summaryrefslogtreecommitdiff
path: root/src/libcharon
diff options
context:
space:
mode:
authorRomain Francoise <rfrancoise@debian.org>2014-04-15 19:34:32 +0200
committerRomain Francoise <rfrancoise@debian.org>2014-04-15 19:34:32 +0200
commitc5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (patch)
treed4e2118cbd411caa1a0528eac831030109bc6e65 /src/libcharon
parent15fb7904f4431a6e7c305fd08732458f7f885e7e (diff)
downloadvyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.tar.gz
vyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.zip
Import upstream version 5.1.3
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/Makefile.in1
-rw-r--r--src/libcharon/config/ike_cfg.c2
-rw-r--r--src/libcharon/config/proposal.c23
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.c7
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.c16
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in1
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in1
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in1
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in1
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in1
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in1
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_provider.c19
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in1
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c4
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.c7
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_forward.c22
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in1
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in1
-rw-r--r--src/libcharon/plugins/farp/Makefile.in1
-rw-r--r--src/libcharon/plugins/ha/Makefile.in1
-rw-r--r--src/libcharon/plugins/ha/ha_cache.c18
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in1
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in1
-rw-r--r--src/libcharon/plugins/led/Makefile.in1
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in1
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in1
-rw-r--r--src/libcharon/plugins/maemo/Makefile.in1
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in1
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in1
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in1
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in1
-rw-r--r--src/libcharon/plugins/smp/Makefile.in1
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in1
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in1
-rw-r--r--src/libcharon/plugins/sql/Makefile.in1
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in1
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c85
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c6
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.am3
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in21
-rw-r--r--src/libcharon/plugins/uci/Makefile.in1
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.in1
-rw-r--r--src/libcharon/plugins/unity/Makefile.in1
-rw-r--r--src/libcharon/plugins/updown/Makefile.in1
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in1
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c29
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c9
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_delete.c12
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_post.c139
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_pre.c28
74 files changed, 314 insertions, 192 deletions
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 5f8453616..b300df3b2 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -870,7 +870,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index c74daa0cc..e08bb3f67 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -385,7 +385,7 @@ METHOD(ike_cfg_t, equals, bool,
return FALSE;
}
e1 = this->proposals->create_enumerator(this->proposals);
- e2 = this->proposals->create_enumerator(this->proposals);
+ e2 = other->proposals->create_enumerator(other->proposals);
while (e1->enumerate(e1, &p1) && e2->enumerate(e2, &p2))
{
if (!p1->equals(p1, p2))
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 891d1be84..2ecdb4f2e 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2006-2010 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -193,7 +193,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
{
enumerator_t *e1, *e2;
u_int16_t alg1, alg2, ks1, ks2;
- bool found = FALSE;
+ bool found = FALSE, optional = FALSE;
if (type == INTEGRITY_ALGORITHM &&
selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
@@ -202,12 +202,27 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
/* no integrity algorithm required, we have an AEAD */
return TRUE;
}
+ if (type == DIFFIE_HELLMAN_GROUP)
+ {
+ optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
+ }
e1 = create_enumerator(this, type);
e2 = other->create_enumerator(other, type);
- if (!e1->enumerate(e1, NULL, NULL) && !e2->enumerate(e2, NULL, NULL))
+ if (!e1->enumerate(e1, NULL, NULL))
{
- found = TRUE;
+ if (!e2->enumerate(e2, &alg2, NULL))
+ {
+ found = TRUE;
+ }
+ else if (optional)
+ {
+ do
+ { /* if the other peer proposes NONE, we accept the proposal */
+ found = !alg2;
+ }
+ while (!found && e2->enumerate(e2, &alg2, NULL));
+ }
}
e1->destroy(e1);
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index a32f5705d..05d41051b 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -224,6 +224,9 @@ METHOD(cert_payload_t, get_cert, certificate_t*,
case ENC_X509_SIGNATURE:
type = CERT_X509;
break;
+ case ENC_X509_ATTRIBUTE:
+ type = CERT_X509_AC;
+ break;
case ENC_CRL:
type = CERT_X509_CRL;
break;
@@ -333,6 +336,9 @@ cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
case CERT_X509:
this->encoding = ENC_X509_SIGNATURE;
break;
+ case CERT_X509_AC:
+ this->encoding = ENC_X509_ATTRIBUTE;
+ break;
default:
DBG1(DBG_ENC, "embedding %N certificate in payload failed",
certificate_type_names, cert->get_type(cert));
@@ -380,4 +386,3 @@ cert_payload_t *cert_payload_create_custom(payload_type_t type,
return &this->public;
}
-
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index cb9b359b3..3e35b75c6 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -361,12 +361,20 @@ METHOD(payload_t, verify, status_t,
}
break;
case PROTO_IKE:
- if (this->spi.len != 0 && this->spi.len != 8)
+ if (this->type == PROPOSAL_SUBSTRUCTURE_V1)
{
- DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
- return FAILED;
+ if (this->spi.len <= 16)
+ { /* according to RFC 2409, section 3.5 anything between
+ * 0 and 16 is fine */
+ break;
+ }
}
- break;
+ else if (this->spi.len == 0 || this->spi.len == 8)
+ {
+ break;
+ }
+ DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
+ return FAILED;
default:
break;
}
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index bc32b5ade..0aa635a43 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 6278a6234..f44734cc6 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index ae64a8758..361b36187 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index f812770f3..e218c8a4f 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index d8eb802b7..bb951264f 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 395cd76ea..81f2b7868 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -371,7 +371,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c
index e092771f4..f5325b566 100644
--- a/src/libcharon/plugins/dhcp/dhcp_provider.c
+++ b/src/libcharon/plugins/dhcp/dhcp_provider.c
@@ -47,22 +47,6 @@ struct private_dhcp_provider_t {
};
/**
- * Hashtable hash function
- */
-static u_int hash(void *key)
-{
- return (uintptr_t)key;
-}
-
-/**
- * Hashtable equals function
- */
-static bool equals(void *a, void *b)
-{
- return a == b;
-}
-
-/**
* Hash ID and host to a key
*/
static uintptr_t hash_id_host(identification_t *id, host_t *host)
@@ -226,7 +210,8 @@ dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket)
},
.socket = socket,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .transactions = hashtable_create(hash, equals, 8),
+ .transactions = hashtable_create(hashtable_hash_ptr,
+ hashtable_equals_ptr, 8),
);
return &this->public;
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index 4be453ea8..d9eeddf70 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index e9da68ee8..0b12cf320 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -380,7 +380,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 67cf66720..9e771ae46 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 7d6ae956c..91c4bb10b 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 6ff0acb32..16d0b4203 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 99ae94e37..1c8d51b94 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -372,7 +372,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 688879a82..4c536b2a0 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 150b131f0..d9938dd00 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -372,7 +372,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index d52f26a9a..7caac9c76 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 49e3dd142..511506869 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -792,12 +792,14 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
"invalid auth string");
goto error;
}
+ chunk_free(&auth_string);
hex = chunk_create(token, AUTH_RESPONSE_LEN - 2);
auth_string = chunk_from_hex(hex, NULL);
}
else if (strpfx(token, "M="))
{
token += 2;
+ free(msg);
msg = strdup(token);
}
}
@@ -883,6 +885,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
"invalid challenge");
goto error;
}
+ chunk_free(&challenge);
hex = chunk_create(token, 2 * CHALLENGE_LEN);
challenge = chunk_from_hex(hex, NULL);
}
@@ -893,6 +896,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
else if (strpfx(token, "M="))
{
token += 2;
+ free(msg);
msg = strdup(token);
}
}
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 7ac4a6edf..29d8c8bb0 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index 3e2bf046d..fbce3127f 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 8c780e78d..5fb1bbb75 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -410,7 +410,12 @@ static job_requeue_t send_interim(interim_data_t *data)
{
if (!send_message(this, message))
{
- eap_radius_handle_timeout(data->id);
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.accounting_close_on_timeout",
+ TRUE, lib->ns))
+ {
+ eap_radius_handle_timeout(data->id);
+ }
}
message->destroy(message);
}
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
index b873e1d69..54d52a98c 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
@@ -74,22 +74,6 @@ typedef struct {
static private_eap_radius_forward_t *singleton = NULL;
/**
- * Hashtable hash function
- */
-static u_int hash(uintptr_t key)
-{
- return key;
-}
-
-/**
- * Hashtable equals function
- */
-static bool equals(uintptr_t a, uintptr_t b)
-{
- return a == b;
-}
-
-/**
* Free a queue entry
*/
static void free_attribute(chunk_t *chunk)
@@ -442,10 +426,8 @@ eap_radius_forward_t *eap_radius_forward_create()
.to_attr = parse_selector(lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.forward.radius_to_ike", "",
lib->ns)),
- .from = hashtable_create((hashtable_hash_t)hash,
- (hashtable_equals_t)equals, 8),
- .to = hashtable_create((hashtable_hash_t)hash,
- (hashtable_equals_t)equals, 8),
+ .from = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8),
+ .to = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index 3707f64f3..10b881f59 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 05bbc3129..e4552d196 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index a22a5c355..628f5372a 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -376,7 +376,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 189baacbc..4a8127fc1 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -376,7 +376,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 33443a1d2..8ac480d48 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 02cf1532c..79b45a9c1 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index ec189f895..c2b8b4feb 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 6d4ff8756..1f2ace21d 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index a22b1e220..b6937877d 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index d8a135cc1..8dd787569 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -381,7 +381,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 60c55f01e..13f0e5260 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -371,7 +371,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 2f3263064..d7a77ee17 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c
index ce1afe6f9..60e75fc7e 100644
--- a/src/libcharon/plugins/ha/ha_cache.c
+++ b/src/libcharon/plugins/ha/ha_cache.c
@@ -59,22 +59,6 @@ struct private_ha_cache_t {
};
/**
- * Hashtable hash function
- */
-static u_int hash(void *key)
-{
- return (uintptr_t)key;
-}
-
-/**
- * Hashtable equals function
- */
-static bool equals(void *a, void *b)
-{
- return a == b;
-}
-
-/**
* Cache entry for an IKE_SA
*/
typedef struct {
@@ -380,7 +364,7 @@ ha_cache_t *ha_cache_create(ha_kernel_t *kernel, ha_socket_t *socket,
.count = count,
.kernel = kernel,
.socket = socket,
- .cache = hashtable_create(hash, equals, 8),
+ .cache = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 8),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 2ee5a49f1..1f62f4026 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 1726c689c..3bc289d22 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 48163aff2..f7179cfe8 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -370,7 +370,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 2369044dd..561d69a23 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -383,7 +383,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 4b6d214de..57aaeeaeb 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -379,7 +379,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index 314088a25..e1d4ee301 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 8d7ca04e6..b6a04dfe7 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 7abc23e50..82d985e57 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index b891f55f1..ce8d67c53 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index bf85d5713..3dbebd807 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -374,7 +374,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 43f3c6fbf..e0134e7a2 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -371,7 +371,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 155113e48..894c1f9dc 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index da40a433b..a0e2d2d93 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 963804932..02967d0dd 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -371,7 +371,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 11a8771cc..253203de7 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -375,7 +375,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index ea168058f..1aa49ce0d 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -31,8 +31,9 @@
#include <credentials/certificates/ac.h>
#include <credentials/certificates/crl.h>
#include <credentials/certificates/pgp_certificate.h>
-#include <credentials/ietf_attributes/ietf_attributes.h>
#include <config/peer_cfg.h>
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
/* warning intervals for list functions */
#define CERT_WARNING_INTERVAL 30 /* days */
@@ -1027,16 +1028,19 @@ static void stroke_list_certs(linked_list_t *list, char *label,
static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
{
bool first = TRUE;
- time_t thisUpdate, nextUpdate, now = time(NULL);
- enumerator_t *enumerator = list->create_enumerator(list);
+ time_t notBefore, notAfter, now = time(NULL);
+ enumerator_t *enumerator;
certificate_t *cert;
- while (enumerator->enumerate(enumerator, (void**)&cert))
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &cert))
{
ac_t *ac = (ac_t*)cert;
+ ac_group_type_t type;
identification_t *id;
- ietf_attributes_t *groups;
+ enumerator_t *groups;
chunk_t chunk;
+ bool firstgroup = TRUE;
if (first)
{
@@ -1061,30 +1065,79 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
{
fprintf(out, " hserial: %#B\n", &chunk);
}
- groups = ac->get_groups(ac);
- if (groups)
+ groups = ac->create_group_enumerator(ac);
+ while (groups->enumerate(groups, &type, &chunk))
{
- fprintf(out, " groups: %s\n", groups->get_string(groups));
- groups->destroy(groups);
+ int oid;
+ char *str;
+
+ if (firstgroup)
+ {
+ fprintf(out, " groups: ");
+ firstgroup = FALSE;
+ }
+ else
+ {
+ fprintf(out, " ");
+ }
+ switch (type)
+ {
+ case AC_GROUP_TYPE_STRING:
+ fprintf(out, "%.*s", (int)chunk.len, chunk.ptr);
+ break;
+ case AC_GROUP_TYPE_OID:
+ oid = asn1_known_oid(chunk);
+ if (oid == OID_UNKNOWN)
+ {
+ str = asn1_oid_to_string(chunk);
+ if (str)
+ {
+ fprintf(out, "%s", str);
+ free(str);
+ }
+ else
+ {
+ fprintf(out, "OID:%#B", &chunk);
+ }
+ }
+ else
+ {
+ fprintf(out, "%s", oid_names[oid].name);
+ }
+ break;
+ case AC_GROUP_TYPE_OCTETS:
+ fprintf(out, "%#B", &chunk);
+ break;
+ }
+ fprintf(out, "\n");
}
+ groups->destroy(groups);
fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert));
chunk = chunk_skip_zero(ac->get_serial(ac));
fprintf(out, " serial: %#B\n", &chunk);
/* list validity */
- cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %T\n", &thisUpdate, utc);
- fprintf(out, " next %T, ", &nextUpdate, utc);
- if (now > nextUpdate)
+ cert->get_validity(cert, &now, &notBefore, &notAfter);
+ fprintf(out, " validity: not before %T, ", &notBefore, utc);
+ if (now < notBefore)
{
- fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
+ fprintf(out, "not valid yet (valid in %V)\n", &now, &notBefore);
+ }
+ else
+ {
+ fprintf(out, "ok\n");
+ }
+ fprintf(out, " not after %T, ", &notAfter, utc);
+ if (now > notAfter)
+ {
+ fprintf(out, "expired (%V ago)\n", &now, &notAfter);
}
else
{
fprintf(out, "ok");
- if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24)
+ if (now > notAfter - AC_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %V)", &now, &nextUpdate);
+ fprintf(out, " (expires in %V)", &now, &notAfter);
}
fprintf(out, " \n");
}
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 63724728a..76b2c5703 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index ace18e77c..194113088 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -376,7 +376,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index 8f24daea3..a652e7067 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -779,7 +779,7 @@ static bool soap_init(private_tnc_ifmap_soap_t *this)
return FALSE;
}
DBG1(DBG_TNC, "loaded MAP client certificate from '%s'", client_cert);
- this->creds->add_cert(this->creds, TRUE, cert);
+ cert = this->creds->add_cert_ref(this->creds, TRUE, cert);
/* load MAP client private key */
if (client_key)
@@ -876,7 +876,8 @@ static bool soap_init(private_tnc_ifmap_soap_t *this)
}
/* open TLS socket */
- this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
+ this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd,
+ NULL, TLS_1_2, FALSE);
if (!this->tls)
{
DBG1(DBG_TNC, "creating TLS socket failed");
@@ -923,4 +924,3 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
return &this->public;
}
-
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.am b/src/libcharon/plugins/tnc_pdp/Makefile.am
index cc7c934d8..48de82571 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.am
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.am
@@ -15,12 +15,13 @@ if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnc-pdp.la
else
plugin_LTLIBRARIES = libstrongswan-tnc-pdp.la
+endif
+
libstrongswan_tnc_pdp_la_LIBADD = \
$(top_builddir)/src/libradius/libradius.la \
$(top_builddir)/src/libpttls/libpttls.la \
$(top_builddir)/src/libtls/libtls.la \
$(top_builddir)/src/libtnccs/libtnccs.la
-endif
libstrongswan_tnc_pdp_la_SOURCES = \
tnc_pdp_plugin.h tnc_pdp_plugin.c \
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index b2958efdb..875aa99d1 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -127,11 +127,11 @@ am__uninstall_files_from_dir = { \
}
am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-@MONOLITHIC_FALSE@libstrongswan_tnc_pdp_la_DEPENDENCIES = \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libradius/libradius.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libpttls/libpttls.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la
+libstrongswan_tnc_pdp_la_DEPENDENCIES = \
+ $(top_builddir)/src/libradius/libradius.la \
+ $(top_builddir)/src/libpttls/libpttls.la \
+ $(top_builddir)/src/libtls/libtls.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
am_libstrongswan_tnc_pdp_la_OBJECTS = tnc_pdp_plugin.lo tnc_pdp.lo \
tnc_pdp_connections.lo
libstrongswan_tnc_pdp_la_OBJECTS = \
@@ -377,7 +377,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
@@ -432,11 +431,11 @@ AM_CFLAGS = \
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-pdp.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-pdp.la
-@MONOLITHIC_FALSE@libstrongswan_tnc_pdp_la_LIBADD = \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libradius/libradius.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libpttls/libpttls.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la \
-@MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la
+libstrongswan_tnc_pdp_la_LIBADD = \
+ $(top_builddir)/src/libradius/libradius.la \
+ $(top_builddir)/src/libpttls/libpttls.la \
+ $(top_builddir)/src/libtls/libtls.la \
+ $(top_builddir)/src/libtnccs/libtnccs.la
libstrongswan_tnc_pdp_la_SOURCES = \
tnc_pdp_plugin.h tnc_pdp_plugin.c \
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index b2b473c32..8c38ceade 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -371,7 +371,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 2d9f59678..165590dee 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -376,7 +376,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 65fe14e1d..efb7e958d 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -372,7 +372,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index e2d6d32fb..36cf78eca 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index aa8ad2e10..e3588ad7d 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -380,7 +380,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index cf0c326e3..b78a91764 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 2d18f60df..e4d96a954 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 8173631ae..5fe4c064f 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 1ee269e04..2a6aec0c3 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -373,7 +373,6 @@ nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 8c7ba8d55..88ad14faf 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -97,10 +97,35 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
{
aead_t *aead_i, *aead_r;
chunk_t key = chunk_empty;
+ u_int salt_size;
+
+ switch (alg)
+ {
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ /* RFC 4106 */
+ salt_size = 4;
+ break;
+ case ENCR_AES_CCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV16:
+ /* RFC 4309 */
+ case ENCR_CAMELLIA_CCM_ICV8:
+ case ENCR_CAMELLIA_CCM_ICV12:
+ case ENCR_CAMELLIA_CCM_ICV16:
+ /* RFC 5529 */
+ salt_size = 3;
+ break;
+ default:
+ DBG1(DBG_IKE, "nonce size for %N unknown!",
+ encryption_algorithm_names, alg);
+ return FALSE;
+ }
/* SK_ei/SK_er used for encryption */
- aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
- aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
+ aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size);
+ aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size);
if (aead_i == NULL || aead_r == NULL)
{
DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index ac3be900f..a5252ab70 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -778,6 +778,15 @@ static status_t process_request(private_task_manager_t *this,
case CREATE_CHILD_SA:
{ /* FIXME: we should prevent this on mediation connections */
bool notify_found = FALSE, ts_found = FALSE;
+
+ if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
+ this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
+ {
+ DBG1(DBG_IKE, "received CREATE_CHILD_SA request for "
+ "unestablished IKE_SA, rejected");
+ return FAILED;
+ }
+
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
{
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index e898efc88..88b032c8b 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -17,6 +17,7 @@
#include <daemon.h>
#include <encoding/payloads/delete_payload.h>
+#include <sa/ikev2/tasks/child_create.h>
typedef struct private_child_delete_t private_child_delete_t;
@@ -313,6 +314,17 @@ METHOD(task_t, build_i, status_t,
}
log_children(this);
build_payloads(this, message);
+
+ if (!this->rekeyed && this->expired)
+ {
+ child_cfg_t *child_cfg;
+
+ DBG1(DBG_IKE, "scheduling CHILD_SA recreate after hard expire");
+ child_cfg = child_sa->get_config(child_sa);
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)
+ child_create_create(this->ike_sa, child_cfg->get_ref(child_cfg),
+ FALSE, NULL, NULL));
+ }
return NEED_MORE;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
index a93e5137e..6dbc4dec3 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
@@ -22,6 +22,7 @@
#include <encoding/payloads/certreq_payload.h>
#include <encoding/payloads/auth_payload.h>
#include <credentials/certificates/x509.h>
+#include <credentials/certificates/ac.h>
typedef struct private_ike_cert_post_t private_ike_cert_post_t;
@@ -105,12 +106,109 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
}
/**
+ * Add subject certificate to message
+ */
+static bool add_subject_cert(private_ike_cert_post_t *this, auth_cfg_t *auth,
+ message_t *message)
+{
+ cert_payload_t *payload;
+ certificate_t *cert;
+
+ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+ if (!cert)
+ {
+ return FALSE;
+ }
+ payload = build_cert_payload(this, cert);
+ if (!payload)
+ {
+ return FALSE;
+ }
+ DBG1(DBG_IKE, "sending end entity cert \"%Y\"", cert->get_subject(cert));
+ message->add_payload(message, (payload_t*)payload);
+ return TRUE;
+}
+
+/**
+ * Add intermediate CA certificates to message
+ */
+static void add_im_certs(private_ike_cert_post_t *this, auth_cfg_t *auth,
+ message_t *message)
+{
+ cert_payload_t *payload;
+ enumerator_t *enumerator;
+ certificate_t *cert;
+ auth_rule_t type;
+
+ enumerator = auth->create_enumerator(auth);
+ while (enumerator->enumerate(enumerator, &type, &cert))
+ {
+ if (type == AUTH_RULE_IM_CERT)
+ {
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
+ if (payload)
+ {
+ DBG1(DBG_IKE, "sending issuer cert \"%Y\"",
+ cert->get_subject(cert));
+ message->add_payload(message, (payload_t*)payload);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Add any valid attribute certificates of subject to message
+ */
+static void add_attribute_certs(private_ike_cert_post_t *this,
+ auth_cfg_t *auth, message_t *message)
+{
+ certificate_t *subject, *cert;
+
+ subject = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+ if (subject && subject->get_type(subject) == CERT_X509)
+ {
+ x509_t *x509 = (x509_t*)subject;
+ identification_t *id, *serial;
+ enumerator_t *enumerator;
+ cert_payload_t *payload;
+ ac_t *ac;
+
+ /* we look for attribute certs having our serial and holder issuer,
+ * which is recommended by RFC 5755 */
+ serial = identification_create_from_encoding(ID_KEY_ID,
+ x509->get_serial(x509));
+ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+ CERT_X509_AC, KEY_ANY, serial, FALSE);
+ while (enumerator->enumerate(enumerator, &ac))
+ {
+ cert = &ac->certificate;
+ id = ac->get_holderIssuer(ac);
+ if (id && id->equals(id, subject->get_issuer(subject)) &&
+ cert->get_validity(cert, NULL, NULL, NULL))
+ {
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
+ if (payload)
+ {
+ DBG1(DBG_IKE, "sending attribute certificate "
+ "issued by \"%Y\"", cert->get_issuer(cert));
+ message->add_payload(message, (payload_t*)payload);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ serial->destroy(serial);
+ }
+}
+
+/**
* add certificates to message
*/
static void build_certs(private_ike_cert_post_t *this, message_t *message)
{
peer_cfg_t *peer_cfg;
auth_payload_t *payload;
+ auth_cfg_t *auth;
payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
@@ -130,46 +228,13 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
}
/* FALL */
case CERT_ALWAYS_SEND:
- {
- cert_payload_t *payload;
- enumerator_t *enumerator;
- certificate_t *cert;
- auth_rule_t type;
- auth_cfg_t *auth;
-
auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
-
- /* get subject cert first, then issuing certificates */
- cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
- if (!cert)
+ if (add_subject_cert(this, auth, message))
{
- break;
+ add_im_certs(this, auth, message);
+ add_attribute_certs(this, auth, message);
}
- payload = build_cert_payload(this, cert);
- if (!payload)
- {
- break;
- }
- DBG1(DBG_IKE, "sending end entity cert \"%Y\"",
- cert->get_subject(cert));
- message->add_payload(message, (payload_t*)payload);
-
- enumerator = auth->create_enumerator(auth);
- while (enumerator->enumerate(enumerator, &type, &cert))
- {
- if (type == AUTH_RULE_IM_CERT)
- {
- payload = cert_payload_create_from_cert(CERTIFICATE, cert);
- if (payload)
- {
- DBG1(DBG_IKE, "sending issuer cert \"%Y\"",
- cert->get_subject(cert));
- message->add_payload(message, (payload_t*)payload);
- }
- }
- }
- enumerator->destroy(enumerator);
- }
+ break;
}
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index bd28b29d7..558b1e914 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -260,6 +260,30 @@ static void process_crl(cert_payload_t *payload, auth_cfg_t *auth)
}
/**
+ * Process an attribute certificate payload
+ */
+static void process_ac(cert_payload_t *payload, auth_cfg_t *auth)
+{
+ certificate_t *cert;
+
+ cert = payload->get_cert(payload);
+ if (cert)
+ {
+ if (cert->get_issuer(cert))
+ {
+ DBG1(DBG_IKE, "received attribute certificate issued by \"%Y\"",
+ cert->get_issuer(cert));
+ }
+ else if (cert->get_subject(cert))
+ {
+ DBG1(DBG_IKE, "received attribute certificate for \"%Y\"",
+ cert->get_subject(cert));
+ }
+ auth->add(auth, AUTH_HELPER_AC_CERT, cert);
+ }
+}
+
+/**
* Process certificate payloads
*/
static void process_certs(private_ike_cert_pre_t *this, message_t *message)
@@ -298,13 +322,15 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
case ENC_CRL:
process_crl(cert_payload, auth);
break;
+ case ENC_X509_ATTRIBUTE:
+ process_ac(cert_payload, auth);
+ break;
case ENC_PKCS7_WRAPPED_X509:
case ENC_PGP:
case ENC_DNS_SIGNED_KEY:
case ENC_KERBEROS_TOKEN:
case ENC_ARL:
case ENC_SPKI:
- case ENC_X509_ATTRIBUTE:
case ENC_RAW_RSA_KEY:
case ENC_X509_HASH_AND_URL_BUNDLE:
case ENC_OCSP_CONTENT:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:25:01 +0000