diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2014-07-11 07:23:31 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2014-07-11 07:23:31 +0200 |
commit | 81c63b0eed39432878f78727f60a1e7499645199 (patch) | |
tree | 82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libtnccs/plugins | |
parent | c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff) | |
download | vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip |
Imported Upstream version 5.2.0
Diffstat (limited to 'src/libtnccs/plugins')
22 files changed, 106 insertions, 44 deletions
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.am b/src/libtnccs/plugins/tnc_imc/Makefile.am index b2c26cbff..5e181044a 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.am +++ b/src/libtnccs/plugins/tnc_imc/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 11a3952ce..3ba06f965 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -268,6 +268,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -286,6 +287,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -313,6 +315,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -404,6 +407,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -421,7 +425,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imc.la diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 2d556d9d9..623da7f62 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -15,7 +15,9 @@ #include "tnc_imc.h" +#ifndef WIN32 #include <dlfcn.h> +#endif #include <tncif_pa_subtypes.h> @@ -95,7 +97,7 @@ METHOD(imc_t, add_id, void, void *pointer; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); } @@ -124,7 +126,7 @@ METHOD(imc_t, has_id, bool, while (enumerator->enumerate(enumerator, &pointer)) { /* interpret pointer as scalar value */ - additional_id = (TNC_UInt32)pointer; + additional_id = (uintptr_t)pointer; if (id == additional_id) { diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.am b/src/libtnccs/plugins/tnc_imv/Makefile.am index 0541d4c86..8e2af6370 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.am +++ b/src/libtnccs/plugins/tnc_imv/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index cef45abc2..97c05c127 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -269,6 +269,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -287,6 +288,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -314,6 +316,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -405,6 +408,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -422,7 +426,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imv.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imv.la diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c index ab2e55253..039f1fcf1 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c @@ -15,7 +15,9 @@ #include "tnc_imv.h" +#ifndef WIN32 #include <dlfcn.h> +#endif #include <tncif_pa_subtypes.h> diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c index 56245015b..1a031582b 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c @@ -432,7 +432,7 @@ METHOD(imv_manager_t, destroy, void, imv_manager_t* tnc_imv_manager_create(void) { private_tnc_imv_manager_t *this; - recommendation_policy_t policy; + char *polname; INIT(this, .public = { @@ -458,11 +458,12 @@ imv_manager_t* tnc_imv_manager_create(void) .next_imv_id = 1, ); - policy = enum_from_name(recommendation_policy_names, - lib->settings->get_str(lib->settings, - "%s.plugins.tnc-imv.recommendation_policy", - "default", lib->ns)); - this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT; + polname = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-imv.recommendation_policy", "default", lib->ns); + if (!enum_from_name(recommendation_policy_names, polname, &this->policy)) + { + this->policy = RECOMMENDATION_POLICY_DEFAULT; + } DBG1(DBG_TNC, "TNC recommendation policy is '%N'", recommendation_policy_names, this->policy); diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.am b/src/libtnccs/plugins/tnc_tnccs/Makefile.am index f16bf8e1b..05a854a15 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.am +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index bba53f53f..adbbf6cf0 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -268,6 +268,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -286,6 +287,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -313,6 +315,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -404,6 +407,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -421,7 +425,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-tnccs.la diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.am b/src/libtnccs/plugins/tnccs_11/Makefile.am index cbe0b8e19..fc22c46ff 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.am +++ b/src/libtnccs/plugins/tnccs_11/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index 182d1ddce..92f3b087a 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -278,6 +278,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -296,6 +297,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -323,6 +325,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -414,6 +417,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -432,7 +436,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} $(am__append_1) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-11.la diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c index 86b7c6aa5..26a6c032f 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c @@ -128,9 +128,8 @@ tnccs_msg_t *tnccs_error_msg_create_from_node(xmlNodePtr node) error_type_name = xmlGetProp(node, "type"); if (error_type_name) { - this->error_type = enum_from_name(tnccs_error_type_names, - error_type_name); - if (this->error_type == -1) + if (!enum_from_name(tnccs_error_type_names, error_type_name, + &this->error_type)) { this->error_type = TNCCS_ERROR_OTHER; } diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c index fa5ce8239..e3736560d 100644 --- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c +++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c @@ -41,7 +41,7 @@ tnccs_msg_t* tnccs_msg_create_from_node(xmlNodePtr node, linked_list_t *errors) char *error_msg, buf[BUF_LEN]; tnccs_error_type_t error_type = TNCCS_ERROR_MALFORMED_BATCH; tnccs_msg_t *msg; - tnccs_msg_type_t type = IMC_IMV_MSG; + tnccs_msg_type_t type = IMC_IMV_MSG, nametype; if (streq((char*)node->name, "IMC-IMV-Message")) { @@ -103,7 +103,8 @@ tnccs_msg_t* tnccs_msg_create_from_node(xmlNodePtr node, linked_list_t *errors) error_msg = "node is not in the TNCCS message namespace"; goto fatal; } - if (type != enum_from_name(tnccs_msg_type_names, (char*)cur->name)) + if (!enum_from_name(tnccs_msg_type_names, cur->name, &nametype) || + type != nametype) { error_msg = buf; snprintf(buf, BUF_LEN, "expected '%N' node but was '%s'", @@ -137,4 +138,3 @@ fatal: errors->insert_last(errors, msg); return NULL; } - diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am index f64526eda..2aefecd26 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.am +++ b/src/libtnccs/plugins/tnccs_20/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 468f21780..230440b87 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -279,6 +279,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -297,6 +298,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -324,6 +326,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -415,6 +418,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -432,7 +436,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c index ef0faf2c1..228c08255 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -16,6 +16,7 @@ #include "pb_tnc_batch.h" #include "messages/ietf/pb_error_msg.h" +#include "messages/ietf/pb_pa_msg.h" #include "state_machine/pb_tnc_state_machine.h" #include <tnc/tnccs/tnccs.h> @@ -51,7 +52,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_BATCH_FLAG_NONE 0x00 #define PB_TNC_BATCH_FLAG_D (1<<7) -#define PB_TNC_BATCH_HEADER_SIZE 8 /** * PB-TNC Message (see section 4.2 of RFC 5793) @@ -71,7 +71,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_FLAG_NONE 0x00 #define PB_TNC_FLAG_NOSKIP (1<<7) -#define PB_TNC_HEADER_SIZE 12 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff @@ -148,7 +147,7 @@ METHOD(pb_tnc_batch_t, add_msg, bool, msg->build(msg); msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; if (this->batch_len + msg_len > this->max_batch_len) { @@ -201,7 +200,7 @@ METHOD(pb_tnc_batch_t, build, void, /* build PB-TNC message */ msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; msg_type = msg->get_type(msg); switch (msg_type.vendor_id) { @@ -339,7 +338,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) data = chunk_skip(this->encoding, this->offset); - if (data.len < PB_TNC_HEADER_SIZE) + if (data.len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header", data.len); @@ -403,7 +402,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) } else { - if (msg_len < PB_TNC_HEADER_SIZE) + if (msg_len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len); @@ -475,7 +474,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id, msg_type_names, msg_type, msg_len); data.len = msg_len; - msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE); + msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE); msg_pen_type = pen_type_create(vendor_id, msg_type); pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value); diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h index 60cef7735..106c5578c 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h @@ -29,6 +29,9 @@ typedef struct pb_tnc_batch_t pb_tnc_batch_t; #include <library.h> +#define PB_TNC_BATCH_HEADER_SIZE 8 +#define PB_TNC_MSG_HEADER_SIZE 12 + /** * PB-TNC Batch Types as defined in section 4.1 of RFC 5793 */ diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c index a9a097bd4..263af3224 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c @@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, build, void, } /* build message header */ - writer = bio_writer_create(64); + writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE); writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE); writer->write_uint24(writer, this->subtype.vendor_id); writer->write_uint32(writer, this->subtype.type); diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h index 093bb45ae..f3b6b1518 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h @@ -27,6 +27,8 @@ typedef struct pb_pa_msg_t pb_pa_msg_t; #include <pen/pen.h> +#define PB_PA_MSG_HEADER_SIZE 12 + /** * Class representing the PB-PA message type. */ diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index f78b85a68..dc4da51c6 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -1032,6 +1032,38 @@ tnccs_t* tnccs_20_create(bool is_server, tnc_ift_type_t transport, tnccs_cb_t cb) { private_tnccs_20_t *this; + size_t max_batch_size, default_max_batch_size; + size_t max_message_size, default_max_message_size; + + /* Determine the maximum PB-TNC batch size and PA-TNC message size */ + switch (transport) + { + case TNC_IFT_TLS_2_0: + case TNC_IFT_TLS_1_0: + default_max_batch_size = 128 * TLS_MAX_FRAGMENT_LEN - 16; + break; + case TNC_IFT_EAP_2_0: + case TNC_IFT_EAP_1_1: + case TNC_IFT_EAP_1_0: + case TNC_IFT_UNKNOWN: + default: + default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14; + break; + } + + max_batch_size = min(default_max_batch_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_batch_size", + default_max_batch_size, lib->ns)); + + default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE + - PB_TNC_MSG_HEADER_SIZE + - PB_PA_MSG_HEADER_SIZE; + + max_message_size = min(default_max_message_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_message_size", + default_max_message_size, lib->ns)); INIT(this, .public = { @@ -1062,10 +1094,8 @@ tnccs_t* tnccs_20_create(bool is_server, .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .messages = linked_list_create(), - .max_batch_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns), - .max_msg_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns), + .max_batch_len = max_batch_size, + .max_msg_len = max_message_size, .ref = 1, ); diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am index 1a2887816..23eb7f17a 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 7327202aa..ee3f72d1e 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -268,6 +268,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -286,6 +287,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -313,6 +315,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -404,6 +407,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -421,7 +425,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-dynamic.la |