diff options
author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
---|---|---|
committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-03-05 09:29:19 +0100 |
commit | 365e71f706b40c32173fa06c6feaac48c1527520 (patch) | |
tree | 54fa72a914d18c9430eaa54f3de4a2d4419198af /src/libstrongswan/credentials/auth_cfg.c | |
parent | 5d7669b7b3563c50b3c86903e0a49373d597b8a0 (diff) | |
parent | 568905f488e63e28778f87ac0e38d845f45bae79 (diff) | |
download | vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.tar.gz vyos-strongswan-365e71f706b40c32173fa06c6feaac48c1527520.zip |
Fixed merge, don't know why this didn't happen automatically - maybe a leftover from the svn->git conversion
Diffstat (limited to 'src/libstrongswan/credentials/auth_cfg.c')
-rw-r--r-- | src/libstrongswan/credentials/auth_cfg.c | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index ce718b9cb..9c7df81a6 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,11 +131,19 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -147,6 +155,11 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 break; } } @@ -172,6 +185,11 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -182,10 +200,18 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -237,6 +263,11 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -248,10 +279,18 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 default: return NULL; } @@ -274,6 +313,11 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -284,10 +328,18 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -358,6 +410,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { +<<<<<<< HEAD cert_validation_t validated, required; required = (uintptr_t)value; @@ -390,6 +443,47 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } +======= + uintptr_t validated; + + e2 = create_enumerator(this); + while (e2->enumerate(e2, &t2, &validated)) + { + if (t2 == t1) + { + switch ((uintptr_t)value) + { + case VALIDATION_FAILED: + /* no constraint */ + break; + case VALIDATION_SKIPPED: + if (validated == VALIDATION_SKIPPED) + { + break; + } + /* FALL */ + case VALIDATION_GOOD: + if (validated == VALIDATION_GOOD) + { + break; + } + /* FALL */ + default: + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint check failed: " + "%N is %N, but requires at least %N", + auth_rule_names, t1, + cert_validation_names, validated, + cert_validation_names, (uintptr_t)value); + } + break; + } + } + } + e2->destroy(e2); +>>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -473,10 +567,82 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: + { + uintptr_t strength; + + e2 = create_enumerator(this); + while (e2->enumerate(e2, &t2, &strength)) + { + if (t2 == t1) + { + if ((uintptr_t)value > strength) + { + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint requires %d bit " + "public keys, but %d bit key used", + (uintptr_t)value, strength); + } + } + } + else if (t2 == AUTH_RULE_RSA_STRENGTH) + { + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint requires %d bit ECDSA, " + "but RSA used", (uintptr_t)value); + } + } + else if (t2 == AUTH_RULE_ECDSA_STRENGTH) + { + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint requires %d bit RSA, " + "but ECDSA used", (uintptr_t)value); + } + } + } + e2->destroy(e2); + break; + } + case AUTH_RULE_CERT_POLICY: + { + char *oid1, *oid2; + + oid1 = (char*)value; + success = FALSE; + e2 = create_enumerator(this); + while (e2->enumerate(e2, &t2, &oid2)) + { + if (t2 == t1 && streq(oid1, oid2)) + { + success = TRUE; + break; + } + } + e2->destroy(e2); + if (!success && log_error) + { + DBG1(DBG_CFG, "constraint requires cert policy %s", oid1); + } + break; + } +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -523,6 +689,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -534,6 +704,11 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -548,6 +723,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -600,6 +779,11 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -613,6 +797,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -643,6 +831,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -725,11 +917,19 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= + case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } +<<<<<<< HEAD +======= + case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -741,6 +941,11 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } |