summaryrefslogtreecommitdiff
path: root/src/pluto
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
committerYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
commitb34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree62f33b52820f2e49f0e53c0f8c636312037c8054 /src/pluto
parent0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
downloadvyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
Imported Upstream version 4.6.4
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/Android.mk80
-rw-r--r--src/pluto/Makefile.am26
-rw-r--r--src/pluto/Makefile.in166
-rw-r--r--src/pluto/ac.c4
-rw-r--r--src/pluto/adns.c4
-rw-r--r--src/pluto/adns.h11
-rw-r--r--src/pluto/builder.c18
-rw-r--r--src/pluto/ca.c7
-rw-r--r--src/pluto/connections.c21
-rw-r--r--src/pluto/constants.c4
-rw-r--r--src/pluto/constants.h2
-rw-r--r--src/pluto/crl.c2
-rw-r--r--src/pluto/crypto.c2
-rw-r--r--src/pluto/defs.c8
-rw-r--r--src/pluto/demux.c4
-rw-r--r--src/pluto/dnskey.c341
-rw-r--r--src/pluto/dnskey.h7
-rw-r--r--src/pluto/event_queue.c4
-rw-r--r--src/pluto/ipsec_doi.c17
-rw-r--r--src/pluto/kernel.c15
-rw-r--r--src/pluto/kernel_alg.c2
-rw-r--r--src/pluto/keys.c58
-rw-r--r--src/pluto/lex.h2
-rw-r--r--src/pluto/log.c55
-rw-r--r--src/pluto/myid.c2
-rw-r--r--src/pluto/nat_traversal.c2
-rw-r--r--src/pluto/ocsp.c18
-rw-r--r--src/pluto/plugin_list.c72
-rw-r--r--src/pluto/plugin_list.h21
-rw-r--r--src/pluto/plugins/xauth/Makefile.in7
-rw-r--r--src/pluto/plugins/xauth/xauth_default_verifier.c7
-rw-r--r--src/pluto/pluto.84
-rw-r--r--src/pluto/plutomain.c188
-rw-r--r--src/pluto/rcv_whack.c17
-rw-r--r--src/pluto/server.c88
-rw-r--r--src/pluto/spdb.c2
-rw-r--r--src/pluto/spdb.h2
-rw-r--r--src/pluto/state.c2
-rw-r--r--src/pluto/timer.c13
-rw-r--r--src/pluto/vendor.c2
-rw-r--r--src/pluto/x509.c2
41 files changed, 610 insertions, 699 deletions
diff --git a/src/pluto/Android.mk b/src/pluto/Android.mk
new file mode 100644
index 000000000..618f79c42
--- /dev/null
+++ b/src/pluto/Android.mk
@@ -0,0 +1,80 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+ac.c ac.h \
+alg_info.c alg_info.h \
+ca.c ca.h \
+certs.c certs.h \
+connections.c connections.h \
+constants.c constants.h \
+cookie.c cookie.h \
+crl.c crl.h \
+crypto.c crypto.h \
+db_ops.c db_ops.h \
+defs.c defs.h \
+demux.c demux.h \
+event_queue.c event_queue.h \
+fetch.c fetch.h \
+foodgroups.c foodgroups.h \
+ike_alg.c ike_alg.h \
+ipsec_doi.c ipsec_doi.h \
+kameipsec.h \
+kernel.c kernel.h \
+kernel_alg.c kernel_alg.h \
+kernel_pfkey.c kernel_pfkey.h \
+keys.c keys.h \
+lex.c lex.h \
+log.c log.h \
+myid.c myid.h \
+modecfg.c modecfg.h \
+nat_traversal.c nat_traversal.h \
+ocsp.c ocsp.h \
+packet.c packet.h \
+pkcs7.c pkcs7.h \
+plugin_list.c plugin_list.h \
+pluto.c pluto.h \
+plutomain.c \
+rcv_whack.c rcv_whack.h \
+server.c server.h \
+smartcard.c smartcard.h \
+spdb.c spdb.h \
+state.c state.h \
+timer.c timer.h \
+vendor.c vendor.h \
+virtual.c virtual.h \
+whack_attribute.c whack_attribute.h \
+xauth/xauth_manager.c xauth/xauth_manager.h \
+xauth/xauth_provider.h xauth/xauth_verifier.h \
+x509.c x509.h \
+builder.c builder.h \
+rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
+
+LOCAL_SRC_FILES += $(call add_plugin, xauth)
+
+# build pluto ------------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+ $(libvstr_PATH) \
+ $(strongswan_PATH)/src/libhydra \
+ $(strongswan_PATH)/src/libstrongswan \
+ $(strongswan_PATH)/src/libfreeswan \
+ $(strongswan_PATH)/src/whack
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS) \
+ -DPLUTO -DVENDORID -DXAUTH_VID -DCISCO_QUIRKS \
+ -DTHREADS -DKERNEL26_HAS_KAME_DUPLICATES \
+ -DPLUGINS='"$(strongswan_PLUTO_PLUGINS)"'
+
+LOCAL_MODULE := pluto
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan libhydra libfreeswan libcutils
+
+include $(BUILD_EXECUTABLE)
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index 934b11a46..3fd0e039c 100644
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -2,7 +2,11 @@
# painless way. Only the most important options are included,
# further work may be necessary here...
-ipsec_PROGRAMS = pluto _pluto_adns
+ipsec_PROGRAMS = pluto
+
+if USE_ADNS
+ipsec_PROGRAMS += _pluto_adns
+endif
pluto_SOURCES = \
ac.c ac.h \
@@ -17,7 +21,6 @@ crypto.c crypto.h \
db_ops.c db_ops.h \
defs.c defs.h \
demux.c demux.h \
-dnskey.c dnskey.h \
event_queue.c event_queue.h \
fetch.c fetch.h \
foodgroups.c foodgroups.h \
@@ -36,6 +39,7 @@ nat_traversal.c nat_traversal.h \
ocsp.c ocsp.h \
packet.c packet.h \
pkcs7.c pkcs7.h \
+plugin_list.c plugin_list.h \
pluto.c pluto.h \
plutomain.c \
rcv_whack.c rcv_whack.h \
@@ -53,7 +57,13 @@ x509.c x509.h \
builder.c builder.h \
rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
-_pluto_adns_SOURCES = adns.c adns.h
+if USE_ADNS
+pluto_SOURCES += \
+dnskey.c dnskey.h
+
+_pluto_adns_SOURCES = \
+adns.c adns.h
+endif
plutomain.o : $(top_builddir)/config.status
@@ -75,7 +85,7 @@ AM_CFLAGS = -rdynamic \
-DSHARED_SECRETS_FILE=\"${sysconfdir}/ipsec.secrets\" \
-DPLUGINS=\""${pluto_plugins}\"" \
-DPKCS11_DEFAULT_LIB=\"${default_pkcs11}\" \
--DKERNEL26_SUPPORT -DKERNEL26_HAS_KAME_DUPLICATES \
+-DKERNEL26_HAS_KAME_DUPLICATES \
-DPLUTO -DDEBUG
pluto_LDADD = \
@@ -84,12 +94,16 @@ $(LIBFREESWANDIR)/libfreeswan.a \
$(LIBHYDRADIR)/libhydra.la \
-lresolv $(PTHREADLIB) $(DLLIB)
+if USE_ADNS
_pluto_adns_LDADD = \
$(LIBFREESWANDIR)/libfreeswan.a \
-lresolv $(DLLIB)
+endif
dist_man_MANS = pluto.8
+EXTRA_DIST = Android.mk
+
# compile options
#################
@@ -126,6 +140,10 @@ if USE_THREADS
AM_CFLAGS += -DTHREADS
endif
+if USE_ADNS
+ AM_CFLAGS += -DADNS
+endif
+
# build optional plugins
########################
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in
index 92e66db17..b055ba289 100644
--- a/src/pluto/Makefile.in
+++ b/src/pluto/Makefile.in
@@ -38,28 +38,33 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-ipsec_PROGRAMS = pluto$(EXEEXT) _pluto_adns$(EXEEXT)
+ipsec_PROGRAMS = pluto$(EXEEXT) $(am__EXEEXT_1)
+@USE_ADNS_TRUE@am__append_1 = _pluto_adns
+@USE_ADNS_TRUE@am__append_2 = \
+@USE_ADNS_TRUE@dnskey.c dnskey.h
+
# compile options
#################
# This compile option activates the sending of a strongSwan VID
-@USE_VENDORID_TRUE@am__append_1 = -DVENDORID
+@USE_VENDORID_TRUE@am__append_3 = -DVENDORID
# This compile option activates the sending of the XAUTH VID
-@USE_XAUTH_VID_TRUE@am__append_2 = -DXAUTH_VID
+@USE_XAUTH_VID_TRUE@am__append_4 = -DXAUTH_VID
# This compile option activates the support of the Cisco VPN client
-@USE_CISCO_QUIRKS_TRUE@am__append_3 = -DCISCO_QUIRKS
+@USE_CISCO_QUIRKS_TRUE@am__append_5 = -DCISCO_QUIRKS
# This compile option activates NAT traversal with IPSec transport mode
-@USE_NAT_TRANSPORT_TRUE@am__append_4 = -DI_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT
+@USE_NAT_TRANSPORT_TRUE@am__append_6 = -DI_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT
# This compile option activates smartcard support
-@USE_SMARTCARD_TRUE@am__append_5 = -DSMARTCARD
-@USE_LIBCAP_TRUE@am__append_6 = -lcap
-@USE_THREADS_TRUE@am__append_7 = -DTHREADS
-@USE_XAUTH_TRUE@am__append_8 = plugins/xauth
+@USE_SMARTCARD_TRUE@am__append_7 = -DSMARTCARD
+@USE_LIBCAP_TRUE@am__append_8 = -lcap
+@USE_THREADS_TRUE@am__append_9 = -DTHREADS
+@USE_ADNS_TRUE@am__append_10 = -DADNS
+@USE_XAUTH_TRUE@am__append_11 = plugins/xauth
subdir = src/pluto
DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
@@ -78,28 +83,50 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
+@USE_ADNS_TRUE@am__EXEEXT_1 = _pluto_adns$(EXEEXT)
am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"
PROGRAMS = $(ipsec_PROGRAMS)
-am__pluto_adns_OBJECTS = adns.$(OBJEXT)
+am___pluto_adns_SOURCES_DIST = adns.c adns.h
+@USE_ADNS_TRUE@am__pluto_adns_OBJECTS = adns.$(OBJEXT)
_pluto_adns_OBJECTS = $(am__pluto_adns_OBJECTS)
am__DEPENDENCIES_1 =
-_pluto_adns_DEPENDENCIES = $(LIBFREESWANDIR)/libfreeswan.a \
- $(am__DEPENDENCIES_1)
+@USE_ADNS_TRUE@_pluto_adns_DEPENDENCIES = \
+@USE_ADNS_TRUE@ $(LIBFREESWANDIR)/libfreeswan.a \
+@USE_ADNS_TRUE@ $(am__DEPENDENCIES_1)
+am__pluto_SOURCES_DIST = ac.c ac.h alg_info.c alg_info.h ca.c ca.h \
+ certs.c certs.h connections.c connections.h constants.c \
+ constants.h cookie.c cookie.h crl.c crl.h crypto.c crypto.h \
+ db_ops.c db_ops.h defs.c defs.h demux.c demux.h event_queue.c \
+ event_queue.h fetch.c fetch.h foodgroups.c foodgroups.h \
+ ike_alg.c ike_alg.h ipsec_doi.c ipsec_doi.h kameipsec.h \
+ kernel.c kernel.h kernel_alg.c kernel_alg.h kernel_pfkey.c \
+ kernel_pfkey.h keys.c keys.h lex.c lex.h log.c log.h myid.c \
+ myid.h modecfg.c modecfg.h nat_traversal.c nat_traversal.h \
+ ocsp.c ocsp.h packet.c packet.h pkcs7.c pkcs7.h plugin_list.c \
+ plugin_list.h pluto.c pluto.h plutomain.c rcv_whack.c \
+ rcv_whack.h server.c server.h smartcard.c smartcard.h spdb.c \
+ spdb.h state.c state.h timer.c timer.h vendor.c vendor.h \
+ virtual.c virtual.h whack_attribute.c whack_attribute.h \
+ xauth/xauth_manager.c xauth/xauth_manager.h \
+ xauth/xauth_provider.h xauth/xauth_verifier.h x509.c x509.h \
+ builder.c builder.h rsaref/pkcs11t.h rsaref/pkcs11.h \
+ rsaref/unix.h rsaref/pkcs11f.h dnskey.c dnskey.h
+@USE_ADNS_TRUE@am__objects_1 = dnskey.$(OBJEXT)
am_pluto_OBJECTS = ac.$(OBJEXT) alg_info.$(OBJEXT) ca.$(OBJEXT) \
certs.$(OBJEXT) connections.$(OBJEXT) constants.$(OBJEXT) \
cookie.$(OBJEXT) crl.$(OBJEXT) crypto.$(OBJEXT) \
db_ops.$(OBJEXT) defs.$(OBJEXT) demux.$(OBJEXT) \
- dnskey.$(OBJEXT) event_queue.$(OBJEXT) fetch.$(OBJEXT) \
- foodgroups.$(OBJEXT) ike_alg.$(OBJEXT) ipsec_doi.$(OBJEXT) \
- kernel.$(OBJEXT) kernel_alg.$(OBJEXT) kernel_pfkey.$(OBJEXT) \
- keys.$(OBJEXT) lex.$(OBJEXT) log.$(OBJEXT) myid.$(OBJEXT) \
- modecfg.$(OBJEXT) nat_traversal.$(OBJEXT) ocsp.$(OBJEXT) \
- packet.$(OBJEXT) pkcs7.$(OBJEXT) pluto.$(OBJEXT) \
+ event_queue.$(OBJEXT) fetch.$(OBJEXT) foodgroups.$(OBJEXT) \
+ ike_alg.$(OBJEXT) ipsec_doi.$(OBJEXT) kernel.$(OBJEXT) \
+ kernel_alg.$(OBJEXT) kernel_pfkey.$(OBJEXT) keys.$(OBJEXT) \
+ lex.$(OBJEXT) log.$(OBJEXT) myid.$(OBJEXT) modecfg.$(OBJEXT) \
+ nat_traversal.$(OBJEXT) ocsp.$(OBJEXT) packet.$(OBJEXT) \
+ pkcs7.$(OBJEXT) plugin_list.$(OBJEXT) pluto.$(OBJEXT) \
plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) server.$(OBJEXT) \
smartcard.$(OBJEXT) spdb.$(OBJEXT) state.$(OBJEXT) \
timer.$(OBJEXT) vendor.$(OBJEXT) virtual.$(OBJEXT) \
whack_attribute.$(OBJEXT) xauth_manager.$(OBJEXT) \
- x509.$(OBJEXT) builder.$(OBJEXT)
+ x509.$(OBJEXT) builder.$(OBJEXT) $(am__objects_1)
pluto_OBJECTS = $(am_pluto_OBJECTS)
pluto_DEPENDENCIES = $(LIBSTRONGSWANDIR)/libstrongswan.la \
$(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
@@ -119,7 +146,8 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(_pluto_adns_SOURCES) $(pluto_SOURCES)
-DIST_SOURCES = $(_pluto_adns_SOURCES) $(pluto_SOURCES)
+DIST_SOURCES = $(am___pluto_adns_SOURCES_DIST) \
+ $(am__pluto_SOURCES_DIST)
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
html-recursive info-recursive install-data-recursive \
install-dvi-recursive install-exec-recursive \
@@ -276,6 +304,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -284,6 +315,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -300,11 +332,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -348,6 +382,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
@@ -358,56 +393,27 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-pluto_SOURCES = \
-ac.c ac.h \
-alg_info.c alg_info.h \
-ca.c ca.h \
-certs.c certs.h \
-connections.c connections.h \
-constants.c constants.h \
-cookie.c cookie.h \
-crl.c crl.h \
-crypto.c crypto.h \
-db_ops.c db_ops.h \
-defs.c defs.h \
-demux.c demux.h \
-dnskey.c dnskey.h \
-event_queue.c event_queue.h \
-fetch.c fetch.h \
-foodgroups.c foodgroups.h \
-ike_alg.c ike_alg.h \
-ipsec_doi.c ipsec_doi.h \
-kameipsec.h \
-kernel.c kernel.h \
-kernel_alg.c kernel_alg.h \
-kernel_pfkey.c kernel_pfkey.h \
-keys.c keys.h \
-lex.c lex.h \
-log.c log.h \
-myid.c myid.h \
-modecfg.c modecfg.h \
-nat_traversal.c nat_traversal.h \
-ocsp.c ocsp.h \
-packet.c packet.h \
-pkcs7.c pkcs7.h \
-pluto.c pluto.h \
-plutomain.c \
-rcv_whack.c rcv_whack.h \
-server.c server.h \
-smartcard.c smartcard.h \
-spdb.c spdb.h \
-state.c state.h \
-timer.c timer.h \
-vendor.c vendor.h \
-virtual.c virtual.h \
-whack_attribute.c whack_attribute.h \
-xauth/xauth_manager.c xauth/xauth_manager.h \
-xauth/xauth_provider.h xauth/xauth_verifier.h \
-x509.c x509.h \
-builder.c builder.h \
-rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
-
-_pluto_adns_SOURCES = adns.c adns.h
+pluto_SOURCES = ac.c ac.h alg_info.c alg_info.h ca.c ca.h certs.c \
+ certs.h connections.c connections.h constants.c constants.h \
+ cookie.c cookie.h crl.c crl.h crypto.c crypto.h db_ops.c \
+ db_ops.h defs.c defs.h demux.c demux.h event_queue.c \
+ event_queue.h fetch.c fetch.h foodgroups.c foodgroups.h \
+ ike_alg.c ike_alg.h ipsec_doi.c ipsec_doi.h kameipsec.h \
+ kernel.c kernel.h kernel_alg.c kernel_alg.h kernel_pfkey.c \
+ kernel_pfkey.h keys.c keys.h lex.c lex.h log.c log.h myid.c \
+ myid.h modecfg.c modecfg.h nat_traversal.c nat_traversal.h \
+ ocsp.c ocsp.h packet.c packet.h pkcs7.c pkcs7.h plugin_list.c \
+ plugin_list.h pluto.c pluto.h plutomain.c rcv_whack.c \
+ rcv_whack.h server.c server.h smartcard.c smartcard.h spdb.c \
+ spdb.h state.c state.h timer.c timer.h vendor.c vendor.h \
+ virtual.c virtual.h whack_attribute.c whack_attribute.h \
+ xauth/xauth_manager.c xauth/xauth_manager.h \
+ xauth/xauth_provider.h xauth/xauth_verifier.h x509.c x509.h \
+ builder.c builder.h rsaref/pkcs11t.h rsaref/pkcs11.h \
+ rsaref/unix.h rsaref/pkcs11f.h $(am__append_2)
+@USE_ADNS_TRUE@_pluto_adns_SOURCES = \
+@USE_ADNS_TRUE@adns.c adns.h
+
LIBSTRONGSWANDIR = $(top_builddir)/src/libstrongswan
LIBFREESWANDIR = $(top_builddir)/src/libfreeswan
LIBHYDRADIR = $(top_builddir)/src/libhydra
@@ -422,22 +428,23 @@ AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
-DIPSEC_CONFDIR=\"${sysconfdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
-DSHARED_SECRETS_FILE=\"${sysconfdir}/ipsec.secrets\" \
-DPLUGINS=\""${pluto_plugins}\"" \
- -DPKCS11_DEFAULT_LIB=\"${default_pkcs11}\" -DKERNEL26_SUPPORT \
- -DKERNEL26_HAS_KAME_DUPLICATES -DPLUTO -DDEBUG $(am__append_1) \
- $(am__append_2) $(am__append_3) $(am__append_4) \
- $(am__append_5) $(am__append_7)
+ -DPKCS11_DEFAULT_LIB=\"${default_pkcs11}\" \
+ -DKERNEL26_HAS_KAME_DUPLICATES -DPLUTO -DDEBUG $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6) \
+ $(am__append_7) $(am__append_9) $(am__append_10)
pluto_LDADD = $(LIBSTRONGSWANDIR)/libstrongswan.la \
$(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
- -lresolv $(PTHREADLIB) $(DLLIB) $(am__append_6)
-_pluto_adns_LDADD = \
-$(LIBFREESWANDIR)/libfreeswan.a \
--lresolv $(DLLIB)
+ -lresolv $(PTHREADLIB) $(DLLIB) $(am__append_8)
+@USE_ADNS_TRUE@_pluto_adns_LDADD = \
+@USE_ADNS_TRUE@$(LIBFREESWANDIR)/libfreeswan.a \
+@USE_ADNS_TRUE@-lresolv $(DLLIB)
dist_man_MANS = pluto.8
+EXTRA_DIST = Android.mk
# build optional plugins
########################
-SUBDIRS = . $(am__append_8)
+SUBDIRS = . $(am__append_11)
all: all-recursive
.SUFFIXES:
@@ -560,6 +567,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_list.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pluto.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plutomain.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rcv_whack.Po@am__quote@
diff --git a/src/pluto/ac.c b/src/pluto/ac.c
index 3339d91fb..cd8007aea 100644
--- a/src/pluto/ac.c
+++ b/src/pluto/ac.c
@@ -261,7 +261,7 @@ void ac_list_certs(bool utc)
whack_log(RC_COMMENT, " hissuer: \"%Y\"", holderIssuer);
}
- holderSerial = ac->get_holderSerial(ac);
+ holderSerial = chunk_skip_zero(ac->get_holderSerial(ac));
if (holderSerial.ptr)
{
whack_log(RC_COMMENT, " hserial: %#B", &holderSerial);
@@ -277,7 +277,7 @@ void ac_list_certs(bool utc)
issuer = cert->get_issuer(cert);
whack_log(RC_COMMENT, " issuer: \"%Y\"", issuer);
- serial = ac->get_serial(ac);
+ serial = chunk_skip_zero(ac->get_serial(ac));
whack_log(RC_COMMENT, " serial: %#B", &serial);
cert->get_validity(cert, &now, &notBefore, &notAfter);
diff --git a/src/pluto/adns.c b/src/pluto/adns.c
index 5d6979447..76b459216 100644
--- a/src/pluto/adns.c
+++ b/src/pluto/adns.c
@@ -12,8 +12,6 @@
* for more details.
*/
-#ifndef USE_LWRES /* whole file! */
-
/* This program executes as multiple processes. The Master process
* receives queries (struct adns_query messages) from Pluto and distributes
* them amongst Worker processes. These Worker processes are created
@@ -610,5 +608,3 @@ main(int argc UNUSED, char **argv)
return master();
}
-
-#endif /* !USE_LWRES */
diff --git a/src/pluto/adns.h b/src/pluto/adns.h
index f564be232..dfbcbaf16 100644
--- a/src/pluto/adns.h
+++ b/src/pluto/adns.h
@@ -12,7 +12,13 @@
* for more details.
*/
-#ifndef USE_LWRES /* whole file! */
+#ifndef ADNS
+
+/* dummy struct to make compilers happy */
+struct adns_query {
+};
+
+#else /* rest of file */
/* The interface in RHL6.x and BIND distribution 8.2.2 are different,
* so we build some of our own :-(
@@ -69,5 +75,4 @@ enum helper_exit_status {
HES_BAD_LEN, /* implausible .len field */
HES_BAD_MAGIC, /* .magic field wrong */
};
-
-#endif /* !USE_LWRES */
+#endif /* ADNS */
diff --git a/src/pluto/builder.c b/src/pluto/builder.c
index d7ec3feb9..a6e05a330 100644
--- a/src/pluto/builder.c
+++ b/src/pluto/builder.c
@@ -71,17 +71,17 @@ static cert_t *builder_load_cert(certificate_type_t type, va_list args)
if (pgp)
{
cert->cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_GPG,
- BUILD_BLOB_PGP, blob,
- BUILD_END);
+ CRED_CERTIFICATE, CERT_GPG,
+ BUILD_BLOB_PGP, blob,
+ BUILD_END);
}
else
{
cert->cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB_ASN1_DER, blob,
+ CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, blob,
BUILD_X509_FLAG, flags,
- BUILD_END);
+ BUILD_END);
}
if (cert->cert)
{
@@ -121,9 +121,9 @@ static x509crl_t *builder_load_crl(certificate_type_t type, va_list args)
crl->next = NULL;
crl->distributionPoints = linked_list_create();
crl->crl = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509_CRL,
- BUILD_BLOB_ASN1_DER, blob,
- BUILD_END);
+ CRED_CERTIFICATE, CERT_X509_CRL,
+ BUILD_BLOB_ASN1_DER, blob,
+ BUILD_END);
if (crl->crl)
{
return crl;
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index add85def8..827b98121 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -87,7 +87,7 @@ bool trusted_ca(identification_t *a, identification_t *b, int *pathlen)
break;
}
certificate = cacert->cert;
-
+
/* is the certificate self-signed? */
{
x509_t *x509 = (x509_t*)certificate;
@@ -219,7 +219,8 @@ cert_t* get_authcert(identification_t *subject, chunk_t keyid,
}
/* compare the subjectDistinguishedNames */
- if (!certificate->has_subject(certificate, subject))
+ if (!(subject && certificate->has_subject(certificate, subject)) &&
+ (subject || !keyid.ptr))
{
continue;
}
@@ -248,7 +249,7 @@ cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags)
lock_authcert_list("add_authcert");
- old_cert = get_authcert(certificate->get_subject(certificate),
+ old_cert = get_authcert(certificate->get_subject(certificate),
x509->get_subjectKeyIdentifier(x509),
auth_flags);
if (old_cert)
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index 2194362d2..27cec40fc 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -425,8 +425,9 @@ void delete_connection(connection_t *c, bool relations)
c->requested_ca->destroy_offset(c->requested_ca,
offsetof(identification_t, destroy));
}
+#ifdef ADNS
gw_delref(&c->gw_info);
-
+#endif
lock_certs_and_keys("delete_connection");
cert_release(c->spd.this.cert);
scx_release(c->spd.this.sc);
@@ -1477,6 +1478,8 @@ connection_t *rw_instantiate(connection_t *c, const ip_address *him,
return d;
}
+#ifdef ADNS
+
connection_t *oppo_instantiate(connection_t *c, const ip_address *him,
identification_t *his_id, struct gw_info *gw,
const ip_address *our_client USED_BY_DEBUG,
@@ -1544,6 +1547,8 @@ connection_t *oppo_instantiate(connection_t *c, const ip_address *him,
return d;
}
+#endif /* ADNS */
+
/* priority formatting */
void fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF])
{
@@ -1767,6 +1772,8 @@ connection_t *find_connection_for_clients(struct spd_route **srp,
return best;
}
+#ifdef ADNS
+
/* Find and instantiate a connection for an outgoing Opportunistic connection.
* We've already discovered its gateway.
* We look for a the connection such that:
@@ -1869,6 +1876,8 @@ connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw,
}
}
+#endif /* ADNS */
+
bool orient(connection_t *c)
{
struct spd_route *sr;
@@ -2179,6 +2188,8 @@ void initiate_opportunistic(const ip_address *our_client,
initiate_opportunistic_body(&b, NULL, NULL);
}
+#ifdef ADNS
+
static void continue_oppo(struct adns_continuation *acr, err_t ugh)
{
struct find_oppo_continuation *cr = (void *)acr; /* inherit, damn you! */
@@ -2242,6 +2253,8 @@ static void continue_oppo(struct adns_continuation *acr, err_t ugh)
close_any(whackfd);
}
+#endif /* ADNS */
+
#ifdef USE_KEYRR
static err_t check_key_recs(enum myid_state try_state, const connection_t *c,
struct adns_continuation *ac)
@@ -2298,6 +2311,8 @@ static err_t check_key_recs(enum myid_state try_state, const connection_t *c,
}
#endif /* USE_KEYRR */
+#ifdef ADNS
+
static err_t check_txt_recs(enum myid_state try_state, const connection_t *c,
struct adns_continuation *ac)
{
@@ -2355,6 +2370,8 @@ static err_t check_txt_recs(enum myid_state try_state, const connection_t *c,
return ugh;
}
+#endif /* ADNS */
+
/* note: gateways_from_dns must be NULL iff this is the first call */
static void initiate_opportunistic_body(struct find_oppo_bundle *b,
@@ -2431,6 +2448,7 @@ static void initiate_opportunistic_body(struct find_oppo_bundle *b,
ipsecdoi_initiate(b->whackfd, c, c->policy, 1, SOS_NOBODY);
b->whackfd = NULL_FD; /* protect from close */
}
+#ifdef ADNS
else
{
/* We are handling an opportunistic situation.
@@ -2996,6 +3014,7 @@ static void initiate_opportunistic_body(struct find_oppo_bundle *b,
cannot_oppo(c, b, ugh);
}
}
+#endif /* ADNS */
close_any(b->whackfd);
}
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index ec7bfaf78..73ec0bc54 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -1105,6 +1105,8 @@ bool subnetisnone(const ip_subnet *sn)
return isanyaddr(&base) && subnetishost(sn);
}
+#ifdef ADNS
+
/* BIND enumerated types */
#include <arpa/nameser.h>
@@ -1169,6 +1171,8 @@ static const char *const rr_class_name[] = {
enum_names rr_class_names = { C_IN, C_IN, rr_class_name, NULL };
+#endif /* ADNS */
+
/*
* NAT-Traversal defines for nat_traveral type from nat_traversal.h
*
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 075579d6d..c931f1782 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -658,7 +658,7 @@ extern const char *prettypolicy(lset_t policy);
#define POLICY_COMPRESS LELEM(4) /* must be third */
#define POLICY_TUNNEL LELEM(5)
#define POLICY_PFS LELEM(6)
-#define POLICY_DISABLEARRIVALCHECK LELEM(7) /* supress tunnel egress address checking */
+#define POLICY_DISABLEARRIVALCHECK LELEM(7) /* suppress tunnel egress address checking */
#define POLICY_IPSEC_SHIFT 2 /* log2(POLICY_ENCRYPT) */
#define POLICY_IPSEC_MASK LRANGES(POLICY_ENCRYPT, POLICY_DISABLEARRIVALCHECK)
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 38db0f2fd..c49b09e19 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -507,7 +507,7 @@ void list_crls(bool utc, bool strict)
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, " issuer: \"%Y\"",
cert_crl->get_issuer(cert_crl));
- serial = crl->get_serial(crl);
+ serial = chunk_skip_zero(crl->get_serial(crl));
if (serial.ptr)
{
whack_log(RC_COMMENT, " serial: %#B", &serial);
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index f01966c72..a4f678222 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -30,7 +30,7 @@ static struct encrypt_desc encrypt_desc_3des =
algo_id: OAKLEY_3DES_CBC,
plugin_name: NULL,
algo_next: NULL,
-
+
enc_blocksize: DES_BLOCK_SIZE,
keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
diff --git a/src/pluto/defs.c b/src/pluto/defs.c
index f83318e12..7f3a819de 100644
--- a/src/pluto/defs.c
+++ b/src/pluto/defs.c
@@ -16,6 +16,7 @@
#include <string.h>
#include <stdio.h>
#include <dirent.h>
+#include <inttypes.h>
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -91,8 +92,7 @@ mv_chunk(u_char **pos, chunk_t content)
const char*
check_expiry(time_t expiration_date, int warning_interval, bool strict)
{
- time_t now;
- int time_left;
+ time_t now, time_left;
if (expiration_date == UNDEFINED_TIME)
return "ok (expires never)";
@@ -125,8 +125,8 @@ check_expiry(time_t expiration_date, int warning_interval, bool strict)
time_left /= 60;
unit = "minute";
}
- snprintf(buf, 35, "warning (expires in %d %s%s)", time_left,
- unit, (time_left == 1)?"":"s");
+ snprintf(buf, 35, "warning (expires in %" PRIu64 " %s%s)",
+ (u_int64_t)time_left, unit, (time_left == 1) ? "" : "s");
return buf;
}
}
diff --git a/src/pluto/demux.c b/src/pluto/demux.c
index 294601295..612e0813c 100644
--- a/src/pluto/demux.c
+++ b/src/pluto/demux.c
@@ -544,7 +544,7 @@ init_demux(void)
* - ip(7) describes IP_RECVERR
* - recvmsg(2) describes MSG_ERRQUEUE
* - readv(2) describes iovec
- * - cmsg(3) describes how to process auxilliary messages
+ * - cmsg(3) describes how to process auxiliary messages
*
* ??? we should link this message with one we've sent
* so that the diagnostic can refer to that negotiation.
@@ -1580,7 +1580,7 @@ process_packet(struct msg_digest **mdp)
/*
* okay, now we have to figure out if we are receiving a bogus
- * new message in an oustanding XAUTH server conversation
+ * new message in an outstanding XAUTH server conversation
* (i.e. a reply to our challenge)
* (this occurs with some broken other implementations).
*
diff --git a/src/pluto/dnskey.c b/src/pluto/dnskey.c
index 4f8e4ebf4..91b1b6ac1 100644
--- a/src/pluto/dnskey.c
+++ b/src/pluto/dnskey.c
@@ -60,13 +60,8 @@ void
init_adns(void)
{
const char *adns_path = pluto_adns_option;
-#ifndef USE_LWRES
static const char adns_name[] = "_pluto_adns";
const char *helper_bin_dir = getenv("IPSEC_LIBDIR");
-#else /* USE_LWRES */
- static const char adns_name[] = "lwdnsq";
- const char *helper_bin_dir = getenv("IPSEC_EXECDIR");
-#endif /* USE_LWRES */
char adns_path_space[4096]; /* plenty long? */
int qfds[2];
int afds[2];
@@ -460,85 +455,6 @@ rr_typename(int type)
}
-#ifdef USE_LWRES
-
-# ifdef USE_KEYRR
-static err_t
-process_lwdnsq_key(u_char *str
-, enum dns_auth_level dns_auth_level
-, struct adns_continuation *const cr)
-{
- /* fields of KEY record. See RFC 2535 3.1 KEY RDATA format. */
- unsigned long flags /* 16 bits */
- , protocol /* 8 bits */
- , algorithm; /* 8 bits */
-
- char *rest = str
- , *p
- , *endofnumber;
-
- /* flags */
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq KEY: missing flags";
-
- flags = strtoul(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq KEY: malformed flags";
-
- /* protocol */
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq KEY: missing protocol";
-
- protocol = strtoul(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq KEY: malformed protocol";
-
- /* algorithm */
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq KEY: missing algorithm";
-
- algorithm = strtoul(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq KEY: malformed algorithm";
-
- /* is this key interesting? */
- if (protocol == 4 /* IPSEC (RFC 2535 3.1.3) */
- && algorithm == 1 /* RSA/MD5 (RFC 2535 3.2) */
- && (flags & 0x8000ul) == 0 /* use for authentication (3.1.2) */
- && (flags & 0x2CF0ul) == 0) /* must be zero */
- {
- /* Decode base 64 encoding of key.
- * Similar code is in process_txt_rr_body.
- */
- u_char kb[RSA_MAX_ENCODING_BYTES]; /* plenty of space for binary form of public key */
- chunk_t kbc;
- err_t ugh = ttodatav(rest, 0, 64, kb, sizeof(kb), &kbc.len
- , diag_space, sizeof(diag_space), TTODATAV_IGNORESPACE);
-
- if (ugh != NULL)
- return builddiag("malformed key data: %s", ugh);
-
- if (kbc.len > sizeof(kb))
- return builddiag("key data larger than %lu bytes"
- , (unsigned long) sizeof(kb));
-
- kbc.ptr = kb;
- TRY(add_public_key(&cr->id, dns_auth_level, PUBKEY_ALG_RSA, &kbc
- , &cr->keys_from_dns));
-
- /* keep a reference to last one */
- unreference_key(&cr->last_info);
- cr->last_info = reference_key(cr->keys_from_dns->key);
- }
- return NULL;
-}
-# endif /* USE_KEYRR */
-
-#else /* ! USE_LWRES */
-
/* structure of Query Reply (RFC 1035 4.1.1):
*
* +---------------------+
@@ -1218,9 +1134,6 @@ process_dns_answer(struct adns_continuation *const cr
, qr_header.ancount, cr);
}
-#endif /* ! USE_LWRES */
-
-
/****************************************************************/
static err_t build_dns_name(u_char name_buf[NS_MAXDNAME + 2],
@@ -1427,7 +1340,7 @@ err_t start_adns_query(identification_t *id, /* domain to query */
cr->sgw_specified = (sgw_id != NULL);
cr->sgw_id = cr->sgw_specified ?
sgw_id->clone(sgw_id) :
- identification_create_from_string("%any");
+ identification_create_from_string("%any");
cr->gateways_from_dns = NULL;
#ifdef USE_KEYRR
cr->keys_from_dns = NULL;
@@ -1515,21 +1428,6 @@ send_unsent_ADNS_queries(void)
break; /* done! */
}
-#ifdef USE_LWRES
- next_query->used = FALSE;
- {
- /* NOTE STATIC: */
- static unsigned char qbuf[LWDNSQ_CMDBUF_LEN + 1]; /* room for NUL */
-
- snprintf(qbuf, sizeof(qbuf), "%s %lu %s\n"
- , rr_typename(next_query->type)
- , next_query->qtid
- , next_query->query.name_buf);
- DBG(DBG_DNS, DBG_log("lwdnsq query: %.*s", (int)(strlen(qbuf) - 1), qbuf));
- buf_cur = qbuf;
- buf_end = qbuf + strlen(qbuf);
- }
-#else /* !USE_LWRES */
next_query->query.debugging = next_query->debugging;
next_query->query.serial = next_query->qtid;
next_query->query.len = sizeof(next_query->query);
@@ -1537,210 +1435,13 @@ send_unsent_ADNS_queries(void)
next_query->query.type = next_query->type;
buf_cur = (const void *)&next_query->query;
buf_end = buf_cur + sizeof(next_query->query);
-#endif /* !USE_LWRES */
+
next_query = next_query->next;
adns_in_flight++;
}
}
}
-#ifdef USE_LWRES
-/* Process a line of lwdnsq answer.
- * Returns with error message iff lwdnsq result is malformed.
- * Most errors will be in DNS data and will be handled by cr->cont_fn.
- */
-static err_t process_lwdnsq_answer(char *ts)
-{
- err_t ugh = NULL;
- char *rest;
- char *p;
- char *endofnumber;
- struct adns_continuation *cr = NULL;
- unsigned long qtid;
- time_t anstime; /* time of answer */
- char *atype; /* type of answer */
- long ttl; /* ttl of answer; int, but long for conversion */
- bool AuthenticatedData = FALSE;
- static char scratch_null_str[] = ""; /* cannot be const, but isn't written */
-
- /* query transaction id */
- rest = ts;
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq: answer missing query transaction ID";
-
- qtid = strtoul(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq: malformed query transaction ID";
-
- cr = continuation_for_qtid(qtid);
- if (qtid != 0 && cr == NULL)
- return "lwdnsq: unrecognized qtid"; /* can't happen! */
-
- /* time */
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq: missing time";
-
- anstime = strtoul(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq: malformed time";
-
- /* TTL */
- p = strsep(&rest, " \t");
- if (p == NULL)
- return "lwdnsq: missing TTL";
-
- ttl = strtol(p, &endofnumber, 10);
- if (*endofnumber != '\0')
- return "lwdnsq: malformed TTL";
-
- /* type */
- atype = strsep(&rest, " \t");
- if (atype == NULL)
- return "lwdnsq: missing type";
-
- /* if rest is NULL, make it "", otherwise eat whitespace after type */
- rest = rest == NULL? scratch_null_str : rest + strspn(rest, " \t");
-
- if (strncasecmp(atype, "AD-", 3) == 0)
- {
- AuthenticatedData = TRUE;
- atype += 3;
- }
-
- /* deal with each type */
-
- if (cr == NULL)
- {
- /* we don't actually know which this applies to */
- return builddiag("lwdnsq: 0 qtid invalid with %s", atype);
- }
- else if (strcaseeq(atype, "START"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "DONE"))
- {
- if (!cr->used)
- {
- /* "no results returned by lwdnsq" should not happen */
- cr->cont_fn(cr
- , cr->gateways_from_dns == NULL
-#ifdef USE_KEYRR
- && cr->keys_from_dns == NULL
-#endif /* USE_KEYRR */
- ? "no results returned by lwdnsq" : NULL);
- cr->used = TRUE;
- }
- reset_globals();
- release_adns_continuation(cr);
- adns_in_flight--;
- }
- else if (strcaseeq(atype, "RETRY"))
- {
- if (!cr->used)
- {
- cr->cont_fn(cr, rest);
- cr->used = TRUE;
- }
- }
- else if (strcaseeq(atype, "FATAL"))
- {
- if (!cr->used)
- {
- cr->cont_fn(cr, rest);
- cr->used = TRUE;
- }
- }
- else if (strcaseeq(atype, "DNSSEC"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "NAME"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "TXT"))
- {
- char *end = rest + strlen(rest);
- err_t txt_ugh;
-
- if (*rest == '"' && end[-1] == '"')
- {
- /* strip those pesky quotes */
- rest++;
- *--end = '\0';
- }
-
- txt_ugh = process_txt_rr_body(rest
- , TRUE
- , AuthenticatedData? DAL_SIGNED : DAL_NOTSEC
- , cr);
-
- if (txt_ugh != NULL)
- {
- DBG(DBG_DNS,
- DBG_log("error processing TXT resource record (%s) while processing: %s"
- , txt_ugh, rest));
- cr->cont_fn(cr, txt_ugh);
- cr->used = TRUE;
- }
- }
- else if (strcaseeq(atype, "SIG"))
- {
- /* record the SIG records for posterity */
- if (cr->last_info != NULL)
- {
- free(cr->last_info->dns_sig);
- cr->last_info->dns_sig = clone_str(rest);
- }
- }
- else if (strcaseeq(atype, "A"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "AAAA"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "CNAME"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "CNAMEFROM"))
- {
- /* ignore */
- }
- else if (strcaseeq(atype, "PTR"))
- {
- /* ignore */
- }
-#ifdef USE_KEYRR
- else if (strcaseeq(atype, "KEY"))
- {
- err_t key_ugh = process_lwdnsq_key(rest
- , AuthenticatedData? DAL_SIGNED : DAL_NOTSEC
- , cr);
-
- if (key_ugh != NULL)
- {
- DBG(DBG_DNS,
- DBG_log("error processing KEY resource record (%s) while processing: %s"
- , key_ugh, rest));
- cr->cont_fn(cr, key_ugh);
- cr->used = TRUE;
- }
- }
-#endif /* USE_KEYRR */
- else
- {
- ugh = "lwdnsq: unrecognized type";
- }
- return ugh;
-}
-#endif /* USE_LWRES */
-
static void recover_adns_die(void)
{
struct adns_continuation *cr = NULL;
@@ -1779,12 +1480,7 @@ void handle_adns_answer(void)
{
/* These are retained across calls to handle_adns_answer. */
static size_t buflen = 0; /* bytes in answer buffer */
-#ifndef USE_LWRES
static struct adns_answer buf;
-#else /* USE_LWRES */
- static char buf[LWDNSQ_RESULT_LEN_MAX];
- static char buf_copy[LWDNSQ_RESULT_LEN_MAX];
-#endif /* USE_LWRES */
ssize_t n;
@@ -1826,7 +1522,6 @@ void handle_adns_answer(void)
}
buflen += n;
-#ifndef USE_LWRES
while (buflen >= offsetof(struct adns_answer, ans) && buflen >= buf.len)
{
/* we've got a tasty answer -- process it */
@@ -1892,36 +1587,4 @@ void handle_adns_answer(void)
buflen -= buf.len;
memmove((unsigned char *)&buf, (unsigned char *)&buf + buf.len, buflen);
}
-#else /* USE_LWRES */
- for (;;)
- {
- err_t ugh;
- char *nlp = memchr(buf, '\n', buflen);
-
- if (nlp == NULL)
- break;
-
- /* we've got a line */
- *nlp++ = '\0';
-
- DBG(DBG_RAW | DBG_CRYPT | DBG_PARSING | DBG_CONTROL | DBG_DNS
- , DBG_log("lwdns: %s", buf));
-
- /* process lwdnsq_answer may modify buf, so make a copy. */
- buf_copy[0]='\0';
- strncat(buf_copy, buf, sizeof(buf_copy));
-
- ugh = process_lwdnsq_answer(buf_copy);
- if (ugh != NULL)
- plog("failure processing lwdnsq output: %s; record: %s"
- , ugh, buf);
-
- passert(GLOBALS_ARE_RESET());
- reset_globals();
-
- /* shift out answer that we've consumed */
- buflen -= nlp - buf;
- memmove(buf, nlp, buflen);
- }
-#endif /* USE_LWRES */
}
diff --git a/src/pluto/dnskey.h b/src/pluto/dnskey.h
index d26a0e64f..39a406cbd 100644
--- a/src/pluto/dnskey.h
+++ b/src/pluto/dnskey.h
@@ -47,14 +47,7 @@ struct adns_continuation {
#endif
struct adns_continuation *previous, *next;
struct pubkey *last_info; /* the last structure we accumulated */
-#ifdef USE_LWRES
- bool used; /* have we called the cont_fn yet? */
- struct {
- u_char name_buf[NS_MAXDNAME + 2];
- } query;
-#else /* ! USE_LWRES */
struct adns_query query;
-#endif /* ! USE_LWRES */
};
extern err_t start_adns_query(identification_t *id /* domain to query */
diff --git a/src/pluto/event_queue.c b/src/pluto/event_queue.c
index 55d064f26..602a013ee 100644
--- a/src/pluto/event_queue.c
+++ b/src/pluto/event_queue.c
@@ -147,13 +147,13 @@ METHOD(event_queue_t, destroy, void,
free(this);
}
-bool set_nonblock(int socket)
+static bool set_nonblock(int socket)
{
int flags = fcntl(socket, F_GETFL);
return flags != -1 && fcntl(socket, F_SETFL, flags | O_NONBLOCK) != -1;
}
-bool set_cloexec(int socket)
+static bool set_cloexec(int socket)
{
int flags = fcntl(socket, F_GETFD);
return flags != -1 && fcntl(socket, F_SETFD, flags | FD_CLOEXEC) != -1;
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index c8a347b45..3e7adcc40 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -3862,10 +3862,11 @@ main_id_and_auth(struct msg_digest *md
if (r == STF_SUSPEND)
{
+ err_t ugh = NULL;
+#ifdef ADNS
/* initiate/resume asynchronous DNS lookup for key */
struct key_continuation *nkc = malloc_thing(struct key_continuation);
enum key_oppo_step step_done = kc == NULL? kos_null : kc->step;
- err_t ugh = NULL;
/* Record that state is used by a suspended md */
passert(st->st_suspended_md == NULL);
@@ -3896,7 +3897,9 @@ main_id_and_auth(struct msg_digest *md
default:
bad_case(step_done);
}
-
+#else /* ADNS */
+ ugh = "adns not supported";
+#endif /* ADNS */
if (ugh != NULL)
{
report_key_dns_failure(peer, ugh);
@@ -4444,6 +4447,8 @@ stf_status quick_inI1_outR1(struct msg_digest *md)
return quick_inI1_outR1_tail(&b, NULL);
}
+#ifdef ADNS
+
static void
report_verify_failure(struct verify_oppo_bundle *b, err_t ugh)
{
@@ -4808,6 +4813,8 @@ static enum verify_oppo_step quick_inI1_outR1_process_answer(
return next_step;
}
+#endif /* ADNS */
+
static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
struct adns_continuation *ac)
{
@@ -4871,6 +4878,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
*/
if (p->policy & POLICY_OPPO)
{
+#ifdef ADNS
/* Opportunistic case: delegation must be verified.
* Here be dragons.
*/
@@ -4925,6 +4933,11 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
*/
p = oppo_instantiate(p, &c->spd.that.host_addr, c->spd.that.id
, NULL, &our_client, &his_client);
+#else /* ADNS */
+ plog("opportunistic connections not supported because"
+ " adns is not available");
+ return STF_INTERNAL_ERROR;
+#endif /* ADNS */
}
else
{
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index 8bed1fcfc..e4729ef08 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -23,10 +23,10 @@
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
-#include <wait.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/queue.h>
+#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/socket.h>
@@ -780,8 +780,9 @@ static bool raw_eroute(const ip_address *this_host,
host_t *host_src, *host_dst;
policy_type_t type = POLICY_IPSEC;
policy_dir_t dir = POLICY_OUT;
+ policy_priority_t priority = POLICY_PRIORITY_DEFAULT;
char text_said[SATOT_BUF];
- bool ok = TRUE, routed = FALSE,
+ bool ok = TRUE,
deleting = (op & ERO_MASK) == ERO_DELETE,
replacing = op & (SADB_X_SAFLAGS_REPLACEFLOW << ERO_FLAG_SHIFT);
@@ -819,7 +820,7 @@ static bool raw_eroute(const ip_address *this_host,
{
return TRUE;
}
- routed = TRUE;
+ priority = POLICY_PRIORITY_ROUTED;
break;
}
}
@@ -837,14 +838,14 @@ static bool raw_eroute(const ip_address *this_host,
if (deleting || replacing)
{
hydra->kernel_interface->del_policy(hydra->kernel_interface,
- ts_src, ts_dst, dir, mark, routed);
+ ts_src, ts_dst, dir, sa->reqid, mark, priority);
}
if (!deleting)
{
ok = hydra->kernel_interface->add_policy(hydra->kernel_interface,
host_src, host_dst, ts_src, ts_dst, dir, type, sa,
- mark, routed) == SUCCESS;
+ mark, priority) == SUCCESS;
}
if (dir == POLICY_IN)
@@ -853,7 +854,7 @@ static bool raw_eroute(const ip_address *this_host,
if (deleting || replacing)
{
hydra->kernel_interface->del_policy(hydra->kernel_interface,
- ts_src, ts_dst, dir, mark, routed);
+ ts_src, ts_dst, dir, sa->reqid, mark, priority);
}
if (!deleting && ok &&
@@ -861,7 +862,7 @@ static bool raw_eroute(const ip_address *this_host,
{
ok = hydra->kernel_interface->add_policy(hydra->kernel_interface,
host_src, host_dst, ts_src, ts_dst, dir, type, sa,
- mark, routed) == SUCCESS;
+ mark, priority) == SUCCESS;
}
}
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index eab2a8f06..b4b18fd80 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -205,7 +205,7 @@ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg,
/*
* key_len passed comes from esp_attrs read from peer
- * For many older algoritms (eg 3DES) this key_len is fixed
+ * For many older algorithms (eg 3DES) this key_len is fixed
* and get passed as 0.
* ... then get default key_len
*/
diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index 4b0e08791..c5adbfd11 100644
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -27,10 +27,12 @@
#include <arpa/nameser.h> /* missing from <resolv.h> on old systems */
#include <sys/queue.h>
+#ifdef HAVE_GLOB_H
#include <glob.h>
#ifndef GLOB_ABORTED
# define GLOB_ABORTED GLOB_ABEND /* fix for old versions */
#endif
+#endif
#include <freeswan.h>
@@ -833,14 +835,7 @@ static void process_secret(secret_t *s, int whackfd)
err_t ugh = NULL;
s->kind = SECRET_PSK; /* default */
- if (*tok == '"' || *tok == '\'')
- {
- log_psk("PSK", s);
-
- /* old PSK format: just a string */
- ugh = process_psk_secret(&s->u.preshared_secret);
- }
- else if (tokeqword("psk"))
+ if (tokeqword("psk"))
{
log_psk("PSK", s);
@@ -987,13 +982,7 @@ static void process_secret_records(int whackfd)
for (;;)
{
- if (tok[0] == '"' || tok[0] == '\'')
- {
- /* found key part */
- process_secret(s, whackfd);
- break;
- }
- else if (tokeq(":"))
+ if (tokeq(":"))
{
/* found key part */
shift(); /* discard explicit separator */
@@ -1033,7 +1022,6 @@ static void process_secrets_file(const char *file_pat, int whackfd)
{
struct file_lex_position pos;
char **fnp;
- glob_t globbuf;
pos.depth = flp == NULL? 0 : flp->depth + 1;
@@ -1043,8 +1031,10 @@ static void process_secrets_file(const char *file_pat, int whackfd)
return;
}
+#ifdef HAVE_GLOB_H
/* do globbing */
{
+ glob_t globbuf;
int r = glob(file_pat, GLOB_ERR, globugh, &globbuf);
if (r != 0)
@@ -1066,21 +1056,31 @@ static void process_secrets_file(const char *file_pat, int whackfd)
globfree(&globbuf);
return;
}
- }
- /* for each file... */
- for (fnp = globbuf.gl_pathv; *fnp != NULL; fnp++)
- {
- if (lexopen(&pos, *fnp, FALSE))
+ /* for each file... */
+ for (fnp = globbuf.gl_pathv; *fnp != NULL; fnp++)
{
- plog("loading secrets from \"%s\"", *fnp);
- (void) flushline("file starts with indentation (continuation notation)");
- process_secret_records(whackfd);
- lexclose();
+ if (lexopen(&pos, *fnp, FALSE))
+ {
+ plog("loading secrets from \"%s\"", *fnp);
+ flushline("file starts with indentation (continuation notation)");
+ process_secret_records(whackfd);
+ lexclose();
+ }
}
- }
- globfree(&globbuf);
+ globfree(&globbuf);
+ }
+#else /* HAVE_GLOB_H */
+ /* if glob(3) is not available, try to load pattern directly */
+ if (lexopen(&pos, file_pat, FALSE))
+ {
+ plog("loading secrets from \"%s\"", file_pat);
+ flushline("file starts with indentation (continuation notation)");
+ process_secret_records(whackfd);
+ lexclose();
+ }
+#endif /* HAVE_GLOB_H */
}
void free_preshared_secrets(void)
@@ -1435,6 +1435,7 @@ void remove_x509_public_key(const cert_t *cert)
void list_public_keys(bool utc)
{
pubkey_list_t *p = pubkeys;
+ chunk_t serial;
if (p != NULL)
{
@@ -1465,7 +1466,8 @@ void list_public_keys(bool utc)
}
if (key->serial.len)
{
- whack_log(RC_COMMENT," serial: %#B", &key->serial);
+ serial = chunk_skip_zero(key->serial);
+ whack_log(RC_COMMENT," serial: %#B", &serial);
}
p = p->next;
}
diff --git a/src/pluto/lex.h b/src/pluto/lex.h
index f16769144..aa0be7829 100644
--- a/src/pluto/lex.h
+++ b/src/pluto/lex.h
@@ -22,7 +22,7 @@ struct file_lex_position
int lino; /* line number in file */
char buffer[MAX_TOK_LEN + 1]; /* note: one extra char for our use (jamming '"') */
char *cur; /* cursor */
- char under; /* except in shift(): character orignally at *cur */
+ char under; /* except in shift(): character originally at *cur */
struct file_lex_position *previous;
};
diff --git a/src/pluto/log.c b/src/pluto/log.c
index c5f1776ec..f6fa226d5 100644
--- a/src/pluto/log.c
+++ b/src/pluto/log.c
@@ -28,6 +28,10 @@
#include <sys/stat.h>
#include <sys/types.h>
+#ifdef ANDROID
+#include <android/log.h>
+#endif
+
#include <freeswan.h>
#include <library.h>
#include <debug.h>
@@ -124,7 +128,11 @@ static void pluto_dbg(debug_t group, level_t level, char *fmt, ...)
vfprintf(stderr, fmt, args);
fprintf(stderr, "\n");
}
- if (log_to_syslog)
+ if (log_to_syslog
+#ifdef ANDROID
+ || TRUE
+#endif
+ )
{
/* write in memory buffer first */
vsnprintf(buffer, sizeof(buffer), fmt, args);
@@ -138,6 +146,11 @@ static void pluto_dbg(debug_t group, level_t level, char *fmt, ...)
*(next++) = '\0';
}
syslog(priority, "%s%s\n", (level > 1)? "| ":"", current);
+#ifdef ANDROID
+ __android_log_print(level > 1 ? ANDROID_LOG_DEBUG
+ : ANDROID_LOG_INFO, "pluto",
+ "%s%s\n", level > 1 ? "| " : "", current);
+#endif
current = next;
}
}
@@ -497,6 +510,9 @@ plog(const char *message, ...)
syslog(LOG_WARNING, "%s", m);
if (log_to_perpeer)
peerlog("", m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_WARN, "pluto", "%s\n", m);
+#endif
whack_log(RC_LOG, "~%s", m);
}
@@ -517,6 +533,9 @@ loglog(int mess_no, const char *message, ...)
syslog(LOG_WARNING, "%s", m);
if (log_to_perpeer)
peerlog("", m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_WARN, "pluto", "%s\n", m);
+#endif
whack_log(mess_no, "~%s", m);
}
@@ -536,9 +555,11 @@ log_errno_routine(int e, const char *message, ...)
if (log_to_syslog)
syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));
if (log_to_perpeer)
- {
peerlog(strerror(e), m);
- }
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_ERROR, "pluto", "ERROR: %s. Errno %d: %s\n",
+ m, e, strerror(e));
+#endif
whack_log(RC_LOG_SERIOUS
, "~ERROR: %s. Errno %d: %s", m, e, strerror(e));
@@ -560,6 +581,9 @@ exit_log(const char *message, ...)
syslog(LOG_ERR, "FATAL ERROR: %s", m);
if (log_to_perpeer)
peerlog("FATAL ERROR: ", m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_ERROR, "pluto", "FATAL ERROR: %s\n", m);
+#endif
whack_log(RC_LOG_SERIOUS, "~FATAL ERROR: %s", m);
@@ -582,6 +606,10 @@ exit_log_errno_routine(int e, const char *message, ...)
syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));
if (log_to_perpeer)
peerlog(strerror(e), m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_ERROR, "pluto", "FATAL ERROR: %s. "
+ "Errno %d: %s\n", m, e, strerror(e));
+#endif
whack_log(RC_LOG_SERIOUS
, "~FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));
@@ -631,6 +659,9 @@ whack_log(int mess_no, const char *message, ...)
syslog(LOG_WARNING, "%s", m + prelen);
if (log_to_perpeer)
peerlog("", m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_WARN, "pluto", "%s\n", m + prelen);
+#endif
}
#endif
@@ -763,6 +794,9 @@ DBG_log(const char *message, ...)
syslog(LOG_DEBUG, "| %s", m);
if (log_to_perpeer)
peerlog("| ", m);
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_DEBUG, "pluto", "| %s\n", m);
+#endif
}
/* dump raw bytes in hex to stderr (for lack of any better destination) */
@@ -834,19 +868,8 @@ DBG_dump(const char *label, const void *p, size_t len)
static void show_loaded_plugins()
{
- char buf[BUF_LEN];
- plugin_t *plugin;
- int len = 0;
- enumerator_t *enumerator;
-
- buf[0] = '\0';
- enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
- while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin))
- {
- len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin->get_name(plugin));
- }
- enumerator->destroy(enumerator);
- whack_log(RC_COMMENT, "loaded plugins: %s", buf);
+ whack_log(RC_COMMENT, "loaded plugins: %s",
+ lib->plugins->loaded_plugins(lib->plugins));
}
void show_status(bool all, const char *name)
diff --git a/src/pluto/myid.c b/src/pluto/myid.c
index ad4eefd15..c90d14ef8 100644
--- a/src/pluto/myid.c
+++ b/src/pluto/myid.c
@@ -72,7 +72,7 @@ void set_myid(enum myid_state s, char *idstr)
if (idstr)
{
myids[s]->destroy(myids[s]);
- myids[s] = identification_create_from_string(idstr);
+ myids[s] = identification_create_from_string(idstr);
if (s == MYID_SPECIFIED)
{
myid_state = MYID_SPECIFIED;
diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c
index 5e9353b72..28be76825 100644
--- a/src/pluto/nat_traversal.c
+++ b/src/pluto/nat_traversal.c
@@ -232,7 +232,7 @@ void nat_traversal_natd_lookup(struct msg_digest *md)
if (i < 2)
{
loglog(RC_LOG_SERIOUS,
- "NAT-Traversal: Only %d NAT-D - Aborting NAT-Traversal negociation", i);
+ "NAT-Traversal: Only %d NAT-D - Aborting NAT-Traversal negotiation", i);
st->nat_traversal = 0;
return;
}
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index f5ee07398..c299e3d39 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -607,24 +607,24 @@ void list_ocsp_locations(ocsp_location_t *location, bool requests,
}
while (certinfo)
{
+ chunk_t serial = chunk_skip_zero(certinfo->serialNumber);
+
if (requests)
{
whack_log(RC_COMMENT, " serial: %#B, %d trials",
- &certinfo->serialNumber, certinfo->trials);
+ &serial, certinfo->trials);
}
else if (certinfo->once)
{
whack_log(RC_COMMENT, " serial: %#B, %s, once%s",
- &certinfo->serialNumber,
- cert_status_names[certinfo->status],
+ &serial, cert_status_names[certinfo->status],
(certinfo->nextUpdate < time(NULL))? " (expired)": "");
}
else
{
whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
- &certinfo->serialNumber,
- cert_status_names[certinfo->status],
- &certinfo->nextUpdate, utc,
+ &serial, cert_status_names[certinfo->status],
+ &certinfo->nextUpdate, utc,
check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
}
certinfo = certinfo->next;
@@ -1144,9 +1144,9 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
*cert = cert_empty;
cert->cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB_ASN1_DER, object,
- BUILD_END);
+ CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, object,
+ BUILD_END);
if (cert->cert == NULL)
{
DBG(DBG_CONTROL | DBG_PARSING,
diff --git a/src/pluto/plugin_list.c b/src/pluto/plugin_list.c
new file mode 100644
index 000000000..499218904
--- /dev/null
+++ b/src/pluto/plugin_list.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2011 Martin Willi, revosec AG
+ * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <whack.h>
+#include <log.h>
+
+#include <library.h>
+#include <utils/linked_list.h>
+
+/**
+ * List loaded plugin information
+ */
+void plugin_list(void)
+{
+ plugin_feature_t *features, *fp;
+ enumerator_t *enumerator;
+ linked_list_t *list;
+ plugin_t *plugin;
+ int count, i;
+ bool loaded;
+ char *str;
+
+ whack_log(RC_COMMENT, " ");
+ whack_log(RC_COMMENT, "List of loaded Plugins:");
+ whack_log(RC_COMMENT, " ");
+
+ enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
+ while (enumerator->enumerate(enumerator, &plugin, &list))
+ {
+ whack_log(RC_COMMENT, "%s:", plugin->get_name(plugin));
+ if (plugin->get_features)
+ {
+ count = plugin->get_features(plugin, &features);
+ for (i = 0; i < count; i++)
+ {
+ str = plugin_feature_get_string(&features[i]);
+ switch (features[i].kind)
+ {
+ case FEATURE_PROVIDE:
+ fp = &features[i];
+ loaded = list->find_first(list, NULL,
+ (void**)&fp) == SUCCESS;
+ whack_log(RC_COMMENT, " %s%s",
+ str, loaded ? "" : " (not loaded)");
+ break;
+ case FEATURE_DEPENDS:
+ whack_log(RC_COMMENT, " %s", str);
+ break;
+ case FEATURE_SDEPEND:
+ whack_log(RC_COMMENT, " %s(soft)", str);
+ break;
+ default:
+ break;
+ }
+ free(str);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+}
diff --git a/src/pluto/plugin_list.h b/src/pluto/plugin_list.h
new file mode 100644
index 000000000..62e4a167d
--- /dev/null
+++ b/src/pluto/plugin_list.h
@@ -0,0 +1,21 @@
+/* Generates a list of all loaded plugins and their dependencies
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _PLUGIN_LIST_H
+#define _PLUGIN_LIST_H
+
+extern void plugin_list(void);
+
+#endif /* _PLUGIN_LIST_H */
diff --git a/src/pluto/plugins/xauth/Makefile.in b/src/pluto/plugins/xauth/Makefile.in
index 3ae6ea12b..5a575548e 100644
--- a/src/pluto/plugins/xauth/Makefile.in
+++ b/src/pluto/plugins/xauth/Makefile.in
@@ -190,6 +190,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -198,6 +201,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -214,11 +218,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -262,6 +268,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/pluto/plugins/xauth/xauth_default_verifier.c b/src/pluto/plugins/xauth/xauth_default_verifier.c
index 776f77134..ca2e36aa0 100644
--- a/src/pluto/plugins/xauth/xauth_default_verifier.c
+++ b/src/pluto/plugins/xauth/xauth_default_verifier.c
@@ -43,6 +43,13 @@ METHOD(xauth_verifier_t, verify_secret, bool,
if (get_xauth_secret(user, server, &xauth_secret))
{
success = chunk_equals(secret, xauth_secret);
+
+ if (!success && secret.len && secret.ptr[secret.len - 1] == 0)
+ { /* fix for null-terminated passwords (e.g. from Android 4) */
+ secret.len--;
+ success = chunk_equals(secret, xauth_secret);
+ }
+
chunk_clear(&xauth_secret);
}
return success;
diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8
index 9ac537bd9..ed6f78050 100644
--- a/src/pluto/pluto.8
+++ b/src/pluto/pluto.8
@@ -1437,7 +1437,7 @@ Phase 1.
\fBPluto\fP responds to \fBSIGHUP\fP by issuing a suggestion that ``\fBwhack\fP
\-\-listen'' might have been intended.
.LP
-\fBPluto\fP exits when it recieves \fBSIGTERM\fP.
+\fBPluto\fP exits when it receives \fBSIGTERM\fP.
.SH EXIT STATUS
.LP
\fBpluto\fP normally forks a daemon process, so the exit status is
@@ -1558,7 +1558,7 @@ There is no good way for a connection to be automatically terminated.
This is a problem for Road Warrior and Opportunistic connections.
The \fB\-\-dontrekey\fP option does prevent the SAs from
being rekeyed on expiry.
-Additonally, if a Road Warrior connection has a client subnet with a fixed IP
+Additionally, if a Road Warrior connection has a client subnet with a fixed IP
address, a negotiation with that subnet will cause any other
connection instantiations with that same subnet to be unoriented
(deleted, in effect).
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 309bde649..dbc857ce2 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -22,6 +22,7 @@
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
#include <getopt.h>
@@ -29,6 +30,7 @@
#include <arpa/nameser.h> /* missing from <resolv.h> on old systems */
#include <sys/queue.h>
#include <sys/prctl.h>
+#include <signal.h>
#include <pwd.h>
#include <grp.h>
@@ -79,11 +81,32 @@
#include "whack_attribute.h"
#include "pluto.h"
+#ifdef ANDROID
+#include <private/android_filesystem_config.h> /* for AID_VPN */
+#endif
+
/**
* Number of threads in the thread pool, if not specified in config.
*/
#define DEFAULT_THREADS 4
+/**
+ * PID file, in which pluto stores its process id
+ */
+static char pluto_lock[sizeof(ctl_addr.sun_path)] = DEFAULT_CTLBASE LOCK_SUFFIX;
+
+/**
+ * TRUE if the lock has been checked. This helps to avoid any unintended
+ * deletion of the lock or control socket.
+ */
+static bool pluto_lock_checked = FALSE;
+
+/**
+ * Global reference to PID file (required to truncate, if undeletable)
+ */
+static FILE *pidfile = NULL;
+
+
static void usage(const char *mess)
{
if (mess != NULL && *mess != '\0')
@@ -148,59 +171,66 @@ static void usage(const char *mess)
exit_pluto(mess == NULL? 0 : 1);
}
-
-/* lock file support
- * - provides convenient way for scripts to find Pluto's pid
- * - prevents multiple Plutos competing for the same port
- * - same basename as unix domain control socket
- * NOTE: will not take account of sharing LOCK_DIR with other systems.
- */
-
-static char pluto_lock[sizeof(ctl_addr.sun_path)] = DEFAULT_CTLBASE LOCK_SUFFIX;
-static bool pluto_lock_created = FALSE;
-
-/* create lockfile, or die in the attempt */
-static int create_lock(void)
+static bool check_lock()
{
- int fd = open(pluto_lock, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC
- , S_IRUSR | S_IRGRP | S_IROTH);
+ struct stat stb;
+ FILE *fpid;
- if (fd < 0)
+ if (stat(pluto_lock, &stb) == 0)
{
- if (errno == EEXIST)
- {
- fprintf(stderr, "pluto: lock file \"%s\" already exists\n"
- , pluto_lock);
- exit_pluto(10);
- }
- else
+ fpid = fopen(pluto_lock, "r");
+ if (fpid)
{
- fprintf(stderr
- , "pluto: unable to create lock file \"%s\" (%d %s)\n"
- , pluto_lock, errno, strerror(errno));
- exit_pluto(1);
+ char buf[64];
+ pid_t pid = 0;
+
+ memset(buf, 0, sizeof(buf));
+ if (fread(buf, 1, sizeof(buf), fpid))
+ {
+ buf[sizeof(buf) - 1] = '\0';
+ pid = atoi(buf);
+ }
+ fclose(fpid);
+ if (pid && kill(pid, 0) == 0)
+ { /* such a process is running */
+ return TRUE;
+ }
}
+ fprintf(stderr, "pluto: removing lock file \"%s\", process not "
+ "running\n", pluto_lock);
+ unlink(pluto_lock);
}
- pluto_lock_created = TRUE;
- return fd;
+ pluto_lock_checked = TRUE;
+ return FALSE;
}
-static bool fill_lock(int lockfd, pid_t pid)
+static void fill_lock(void)
{
- char buf[30]; /* holds "<pid>\n" */
- int len = snprintf(buf, sizeof(buf), "%u\n", (unsigned int) pid);
- bool ok = len > 0 && write(lockfd, buf, len) == len;
-
- close(lockfd);
- return ok;
+ pidfile = fopen(pluto_lock, "w");
+ if (pidfile)
+ {
+ fprintf(pidfile, "%u\n", (u_int)getpid());
+ fflush(pidfile);
+ }
+ /* keep pidfile open so we can truncate it, if we cannot delete it */
}
static void delete_lock(void)
{
- if (pluto_lock_created)
+ /* because unlinking the PID file may fail, we truncate it to ensure the
+ * daemon can be properly restarted. one probable cause for this is the
+ * combination of not running as root and the effective user lacking
+ * permissions on the parent dir(s) of the PID file */
+ if (pluto_lock_checked)
{
+ if (pidfile)
+ {
+ ignore_result(ftruncate(fileno(pidfile), 0));
+ fclose(pidfile);
+ }
+ unlink(pluto_lock);
+ /* delete this here to avoid that exit_pluto calls delete the socket */
delete_ctl_socket();
- unlink(pluto_lock); /* is noting failure useful? */
}
}
@@ -234,26 +264,6 @@ static const char *pkcs11_init_args = NULL;
/* options read by optionsfrom */
options_t *options;
-/**
- * Log loaded plugins
- */
-static void print_plugins()
-{
- char buf[BUF_LEN];
- plugin_t *plugin;
- int len = 0;
- enumerator_t *enumerator;
-
- buf[0] = '\0';
- enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
- while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin))
- {
- len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin->get_name(plugin));
- }
- enumerator->destroy(enumerator);
- DBG1(DBG_DMN, "loaded plugins: %s", buf);
-}
-
int main(int argc, char **argv)
{
bool fork_desired = TRUE;
@@ -263,9 +273,14 @@ int main(int argc, char **argv)
unsigned int keep_alive = 0;
bool force_keepalive = FALSE;
char *virtual_private = NULL;
- int lockfd;
#ifdef CAPABILITIES
- int keep[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
+ int keep[] = {
+ CAP_NET_ADMIN,
+ CAP_NET_BIND_SERVICE,
+#ifdef ANDROID
+ CAP_NET_RAW,
+#endif
+ };
#endif /* CAPABILITIES */
/* initialize library and optionsfrom */
@@ -313,11 +328,7 @@ int main(int argc, char **argv)
{ "perpeerlogbase", required_argument, NULL, 'P' },
{ "perpeerlog", no_argument, NULL, 'l' },
{ "policygroupsdir", required_argument, NULL, 'f' },
-#ifdef USE_LWRES
- { "lwdnsq", required_argument, NULL, 'a' },
-#else /* !USE_LWRES */
{ "adns", required_argument, NULL, 'a' },
-#endif /* !USE_LWRES */
{ "pkcs11module", required_argument, NULL, 'm' },
{ "pkcs11keepstate", no_argument, NULL, 'k' },
{ "pkcs11initargs", required_argument, NULL, 'z' },
@@ -471,11 +482,11 @@ int main(int argc, char **argv)
case 'f': /* --policygroupsdir <policygroups-dir> */
policygroups_dir = optarg;
continue;
-
+#ifdef ADNS
case 'a': /* --adns <pathname> */
pluto_adns_option = optarg;
continue;
-
+#endif
case 'm': /* --pkcs11module <pathname> */
pkcs11_module_path = optarg;
continue;
@@ -545,7 +556,12 @@ int main(int argc, char **argv)
if (optind != argc)
usage("unexpected argument");
reset_debugging();
- lockfd = create_lock();
+
+ if (check_lock())
+ {
+ fprintf(stderr, "pluto: lock file \"%s\" already exists\n", pluto_lock);
+ exit_pluto(10);
+ }
/* select between logging methods */
@@ -598,11 +614,13 @@ int main(int argc, char **argv)
if (pid != 0)
{
- /* parent: die, after filling PID into lock file.
+ /* parent: die
* must not use exit_pluto: lock would be removed!
*/
- exit(fill_lock(lockfd, pid)? 0 : 1);
+ exit(0);
}
+ /* child: fill PID into lock file */
+ fill_lock();
}
if (setsid() < 0)
@@ -617,7 +635,7 @@ int main(int argc, char **argv)
else
{
/* no daemon fork: we have to fill in lock file */
- (void) fill_lock(lockfd, getpid());
+ fill_lock();
fprintf(stdout, "Pluto initialized\n");
fflush(stdout);
}
@@ -637,6 +655,9 @@ int main(int argc, char **argv)
close(fd);
}
+ /* for uncritical pseudo random numbers */
+ srand(time(NULL) + getpid());
+
init_constants();
init_log("pluto");
@@ -660,7 +681,8 @@ int main(int argc, char **argv)
{
exit(SS_RC_INITIALIZATION_FAILED);
}
- print_plugins();
+ DBG1(DBG_DMN, "loaded plugins: %s",
+ lib->plugins->loaded_plugins(lib->plugins));
init_builder();
if (!init_secret() || !init_crypto())
@@ -674,22 +696,24 @@ int main(int argc, char **argv)
init_states();
init_demux();
init_kernel();
+#ifdef ADNS
init_adns();
+#endif
init_myid();
fetch_initialize();
ac_initialize();
whack_attribute_initialize();
/* drop unneeded capabilities and change UID/GID */
- prctl(PR_SET_KEEPCAPS, 1);
+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
#ifdef IPSEC_GROUP
{
struct group group, *grp;
- char buf[1024];
+ char buf[1024];
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL || setgid(grp->gr_gid) != 0)
+ grp == NULL || setgid(grp->gr_gid) != 0)
{
plog("unable to change daemon group");
abort();
@@ -699,15 +723,22 @@ int main(int argc, char **argv)
#ifdef IPSEC_USER
{
struct passwd passwd, *pwp;
- char buf[1024];
+ char buf[1024];
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL || setuid(pwp->pw_uid) != 0)
+ pwp == NULL || setuid(pwp->pw_uid) != 0)
{
plog("unable to change daemon user");
abort();
}
- }
+ }
+#endif
+#ifdef ANDROID
+ if (setuid(AID_VPN) != 0)
+ {
+ plog("unable to change daemon user");
+ abort();
+ }
#endif
#ifdef CAPABILITIES_LIBCAP
@@ -793,7 +824,9 @@ void exit_pluto(int status)
free_ifaces();
ac_finalize(); /* free X.509 attribute certificates */
scx_finalize(); /* finalize and unload PKCS #11 module */
+#ifdef ADNS
stop_adns();
+#endif
free_md_pool();
free_crypto();
free_myid(); /* free myids */
@@ -803,6 +836,7 @@ void exit_pluto(int status)
delete_lock();
options->destroy(options);
pluto_deinit();
+ lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
lib->plugins->unload(lib->plugins);
libhydra_deinit();
library_deinit();
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index c140095f0..0a7b33ab5 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -57,6 +57,7 @@
#include "myid.h"
#include "kernel_alg.h"
#include "ike_alg.h"
+#include "plugin_list.h"
#include "whack_attribute.h"
/* helper variables and function to decode strings from whack message */
@@ -132,6 +133,8 @@ static void key_add_merge(struct key_add_common *oc, identification_t *keyid)
}
}
+#ifdef ADNS
+
static void key_add_continue(struct adns_continuation *ac, err_t ugh)
{
struct key_add_continuation *kc = (void *) ac;
@@ -159,6 +162,8 @@ static void key_add_continue(struct adns_continuation *ac, err_t ugh)
whack_log_fd = NULL_FD;
}
+#endif /* ADNS */
+
static void key_add_request(const whack_message_t *msg)
{
identification_t *key_id;
@@ -189,9 +194,11 @@ static void key_add_request(const whack_message_t *msg)
kc = malloc_thing(struct key_add_continuation);
kc->common = oc;
kc->lookingfor = kaa;
+ ugh = NULL;
switch (kaa)
{
+#ifdef ADNS
case ka_TXT:
ugh = start_adns_query(key_id
, key_id /* same */
@@ -199,6 +206,7 @@ static void key_add_request(const whack_message_t *msg)
, key_add_continue
, &kc->ac);
break;
+#endif /* ADNS */
#ifdef USE_KEYRR
case ka_KEY:
ugh = start_adns_query(key_id
@@ -282,7 +290,7 @@ void whack_handle(int whackctlfd)
{
if (msg.magic == WHACK_BASIC_MAGIC)
{
- /* Only shutdown command. Simpler inter-version compatability. */
+ /* Only shutdown command. Simpler inter-version compatibility. */
if (msg.whack_shutdown)
{
plog("shutting down");
@@ -437,7 +445,9 @@ void whack_handle(int whackctlfd)
plog("listening for IKE messages");
listening = TRUE;
daily_log_reset();
+#ifdef ADNS
reset_adns_restart_count();
+#endif
set_myFQDN();
find_ifaces();
load_preshared_secrets(NULL_FD);
@@ -548,6 +558,11 @@ void whack_handle(int whackctlfd)
kernel_alg_list();
}
+ if (msg.whack_list & LIST_PLUGINS)
+ {
+ plugin_list();
+ }
+
if (msg.whack_key)
{
/* add a public key */
diff --git a/src/pluto/server.c b/src/pluto/server.c
index 4d07843c1..167b1d4c7 100644
--- a/src/pluto/server.c
+++ b/src/pluto/server.c
@@ -222,10 +222,6 @@ use_interface(const char *rifn)
}
}
-#ifndef IPSECDEVPREFIX
-# define IPSECDEVPREFIX "ipsec"
-#endif
-
static struct raw_iface *
find_raw_ifaces4(void)
{
@@ -233,7 +229,7 @@ find_raw_ifaces4(void)
struct ifconf ifconf;
struct ifreq buf[300]; /* for list of interfaces -- arbitrary limit */
struct raw_iface *rifaces = NULL;
- int master_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */
+ int master_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* Get a UDP socket */
/* get list of interfaces with assigned IPv4 addresses from system */
@@ -401,7 +397,6 @@ find_raw_ifaces6(void)
return rifaces;
}
-#if 1
static int
create_socket(struct raw_iface *ifp, const char *v_name, int port)
{
@@ -414,7 +409,6 @@ create_socket(struct raw_iface *ifp, const char *v_name, int port)
return -1;
}
-#if 1
/* Set socket Nonblocking */
if ((fcntl_flags=fcntl(fd, F_GETFL)) >= 0) {
if (!(fcntl_flags & O_NONBLOCK)) {
@@ -422,7 +416,6 @@ create_socket(struct raw_iface *ifp, const char *v_name, int port)
fcntl(fd, F_SETFL, fcntl_flags);
}
}
-#endif
if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
{
@@ -467,7 +460,6 @@ create_socket(struct raw_iface *ifp, const char *v_name, int port)
}
#endif
-#if defined(linux) && defined(KERNEL26_SUPPORT)
{
struct sadb_x_policy policy;
int level, opt;
@@ -509,7 +501,6 @@ create_socket(struct raw_iface *ifp, const char *v_name, int port)
return -1;
}
}
-#endif
setportof(htons(port), &ifp->addr);
if (bind(fd, sockaddrof(&ifp->addr), sockaddrlenof(&ifp->addr)) < 0)
@@ -523,29 +514,21 @@ create_socket(struct raw_iface *ifp, const char *v_name, int port)
setportof(htons(pluto_port), &ifp->addr);
return fd;
}
-#endif
static void
process_raw_ifaces(struct raw_iface *rifaces)
{
struct raw_iface *ifp;
- /* Find all virtual/real interface pairs.
- * For each real interface...
+ /* For each real interface...
*/
for (ifp = rifaces; ifp != NULL; ifp = ifp->next)
{
- struct raw_iface *v = NULL; /* matching ipsecX interface */
+ struct raw_iface *v = NULL;
bool after = FALSE; /* has vfp passed ifp on the list? */
bool bad = FALSE;
struct raw_iface *vfp;
- /* ignore if virtual (ipsec*) interface */
- if (strneq(ifp->name, IPSECDEVPREFIX, sizeof(IPSECDEVPREFIX)-1))
- {
- continue;
- }
-
for (vfp = rifaces; vfp != NULL; vfp = vfp->next)
{
if (vfp == ifp)
@@ -554,74 +537,26 @@ process_raw_ifaces(struct raw_iface *rifaces)
}
else if (sameaddr(&ifp->addr, &vfp->addr))
{
- /* Different entries with matching IP addresses.
- * Many interesting cases.
+ /* ugh: a second interface with the same IP address
+ * "after" allows us to avoid double reporting.
*/
- if (strneq(vfp->name, IPSECDEVPREFIX, sizeof(IPSECDEVPREFIX)-1))
+ if (after)
{
- if (v != NULL && !streq(v->name, vfp->name))
- {
- loglog(RC_LOG_SERIOUS
- , "ipsec interfaces %s and %s share same address %s"
- , v->name, vfp->name, ip_str(&ifp->addr));
- bad = TRUE;
- }
- else
- {
- v = vfp; /* current winner */
- }
- }
- else
- {
- /* ugh: a second real interface with the same IP address
- * "after" allows us to avoid double reporting.
- */
-#if defined(linux) && defined(KERNEL26_SUPPORT)
- {
- if (after)
- {
- bad = TRUE;
- break;
- }
- continue;
- }
-#endif
- if (after)
- {
- loglog(RC_LOG_SERIOUS
- , "IP interfaces %s and %s share address %s!"
- , ifp->name, vfp->name, ip_str(&ifp->addr));
- }
bad = TRUE;
+ break;
}
+ continue;
}
}
if (bad)
continue;
-#if defined(linux) && defined(KERNEL26_SUPPORT)
- {
- v = ifp;
- goto add_entry;
- }
-#endif
-
- /* what if we didn't find a virtual interface? */
- if (v == NULL)
- {
- DBG(DBG_CONTROL,
- DBG_log("IP interface %s %s has no matching ipsec* interface -- ignored"
- , ifp->name, ip_str(&ifp->addr)));
- continue;
- }
+ v = ifp;
/* We've got all we need; see if this is a new thing:
* search old interfaces list.
*/
-#if defined(linux) && defined(KERNEL26_SUPPORT)
-add_entry:
-#endif
{
struct iface **p = &interfaces;
@@ -787,6 +722,7 @@ call_server(void)
act.sa_handler = &termhandler;
r = sigaction(SIGTERM, &act, NULL);
+ r = sigaction(SIGINT, &act, NULL);
passert(r == 0);
}
@@ -821,6 +757,7 @@ call_server(void)
FD_ZERO(&writefds);
FD_SET(ctl_fd, &readfds);
+#ifdef ADNS
/* the only write file-descriptor of interest */
if (adns_qfd != NULL_FD && unsent_ADNS_queries)
{
@@ -835,6 +772,7 @@ call_server(void)
maxfd = adns_afd;
FD_SET(adns_afd, &readfds);
}
+#endif /* ADNS */
events_fd = pluto->events->get_event_fd(pluto->events);
if (maxfd < events_fd)
@@ -902,6 +840,7 @@ call_server(void)
{
/* at least one file descriptor is ready */
+#ifdef ADNS
if (adns_qfd != NULL_FD && FD_ISSET(adns_qfd, &writefds))
{
passert(ndes > 0);
@@ -920,6 +859,7 @@ call_server(void)
passert(GLOBALS_ARE_RESET());
ndes--;
}
+#endif /* ADNS*/
if (FD_ISSET(events_fd, &readfds))
{
diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c
index 48585432b..06fe7d7c8 100644
--- a/src/pluto/spdb.c
+++ b/src/pluto/spdb.c
@@ -1300,7 +1300,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
* proposal is emitted into it.
*
* If "selection" is true, the SA is supposed to represent the
- * single tranform that the peer has accepted.
+ * single transform that the peer has accepted.
* ??? We only check that it is acceptable, not that it is one that we offered!
*
* Only IPsec DOI is accepted (what is the ISAKMP DOI?).
diff --git a/src/pluto/spdb.h b/src/pluto/spdb.h
index 221cc00bb..8a0bffbbd 100644
--- a/src/pluto/spdb.h
+++ b/src/pluto/spdb.h
@@ -100,7 +100,7 @@ extern notification_t parse_ipsec_sa_body(
pb_stream *sa_pbs, /* body of input SA Payload */
const struct isakmp_sa *sa, /* header of input SA Payload */
pb_stream *r_sa_pbs, /* if non-NULL, where to emit winning SA */
- bool selection, /* if this SA is a selection, only one tranform can appear */
+ bool selection, /* if this SA is a selection, only one transform can appear */
struct state *st); /* current state object */
extern void backup_pbs(pb_stream *pbs);
diff --git a/src/pluto/state.c b/src/pluto/state.c
index e4234bc87..f5185888e 100644
--- a/src/pluto/state.c
+++ b/src/pluto/state.c
@@ -216,7 +216,7 @@ struct state *state_with_serialno(so_serial_t sn)
}
/* Insert a state object in the hash table. The object is inserted
- * at the begining of list.
+ * at the beginning of list.
* Needs cookies, connection, and msgid.
*/
void insert_state(struct state *st)
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index c1ad55f5e..1d34d2c54 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -46,18 +46,7 @@
*/
time_t now(void)
{
- static time_t delta = 0
- , last_time = 0;
- time_t n = time(NULL);
-
- passert(n != (time_t)-1);
- if (last_time > n)
- {
- plog("time moved backwards %ld seconds", (long)(last_time - n));
- delta += last_time - n;
- }
- last_time = n;
- return n + delta;
+ return time_monotonic(NULL);
}
/* This file has the event handling routines. Events are
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index 99cfc5734..6cc599d8d 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -346,7 +346,7 @@ static void handle_known_vendorid (struct msg_digest *md, const char *vidstr,
case VID_STRONGSWAN:
vid_useful = TRUE;
break;
-
+
/* Remote side supports OpenPGP certificates */
case VID_OPENPGP:
md->openpgp = TRUE;
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 7e2aca862..f017e5775 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -410,7 +410,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
certificate->get_subject(certificate));
whack_log(RC_COMMENT, " issuer: \"%Y\"",
certificate->get_issuer(certificate));
- serial = x509->get_serial(x509);
+ serial = chunk_skip_zero(x509->get_serial(x509));
whack_log(RC_COMMENT, " serial: %#B", &serial);
/* list validity */