eap_type_t type); + +}; + +#endif /** EAP_INNER_METHOD_H_ @}*/ diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 4029db11d..8c4dabd81 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -285,7 +285,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) enumerator = this->child_sas->create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, &child_sa)) { - child_sa->get_usestats(child_sa, inbound, ¤t, NULL); + child_sa->get_usestats(child_sa, inbound, ¤t, NULL, NULL); use_time = max(use_time, current); } enumerator->destroy(enumerator); @@ -900,7 +900,7 @@ METHOD(ike_sa_t, update_hosts, void, else { /* update our address in any case */ - if (!me->equals(me, this->my_host)) + if (force && !me->equals(me, this->my_host)) { set_my_host(this, me->clone(me)); update = TRUE; @@ -909,7 +909,8 @@ METHOD(ike_sa_t, update_hosts, void, if (!other->equals(other, this->other_host)) { /* update others address if we are NOT NATed */ - if (force || !has_condition(this, COND_NAT_HERE)) + if ((has_condition(this, COND_NAT_THERE) && + !has_condition(this, COND_NAT_HERE)) || force ) { set_other_host(this, other->clone(other)); update = TRUE; @@ -939,14 +940,38 @@ METHOD(ike_sa_t, update_hosts, void, } } +/** + * Set configured DSCP value on packet + */ +static void set_dscp(private_ike_sa_t *this, packet_t *packet) +{ + ike_cfg_t *ike_cfg; + + /* prefer IKE config on peer_cfg, as its selection is more accurate + * then the initial IKE config */ + if (this->peer_cfg) + { + ike_cfg = this->peer_cfg->get_ike_cfg(this->peer_cfg); + } + else + { + ike_cfg = this->ike_cfg; + } + if (ike_cfg) + { + packet->set_dscp(packet, ike_cfg->get_dscp(ike_cfg)); + } +} + METHOD(ike_sa_t, generate_message, status_t, private_ike_sa_t *this, message_t *message, packet_t **packet) { status_t status; if (message->is_encoded(message)) - { /* already done */ + { /* already encoded in task, but set DSCP value */ *packet = message->get_packet(message); + set_dscp(this, *packet); return SUCCESS; } this->stats[STAT_OUTBOUND] = time_monotonic(NULL); @@ -955,6 +980,7 @@ METHOD(ike_sa_t, generate_message, status_t, status = message->generate(message, this->keymat, packet); if (status == SUCCESS) { + set_dscp(this, *packet); charon->bus->message(charon->bus, message, FALSE, FALSE); } return status; @@ -1225,24 +1251,6 @@ METHOD(ike_sa_t, process_message, status_t, { /* do not handle messages in passive state */ return FAILED; } - switch (message->get_exchange_type(message)) - { - case ID_PROT: - case AGGRESSIVE: - case IKE_SA_INIT: - case IKE_AUTH: - if (this->state != IKE_CREATED && - this->state != IKE_CONNECTING && - message->get_first_payload_type(message) != FRAGMENT_V1) - { - DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", - exchange_type_names, message->get_exchange_type(message)); - return FAILED; - } - break; - default: - break; - } if (message->get_major_version(message) != this->version) { DBG1(DBG_IKE, "ignoring %N IKEv%u exchange on %N SA", @@ -1437,6 +1445,10 @@ METHOD(ike_sa_t, delete_, status_t, } /* FALL */ case IKE_ESTABLISHED: + if (time_monotonic(NULL) >= this->stats[STAT_DELETE]) + { /* IKE_SA hard lifetime hit */ + charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED); + } this->task_manager->queue_ike_delete(this->task_manager); return this->task_manager->initiate(this->task_manager); case IKE_CREATED: diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 2ac8c3123..4fbc4da8e 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -108,9 +108,9 @@ struct entry_t { identification_t *other_id; /** - * message ID currently processing, if any + * message ID or hash of currently processing message, -1 if none */ - u_int32_t message_id; + u_int32_t processing; }; /** @@ -135,23 +135,12 @@ static status_t entry_destroy(entry_t *this) */ static entry_t *entry_create() { - entry_t *this = malloc_thing(entry_t); - - this->waiting_threads = 0; - this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - - /* we set checkout flag when we really give it out */ - this->checked_out = FALSE; - this->driveout_new_threads = FALSE; - this->driveout_waiting_threads = FALSE; - this->message_id = -1; - this->init_hash = chunk_empty; - this->other = NULL; - this->half_open = FALSE; - this->my_id = NULL; - this->other_id = NULL; - this->ike_sa_id = NULL; - this->ike_sa = NULL; + entry_t *this; + + INIT(this, + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .processing = -1, + ); return this; } @@ -1171,6 +1160,20 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, return ike_sa; } +/** + * Get the message ID or message hash to detect early retransmissions + */ +static u_int32_t get_message_id_or_hash(message_t *message) +{ + /* Use the message ID, or the message hash in IKEv1 Main/Aggressive mode */ + if (message->get_major_version(message) == IKEV1_MAJOR_VERSION && + message->get_message_id(message) == 0) + { + return chunk_hash(message->get_packet_data(message)); + } + return message->get_message_id(message); +} + METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, private_ike_sa_manager_t* this, message_t *message) { @@ -1246,7 +1249,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, entry->checked_out = TRUE; unlock_single_segment(this, segment); - entry->message_id = message->get_message_id(message); + entry->processing = get_message_id_or_hash(message); entry->init_hash = hash; DBG2(DBG_MGR, "created IKE_SA %s[%u]", @@ -1290,12 +1293,11 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, if (get_entry_by_id(this, id, &entry, &segment) == SUCCESS) { - /* only check out in IKEv2 if we are not already processing it */ - if (message->get_request(message) && - message->get_message_id(message) == entry->message_id) + /* only check out if we are not already processing it. */ + if (entry->processing == get_message_id_or_hash(message)) { DBG1(DBG_MGR, "ignoring request with ID %u, already processing", - entry->message_id); + entry->processing); } else if (wait_for_entry(this, entry, segment)) { @@ -1305,7 +1307,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, entry->checked_out = TRUE; if (message->get_first_payload_type(message) != FRAGMENT_V1) { - entry->message_id = message->get_message_id(message); + entry->processing = get_message_id_or_hash(message); } if (ike_id->get_responder_spi(ike_id) == 0) { @@ -1564,7 +1566,7 @@ METHOD(ike_sa_manager_t, checkin, void, entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa->get_id(ike_sa)); /* signal waiting threads */ entry->checked_out = FALSE; - entry->message_id = -1; + entry->processing = -1; /* check if this SA is half-open */ if (entry->half_open && ike_sa->get_state(ike_sa) != IKE_CONNECTING) { @@ -1745,6 +1747,23 @@ METHOD(ike_sa_manager_t, create_id_enumerator, enumerator_t*, (void*)id_enumerator_cleanup, ids); } +/** + * Move all CHILD_SAs from old to new + */ +static void adopt_children(ike_sa_t *old, ike_sa_t *new) +{ + enumerator_t *enumerator; + child_sa_t *child_sa; + + enumerator = old->create_child_sa_enumerator(old); + while (enumerator->enumerate(enumerator, &child_sa)) + { + old->remove_child_sa(old, enumerator); + new->add_child_sa(new, child_sa); + } + enumerator->destroy(enumerator); +} + METHOD(ike_sa_manager_t, check_uniqueness, bool, private_ike_sa_manager_t *this, ike_sa_t *ike_sa, bool force_replace) { @@ -1782,6 +1801,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, { DBG1(DBG_IKE, "destroying duplicate IKE_SA for peer '%Y', " "received INITIAL_CONTACT", other); + charon->bus->ike_updown(charon->bus, duplicate, FALSE); checkin_and_destroy(this, duplicate); continue; } @@ -1796,6 +1816,10 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, { case UNIQUE_REPLACE: charon->bus->alert(charon->bus, ALERT_UNIQUE_REPLACE); + if (duplicate->get_version(duplicate) == IKEV1) + { + adopt_children(duplicate, ike_sa); + } DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer " "'%Y' due to uniqueness policy", other); status = duplicate->delete(duplicate); diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index eb642109b..39e4cad20 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -431,6 +431,7 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, { case AUTH_PSK: case AUTH_XAUTH_INIT_PSK: + case AUTH_XAUTH_RESP_PSK: { /* SKEYID = prf(pre-shared-key, Ni_b | Nr_b) */ chunk_t psk; if (!shared_key) diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 8a4761d5c..709033cb5 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -411,7 +411,7 @@ static bool send_fragment(private_task_manager_t *this, bool request, static bool send_packet(private_task_manager_t *this, bool request, packet_t *packet) { - fragmentation_t fragmentation = FRAGMENTATION_NO; + bool use_frags = FALSE; ike_cfg_t *ike_cfg; host_t *src, *dst; chunk_t data; @@ -419,12 +419,21 @@ static bool send_packet(private_task_manager_t *this, bool request, ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); if (ike_cfg) { - fragmentation = ike_cfg->fragmentation(ike_cfg); + switch (ike_cfg->fragmentation(ike_cfg)) + { + case FRAGMENTATION_FORCE: + use_frags = TRUE; + break; + case FRAGMENTATION_YES: + use_frags = this->ike_sa->supports_extension(this->ike_sa, + EXT_IKE_FRAGMENTATION); + break; + default: + break; + } } data = packet->get_data(packet); - if (data.len > this->frag.size && (fragmentation == FRAGMENTATION_FORCE || - (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) && - fragmentation == FRAGMENTATION_YES))) + if (data.len > this->frag.size && use_frags) { fragment_payload_t *fragment; u_int8_t num, count; @@ -1163,6 +1172,15 @@ static status_t process_response(private_task_manager_t *this, if (message->get_exchange_type(message) != this->initiating.type) { + /* Windows server sends a fourth quick mode message having an initial + * contact notify. Ignore this message for compatibility. */ + if (this->initiating.type == EXCHANGE_TYPE_UNDEFINED && + message->get_exchange_type(message) == QUICK_MODE && + message->get_notify(message, INITIAL_CONTACT)) + { + DBG1(DBG_IKE, "ignoring fourth Quick Mode message"); + return SUCCESS; + } DBG1(DBG_IKE, "received %N response, but expected %N", exchange_type_names, message->get_exchange_type(message), exchange_type_names, this->initiating.type); @@ -1471,6 +1489,21 @@ METHOD(task_manager_t, process_message, status_t, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg); return SUCCESS; } + + /* reject Main/Aggressive Modes once established */ + if (msg->get_exchange_type(msg) == ID_PROT || + msg->get_exchange_type(msg) == AGGRESSIVE) + { + if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && + this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && + msg->get_first_payload_type(msg) != FRAGMENT_V1) + { + DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", + exchange_type_names, msg->get_exchange_type(msg)); + return FAILED; + } + } + if (msg->get_exchange_type(msg) == TRANSACTION && this->active_tasks->get_count(this->active_tasks)) { /* main mode not yet complete, queue XAuth/Mode config tasks */ @@ -2030,4 +2063,3 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) return &this->public; } - diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 7336d5d64..6b00706bf 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -30,6 +30,7 @@ #include <sa/ikev1/tasks/informational.h> #include <sa/ikev1/tasks/isakmp_delete.h> #include <processing/jobs/adopt_children_job.h> +#include <processing/jobs/delete_ike_sa_job.h> typedef struct private_aggressive_mode_t private_aggressive_mode_t; @@ -299,8 +300,14 @@ METHOD(task_t, build_i, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - /* wait for XAUTH request */ + { /* wait for XAUTH request, since this may never come, + * we queue a timeout */ + job_t *job = (job_t*)delete_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), FALSE); + lib->scheduler->schedule_job(lib->scheduler, job, + HALF_OPEN_IKE_SA_TIMEOUT); break; + } case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: case AUTH_HYBRID_RESP_RSA: diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index bc9d4bbc3..441bd7a78 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -30,6 +30,7 @@ #include <sa/ikev1/tasks/informational.h> #include <sa/ikev1/tasks/isakmp_delete.h> #include <processing/jobs/adopt_children_job.h> +#include <processing/jobs/delete_ike_sa_job.h> typedef struct private_main_mode_t private_main_mode_t; @@ -638,8 +639,14 @@ METHOD(task_t, process_i, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - /* wait for XAUTH request */ + { /* wait for XAUTH request, since this may never come, + * we queue a timeout */ + job_t *job = (job_t*)delete_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), FALSE); + lib->scheduler->schedule_job(lib->scheduler, job, + HALF_OPEN_IKE_SA_TIMEOUT); break; + } case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: case AUTH_HYBRID_RESP_RSA: diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index db48bc58e..e9f06cbe3 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -97,8 +97,8 @@ static bool delete_child(private_quick_delete_t *this, } else { - child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in); - child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out); + child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in, NULL); + child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL); DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs " "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 1eae6aa93..7a0fb5788 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -576,12 +576,12 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) if (!tsi) { tsi = traffic_selector_create_from_subnet(hsi->clone(hsi), - hsi->get_family(hsi) == AF_INET ? 32 : 128, 0, 0); + hsi->get_family(hsi) == AF_INET ? 32 : 128, 0, 0, 65535); } if (!tsr) { tsr = traffic_selector_create_from_subnet(hsr->clone(hsr), - hsr->get_family(hsr) == AF_INET ? 32 : 128, 0, 0); + hsr->get_family(hsr) == AF_INET ? 32 : 128, 0, 0, 65535); } if (this->mode == MODE_TRANSPORT && this->udp && (!tsi->is_host(tsi, hsi) || !tsr->is_host(tsr, hsr))) @@ -594,20 +594,27 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) if (this->initiator) { + traffic_selector_t *tsisub, *tsrsub; + /* check if peer selection is valid */ - if (!tsr->is_contained_in(tsr, this->tsr) || - !tsi->is_contained_in(tsi, this->tsi)) + tsisub = this->tsi->get_subset(this->tsi, tsi); + tsrsub = this->tsr->get_subset(this->tsr, tsr); + if (!tsisub || !tsrsub) { DBG1(DBG_IKE, "peer selected invalid traffic selectors: " "%R for %R, %R for %R", tsi, this->tsi, tsr, this->tsr); + DESTROY_IF(tsisub); + DESTROY_IF(tsrsub); tsi->destroy(tsi); tsr->destroy(tsr); return FALSE; } + tsi->destroy(tsi); + tsr->destroy(tsr); this->tsi->destroy(this->tsi); this->tsr->destroy(this->tsr); - this->tsi = tsi; - this->tsr = tsr; + this->tsi = tsisub; + this->tsr = tsrsub; } else { @@ -914,30 +921,37 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) enumerator_t *enumerator, *policies; traffic_selector_t *local, *remote; child_sa_t *child_sa; + proposal_t *proposal; + char *name; + name = this->config->get_name(this->config); enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (this->reqid == 0 && enumerator->enumerate(enumerator, &child_sa)) { - if (child_sa->get_state(child_sa) == CHILD_INSTALLED && - streq(child_sa->get_name(child_sa), - this->config->get_name(this->config))) + if (streq(child_sa->get_name(child_sa), name)) { - policies = child_sa->create_policy_enumerator(child_sa); - if (policies->enumerate(policies, &local, &remote)) + proposal = child_sa->get_proposal(child_sa); + switch (child_sa->get_state(child_sa)) { - if (local->equals(local, this->tsr) && - remote->equals(remote, this->tsi) && - this->proposal->equals(this->proposal, - child_sa->get_proposal(child_sa))) - { - this->reqid = child_sa->get_reqid(child_sa); - this->rekey = child_sa->get_spi(child_sa, TRUE); - child_sa->set_state(child_sa, CHILD_REKEYING); - DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}", - child_sa->get_name(child_sa), this->reqid); - } + case CHILD_INSTALLED: + case CHILD_REKEYING: + policies = child_sa->create_policy_enumerator(child_sa); + if (policies->enumerate(policies, &local, &remote) && + local->equals(local, this->tsr) && + remote->equals(remote, this->tsi) && + this->proposal->equals(this->proposal, proposal)) + { + this->reqid = child_sa->get_reqid(child_sa); + this->rekey = child_sa->get_spi(child_sa, TRUE); + child_sa->set_state(child_sa, CHILD_REKEYING); + DBG1(DBG_IKE, "detected rekeying of CHILD_SA %s{%u}", + child_sa->get_name(child_sa), this->reqid); + } + policies->destroy(policies); + break; + default: + break; } - policies->destroy(policies); } } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index 10bea5636..31114e592 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -286,21 +286,55 @@ METHOD(task_t, build_i_status, status_t, return NEED_MORE; } +METHOD(task_t, process_i_status, status_t, + private_xauth_t *this, message_t *message) +{ + cp_payload_t *cp; + + cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + if (!cp || cp->get_type(cp) != CFG_ACK) + { + DBG1(DBG_IKE, "received invalid XAUTH status response"); + return FAILED; + } + if (this->status != XAUTH_OK) + { + DBG1(DBG_IKE, "destroying IKE_SA after failed XAuth authentication"); + return FAILED; + } + if (!establish(this)) + { + return FAILED; + } + this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE); + lib->processor->queue_job(lib->processor, (job_t*) + adopt_children_job_create(this->ike_sa->get_id(this->ike_sa))); + return SUCCESS; +} + METHOD(task_t, build_i, status_t, private_xauth_t *this, message_t *message) { if (!this->xauth) { - cp_payload_t *cp; + cp_payload_t *cp = NULL; this->xauth = load_method(this); if (!this->xauth) { return FAILED; } - if (this->xauth->initiate(this->xauth, &cp) != NEED_MORE) + switch (this->xauth->initiate(this->xauth, &cp)) { - return FAILED; + case NEED_MORE: + break; + case SUCCESS: + DESTROY_IF(cp); + this->status = XAUTH_OK; + this->public.task.process = _process_i_status; + return build_i_status(this, message); + default: + return FAILED; } message->add_payload(message, (payload_t *)cp); return NEED_MORE; @@ -411,32 +445,6 @@ METHOD(task_t, build_r, status_t, return NEED_MORE; } -METHOD(task_t, process_i_status, status_t, - private_xauth_t *this, message_t *message) -{ - cp_payload_t *cp; - - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); - if (!cp || cp->get_type(cp) != CFG_ACK) - { - DBG1(DBG_IKE, "received invalid XAUTH status response"); - return FAILED; - } - if (this->status != XAUTH_OK) - { - DBG1(DBG_IKE, "destroying IKE_SA after failed XAuth authentication"); - return FAILED; - } - if (!establish(this)) - { - return FAILED; - } - this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE); - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create(this->ike_sa->get_id(this->ike_sa))); - return SUCCESS; -} - METHOD(task_t, process_i, status_t, private_xauth_t *this, message_t *message) { diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index aa0644033..b8359cc88 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -667,6 +667,16 @@ METHOD(authenticator_t, build_client, status_t, METHOD(authenticator_t, is_mutual, bool, private_eap_authenticator_t *this) { + if (this->method) + { + u_int32_t vendor; + + if (this->method->get_type(this->method, &vendor) != EAP_IDENTITY || + vendor != 0) + { + return this->method->is_mutual(this->method); + } + } /* we don't know yet, but insist on it after EAP is complete */ this->require_mutual = TRUE; return TRUE; diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index ea0117c54..5298abf79 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -475,6 +475,7 @@ METHOD(task_manager_t, initiate, status_t, break; case FAILED: default: + this->initiating.type = EXCHANGE_TYPE_UNDEFINED; if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) { charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); @@ -1123,6 +1124,18 @@ METHOD(task_manager_t, process_message, status_t, { if (mid == this->responding.mid) { + /* reject initial messages once established */ + if (msg->get_exchange_type(msg) == IKE_SA_INIT || + msg->get_exchange_type(msg) == IKE_AUTH) + { + if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && + this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) + { + DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", + exchange_type_names, msg->get_exchange_type(msg)); + return FAILED; + } + } if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING || msg->get_exchange_type(msg) != IKE_SA_INIT) @@ -1163,6 +1176,10 @@ METHOD(task_manager_t, process_message, status_t, { DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored", mid, this->responding.mid); + if (msg->get_exchange_type(msg) == IKE_SA_INIT) + { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */ + return DESTROY_ME; + } } } else diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index eb3972c29..32c0e8c4a 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -18,6 +18,7 @@ #include "child_create.h" #include <daemon.h> +#include <hydra.h> #include <sa/ikev2/keymat_v2.h> #include <crypto/diffie_hellman.h> #include <credentials/certificates/x509.h> @@ -615,6 +616,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) nonce_payload_t *nonce_payload; ke_payload_t *ke_payload; ts_payload_t *ts_payload; + kernel_feature_t features; /* add SA payload */ if (this->initiator) @@ -661,6 +663,13 @@ static void build_payloads(private_child_create_t *this, message_t *message) default: break; } + + features = hydra->kernel_interface->get_features(hydra->kernel_interface); + if (!(features & KERNEL_ESP_V3_TFC)) + { + message->add_notify(message, FALSE, ESP_TFC_PADDING_NOT_SUPPORTED, + chunk_empty); + } } /** diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 644af782c..8652942ad 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -264,8 +264,8 @@ static void log_children(private_child_delete_t *this) } else { - child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in); - child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out); + child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in, NULL); + child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL); DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs %.8x_i " "(%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index f8c2ed141..262cb10e0 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -87,6 +87,24 @@ struct private_child_rekey_t { }; /** + * Schedule a retry if rekeying temporary failed + */ +static void schedule_delayed_rekey(private_child_rekey_t *this) +{ + u_int32_t retry; + job_t *job; + + retry = RETRY_INTERVAL - (random() % RETRY_JITTER); + job = (job_t*)rekey_child_sa_job_create( + this->child_sa->get_reqid(this->child_sa), + this->child_sa->get_protocol(this->child_sa), + this->child_sa->get_spi(this->child_sa, TRUE)); + DBG1(DBG_IKE, "CHILD_SA rekeying failed, trying again in %d seconds", retry); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + lib->scheduler->schedule_job(lib->scheduler, job, retry); +} + +/** * Implementation of task_t.build for initiator, after rekeying */ static status_t build_i_delete(private_child_rekey_t *this, message_t *message) @@ -166,8 +184,13 @@ METHOD(task_t, build_i, status_t, } reqid = this->child_sa->get_reqid(this->child_sa); this->child_create->use_reqid(this->child_create, reqid); - this->child_create->task.build(&this->child_create->task, message); + if (this->child_create->task.build(&this->child_create->task, + message) != NEED_MORE) + { + schedule_delayed_rekey(this); + return FAILED; + } this->child_sa->set_state(this->child_sa, CHILD_REKEYING); return NEED_MORE; @@ -316,17 +339,7 @@ METHOD(task_t, process_i, status_t, if (!(this->collision && this->collision->get_type(this->collision) == TASK_CHILD_DELETE)) { - job_t *job; - u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER); - - job = (job_t*)rekey_child_sa_job_create( - this->child_sa->get_reqid(this->child_sa), - this->child_sa->get_protocol(this->child_sa), - this->child_sa->get_spi(this->child_sa, TRUE)); - DBG1(DBG_IKE, "CHILD_SA rekeying failed, " - "trying again in %d seconds", retry); - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - lib->scheduler->schedule_job(lib->scheduler, job, retry); + schedule_delayed_rekey(this); } return SUCCESS; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 70efcd7af..942f97cf5 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -223,6 +223,18 @@ static auth_cfg_t *get_auth_cfg(private_ike_auth_t *this, bool local) } /** + * Move the currently active auth config to the auth configs completed + */ +static void apply_auth_cfg(private_ike_auth_t *this, bool local) +{ + auth_cfg_t *cfg; + + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, local), local); + this->ike_sa->add_auth_cfg(this->ike_sa, local, cfg); +} + +/** * Check if we have should initiate another authentication round */ static bool do_another_auth(private_ike_auth_t *this) @@ -307,7 +319,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) { if (this->peer_cfg) { - bool complies = TRUE; + char *comply_error = NULL; enumerator_t *e1, *e2, *tmp; auth_cfg_t *c1, *c2; @@ -324,22 +336,30 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) while (e1->enumerate(e1, &c1)) { /* check if done authentications comply to configured ones */ - if ((!e2->enumerate(e2, &c2)) || - (!strict && !c1->complies(c1, c2, TRUE)) || - (strict && !c2->complies(c2, c1, TRUE))) + if (!e2->enumerate(e2, &c2)) + { + comply_error = "insufficient authentication rounds"; + break; + } + if (!strict && !c1->complies(c1, c2, TRUE)) { - complies = FALSE; + comply_error = "non-matching authentication done"; + break; + } + if (strict && !c2->complies(c2, c1, TRUE)) + { + comply_error = "constraint checking failed"; break; } } e1->destroy(e1); e2->destroy(e2); - if (complies) + if (!comply_error) { break; } - DBG1(DBG_CFG, "selected peer config '%s' inacceptable", - this->peer_cfg->get_name(this->peer_cfg)); + DBG1(DBG_CFG, "selected peer config '%s' inacceptable: %s", + this->peer_cfg->get_name(this->peer_cfg), comply_error); this->peer_cfg->destroy(this->peer_cfg); } if (this->candidates->remove_first(this->candidates, @@ -464,10 +484,7 @@ METHOD(task_t, build_i, status_t, switch (this->my_auth->build(this->my_auth, message)) { case SUCCESS: - /* authentication step complete, reset authenticator */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), TRUE); - this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); + apply_auth_cfg(this, TRUE); this->my_auth->destroy(this->my_auth); this->my_auth = NULL; break; @@ -640,10 +657,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } - /* store authentication information */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + apply_auth_cfg(this, FALSE); if (!update_cfg_candidates(this, FALSE)) { @@ -778,10 +792,7 @@ METHOD(task_t, build_r, status_t, switch (this->my_auth->build(this->my_auth, message)) { case SUCCESS: - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), - TRUE); - this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); + apply_auth_cfg(this, TRUE); this->my_auth->destroy(this->my_auth); this->my_auth = NULL; break; @@ -969,10 +980,10 @@ METHOD(task_t, process_i, status_t, goto peer_auth_failed; } - /* store authentication information, reset authenticator */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + if (!mutual_eap) + { + apply_auth_cfg(this, FALSE); + } } if (this->my_auth) @@ -980,10 +991,11 @@ METHOD(task_t, process_i, status_t, switch (this->my_auth->process(this->my_auth, message)) { case SUCCESS: - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), - TRUE); - this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); + apply_auth_cfg(this, TRUE); + if (this->my_auth->is_mutual(this->my_auth)) + { + apply_auth_cfg(this, FALSE); + } this->my_auth->destroy(this->my_auth); this->my_auth = NULL; this->do_another_auth = do_another_auth(this); diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.c b/src/libcharon/sa/ikev2/tasks/ike_dpd.c index 28ccc2efe..7a33f7938 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_dpd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.c @@ -37,12 +37,6 @@ METHOD(task_t, return_need_more, status_t, return NEED_MORE; } -METHOD(task_t, return_success, status_t, - private_ike_dpd_t *this, message_t *message) -{ - return SUCCESS; -} - METHOD(task_t, get_type, task_type_t, private_ike_dpd_t *this) { @@ -82,11 +76,11 @@ ike_dpd_t *ike_dpd_create(bool initiator) if (initiator) { this->public.task.build = _return_need_more; - this->public.task.process = _return_success; + this->public.task.process = (void*)return_success; } else { - this->public.task.build = _return_success; + this->public.task.build = (void*)return_success; this->public.task.process = _return_need_more; } diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c index f0602a673..5709dc652 100644 --- a/src/libcharon/sa/xauth/xauth_manager.c +++ b/src/libcharon/sa/xauth/xauth_manager.c @@ -112,8 +112,11 @@ METHOD(xauth_manager_t, create_instance, xauth_method_t*, enumerator = this->methods->create_enumerator(this->methods); while (enumerator->enumerate(enumerator, &entry)) { - if (role == entry->role && - (!name || streq(name, entry->name))) + if (!name && streq(entry->name, "noauth")) + { /* xauth-noauth has to be configured explicitly */ + continue; + } + if (role == entry->role && (!name || streq(name, entry->name))) { method = entry->constructor(server, peer); if (method) |