[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2010-02-23 10:34:14 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2010-02-23 10:34:14 +0000
commit: ed7d79f96177044949744da10f4431c1d6242241 (patch)
tree: 3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/pluto/rcv_whack.c
parent: 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff)
download: vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz
vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip
1 files changed, 94 insertions, 110 deletions
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index 013deb446..826a1aa6e 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -33,7 +33,6 @@
 
 #include "constants.h"
 #include "defs.h"
-#include "id.h"
 #include "ca.h"
 #include "certs.h"
 #include "ac.h"
@@ -55,16 +54,16 @@
 #include "fetch.h"
 #include "ocsp.h"
 #include "crl.h"
-
+#include "myid.h"
 #include "kernel_alg.h"
 #include "ike_alg.h"
+
 /* helper variables and function to decode strings from whack message */
 
 static char *next_str
 	, *str_roof;
 
-static bool
-unpack_str(char **p)
+static bool unpack_str(char **p)
 {
 	char *end = memchr(next_str, '\0', str_roof - next_str);
 
@@ -103,19 +102,13 @@ struct key_add_continuation {
 	enum key_add_attempt lookingfor;
 };
 
-static void
-key_add_ugh(const struct id *keyid, err_t ugh)
+static void key_add_ugh(identification_t *keyid, err_t ugh)
 {
-	char name[BUF_LEN]; /* longer IDs will be truncated in message */
-
-	(void)idtoa(keyid, name, sizeof(name));
-	loglog(RC_NOKEY
-		, "failure to fetch key for %s from DNS: %s", name, ugh);
+	loglog(RC_NOKEY, "failure to fetch key for %'Y' from DNS: %s", keyid, ugh);
 }
 
 /* last one out: turn out the lights */
-static void
-key_add_merge(struct key_add_common *oc, const struct id *keyid)
+static void key_add_merge(struct key_add_common *oc, identification_t *keyid)
 {
 	if (oc->refCount == 0)
 	{
@@ -123,9 +116,12 @@ key_add_merge(struct key_add_common *oc, const struct id *keyid)
 
 		/* if no success, print all diagnostics */
 		if (!oc->success)
+		{
 			for (kaa = ka_TXT; kaa != ka_roof; kaa++)
+			{
 				key_add_ugh(keyid, oc->diag[kaa]);
-
+			}
+		}
 		for (kaa = ka_TXT; kaa != ka_roof; kaa++)
 		{
 			free(oc->diag[kaa]);
@@ -135,8 +131,7 @@ key_add_merge(struct key_add_common *oc, const struct id *keyid)
 	}
 }
 
-static void
-key_add_continue(struct adns_continuation *ac, err_t ugh)
+static void key_add_continue(struct adns_continuation *ac, err_t ugh)
 {
 	struct key_add_continuation *kc = (void *) ac;
 	struct key_add_common *oc = kc->common;
@@ -159,95 +154,87 @@ key_add_continue(struct adns_continuation *ac, err_t ugh)
 	}
 
 	oc->refCount--;
-	key_add_merge(oc, &ac->id);
+	key_add_merge(oc, ac->id);
 	whack_log_fd = NULL_FD;
 }
 
-static void
-key_add_request(const whack_message_t *msg)
+static void key_add_request(const whack_message_t *msg)
 {
-	struct id keyid;
-	err_t ugh = atoid(msg->keyid, &keyid, FALSE);
+	identification_t *key_id;
 
-	if (ugh != NULL)
+	key_id = identification_create_from_string(msg->keyid);
+
+	if (!msg->whack_addkey)
 	{
-		loglog(RC_BADID, "bad --keyid \"%s\": %s", msg->keyid, ugh);
+		delete_public_keys(key_id, msg->pubkey_alg, NULL, chunk_empty);
 	}
-	else
+	if (msg->keyval.len == 0)
 	{
-		if (!msg->whack_addkey)
-			delete_public_keys(&keyid, msg->pubkey_alg
-				, chunk_empty, chunk_empty);
+		struct key_add_common *oc = malloc_thing(struct key_add_common);
+		enum key_add_attempt kaa;
+		err_t ugh;
 
-		if (msg->keyval.len == 0)
+		/* initialize state shared by queries */
+		oc->refCount = 0;
+		oc->whack_fd = dup_any(whack_log_fd);
+		oc->success = FALSE;
+
+		for (kaa = ka_TXT; kaa != ka_roof; kaa++)
 		{
-			struct key_add_common *oc = malloc_thing(struct key_add_common);
-			enum key_add_attempt kaa;
+			struct key_add_continuation *kc;
 
-			/* initialize state shared by queries */
-			oc->refCount = 0;
-			oc->whack_fd = dup_any(whack_log_fd);
-			oc->success = FALSE;
+			oc->diag[kaa] = NULL;
+			oc->refCount++;
+			kc = malloc_thing(struct key_add_continuation);
+			kc->common = oc;
+			kc->lookingfor = kaa;
 
-			for (kaa = ka_TXT; kaa != ka_roof; kaa++)
+			switch (kaa)
 			{
-				struct key_add_continuation *kc;
-
-				oc->diag[kaa] = NULL;
-				oc->refCount++;
-				kc = malloc_thing(struct key_add_continuation);
-				kc->common = oc;
-				kc->lookingfor = kaa;
-
-				switch (kaa)
-				{
 				case ka_TXT:
-					ugh = start_adns_query(&keyid
-						, &keyid        /* same */
-						, T_TXT
-						, key_add_continue
-						, &kc->ac);
+					ugh = start_adns_query(key_id
+							, key_id        /* same */
+							, T_TXT
+							, key_add_continue
+							, &kc->ac);
 					break;
 #ifdef USE_KEYRR
 				case ka_KEY:
-					ugh = start_adns_query(&keyid
-						, NULL
-						, T_KEY
-						, key_add_continue
-						, &kc->ac);
+					ugh = start_adns_query(key_id
+							, NULL
+							, T_KEY
+							, key_add_continue
+							, &kc->ac);
 					break;
 #endif /* USE_KEYRR */
 				default:
 					bad_case(kaa);      /* suppress gcc warning */
-				}
-				if (ugh != NULL)
-				{
-					oc->diag[kaa] = clone_str(ugh);
-					oc->refCount--;
-				}
 			}
-
-			/* Done launching queries.
-			 * Handle total failure case.
-			 */
-			key_add_merge(oc, &keyid);
-		}
-		else
-		{
-			if (!add_public_key(&keyid, DAL_LOCAL, msg->pubkey_alg, msg->keyval,
-				&pubkeys))
+			if (ugh)
 			{
-				loglog(RC_LOG_SERIOUS, "failed to add public key");
+				oc->diag[kaa] = clone_str(ugh);
+				oc->refCount--;
 			}
 		}
+
+		/* Done launching queries. Handle total failure case. */
+		key_add_merge(oc, key_id);
+	}
+	else
+	{
+		if (!add_public_key(key_id, DAL_LOCAL, msg->pubkey_alg, msg->keyval,
+			&pubkeys))
+		{
+			loglog(RC_LOG_SERIOUS, "failed to add public key");
+		}
 	}
+	key_id->destroy(key_id);
 }
 
 /* Handle a kernel request. Supposedly, there's a message in
  * the kernelsock socket.
  */
-void
-whack_handle(int whackctlfd)
+void whack_handle(int whackctlfd)
 {
 	whack_message_t msg;
 	struct sockaddr_un whackaddr;
@@ -319,24 +306,26 @@ whack_handle(int whackctlfd)
 		|| !unpack_str(&msg.left.ca)            /* string  4 */
 		|| !unpack_str(&msg.left.groups)        /* string  5 */
 		|| !unpack_str(&msg.left.updown)        /* string  6 */
-		|| !unpack_str(&msg.left.virt)          /* string  7 */
-		|| !unpack_str(&msg.right.id)           /* string  8 */
-		|| !unpack_str(&msg.right.cert)         /* string  9 */
-		|| !unpack_str(&msg.right.ca)           /* string 10 */
-		|| !unpack_str(&msg.right.groups)       /* string 11 */
-		|| !unpack_str(&msg.right.updown)       /* string 12 */
-		|| !unpack_str(&msg.right.virt)         /* string 13 */
-		|| !unpack_str(&msg.keyid)              /* string 14 */
-		|| !unpack_str(&msg.myid)               /* string 15 */
-		|| !unpack_str(&msg.cacert)             /* string 16 */
-		|| !unpack_str(&msg.ldaphost)           /* string 17 */
-		|| !unpack_str(&msg.ldapbase)           /* string 18 */
-		|| !unpack_str(&msg.crluri)             /* string 19 */
-		|| !unpack_str(&msg.crluri2)            /* string 20 */
-		|| !unpack_str(&msg.ocspuri)            /* string 21 */
-		|| !unpack_str(&msg.ike)                /* string 22 */
-		|| !unpack_str(&msg.esp)                /* string 23 */
-		|| !unpack_str(&msg.sc_data)            /* string 24 */
+		|| !unpack_str(&msg.left.sourceip)      /* string  7 */
+		|| !unpack_str(&msg.left.virt)          /* string  8 */
+		|| !unpack_str(&msg.right.id)           /* string  9 */
+		|| !unpack_str(&msg.right.cert)         /* string 10 */
+		|| !unpack_str(&msg.right.ca)           /* string 11 */
+		|| !unpack_str(&msg.right.groups)       /* string 12 */
+		|| !unpack_str(&msg.right.updown)       /* string 13 */
+		|| !unpack_str(&msg.right.sourceip)     /* string 14 */
+		|| !unpack_str(&msg.right.virt)         /* string 15 */
+		|| !unpack_str(&msg.keyid)              /* string 16 */
+		|| !unpack_str(&msg.myid)               /* string 17 */
+		|| !unpack_str(&msg.cacert)             /* string 18 */
+		|| !unpack_str(&msg.ldaphost)           /* string 19 */
+		|| !unpack_str(&msg.ldapbase)           /* string 20 */
+		|| !unpack_str(&msg.crluri)             /* string 21 */
+		|| !unpack_str(&msg.crluri2)            /* string 22 */
+		|| !unpack_str(&msg.ocspuri)            /* string 23 */
+		|| !unpack_str(&msg.ike)                /* string 24 */
+		|| !unpack_str(&msg.esp)                /* string 25 */
+		|| !unpack_str(&msg.sc_data)            /* string 26 */
 		|| str_roof - next_str != (ptrdiff_t)msg.keyval.len)    /* check chunk */
 		{
 			ugh = "message from whack contains bad string";
@@ -372,7 +361,7 @@ whack_handle(int whackctlfd)
 		}
 		else if (!msg.whack_connection)
 		{
-			struct connection *c = con_by_name(msg.name, TRUE);
+			connection_t *c = con_by_name(msg.name, TRUE);
 
 			if (c != NULL)
 			{
@@ -424,7 +413,7 @@ whack_handle(int whackctlfd)
 
 	if (msg.whack_ca && msg.cacert != NULL)
 		add_ca_info(&msg);
-		
+
 	/* process "listen" before any operation that could require it */
 	if (msg.whack_listen)
 	{
@@ -451,22 +440,22 @@ whack_handle(int whackctlfd)
 
 	if (msg.whack_reread & REREAD_CACERTS)
 	{
-		load_authcerts("CA cert", CA_CERT_PATH, AUTH_CA);
+		load_authcerts("ca", CA_CERT_PATH, X509_CA);
 	}
 
 	if (msg.whack_reread & REREAD_AACERTS)
 	{
-		load_authcerts("AA cert", AA_CERT_PATH, AUTH_AA);
+		load_authcerts("aa", AA_CERT_PATH, X509_AA);
 	}
 
 	if (msg.whack_reread & REREAD_OCSPCERTS)
 	{
-		load_authcerts("OCSP cert", OCSP_CERT_PATH, AUTH_OCSP);
+		load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
 	}
 
 	if (msg.whack_reread & REREAD_ACERTS)
 	{
-		load_acerts();
+		ac_load_certs();
 	}
 
 	if (msg.whack_reread & REREAD_CRLS)
@@ -487,32 +476,27 @@ whack_handle(int whackctlfd)
 
 	if (msg.whack_list & LIST_CERTS)
 	{
-		list_certs(msg.whack_utc);
+		cert_list(msg.whack_utc);
 	}
 
 	if (msg.whack_list & LIST_CACERTS)
 	{
-		list_authcerts("CA", AUTH_CA, msg.whack_utc);
+		list_authcerts("CA", X509_CA, msg.whack_utc);
 	}
 
 	if (msg.whack_list & LIST_AACERTS)
 	{
-		list_authcerts("AA", AUTH_AA, msg.whack_utc);
+		list_authcerts("AA", X509_AA, msg.whack_utc);
 	}
 
 	if (msg.whack_list & LIST_OCSPCERTS)
 	{
-		list_authcerts("OCSP", AUTH_OCSP, msg.whack_utc);
+		list_authcerts("OCSP", X509_OCSP_SIGNER, msg.whack_utc);
 	}
 
 	if (msg.whack_list & LIST_ACERTS)
 	{
-		list_acerts(msg.whack_utc);
-	}
-
-	if (msg.whack_list & LIST_GROUPS)
-	{
-		list_groups(msg.whack_utc);
+		ac_list_certs(msg.whack_utc);
 	}
 
 	if (msg.whack_list & LIST_CAINFOS)
@@ -562,7 +546,7 @@ whack_handle(int whackctlfd)
 		}
 		else
 		{
-			struct connection *c = con_by_name(msg.name, TRUE);
+			connection_t *c = con_by_name(msg.name, TRUE);
 
 			if (c != NULL && c->ikev1)
 			{
@@ -588,7 +572,7 @@ whack_handle(int whackctlfd)
 		}
 		else
 		{
-			struct connection *c = con_by_name(msg.name, TRUE);
+			connection_t *c = con_by_name(msg.name, TRUE);
 
 			if (c != NULL && c->ikev1)
 			{
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2010-02-23 10:34:14 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2010-02-23 10:34:14 +0000
commit	ed7d79f96177044949744da10f4431c1d6242241 (patch)
tree	3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/pluto/rcv_whack.c
parent	7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff)
download	vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip