diff options
author | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:28:38 +0200 |
---|---|---|
committer | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:28:38 +0200 |
commit | 2b8de74ff4c334c25e89988c4a401b24b5bcf03d (patch) | |
tree | 10fb49ca94bfd0c8b8a583412281abfc0186836e /src | |
parent | 81c63b0eed39432878f78727f60a1e7499645199 (diff) | |
download | vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.tar.gz vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.zip |
Import upstream release 5.2.1
Diffstat (limited to 'src')
563 files changed, 19220 insertions, 5039 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 95c68d0c8..38363d4f7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -40,10 +40,6 @@ if USE_IMCV SUBDIRS += libimcv endif -if USE_PTS - SUBDIRS += libpts -endif - if USE_LIBCHARON SUBDIRS += libcharon endif @@ -60,6 +56,10 @@ if USE_CHARON SUBDIRS += charon endif +if USE_SYSTEMD + SUBDIRS += charon-systemd +endif + if USE_NM SUBDIRS += charon-nm endif diff --git a/src/Makefile.in b/src/Makefile.in index 141ca3e61..2dd046042 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -87,11 +87,11 @@ host_triplet = @host@ @USE_LIBTNCCS_TRUE@am__append_8 = libtnccs @USE_LIBPTTLS_TRUE@am__append_9 = libpttls @USE_IMCV_TRUE@am__append_10 = libimcv -@USE_PTS_TRUE@am__append_11 = libpts -@USE_LIBCHARON_TRUE@am__append_12 = libcharon -@USE_FILE_CONFIG_TRUE@am__append_13 = starter -@USE_IPSEC_SCRIPT_TRUE@am__append_14 = ipsec _copyright -@USE_CHARON_TRUE@am__append_15 = charon +@USE_LIBCHARON_TRUE@am__append_11 = libcharon +@USE_FILE_CONFIG_TRUE@am__append_12 = starter +@USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright +@USE_CHARON_TRUE@am__append_14 = charon +@USE_SYSTEMD_TRUE@am__append_15 = charon-systemd @USE_NM_TRUE@am__append_16 = charon-nm @USE_STROKE_TRUE@am__append_17 = stroke @USE_UPDOWN_TRUE@am__append_18 = _updown _updown_espmark @@ -185,11 +185,11 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \ - libtls libradius libtncif libtnccs libpttls libimcv libpts \ - libcharon starter ipsec _copyright charon charon-nm stroke \ - _updown _updown_espmark scepclient pki swanctl conftest dumm \ - libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ - pt-tls-client checksum aikgen + libtls libradius libtncif libtnccs libpttls libimcv libcharon \ + starter ipsec _copyright charon charon-systemd charon-nm \ + stroke _updown _updown_espmark scepclient pki swanctl conftest \ + dumm libfast manager medsrv pool charon-tkm charon-cmd \ + charon-svc pt-tls-client checksum aikgen DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 8591e6abd..a17bbcc1a 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -201,6 +201,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -261,6 +262,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -326,6 +328,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -373,6 +377,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index ec23208ef..a215a2548 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index 49cdc9076..51a0d9a13 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 77d825f26..2bd5be64b 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index c74c5b698..9f67eec1f 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c index b41cf467c..6f2b6f178 100644 --- a/src/charon-cmd/charon-cmd.c +++ b/src/charon-cmd/charon-cmd.c @@ -126,15 +126,12 @@ static int run() { DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading " "configuration"); -#ifdef STRONGSWAN_CONF - if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF, - FALSE)) + if (lib->settings->load_files(lib->settings, lib->conf, FALSE)) { charon->load_loggers(charon, levels, TRUE); lib->plugins->reload(lib->plugins, NULL); } else -#endif { DBG1(DBG_DMN, "reloading config failed, keeping old"); } diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 5fad214d6..69cbfe07e 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -209,6 +209,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -269,6 +270,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -334,6 +336,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -381,6 +385,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index ebebde2c0..613c2f6b5 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -174,5 +174,5 @@ void nm_backend_register() PLUGIN_SDEPEND(CERT_DECODE, CERT_X509), }; lib->plugins->add_static_features(lib->plugins, "nm-backend", features, - countof(features), TRUE); + countof(features), TRUE, NULL, NULL); } diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 39483628a..3783ac9f0 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am new file mode 100644 index 000000000..1b9ac150f --- /dev/null +++ b/src/charon-systemd/Makefile.am @@ -0,0 +1,19 @@ +sbin_PROGRAMS = charon-systemd + +charon_systemd_SOURCES = \ +charon-systemd.c + +charon-systemd.o : $(top_builddir)/config.status + +charon_systemd_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \ + -DPLUGINS=\""${charon_plugins}\"" + +charon_systemd_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in new file mode 100644 index 000000000..790c8ef8f --- /dev/null +++ b/src/charon-systemd/Makefile.in @@ -0,0 +1,765 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +sbin_PROGRAMS = charon-systemd$(EXEEXT) +subdir = src/charon-systemd +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/depcomp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" +PROGRAMS = $(sbin_PROGRAMS) +am_charon_systemd_OBJECTS = charon_systemd-charon-systemd.$(OBJEXT) +charon_systemd_OBJECTS = $(am_charon_systemd_OBJECTS) +am__DEPENDENCIES_1 = +charon_systemd_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(charon_systemd_SOURCES) +DIST_SOURCES = $(charon_systemd_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +charon_systemd_SOURCES = \ +charon-systemd.c + +charon_systemd_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \ + -DPLUGINS=\""${charon_plugins}\"" + +charon_systemd_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon-systemd/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +charon-systemd$(EXEEXT): $(charon_systemd_OBJECTS) $(charon_systemd_DEPENDENCIES) $(EXTRA_charon_systemd_DEPENDENCIES) + @rm -f charon-systemd$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(charon_systemd_OBJECTS) $(charon_systemd_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/charon_systemd-charon-systemd.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +charon_systemd-charon-systemd.o: charon-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.o -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c + +charon_systemd-charon-systemd.obj: charon-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.obj -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(sbindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-sbinPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-sbinPROGRAMS install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS + + +charon-systemd.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c new file mode 100644 index 000000000..4a2136fc9 --- /dev/null +++ b/src/charon-systemd/charon-systemd.c @@ -0,0 +1,403 @@ +/* + * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2005-2014 Martin Willi + * Copyright (C) 2006 Daniel Roethlisberger + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <signal.h> +#include <stdio.h> +#include <pthread.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <sys/utsname.h> +#include <unistd.h> +#include <errno.h> + +/* won't make sense from our logging hook */ +#define SD_JOURNAL_SUPPRESS_LOCATION +#include <systemd/sd-daemon.h> +#include <systemd/sd-journal.h> + +#include <hydra.h> +#include <daemon.h> + +#include <library.h> +#include <utils/backtrace.h> +#include <threading/thread.h> +#include <threading/rwlock.h> + +/** + * hook in library for debugging messages + */ +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); + +/** + * Logging hook for library logs, using stderr output + */ +static void dbg_stderr(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= 1) + { + va_start(args, fmt); + fprintf(stderr, "00[%N] ", debug_names, group); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } +} + +typedef struct journal_logger_t journal_logger_t; + +/** + * Logger implementation using systemd-journal + */ +struct journal_logger_t { + + /** + * Implements logger_t + */ + logger_t logger; + + /** + * Configured loglevels + */ + level_t levels[DBG_MAX]; + + /** + * Lock for levels + */ + rwlock_t *lock; +}; + +METHOD(logger_t, vlog, void, + journal_logger_t *this, debug_t group, level_t level, int thread, + ike_sa_t *ike_sa, const char *fmt, va_list args) +{ + char buf[4096], *msg = buf; + ssize_t len; + va_list copy; + + va_copy(copy, args); + len = vsnprintf(msg, sizeof(buf), fmt, copy); + va_end(copy); + + if (len >= sizeof(buf)) + { + len++; + msg = malloc(len); + va_copy(copy, args); + len = vsnprintf(msg, len, fmt, copy); + va_end(copy); + } + if (len > 0) + { + char unique[64] = "", name[256] = ""; + int priority; + + if (ike_sa) + { + snprintf(unique, sizeof(unique), "IKE_SA_UNIQUE_ID=%u", + ike_sa->get_unique_id(ike_sa)); + if (ike_sa->get_peer_cfg(ike_sa)) + { + snprintf(name, sizeof(name), "IKE_SA_NAME=%s", + ike_sa->get_name(ike_sa)); + } + } + switch (level) + { + case LEVEL_AUDIT: + priority = LOG_NOTICE; + break; + case LEVEL_CTRL: + priority = LOG_INFO; + break; + default: + priority = LOG_DEBUG; + break; + } + sd_journal_send( + "MESSAGE=%s", msg, + "MESSAGE_ID=57d2708c-d607-43bd-8c39-66bf%.8x", + chunk_hash_static(chunk_from_str((char*)fmt)), + "PRIORITY=%d", priority, + "GROUP=%N", debug_names, group, + "LEVEL=%d", level, + "THREAD=%d", thread, + unique[0] ? unique : NULL, + name[0] ? name : NULL, + NULL); + } + if (msg != buf) + { + free(msg); + } +} + +METHOD(logger_t, get_level, level_t, + journal_logger_t *this, debug_t group) +{ + level_t level; + + this->lock->read_lock(this->lock); + level = this->levels[group]; + this->lock->unlock(this->lock); + + return level; +} + +/** + * Reload journal logger configuration + */ +CALLBACK(journal_reload, bool, + journal_logger_t **journal) +{ + journal_logger_t *this = *journal; + debug_t group; + level_t def; + + def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns); + + this->lock->write_lock(this->lock); + for (group = 0; group < DBG_MAX; group++) + { + this->levels[group] = + lib->settings->get_int(lib->settings, + "%s.journal.%N", def, lib->ns, debug_lower_names, group); + } + this->lock->unlock(this->lock); + + charon->bus->add_logger(charon->bus, &this->logger); + + return TRUE; +} + +/** + * Initialize/deinitialize journal logger + */ +static bool journal_register(void *plugin, plugin_feature_t *feature, + bool reg, journal_logger_t **logger) +{ + journal_logger_t *this; + + if (reg) + { + INIT(this, + .logger = { + .vlog = _vlog, + .get_level = _get_level, + }, + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + journal_reload(&this); + + *logger = this; + return TRUE; + } + else + { + this = *logger; + + charon->bus->remove_logger(charon->bus, &this->logger); + + this->lock->destroy(this->lock); + free(this); + + return TRUE; + } +} + +/** + * Run the daemon and handle unix signals + */ +static int run() +{ + sigset_t set; + + sigemptyset(&set); + sigaddset(&set, SIGTERM); + sigprocmask(SIG_BLOCK, &set, NULL); + + sd_notify(0, "READY=1\n"); + + while (TRUE) + { + int sig, error; + + error = sigwait(&set, &sig); + if (error) + { + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(error)); + return SS_RC_INITIALIZATION_FAILED; + } + switch (sig) + { + case SIGTERM: + { + DBG1(DBG_DMN, "SIGTERM received, shutting down"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); + return 0; + } + default: + { + DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig); + break; + } + } + } +} + +/** + * lookup UID and GID + */ +static bool lookup_uid_gid() +{ +#ifdef IPSEC_USER + if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER)) + { + return FALSE; + } +#endif /* IPSEC_USER */ +#ifdef IPSEC_GROUP + if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP)) + { + return FALSE; + } +#endif /* IPSEC_GROUP */ + return TRUE; +} + +/** + * Handle SIGSEGV/SIGILL signals raised by threads + */ +static void segv_handler(int signal) +{ + backtrace_t *backtrace; + + DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal); + backtrace = backtrace_create(2); + backtrace->log(backtrace, NULL, TRUE); + backtrace->log(backtrace, stderr, TRUE); + backtrace->destroy(backtrace); + + DBG1(DBG_DMN, "killing ourself, received critical signal"); + abort(); +} + +/** + * The journal logger instance + */ +static journal_logger_t *journal; + +/** + * Journal static features + */ +static plugin_feature_t features[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal), + PLUGIN_PROVIDE(CUSTOM, "systemd-journal"), +}; + +/** + * Main function, starts the daemon. + */ +int main(int argc, char *argv[]) +{ + struct sigaction action; + struct utsname utsname; + + dbg = dbg_stderr; + + if (uname(&utsname) != 0) + { + memset(&utsname, 0, sizeof(utsname)); + } + + sd_notifyf(0, "STATUS=Starting charon-systemd, strongSwan %s, %s %s, %s", + VERSION, utsname.sysname, utsname.release, utsname.machine); + + atexit(library_deinit); + if (!library_init(NULL, "charon-systemd")) + { + sd_notifyf(0, "STATUS=libstrongswan initialization failed"); + return SS_RC_INITIALIZATION_FAILED; + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "charon-systemd", argv[0])) + { + sd_notifyf(0, "STATUS=integrity check of charon-systemd failed"); + return SS_RC_INITIALIZATION_FAILED; + } + atexit(libhydra_deinit); + if (!libhydra_init()) + { + sd_notifyf(0, "STATUS=libhydra initialization failed"); + return SS_RC_INITIALIZATION_FAILED; + } + atexit(libcharon_deinit); + if (!libcharon_init()) + { + sd_notifyf(0, "STATUS=libcharon initialization failed"); + return SS_RC_INITIALIZATION_FAILED; + } + if (!lookup_uid_gid()) + { + sd_notifyf(0, "STATUS=unknown uid/gid"); + return SS_RC_INITIALIZATION_FAILED; + } + charon->load_loggers(charon, NULL, FALSE); + + lib->plugins->add_static_features(lib->plugins, lib->ns, features, + countof(features), TRUE, journal_reload, &journal); + + if (!charon->initialize(charon, PLUGINS)) + { + sd_notifyf(0, "STATUS=charon initialization failed"); + return SS_RC_INITIALIZATION_FAILED; + } + lib->plugins->status(lib->plugins, LEVEL_CTRL); + + if (!lib->caps->drop(lib->caps)) + { + sd_notifyf(0, "STATUS=dropping capabilities failed"); + return SS_RC_INITIALIZATION_FAILED; + } + + /* add handler for SEGV and ILL, + * INT, TERM and HUP are handled by sigwait() in run() */ + action.sa_handler = segv_handler; + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + sigaddset(&action.sa_mask, SIGINT); + sigaddset(&action.sa_mask, SIGTERM); + sigaddset(&action.sa_mask, SIGHUP); + sigaction(SIGSEGV, &action, NULL); + sigaction(SIGILL, &action, NULL); + sigaction(SIGBUS, &action, NULL); + action.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &action, NULL); + + pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL); + + charon->start(charon); + + sd_notifyf(0, "STATUS=charon-systemd running, strongSwan %s, %s %s, %s", + VERSION, utsname.sysname, utsname.release, utsname.machine); + + return run(); +} diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index ca4cdbf76..fe6606bc5 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 9a22f9ad9..a6770fc50 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -296,7 +296,7 @@ int main(int argc, char *argv[]) PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), }; lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, - countof(features), TRUE); + countof(features), TRUE, NULL, NULL); if (!register_dh_mapping()) { diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index a34d0b1d4..67db5e6d8 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -159,7 +159,8 @@ int register_dh_mapping() } enumerator->destroy(enumerator); - lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE); + lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), + TRUE, NULL, NULL); if (count > 0) { diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c index 18754c717..80894a133 100644 --- a/src/charon-tkm/tests/tests.c +++ b/src/charon-tkm/tests/tests.c @@ -64,7 +64,7 @@ static bool test_runner_init(bool init) PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), }; lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, - countof(features), TRUE); + countof(features), TRUE, NULL, NULL); lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1, lib->ns, MODP_3072_BIT); diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 0e8a49e15..f4dcf4fb0 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -205,6 +205,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -265,6 +266,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -330,6 +332,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -377,6 +381,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/charon/charon.c b/src/charon/charon.c index 8afac3fff..081e49490 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -124,15 +124,12 @@ static void run() { DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading " "configuration"); -#ifdef STRONGSWAN_CONF - if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF, - FALSE)) + if (lib->settings->load_files(lib->settings, lib->conf, FALSE)) { charon->load_loggers(charon, levels, !use_syslog); lib->plugins->reload(lib->plugins, NULL); } else -#endif { DBG1(DBG_DMN, "reloading config failed, keeping old"); } @@ -468,4 +465,3 @@ deinit: library_deinit(); return status; } - diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 821c51747..b358699d0 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -81,11 +81,6 @@ if USE_IMCV libs += $(DESTDIR)$(ipseclibdir)/libimcv.so endif -if USE_PTS - deps += $(top_builddir)/src/libpts/libpts.la - libs += $(DESTDIR)$(ipseclibdir)/libpts.so -endif - if USE_CHARON deps += $(top_builddir)/src/libcharon/libcharon.la libs += $(DESTDIR)$(ipseclibdir)/libcharon.so diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 697899ed7..86e7ca6dd 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -98,18 +98,16 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_SIMAKA_TRUE@am__append_17 = $(DESTDIR)$(ipseclibdir)/libsimaka.so @USE_IMCV_TRUE@am__append_18 = $(top_builddir)/src/libimcv/libimcv.la @USE_IMCV_TRUE@am__append_19 = $(DESTDIR)$(ipseclibdir)/libimcv.so -@USE_PTS_TRUE@am__append_20 = $(top_builddir)/src/libpts/libpts.la -@USE_PTS_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so -@USE_CHARON_TRUE@am__append_22 = $(top_builddir)/src/libcharon/libcharon.la -@USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so -@USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon -@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_25 = -DC_PLUGINS=\""${c_plugins}\"" -@USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd -@USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient -@USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki -@USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl -@USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool -@USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest +@USE_CHARON_TRUE@am__append_20 = $(top_builddir)/src/libcharon/libcharon.la +@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libcharon.so +@USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/charon +@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_23 = -DC_PLUGINS=\""${c_plugins}\"" +@USE_CMD_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/charon-cmd +@USE_SCEPCLIENT_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/scepclient +@USE_PKI_TRUE@am__append_26 = $(DESTDIR)$(bindir)/pki +@USE_SWANCTL_TRUE@am__append_27 = $(DESTDIR)$(sbindir)/swanctl +@USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool +@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest subdir = src/checksum DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp @@ -274,6 +272,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -334,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -399,6 +399,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -446,6 +448,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -473,7 +479,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \ - $(am__append_4) $(am__append_15) $(am__append_25) + $(am__append_4) $(am__append_15) $(am__append_23) AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -484,15 +490,14 @@ AM_CFLAGS = \ deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__append_2) $(am__append_5) $(am__append_7) \ $(am__append_9) $(am__append_11) $(am__append_13) \ - $(am__append_16) $(am__append_18) $(am__append_20) \ - $(am__append_22) + $(am__append_16) $(am__append_18) $(am__append_20) libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_6) $(am__append_8) $(am__append_10) \ $(am__append_12) $(am__append_14) $(am__append_17) \ - $(am__append_19) $(am__append_21) $(am__append_23) -exes = $(am__append_24) $(am__append_26) $(am__append_27) \ - $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) + $(am__append_19) $(am__append_21) +exes = $(am__append_22) $(am__append_24) $(am__append_25) \ + $(am__append_26) $(am__append_27) $(am__append_28) \ + $(am__append_29) all: all-am .SUFFIXES: diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index edd07b8b5..e3c2e4335 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -219,6 +219,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -279,6 +280,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -344,6 +346,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -391,6 +395,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 5cdd5be38..e3eabe2f2 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -19,7 +19,7 @@ #include <netinet/udp.h> #include <encoding/payloads/cert_payload.h> -#include <encoding/payloads/encryption_payload.h> +#include <encoding/payloads/encrypted_payload.h> typedef struct private_ike_auth_fill_t private_ike_auth_fill_t; diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c index a77b10eee..717bcdbb9 100644 --- a/src/conftest/hooks/reset_seq.c +++ b/src/conftest/hooks/reset_seq.c @@ -108,7 +108,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data) memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_REPLACE; hdr->nlmsg_seq = 201; hdr->nlmsg_pid = getpid(); diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index fd4a5db82..56ac3447f 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/include/Makefile.in b/src/include/Makefile.in index ed755cbde..042c46cab 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index baa45326d..526c7c46e 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 3dcb03af6..9ba9bd842 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.2.0" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.2.1" "strongSwan" . .SH NAME . @@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP. terminates all IKE SA instances of connection \fIname\fP. . .TP +.BI "down-srcip <" start "> [<" end ">]" +terminates all IKE SA instances with clients having virtual IPs in the range +.IR start - end . +. +.TP .BI "route " name tells the IKE daemon to insert an IPsec policy in the kernel for connection \fIname\fP. The first payload packet matching the IPsec policy @@ -118,6 +123,11 @@ returns detailed status information either on connection .SS LIST COMMANDS . .TP +.BI "leases [<" poolname "> [<" address ">]]" +returns the status of all or the selected IP address pool (or even a single +virtual IP address). +. +.TP .B "listalgs" returns a list supported cryptographic algorithms usable for IKE, and their corresponding plugin. @@ -242,7 +252,7 @@ resets global or connection specific counters. purges all cached certificates. . .TP -.B "purgecrl" +.B "purgecrls" purges all cached CRLs. . .TP diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in index 250cf807a..210d74ef8 100644 --- a/src/ipsec/_ipsec.8.in +++ b/src/ipsec/_ipsec.8.in @@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP. terminates all IKE SA instances of connection \fIname\fP. . .TP +.BI "down-srcip <" start "> [<" end ">]" +terminates all IKE SA instances with clients having virtual IPs in the range +.IR start - end . +. +.TP .BI "route " name tells the IKE daemon to insert an IPsec policy in the kernel for connection \fIname\fP. The first payload packet matching the IPsec policy @@ -118,6 +123,11 @@ returns detailed status information either on connection .SS LIST COMMANDS . .TP +.BI "leases [<" poolname "> [<" address ">]]" +returns the status of all or the selected IP address pool (or even a single +virtual IP address). +. +.TP .B "listalgs" returns a list supported cryptographic algorithms usable for IKE, and their corresponding plugin. @@ -242,7 +252,7 @@ resets global or connection specific counters. purges all cached certificates. . .TP -.B "purgecrl" +.B "purgecrls" purges all cached CRLs. . .TP diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index e6725d0ca..0798830cf 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -15,7 +15,7 @@ # for more details. # define a minimum PATH environment in case it is not set -PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@" +PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"} export PATH # set daemon name @@ -46,37 +46,36 @@ IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity o case "$1" in '') - echo "Usage: $IPSEC_SCRIPT command argument ..." - echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual " - echo "page or the $IPSEC_NAME documentation for names of the common " - echo "ones." - echo "See <http://www.strongswan.org> for more general info." + echo "$IPSEC_SCRIPT command [arguments]" + echo + echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page." + echo "See <http://www.strongswan.org> for more general information." exit 0 ;; --help) - echo "Usage: $IPSEC_SCRIPT command argument ..." - echo "where command is one of:" - echo " start|restart arguments..." + echo "$IPSEC_SCRIPT command [arguments]" + echo + echo "Commands:" + echo " start|restart [arguments]" echo " update|reload|stop" echo " up|down|route|unroute <connectionname>" + echo " down-srcip <start> [<end>]" echo " status|statusall [<connectionname>]" echo " listalgs|listpubkeys|listcerts [--utc]" echo " listcacerts|listaacerts|listocspcerts [--utc]" echo " listacerts|listgroups|listcainfos [--utc]" - echo " listcrls|listocsp|listcards|listplugins|listall [--utc]" + echo " listcrls|listocsp|listplugins|listall [--utc]" echo " listcounters|resetcounters [name]" echo " leases [<poolname> [<address>]]" - echo " rereadsecrets|rereadgroups" - echo " rereadcacerts|rereadaacerts|rereadocspcerts" - echo " rereadacerts|rereadcrls|rereadall" - echo " purgeocsp|purgecrls|purgecerts|purgeike" - echo " scepclient" - echo " secrets" - echo " starter" + echo " rereadsecrets|rereadcacerts|rereadaacerts" + echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall" + echo " purgecerts|purgecrls|purgeike|purgeocsp" + echo " scepclient|pki" + echo " starter|stroke" echo " version" - echo " stroke" echo - echo "Some of these functions have their own manual pages, e.g. scepclient(8)." + echo "Refer to the $IPSEC_SCRIPT(8) man page for details." + echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)." exit 0 ;; --versioncode) @@ -129,16 +128,6 @@ down-srcip) fi exit "$rc" ;; -listcards|rereadgroups) - op="$1" - shift - if [ -e $IPSEC_CHARON_PID ] - then - exit 3 - else - exit 7 - fi - ;; leases) op="$1" rc=7 @@ -340,12 +329,8 @@ path="$IPSEC_DIR/$cmd" if [ ! -x "$path" ] then - path="$IPSEC_DIR/$cmd" - if [ ! -x "$path" ] - then echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2 exit 2 - fi fi exec $path "$@" diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index a28b459de..4212ee87a 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -25,7 +25,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ encoding/payloads/encodings.c encoding/payloads/encodings.h \ -encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \ +encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \ +encoding/payloads/encrypted_fragment_payload.h \ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index e81c42405..e98f5e137 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -23,7 +23,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ encoding/payloads/encodings.c encoding/payloads/encodings.h \ -encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \ +encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \ +encoding/payloads/encrypted_fragment_payload.h \ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ @@ -258,6 +259,13 @@ if MONOLITHIC endif endif +if USE_EXT_AUTH + SUBDIRS += plugins/ext_auth +if MONOLITHIC + libcharon_la_LIBADD += plugins/ext_auth/libstrongswan-ext-auth.la +endif +endif + if USE_EAP_IDENTITY SUBDIRS += plugins/eap_identity if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 002da511d..4d89794b5 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -162,106 +162,108 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_27 = plugins/ipseckey/libstrongswan-ipseckey.la @USE_UPDOWN_TRUE@am__append_28 = plugins/updown @MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_29 = plugins/updown/libstrongswan-updown.la -@USE_EAP_IDENTITY_TRUE@am__append_30 = plugins/eap_identity -@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_31 = plugins/eap_identity/libstrongswan-eap-identity.la -@USE_EAP_SIM_TRUE@am__append_32 = plugins/eap_sim -@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_33 = plugins/eap_sim/libstrongswan-eap-sim.la -@USE_EAP_SIM_FILE_TRUE@am__append_34 = plugins/eap_sim_file -@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_35 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la -@USE_EAP_SIM_PCSC_TRUE@am__append_36 = plugins/eap_sim_pcsc -@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_37 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la -@USE_EAP_SIMAKA_SQL_TRUE@am__append_38 = plugins/eap_simaka_sql -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_39 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_40 = plugins/eap_simaka_pseudonym -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_41 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_42 = plugins/eap_simaka_reauth -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_43 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la -@USE_EAP_AKA_TRUE@am__append_44 = plugins/eap_aka -@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_45 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_46 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_47 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_48 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_49 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_50 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_51 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_52 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_53 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_54 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_DYNAMIC_TRUE@am__append_55 = plugins/eap_dynamic -@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_56 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la -@USE_EAP_RADIUS_TRUE@am__append_57 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_58 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_59 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_60 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_61 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_62 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_PEAP_TRUE@am__append_63 = plugins/eap_peap -@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_64 = plugins/eap_peap/libstrongswan-eap-peap.la -@USE_EAP_TNC_TRUE@am__append_65 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_66 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_67 = $(top_builddir)/src/libtls/libtls.la -@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_68 = $(top_builddir)/src/libradius/libradius.la -@USE_TNC_IFMAP_TRUE@am__append_69 = plugins/tnc_ifmap -@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_70 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la -@USE_TNC_PDP_TRUE@am__append_71 = plugins/tnc_pdp -@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_72 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la -@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_73 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_MEDSRV_TRUE@am__append_74 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_75 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_76 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_77 = plugins/medcli/libstrongswan-medcli.la -@USE_DHCP_TRUE@am__append_78 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_79 = plugins/dhcp/libstrongswan-dhcp.la -@USE_OSX_ATTR_TRUE@am__append_80 = plugins/osx_attr -@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_81 = plugins/osx_attr/libstrongswan-osx-attr.la -@USE_ANDROID_DNS_TRUE@am__append_82 = plugins/android_dns -@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_83 = plugins/android_dns/libstrongswan-android-dns.la -@USE_ANDROID_LOG_TRUE@am__append_84 = plugins/android_log -@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_85 = plugins/android_log/libstrongswan-android-log.la -@USE_MAEMO_TRUE@am__append_86 = plugins/maemo -@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_87 = plugins/maemo/libstrongswan-maemo.la -@USE_HA_TRUE@am__append_88 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_89 = plugins/ha/libstrongswan-ha.la -@USE_KERNEL_LIBIPSEC_TRUE@am__append_90 = plugins/kernel_libipsec -@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_91 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la -@USE_KERNEL_WFP_TRUE@am__append_92 = plugins/kernel_wfp -@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_93 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la -@USE_KERNEL_IPH_TRUE@am__append_94 = plugins/kernel_iph -@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_95 = plugins/kernel_iph/libstrongswan-kernel-iph.la -@USE_WHITELIST_TRUE@am__append_96 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_97 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_98 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_99 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_100 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_101 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_102 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_103 = plugins/certexpire/libstrongswan-certexpire.la -@USE_SYSTIME_FIX_TRUE@am__append_104 = plugins/systime_fix -@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_105 = plugins/systime_fix/libstrongswan-systime-fix.la -@USE_LED_TRUE@am__append_106 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_107 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_108 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_109 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_110 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_111 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_112 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_113 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_114 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_115 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_116 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_117 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_118 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_119 = plugins/unity/libstrongswan-unity.la -@USE_UNIT_TESTS_TRUE@am__append_120 = plugins/unit_tester -@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_121 = plugins/unit_tester/libstrongswan-unit-tester.la -@USE_XAUTH_GENERIC_TRUE@am__append_122 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_123 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_124 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_125 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_126 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_127 = plugins/xauth_pam/libstrongswan-xauth-pam.la -@USE_XAUTH_NOAUTH_TRUE@am__append_128 = plugins/xauth_noauth -@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_129 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la +@USE_EXT_AUTH_TRUE@am__append_30 = plugins/ext_auth +@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_31 = plugins/ext_auth/libstrongswan-ext-auth.la +@USE_EAP_IDENTITY_TRUE@am__append_32 = plugins/eap_identity +@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_33 = plugins/eap_identity/libstrongswan-eap-identity.la +@USE_EAP_SIM_TRUE@am__append_34 = plugins/eap_sim +@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_35 = plugins/eap_sim/libstrongswan-eap-sim.la +@USE_EAP_SIM_FILE_TRUE@am__append_36 = plugins/eap_sim_file +@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_37 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la +@USE_EAP_SIM_PCSC_TRUE@am__append_38 = plugins/eap_sim_pcsc +@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_39 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la +@USE_EAP_SIMAKA_SQL_TRUE@am__append_40 = plugins/eap_simaka_sql +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_41 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_42 = plugins/eap_simaka_pseudonym +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_43 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_44 = plugins/eap_simaka_reauth +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_45 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +@USE_EAP_AKA_TRUE@am__append_46 = plugins/eap_aka +@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_47 = plugins/eap_aka/libstrongswan-eap-aka.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_48 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_49 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_50 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_51 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_52 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_53 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_54 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_55 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_56 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_DYNAMIC_TRUE@am__append_57 = plugins/eap_dynamic +@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_58 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la +@USE_EAP_RADIUS_TRUE@am__append_59 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_60 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_61 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_62 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_63 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_64 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_65 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_66 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_67 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_68 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_69 = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_70 = $(top_builddir)/src/libradius/libradius.la +@USE_TNC_IFMAP_TRUE@am__append_71 = plugins/tnc_ifmap +@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_72 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la +@USE_TNC_PDP_TRUE@am__append_73 = plugins/tnc_pdp +@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_74 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la +@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_75 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_77 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_78 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli/libstrongswan-medcli.la +@USE_DHCP_TRUE@am__append_80 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_81 = plugins/dhcp/libstrongswan-dhcp.la +@USE_OSX_ATTR_TRUE@am__append_82 = plugins/osx_attr +@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_83 = plugins/osx_attr/libstrongswan-osx-attr.la +@USE_ANDROID_DNS_TRUE@am__append_84 = plugins/android_dns +@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_85 = plugins/android_dns/libstrongswan-android-dns.la +@USE_ANDROID_LOG_TRUE@am__append_86 = plugins/android_log +@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_87 = plugins/android_log/libstrongswan-android-log.la +@USE_MAEMO_TRUE@am__append_88 = plugins/maemo +@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_89 = plugins/maemo/libstrongswan-maemo.la +@USE_HA_TRUE@am__append_90 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_91 = plugins/ha/libstrongswan-ha.la +@USE_KERNEL_LIBIPSEC_TRUE@am__append_92 = plugins/kernel_libipsec +@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_93 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la +@USE_KERNEL_WFP_TRUE@am__append_94 = plugins/kernel_wfp +@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_95 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la +@USE_KERNEL_IPH_TRUE@am__append_96 = plugins/kernel_iph +@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_97 = plugins/kernel_iph/libstrongswan-kernel-iph.la +@USE_WHITELIST_TRUE@am__append_98 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_99 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_100 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_101 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_102 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_103 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_104 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_105 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_106 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_107 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_108 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_109 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_110 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_111 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_112 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_113 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_114 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_115 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_116 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_117 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_118 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_119 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_120 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_121 = plugins/unity/libstrongswan-unity.la +@USE_UNIT_TESTS_TRUE@am__append_122 = plugins/unit_tester +@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_123 = plugins/unit_tester/libstrongswan-unit-tester.la +@USE_XAUTH_GENERIC_TRUE@am__append_124 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_125 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_126 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_127 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_128 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_129 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_130 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_131 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la subdir = src/libcharon DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp @@ -323,12 +325,12 @@ libcharon_la_DEPENDENCIES = \ $(am__append_29) $(am__append_31) $(am__append_33) \ $(am__append_35) $(am__append_37) $(am__append_39) \ $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_48) $(am__append_50) \ + $(am__append_47) $(am__append_49) $(am__append_50) \ $(am__append_52) $(am__append_54) $(am__append_56) \ $(am__append_58) $(am__append_60) $(am__append_62) \ - $(am__append_64) $(am__append_66) $(am__append_67) \ - $(am__append_68) $(am__append_70) $(am__append_72) \ - $(am__append_73) $(am__append_75) $(am__append_77) \ + $(am__append_64) $(am__append_66) $(am__append_68) \ + $(am__append_69) $(am__append_70) $(am__append_72) \ + $(am__append_74) $(am__append_75) $(am__append_77) \ $(am__append_79) $(am__append_81) $(am__append_83) \ $(am__append_85) $(am__append_87) $(am__append_89) \ $(am__append_91) $(am__append_93) $(am__append_95) \ @@ -337,7 +339,7 @@ libcharon_la_DEPENDENCIES = \ $(am__append_109) $(am__append_111) $(am__append_113) \ $(am__append_115) $(am__append_117) $(am__append_119) \ $(am__append_121) $(am__append_123) $(am__append_125) \ - $(am__append_127) $(am__append_129) + $(am__append_127) $(am__append_129) $(am__append_131) am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ bus/listeners/listener.h bus/listeners/logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ @@ -362,8 +364,9 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ encoding/payloads/eap_payload.c \ encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ encoding/payloads/encodings.h \ - encoding/payloads/encryption_payload.c \ - encoding/payloads/encryption_payload.h \ + encoding/payloads/encrypted_payload.c \ + encoding/payloads/encrypted_payload.h \ + encoding/payloads/encrypted_fragment_payload.h \ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ @@ -553,7 +556,7 @@ am_libcharon_la_OBJECTS = bus/bus.lo bus/listeners/file_logger.lo \ encoding/payloads/delete_payload.lo \ encoding/payloads/eap_payload.lo \ encoding/payloads/encodings.lo \ - encoding/payloads/encryption_payload.lo \ + encoding/payloads/encrypted_payload.lo \ encoding/payloads/id_payload.lo \ encoding/payloads/ike_header.lo \ encoding/payloads/ke_payload.lo \ @@ -676,22 +679,23 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/socket_dynamic plugins/socket_win plugins/farp \ plugins/stroke plugins/vici plugins/smp plugins/sql \ plugins/dnscert plugins/ipseckey plugins/updown \ - plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \ - plugins/eap_sim_pcsc plugins/eap_simaka_sql \ - plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ - plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \ - plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_dynamic \ - plugins/eap_radius plugins/eap_tls plugins/eap_ttls \ - plugins/eap_peap plugins/eap_tnc plugins/tnc_ifmap \ - plugins/tnc_pdp plugins/medsrv plugins/medcli plugins/dhcp \ - plugins/osx_attr plugins/android_dns plugins/android_log \ - plugins/maemo plugins/ha plugins/kernel_libipsec \ - plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \ - plugins/lookip plugins/error_notify plugins/certexpire \ - plugins/systime_fix plugins/led plugins/duplicheck \ - plugins/coupling plugins/radattr plugins/uci plugins/addrblock \ - plugins/unity plugins/unit_tester plugins/xauth_generic \ - plugins/xauth_eap plugins/xauth_pam plugins/xauth_noauth + plugins/ext_auth plugins/eap_identity plugins/eap_sim \ + plugins/eap_sim_file plugins/eap_sim_pcsc \ + plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ + plugins/eap_simaka_reauth plugins/eap_aka \ + plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ + plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \ + plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ + plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \ + plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \ + plugins/android_dns plugins/android_log plugins/maemo \ + plugins/ha plugins/kernel_libipsec plugins/kernel_wfp \ + plugins/kernel_iph plugins/whitelist plugins/lookip \ + plugins/error_notify plugins/certexpire plugins/systime_fix \ + plugins/led plugins/duplicheck plugins/coupling \ + plugins/radattr plugins/uci plugins/addrblock plugins/unity \ + plugins/unit_tester plugins/xauth_generic plugins/xauth_eap \ + plugins/xauth_pam plugins/xauth_noauth DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -749,6 +753,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -809,6 +814,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -874,6 +880,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -921,6 +929,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -954,8 +966,9 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ encoding/payloads/eap_payload.c \ encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ encoding/payloads/encodings.h \ - encoding/payloads/encryption_payload.c \ - encoding/payloads/encryption_payload.h \ + encoding/payloads/encrypted_payload.c \ + encoding/payloads/encrypted_payload.h \ + encoding/payloads/encrypted_fragment_payload.h \ encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ @@ -1043,12 +1056,12 @@ libcharon_la_LIBADD = \ $(am__append_27) $(am__append_29) $(am__append_31) \ $(am__append_33) $(am__append_35) $(am__append_37) \ $(am__append_39) $(am__append_41) $(am__append_43) \ - $(am__append_45) $(am__append_47) $(am__append_48) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ $(am__append_50) $(am__append_52) $(am__append_54) \ $(am__append_56) $(am__append_58) $(am__append_60) \ $(am__append_62) $(am__append_64) $(am__append_66) \ - $(am__append_67) $(am__append_68) $(am__append_70) \ - $(am__append_72) $(am__append_73) $(am__append_75) \ + $(am__append_68) $(am__append_69) $(am__append_70) \ + $(am__append_72) $(am__append_74) $(am__append_75) \ $(am__append_77) $(am__append_79) $(am__append_81) \ $(am__append_83) $(am__append_85) $(am__append_87) \ $(am__append_89) $(am__append_91) $(am__append_93) \ @@ -1057,7 +1070,8 @@ libcharon_la_LIBADD = \ $(am__append_107) $(am__append_109) $(am__append_111) \ $(am__append_113) $(am__append_115) $(am__append_117) \ $(am__append_119) $(am__append_121) $(am__append_123) \ - $(am__append_125) $(am__append_127) $(am__append_129) + $(am__append_125) $(am__append_127) $(am__append_129) \ + $(am__append_131) EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \ @MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \ @@ -1069,13 +1083,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \ @MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \ @MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \ -@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_49) \ +@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \ @MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ -@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \ -@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \ +@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_71) \ +@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_76) \ @MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \ @MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \ @MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ @@ -1088,7 +1102,8 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \ @MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \ @MONOLITHIC_FALSE@ $(am__append_122) $(am__append_124) \ -@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) +@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) \ +@MONOLITHIC_FALSE@ $(am__append_130) # build optional plugins ######################## @@ -1102,13 +1117,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \ @MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \ @MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \ -@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_49) \ +@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \ @MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ -@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \ -@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \ +@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_71) \ +@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_76) \ @MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \ @MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \ @MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ @@ -1121,7 +1136,8 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \ @MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \ @MONOLITHIC_TRUE@ $(am__append_122) $(am__append_124) \ -@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) +@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) \ +@MONOLITHIC_TRUE@ $(am__append_130) all: all-recursive .SUFFIXES: @@ -1267,7 +1283,7 @@ encoding/payloads/eap_payload.lo: encoding/payloads/$(am__dirstamp) \ encoding/payloads/$(DEPDIR)/$(am__dirstamp) encoding/payloads/encodings.lo: encoding/payloads/$(am__dirstamp) \ encoding/payloads/$(DEPDIR)/$(am__dirstamp) -encoding/payloads/encryption_payload.lo: \ +encoding/payloads/encrypted_payload.lo: \ encoding/payloads/$(am__dirstamp) \ encoding/payloads/$(DEPDIR)/$(am__dirstamp) encoding/payloads/id_payload.lo: encoding/payloads/$(am__dirstamp) \ @@ -1619,7 +1635,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/delete_payload.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/eap_payload.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encodings.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encryption_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encrypted_payload.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/endpoint_notify.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/fragment_payload.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/hash_payload.Plo@am__quote@ diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index d1c138cd1..cb59f976b 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -755,7 +755,7 @@ METHOD(bus_t, ike_rekey, void, this->mutex->unlock(this->mutex); } -METHOD(bus_t, ike_reestablish, void, +METHOD(bus_t, ike_reestablish_pre, void, private_bus_t *this, ike_sa_t *old, ike_sa_t *new) { enumerator_t *enumerator; @@ -766,12 +766,40 @@ METHOD(bus_t, ike_reestablish, void, enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->calling || !entry->listener->ike_reestablish) + if (entry->calling || !entry->listener->ike_reestablish_pre) { continue; } entry->calling++; - keep = entry->listener->ike_reestablish(entry->listener, old, new); + keep = entry->listener->ike_reestablish_pre(entry->listener, old, new); + entry->calling--; + if (!keep) + { + unregister_listener(this, entry, enumerator); + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); +} + +METHOD(bus_t, ike_reestablish_post, void, + private_bus_t *this, ike_sa_t *old, ike_sa_t *new, bool initiated) +{ + enumerator_t *enumerator; + entry_t *entry; + bool keep; + + this->mutex->lock(this->mutex); + enumerator = this->listeners->create_enumerator(this->listeners); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->calling || !entry->listener->ike_reestablish_post) + { + continue; + } + entry->calling++; + keep = entry->listener->ike_reestablish_post(entry->listener, old, new, + initiated); entry->calling--; if (!keep) { @@ -978,7 +1006,8 @@ bus_t *bus_create() .child_keys = _child_keys, .ike_updown = _ike_updown, .ike_rekey = _ike_rekey, - .ike_reestablish = _ike_reestablish, + .ike_reestablish_pre = _ike_reestablish_pre, + .ike_reestablish_post = _ike_reestablish_post, .child_updown = _child_updown, .child_rekey = _child_rekey, .authorize = _authorize, diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 1d708c5a5..e1d221ca5 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -101,9 +101,11 @@ enum alert_t { /** received IKE message with invalid body, argument is message_t*, * followed by a status_t result returned by message_t.parse_body(). */ ALERT_PARSE_ERROR_BODY, - /** sending a retransmit for a message, argument is packet_t */ + /** sending a retransmit for a message, argument is packet_t, if the message + * got fragmented only the first fragment is passed */ ALERT_RETRANSMIT_SEND, - /** sending retransmits timed out, argument is packet_t, if available */ + /** sending retransmits timed out, argument is packet_t, if available and if + * the message got fragmented only the first fragment is passed */ ALERT_RETRANSMIT_SEND_TIMEOUT, /** received a retransmit for a message, argument is message_t */ ALERT_RETRANSMIT_RECEIVE, @@ -380,12 +382,23 @@ struct bus_t { void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new); /** - * IKE_SA reestablishing hook. + * IKE_SA reestablishing hook (before resolving hosts). * * @param old reestablished and obsolete IKE_SA * @param new new IKE_SA replacing old */ - void (*ike_reestablish)(bus_t *this, ike_sa_t *old, ike_sa_t *new); + void (*ike_reestablish_pre)(bus_t *this, ike_sa_t *old, ike_sa_t *new); + + /** + * IKE_SA reestablishing hook (after configuring and initiating the new + * IKE_SA). + * + * @param old reestablished and obsolete IKE_SA + * @param new new IKE_SA replacing old + * @param initiated TRUE if initiated successfully, FALSE otherwise + */ + void (*ike_reestablish_post)(bus_t *this, ike_sa_t *old, ike_sa_t *new, + bool initiated); /** * CHILD_SA up/down hook. diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index abcc765e5..0910cb361 100644 --- a/src/libcharon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2011-2014 Tobias Brunner * Copyright (C) 2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -129,14 +130,29 @@ struct listener_t { /** * Hook called when an initiator reestablishes an IKE_SA. * + * This is invoked right after creating the new IKE_SA and setting the + * peer_cfg (and the old hosts), but before resolving the hosts anew. + * It is not invoked on the responder. + * + * @param old IKE_SA getting reestablished (is destroyed) + * @param new new IKE_SA replacing old (gets established) + * @return TRUE to stay registered, FALSE to unregister + */ + bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new); + + /** + * Hook called when an initiator reestablishes an IKE_SA. + * * This is invoked right before the new IKE_SA is checked in after * initiating it. It is not invoked on the responder. * * @param old IKE_SA getting reestablished (is destroyed) * @param new new IKE_SA replacing old (gets established) + * @param initiated TRUE if initiation was successful, FALSE otherwise * @return TRUE to stay registered, FALSE to unregister */ - bool (*ike_reestablish)(listener_t *this, ike_sa_t *old, ike_sa_t *new); + bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old, + ike_sa_t *new, bool initiated); /** * Hook called when a CHILD_SA gets up or down. diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 7e4a1433d..ed7c0d406 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -163,6 +163,11 @@ METHOD(child_cfg_t, add_proposal, void, } } +static bool match_proposal(proposal_t *item, proposal_t *proposal) +{ + return item->equals(item, proposal); +} + METHOD(child_cfg_t, get_proposals, linked_list_t*, private_child_cfg_t *this, bool strip_dh) { @@ -178,6 +183,12 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, { current->strip_dh(current, MODP_NONE); } + if (proposals->find_first(proposals, (linked_list_match_t)match_proposal, + NULL, current) == SUCCESS) + { + current->destroy(current); + continue; + } proposals->insert_last(proposals, current); } enumerator->destroy(enumerator); diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 4d881cd2f..50d3c6f66 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -337,7 +337,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other, break; } } - if (e2->enumerate(e2, &alg2, ks2)) + if (e2->enumerate(e2, &alg2, &ks2)) { /* other has more algs */ equals = FALSE; @@ -594,7 +594,7 @@ METHOD(proposal_t, destroy, void, } /* - * Describtion in header-file + * Described in header */ proposal_t *proposal_create(protocol_id_t protocol, u_int number) { @@ -787,7 +787,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) } /* - * Describtion in header-file + * Described in header */ proposal_t *proposal_create_default(protocol_id_t protocol) { @@ -826,7 +826,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol) } /* - * Describtion in header-file + * Described in header */ proposal_t *proposal_create_default_aead(protocol_id_t protocol) { @@ -853,7 +853,7 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol) } /* - * Describtion in header-file + * Described in header */ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs) { diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index a89995a51..3ae7c4e6f 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -593,7 +593,7 @@ METHOD(daemon_t, initialize, bool, PLUGIN_DEPENDS(CUSTOM, "socket"), }; lib->plugins->add_static_features(lib->plugins, lib->ns, features, - countof(features), TRUE); + countof(features), TRUE, NULL, NULL); /* load plugins, further infrastructure may need it */ if (!lib->plugins->load(lib->plugins, plugins)) diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 0f5f40ada..cb6c97f25 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2014 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2006 Daniel Roethlisberger @@ -23,6 +23,8 @@ #include "message.h" #include <library.h> +#include <bio/bio_writer.h> +#include <collections/array.h> #include <daemon.h> #include <sa/ikev1/keymat_v1.h> #include <encoding/generator.h> @@ -30,9 +32,11 @@ #include <encoding/payloads/encodings.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/hash_payload.h> -#include <encoding/payloads/encryption_payload.h> +#include <encoding/payloads/encrypted_payload.h> +#include <encoding/payloads/encrypted_fragment_payload.h> #include <encoding/payloads/unknown_payload.h> #include <encoding/payloads/cp_payload.h> +#include <encoding/payloads/fragment_payload.h> /** * Max number of notify payloads per IKEv2 message @@ -802,6 +806,30 @@ static message_rule_t message_rules[] = { #endif /* USE_IKEV1 */ }; +/** + * Data for fragment reassembly. + */ +typedef struct { + + /** + * For IKEv1 the number of the last fragment (in case we receive them out + * of order), since the first one starts with 1 this defines the number of + * fragments we expect. + * For IKEv2 we store the total number of fragment we received last. + */ + u_int16_t last; + + /** + * Length of all currently received fragments. + */ + size_t len; + + /** + * Maximum length of a fragmented packet. + */ + size_t max_packet; + +} fragment_data_t; typedef struct private_message_t private_message_t; @@ -876,6 +904,12 @@ struct private_message_t { packet_t *packet; /** + * Array of generated fragments (if any), as packet_t*. + * If defragmenting (i.e. frag != NULL) this contains fragment_t* + */ + array_t *fragments; + + /** * Linked List where payload data are stored in. */ linked_list_t *payloads; @@ -889,9 +923,46 @@ struct private_message_t { * The message rule for this message instance */ message_rule_t *rule; + + /** + * Data used to reassemble a fragmented message + */ + fragment_data_t *frag; }; /** + * Maximum number of fragments we will handle + */ +#define MAX_FRAGMENTS 255 + +/** + * A single fragment within a fragmented message + */ +typedef struct { + + /** fragment number */ + u_int8_t num; + + /** fragment data */ + chunk_t data; + +} fragment_t; + +static void fragment_destroy(fragment_t *this) +{ + chunk_free(&this->data); + free(this); +} + +static void reset_defrag(private_message_t *this) +{ + array_destroy_function(this->fragments, (void*)fragment_destroy, NULL); + this->fragments = NULL; + this->frag->last = 0; + this->frag->len = 0; +} + +/** * Get the message rule that applies to this message */ static message_rule_t* get_message_rule(private_message_t *this) @@ -1049,6 +1120,12 @@ METHOD(message_t, is_encoded, bool, return this->packet->get_data(this->packet).ptr != NULL; } +METHOD(message_t, is_fragmented, bool, + private_message_t *this) +{ + return array_count(this->fragments) > 0; +} + METHOD(message_t, add_payload, void, private_message_t *this, payload_t *payload) { @@ -1330,6 +1407,12 @@ static char* get_string(private_message_t *this, char *buf, int len) return buf; } +METHOD(message_t, disable_sort, void, + private_message_t *this) +{ + this->sort_disabled = TRUE; +} + /** * reorder payloads depending on reordering rules */ @@ -1339,6 +1422,8 @@ static void order_payloads(private_message_t *this) payload_t *payload; int i; + DBG2(DBG_ENC, "order payloads in message"); + /* move to temp list */ list = linked_list_create(); while (this->payloads->remove_last(this->payloads, @@ -1392,29 +1477,42 @@ static void order_payloads(private_message_t *this) } /** - * Wrap payloads in an encryption payload + * Wrap payloads in an encrypted payload */ -static encryption_payload_t* wrap_payloads(private_message_t *this) +static encrypted_payload_t* wrap_payloads(private_message_t *this) { - encryption_payload_t *encryption; + encrypted_payload_t *encrypted = NULL; linked_list_t *payloads; payload_t *current; - /* copy all payloads in a temporary list */ + /* move all payloads to a temporary list */ payloads = linked_list_create(); while (this->payloads->remove_first(this->payloads, (void**)¤t) == SUCCESS) { - payloads->insert_last(payloads, current); + if (current->get_type(current) == PLV2_FRAGMENT) + { /* treat encrypted fragment payload as encrypted payload */ + encrypted = (encrypted_payload_t*)current; + } + else + { + payloads->insert_last(payloads, current); + } + } + if (encrypted) + { /* simply adopt all the unencrypted payloads */ + this->payloads->destroy(this->payloads); + this->payloads = payloads; + return encrypted; } if (this->is_encrypted) { - encryption = encryption_payload_create(PLV1_ENCRYPTED); + encrypted = encrypted_payload_create(PLV1_ENCRYPTED); } else { - encryption = encryption_payload_create(PLV2_ENCRYPTED); + encrypted = encrypted_payload_create(PLV2_ENCRYPTED); } while (payloads->remove_first(payloads, (void**)¤t) == SUCCESS) { @@ -1432,7 +1530,7 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) { /* encryption is forced for IKEv1 */ DBG2(DBG_ENC, "insert payload %N into encrypted payload", payload_type_names, type); - encryption->add_payload(encryption, current); + encrypted->add_payload(encrypted, current); } else { @@ -1443,31 +1541,71 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) } payloads->destroy(payloads); - return encryption; + return encrypted; } -METHOD(message_t, disable_sort, void, - private_message_t *this) +/** + * Creates the IKE header for this message + */ +static ike_header_t *create_header(private_message_t *this) { - this->sort_disabled = TRUE; + ike_header_t *ike_header; + bool *reserved; + int i; + + ike_header = ike_header_create_version(this->major_version, + this->minor_version); + ike_header->set_exchange_type(ike_header, this->exchange_type); + ike_header->set_message_id(ike_header, this->message_id); + if (this->major_version == IKEV2_MAJOR_VERSION) + { + ike_header->set_response_flag(ike_header, !this->is_request); + ike_header->set_version_flag(ike_header, this->version_flag); + ike_header->set_initiator_flag(ike_header, + this->ike_sa_id->is_initiator(this->ike_sa_id)); + } + else + { + ike_header->set_encryption_flag(ike_header, this->is_encrypted); + } + ike_header->set_initiator_spi(ike_header, + this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); + ike_header->set_responder_spi(ike_header, + this->ike_sa_id->get_responder_spi(this->ike_sa_id)); + + for (i = 0; i < countof(this->reserved); i++) + { + reserved = payload_get_field(&ike_header->payload_interface, + RESERVED_BIT, i); + if (reserved) + { + *reserved = this->reserved[i]; + } + } + return ike_header; } -METHOD(message_t, generate, status_t, - private_message_t *this, keymat_t *keymat, packet_t **packet) +/** + * Generates the message, if needed, wraps the payloads in an encrypted payload. + * + * The generator and the possible enrypted payload are returned. The latter + * is not yet encrypted (but the transform is set). It is also not added to + * the payload list (so unless there are unencrypted payloads that list will + * be empty afterwards). + */ +static status_t generate_message(private_message_t *this, keymat_t *keymat, + generator_t **out_generator, encrypted_payload_t **encrypted) { keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; generator_t *generator; - ike_header_t *ike_header; - payload_t *payload, *next; - encryption_payload_t *encryption = NULL; payload_type_t next_type; enumerator_t *enumerator; aead_t *aead = NULL; - chunk_t chunk, hash = chunk_empty; + chunk_t hash = chunk_empty; char str[BUF_LEN]; - u_int32_t *lenpos; - bool encrypted = FALSE, *reserved; - int i; + ike_header_t *ike_header; + payload_t *payload, *next; + bool encrypting = FALSE; if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { @@ -1493,6 +1631,7 @@ METHOD(message_t, generate, status_t, { order_payloads(this); } + if (keymat && keymat->get_version(keymat) == IKEV1) { /* get a hash for this message, if any is required */ @@ -1505,16 +1644,17 @@ METHOD(message_t, generate, status_t, this->payloads->insert_first(this->payloads, hash_payload); if (this->exchange_type == INFORMATIONAL_V1) { - this->is_encrypted = encrypted = TRUE; + this->is_encrypted = encrypting = TRUE; } chunk_free(&hash); } } + if (this->major_version == IKEV2_MAJOR_VERSION) { - encrypted = this->rule->encrypted; + encrypting = this->rule->encrypted; } - else if (!encrypted) + else if (!encrypting) { /* If at least one payload requires encryption, encrypt the message. * If no key material is available, the flag will be reset below. */ @@ -1526,7 +1666,7 @@ METHOD(message_t, generate, status_t, rule = get_payload_rule(this, payload->get_type(payload)); if (rule && rule->encrypted) { - this->is_encrypted = encrypted = TRUE; + this->is_encrypted = encrypting = TRUE; break; } } @@ -1539,9 +1679,10 @@ METHOD(message_t, generate, status_t, { aead = keymat->get_aead(keymat, FALSE); } - if (aead && encrypted) + if (aead && encrypting) { - encryption = wrap_payloads(this); + *encrypted = wrap_payloads(this); + (*encrypted)->set_transform(*encrypted, aead); } else { @@ -1549,39 +1690,9 @@ METHOD(message_t, generate, status_t, this->is_encrypted = FALSE; } - ike_header = ike_header_create_version(this->major_version, - this->minor_version); - ike_header->set_exchange_type(ike_header, this->exchange_type); - ike_header->set_message_id(ike_header, this->message_id); - if (this->major_version == IKEV2_MAJOR_VERSION) - { - ike_header->set_response_flag(ike_header, !this->is_request); - ike_header->set_version_flag(ike_header, this->version_flag); - ike_header->set_initiator_flag(ike_header, - this->ike_sa_id->is_initiator(this->ike_sa_id)); - } - else - { - ike_header->set_encryption_flag(ike_header, this->is_encrypted); - } - ike_header->set_initiator_spi(ike_header, - this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); - ike_header->set_responder_spi(ike_header, - this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - - for (i = 0; i < countof(this->reserved); i++) - { - reserved = payload_get_field(&ike_header->payload_interface, - RESERVED_BIT, i); - if (reserved) - { - *reserved = this->reserved[i]; - } - } - - generator = generator_create(); - /* generate all payloads with proper next type */ + *out_generator = generator = generator_create(); + ike_header = create_header(this); payload = (payload_t*)ike_header; enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &next)) @@ -1591,53 +1702,71 @@ METHOD(message_t, generate, status_t, payload = next; } enumerator->destroy(enumerator); + + next_type = PL_NONE; if (this->is_encrypted) { /* for encrypted IKEv1 messages */ - next_type = encryption->payload_interface.get_next_type( - (payload_t*)encryption); + next_type = (*encrypted)->payload_interface.get_next_type( + (payload_t*)*encrypted); } - else - { - next_type = encryption ? PLV2_ENCRYPTED : PL_NONE; + else if (*encrypted) + { /* use proper IKEv2 encrypted (fragment) payload type */ + next_type = (*encrypted)->payload_interface.get_type( + (payload_t*)*encrypted); } payload->set_next_type(payload, next_type); generator->generate_payload(generator, payload); ike_header->destroy(ike_header); + return SUCCESS; +} - if (encryption) - { /* set_transform() has to be called before get_length() */ - encryption->set_transform(encryption, aead); +/** + * Encrypts and adds the encrypted payload (if any) to the payload list and + * finalizes the message generation. Destroys the given generator. + */ +static status_t finalize_message(private_message_t *this, keymat_t *keymat, + generator_t *generator, encrypted_payload_t *encrypted) +{ + keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; + chunk_t chunk; + u_int32_t *lenpos; + + if (encrypted) + { if (this->is_encrypted) { /* for IKEv1 instead of associated data we provide the IV */ if (!keymat_v1->get_iv(keymat_v1, this->message_id, &chunk)) { generator->destroy(generator); + encrypted->destroy(encrypted); return FAILED; } } else - { /* build associated data (without header of encryption payload) */ + { /* build associated data (without header of encrypted payload) */ chunk = generator->get_chunk(generator, &lenpos); - /* fill in length, including encryption payload */ - htoun32(lenpos, chunk.len + encryption->get_length(encryption)); + /* fill in length, including encrypted payload */ + htoun32(lenpos, chunk.len + encrypted->get_length(encrypted)); } - this->payloads->insert_last(this->payloads, encryption); - if (encryption->encrypt(encryption, this->message_id, chunk) != SUCCESS) + this->payloads->insert_last(this->payloads, encrypted); + if (encrypted->encrypt(encrypted, this->message_id, chunk) != SUCCESS) { generator->destroy(generator); return INVALID_STATE; } - generator->generate_payload(generator, &encryption->payload_interface); + generator->generate_payload(generator, &encrypted->payload_interface); } chunk = generator->get_chunk(generator, &lenpos); htoun32(lenpos, chunk.len); this->packet->set_data(this->packet, chunk_clone(chunk)); - if (this->is_encrypted) + if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1) { /* update the IV for the next IKEv1 message */ chunk_t last_block; + aead_t *aead; size_t bs; + aead = keymat->get_aead(keymat, FALSE); bs = aead->get_block_size(aead); last_block = chunk_create(chunk.ptr + chunk.len - bs, bs); if (!keymat_v1->update_iv(keymat_v1, this->message_id, last_block) || @@ -1648,30 +1777,301 @@ METHOD(message_t, generate, status_t, } } generator->destroy(generator); - *packet = this->packet->clone(this->packet); return SUCCESS; } -METHOD(message_t, get_packet, packet_t*, - private_message_t *this) +METHOD(message_t, generate, status_t, + private_message_t *this, keymat_t *keymat, packet_t **packet) { - if (this->packet == NULL) + generator_t *generator = NULL; + encrypted_payload_t *encrypted = NULL; + status_t status; + + status = generate_message(this, keymat, &generator, &encrypted); + if (status != SUCCESS) { - return NULL; + DESTROY_IF(generator); + return status; + } + status = finalize_message(this, keymat, generator, encrypted); + if (status != SUCCESS) + { + return status; + } + if (packet) + { + *packet = this->packet->clone(this->packet); + } + return SUCCESS; +} + +/** + * Creates a (basic) clone of the given message + */ +static message_t *clone_message(private_message_t *this) +{ + message_t *message; + host_t *src, *dst; + + src = this->packet->get_source(this->packet); + dst = this->packet->get_destination(this->packet); + + message = message_create(this->major_version, this->minor_version); + message->set_ike_sa_id(message, this->ike_sa_id); + message->set_message_id(message, this->message_id); + message->set_request(message, this->is_request); + message->set_source(message, src->clone(src)); + message->set_destination(message, dst->clone(dst)); + message->set_exchange_type(message, this->exchange_type); + memcpy(((private_message_t*)message)->reserved, this->reserved, + sizeof(this->reserved)); + return message; +} + +/** + * Create a single fragment with the given data + */ +static message_t *create_fragment(private_message_t *this, payload_type_t next, + u_int16_t num, u_int16_t count, chunk_t data) +{ + enumerator_t *enumerator; + payload_t *fragment, *payload; + message_t *message; + peer_cfg_t *peer_cfg; + ike_sa_t *ike_sa; + + message = clone_message(this); + if (this->major_version == IKEV1_MAJOR_VERSION) + { + /* other implementations seem to just use 0 as message ID, so here we go */ + message->set_message_id(message, 0); + /* always use the initial message type for fragments, even for quick mode + * or transaction messages. */ + ike_sa = charon->bus->get_sa(charon->bus); + if (ike_sa && (peer_cfg = ike_sa->get_peer_cfg(ike_sa)) && + peer_cfg->use_aggressive(peer_cfg)) + { + message->set_exchange_type(message, AGGRESSIVE); + } + else + { + message->set_exchange_type(message, ID_PROT); + } + fragment = (payload_t*)fragment_payload_create_from_data( + num, num == count, data); + } + else + { + fragment = (payload_t*)encrypted_fragment_payload_create_from_data( + num, count, data); + if (num == 1) + { + /* only in the first fragment is this set to the type of the first + * payload in the encrypted payload */ + fragment->set_next_type(fragment, next); + /* move unencrypted payloads to the first fragment */ + enumerator = this->payloads->create_enumerator(this->payloads); + while (enumerator->enumerate(enumerator, &payload)) + { + if (payload->get_type(payload) != PLV2_ENCRYPTED) + { + this->payloads->remove_at(this->payloads, enumerator); + message->add_payload(message, payload); + } + } + enumerator->destroy(enumerator); + } + } + message->add_payload(message, (payload_t*)fragment); + return message; +} + +/** + * Destroy all fragments + */ +static void clear_fragments(private_message_t *this) +{ + array_destroy_offset(this->fragments, offsetof(packet_t, destroy)); + this->fragments = NULL; +} + +/** + * Reduce the fragment length but ensure it stays > 0 + */ +#define REDUCE_FRAG_LEN(fl, amount) ({ \ + fl = max(1, (ssize_t)fl - (amount)); \ +}) + +METHOD(message_t, fragment, status_t, + private_message_t *this, keymat_t *keymat, size_t frag_len, + enumerator_t **fragments) +{ + encrypted_payload_t *encrypted = NULL; + generator_t *generator = NULL; + message_t *fragment; + packet_t *packet; + payload_type_t next = PL_NONE; + u_int16_t num, count; + host_t *src, *dst; + chunk_t data; + status_t status; + u_int32_t *lenpos; + size_t len; + + src = this->packet->get_source(this->packet); + dst = this->packet->get_destination(this->packet); + if (!frag_len) + { + frag_len = (src->get_family(src) == AF_INET) ? 576 : 1280; + } + /* frag_len is the complete IP datagram length, account for overhead (we + * assume no IP options/extension headers are used) */ + REDUCE_FRAG_LEN(frag_len, (src->get_family(src) == AF_INET) ? 20 : 40); + /* 8 (UDP header) */ + REDUCE_FRAG_LEN(frag_len, 8); + if (dst->get_port(dst) != IKEV2_UDP_PORT && + src->get_port(src) != IKEV2_UDP_PORT) + { /* reduce length due to non-ESP marker */ + REDUCE_FRAG_LEN(frag_len, 4); + } + + if (is_encoded(this)) + { + if (this->major_version == IKEV2_MAJOR_VERSION) + { + encrypted = (encrypted_payload_t*)get_payload(this, PLV2_ENCRYPTED); + } + data = this->packet->get_data(this->packet); + len = data.len; + } + else + { + status = generate_message(this, keymat, &generator, &encrypted); + if (status != SUCCESS) + { + DESTROY_IF(generator); + return status; + } + data = generator->get_chunk(generator, &lenpos); + len = data.len + (encrypted ? encrypted->get_length(encrypted) : 0); + } + + /* check if we actually need to fragment the message and if we have an + * encrypted payload for IKEv2 */ + if (len <= frag_len || + (this->major_version == IKEV2_MAJOR_VERSION && !encrypted)) + { + if (generator) + { + status = finalize_message(this, keymat, generator, encrypted); + if (status != SUCCESS) + { + return status; + } + } + *fragments = enumerator_create_single(this->packet, NULL); + return SUCCESS; + } + + /* frag_len denoted the maximum IKE message size so far, later on it will + * denote the maximum content size of a fragment payload, therefore, + * account for IKE header */ + REDUCE_FRAG_LEN(frag_len, 28); + + if (this->major_version == IKEV1_MAJOR_VERSION) + { + if (generator) + { + status = finalize_message(this, keymat, generator, encrypted); + if (status != SUCCESS) + { + return status; + } + data = this->packet->get_data(this->packet); + generator = NULL; + } + /* overhead for the fragmentation payload header */ + REDUCE_FRAG_LEN(frag_len, 8); } + else + { + aead_t *aead; + + if (generator) + { + generator->destroy(generator); + generator = generator_create(); + } + else + { /* do not log again if it was generated previously */ + generator = generator_create_no_dbg(); + } + next = encrypted->payload_interface.get_next_type((payload_t*)encrypted); + encrypted->generate_payloads(encrypted, generator); + data = generator->get_chunk(generator, &lenpos); + if (!is_encoded(this)) + { + encrypted->destroy(encrypted); + } + aead = keymat->get_aead(keymat, FALSE); + /* overhead for the encrypted fragment payload */ + REDUCE_FRAG_LEN(frag_len, aead->get_iv_size(aead)); + REDUCE_FRAG_LEN(frag_len, aead->get_icv_size(aead)); + /* header */ + REDUCE_FRAG_LEN(frag_len, 8); + /* padding and padding length */ + frag_len = round_down(frag_len, aead->get_block_size(aead)); + REDUCE_FRAG_LEN(frag_len, 1); + /* TODO-FRAG: if there are unencrypted payloads, should we account for + * their length in the first fragment? we still would have to add + * an encrypted fragment payload (albeit empty), even so we couldn't + * prevent IP fragmentation in every case */ + } + + count = data.len / frag_len + (data.len % frag_len ? 1 : 0); + this->fragments = array_create(0, count); + DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into " + "%hu fragments", len, count); + for (num = 1; num <= count; num++) + { + len = min(data.len, frag_len); + fragment = create_fragment(this, next, num, count, + chunk_create(data.ptr, len)); + status = fragment->generate(fragment, keymat, &packet); + fragment->destroy(fragment); + if (status != SUCCESS) + { + DBG1(DBG_ENC, "failed to generate IKE fragment"); + clear_fragments(this); + DESTROY_IF(generator); + return FAILED; + } + array_insert(this->fragments, ARRAY_TAIL, packet); + data = chunk_skip(data, len); + } + *fragments = array_create_enumerator(this->fragments); + DESTROY_IF(generator); + return SUCCESS; +} + +METHOD(message_t, get_packet, packet_t*, + private_message_t *this) +{ return this->packet->clone(this->packet); } METHOD(message_t, get_packet_data, chunk_t, private_message_t *this) { - if (this->packet == NULL) - { - return chunk_empty; - } return this->packet->get_data(this->packet); } +METHOD(message_t, get_fragments, enumerator_t*, + private_message_t *this) +{ + return array_create_enumerator(this->fragments); +} + METHOD(message_t, parse_header, status_t, private_message_t *this) { @@ -1682,6 +2082,10 @@ METHOD(message_t, parse_header, status_t, DBG2(DBG_ENC, "parsing header of message"); + if (!this->parser) + { /* reassembled IKEv2 message, header is inherited from fragments */ + return SUCCESS; + } this->parser->reset_context(this->parser); status = this->parser->parse_payload(this->parser, PL_HEADER, (payload_t**)&ike_header); @@ -1723,7 +2127,7 @@ METHOD(message_t, parse_header, status_t, this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); if (this->first_payload == PLV1_FRAGMENT && this->is_encrypted) - { /* racoon sets the encryted bit when sending a fragment, but these + { /* racoon sets the encrypted bit when sending a fragment, but these * messages are really not encrypted */ this->is_encrypted = FALSE; } @@ -1780,9 +2184,9 @@ static status_t parse_payloads(private_message_t *this) status_t status; if (this->is_encrypted) - { /* wrap the whole encrypted IKEv1 message in a special encryption + { /* wrap the whole encrypted IKEv1 message in a special encrypted * payload which is then handled just like a regular payload */ - encryption_payload_t *encryption; + encrypted_payload_t *encryption; status = this->parser->parse_payload(this->parser, PLV1_ENCRYPTED, (payload_t**)&encryption); @@ -1824,9 +2228,9 @@ static status_t parse_payloads(private_message_t *this) payload_type_names, type); this->payloads->insert_last(this->payloads, payload); - /* an encrypted payload is the last one, so STOP here. decryption is - * done later */ - if (type == PLV2_ENCRYPTED) + /* an encrypted (fragment) payload MUST be the last one, so STOP here. + * decryption is done later */ + if (type == PLV2_ENCRYPTED || type == PLV2_FRAGMENT) { DBG2(DBG_ENC, "%N payload found, stop parsing", payload_type_names, type); @@ -1841,7 +2245,7 @@ static status_t parse_payloads(private_message_t *this) * Decrypt an encrypted payload and extract all contained payloads. */ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat, - payload_t *previous, encryption_payload_t *encryption) + payload_t *previous, encrypted_payload_t *encryption) { payload_t *encrypted; payload_type_t type; @@ -1861,43 +2265,52 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat, DBG1(DBG_ENC, "found encrypted payload, but no transform set"); return INVALID_ARG; } - bs = aead->get_block_size(aead); - encryption->set_transform(encryption, aead); - chunk = this->packet->get_data(this->packet); - if (chunk.len < encryption->get_length(encryption) || - chunk.len < bs) + if (!this->parser) { - DBG1(DBG_ENC, "invalid payload length"); - return VERIFY_ERROR; + /* reassembled IKEv2 messages are already decrypted, we still call + * decrypt() to parse the contained payloads */ + status = encryption->decrypt(encryption, chunk_empty); } - if (keymat->get_version(keymat) == IKEV1) - { /* instead of associated data we provide the IV, we also update - * the IV with the last encrypted block */ - keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; - chunk_t iv; - - if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv)) + else + { + bs = aead->get_block_size(aead); + encryption->set_transform(encryption, aead); + chunk = this->packet->get_data(this->packet); + if (chunk.len < encryption->get_length(encryption) || + chunk.len < bs) { - status = encryption->decrypt(encryption, iv); - if (status == SUCCESS) + DBG1(DBG_ENC, "invalid payload length"); + return VERIFY_ERROR; + } + if (keymat->get_version(keymat) == IKEV1) + { /* instead of associated data we provide the IV, we also update + * the IV with the last encrypted block */ + keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; + chunk_t iv; + + if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv)) { - if (!keymat_v1->update_iv(keymat_v1, this->message_id, - chunk_create(chunk.ptr + chunk.len - bs, bs))) + status = encryption->decrypt(encryption, iv); + if (status == SUCCESS) { - status = FAILED; + if (!keymat_v1->update_iv(keymat_v1, this->message_id, + chunk_create(chunk.ptr + chunk.len - bs, bs))) + { + status = FAILED; + } } } + else + { + status = FAILED; + } } else { - status = FAILED; + chunk.len -= encryption->get_length(encryption); + status = encryption->decrypt(encryption, chunk); } } - else - { - chunk.len -= encryption->get_length(encryption); - status = encryption->decrypt(encryption, chunk); - } if (status != SUCCESS) { return status; @@ -1923,6 +2336,41 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat, } /** + * Decrypt an encrypted fragment payload. + */ +static status_t decrypt_fragment(private_message_t *this, keymat_t *keymat, + encrypted_fragment_payload_t *fragment) +{ + encrypted_payload_t *encrypted = (encrypted_payload_t*)fragment; + chunk_t chunk; + aead_t *aead; + size_t bs; + + if (!keymat) + { + DBG1(DBG_ENC, "found encrypted fragment payload, but no keymat"); + return INVALID_ARG; + } + aead = keymat->get_aead(keymat, TRUE); + if (!aead) + { + DBG1(DBG_ENC, "found encrypted fragment payload, but no transform set"); + return INVALID_ARG; + } + bs = aead->get_block_size(aead); + encrypted->set_transform(encrypted, aead); + chunk = this->packet->get_data(this->packet); + if (chunk.len < encrypted->get_length(encrypted) || + chunk.len < bs) + { + DBG1(DBG_ENC, "invalid payload length"); + return VERIFY_ERROR; + } + chunk.len -= encrypted->get_length(encrypted); + return encrypted->decrypt(encrypted, chunk); +} + +/** * Do we accept unencrypted ID/HASH payloads in Main Mode, as seen from * some SonicWall boxes? */ @@ -1941,7 +2389,7 @@ static bool accept_unencrypted_mm(private_message_t *this, payload_type_t type) } /** - * Decrypt payload from the encryption payload + * Decrypt payload from the encrypted payload */ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) { @@ -1950,7 +2398,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) payload_rule_t *rule; payload_type_t type; status_t status = SUCCESS; - bool was_encrypted = FALSE; + char *was_encrypted = NULL; enumerator = this->payloads->create_enumerator(this->payloads); while (enumerator->enumerate(enumerator, &payload)) @@ -1959,20 +2407,24 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type); - if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED) + if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED || + type == PLV2_FRAGMENT) { - encryption_payload_t *encryption; - if (was_encrypted) { - DBG1(DBG_ENC, "encrypted payload can't contain other payloads " - "of type %N", payload_type_names, type); + DBG1(DBG_ENC, "%s can't contain other payloads of type %N", + was_encrypted, payload_type_names, type); status = VERIFY_ERROR; break; } + } + + if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED) + { + encrypted_payload_t *encryption; DBG2(DBG_ENC, "found an encrypted payload"); - encryption = (encryption_payload_t*)payload; + encryption = (encrypted_payload_t*)payload; this->payloads->remove_at(this->payloads, enumerator); if (enumerator->enumerate(enumerator, NULL)) @@ -1988,7 +2440,27 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) { break; } - was_encrypted = TRUE; + was_encrypted = "encrypted payload"; + } + else if (type == PLV2_FRAGMENT) + { + encrypted_fragment_payload_t *fragment; + + DBG2(DBG_ENC, "found an encrypted fragment payload"); + fragment = (encrypted_fragment_payload_t*)payload; + + if (enumerator->enumerate(enumerator, NULL)) + { + DBG1(DBG_ENC, "encrypted fragment payload is not last payload"); + status = VERIFY_ERROR; + break; + } + status = decrypt_fragment(this, keymat, fragment); + if (status != SUCCESS) + { + break; + } + was_encrypted = "encrypted fragment payload"; } if (payload_is_known(type) && !was_encrypted && @@ -2085,10 +2557,15 @@ METHOD(message_t, parse_body, status_t, return NOT_SUPPORTED; } - status = parse_payloads(this); - if (status != SUCCESS) - { /* error is already logged */ - return status; + /* reassembled IKEv2 messages are already parsed (except for the payloads + * contained in the encrypted payload, which are handled below) */ + if (this->parser) + { + status = parse_payloads(this); + if (status != SUCCESS) + { /* error is already logged */ + return status; + } } status = decrypt_payloads(this, keymat); @@ -2142,7 +2619,7 @@ METHOD(message_t, parse_body, status_t, } chunk_free(&hash); } - if (this->is_encrypted) + if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1) { /* message verified, confirm IV */ if (!keymat_v1->confirm_iv(keymat_v1, this->message_id)) { @@ -2153,13 +2630,234 @@ METHOD(message_t, parse_body, status_t, return SUCCESS; } +/** + * Store the fragment data for the fragment with the given fragment number. + */ +static status_t add_fragment(private_message_t *this, u_int16_t num, + chunk_t data) +{ + fragment_t *fragment; + int i, insert_at = -1; + + for (i = 0; i < array_count(this->fragments); i++) + { + array_get(this->fragments, i, &fragment); + if (fragment->num == num) + { + /* ignore a duplicate fragment */ + DBG1(DBG_ENC, "received duplicate fragment #%hu", num); + return NEED_MORE; + } + if (fragment->num > num) + { + insert_at = i; + break; + } + } + this->frag->len += data.len; + if (this->frag->len > this->frag->max_packet) + { + DBG1(DBG_ENC, "fragmented IKE message is too large"); + reset_defrag(this); + return FAILED; + } + INIT(fragment, + .num = num, + .data = chunk_clone(data), + ); + array_insert(this->fragments, insert_at, fragment); + return SUCCESS; +} + +/** + * Merge the cached fragment data and resets the defragmentation state. + * Also updates the IP addresses to those of the last received fragment. + */ +static chunk_t merge_fragments(private_message_t *this, message_t *last) +{ + fragment_t *fragment; + bio_writer_t *writer; + host_t *src, *dst; + chunk_t data; + int i; + + writer = bio_writer_create(this->frag->len); + for (i = 0; i < array_count(this->fragments); i++) + { + array_get(this->fragments, i, &fragment); + writer->write_data(writer, fragment->data); + } + data = writer->extract_buf(writer); + writer->destroy(writer); + + /* set addresses to those of the last fragment we received */ + src = last->get_source(last); + dst = last->get_destination(last); + this->packet->set_source(this->packet, src->clone(src)); + this->packet->set_destination(this->packet, dst->clone(dst)); + + reset_defrag(this); + free(this->frag); + this->frag = NULL; + return data; +} + +METHOD(message_t, add_fragment_v1, status_t, + private_message_t *this, message_t *message) +{ + fragment_payload_t *payload; + chunk_t data; + u_int8_t num; + status_t status; + + if (!this->frag) + { + return INVALID_STATE; + } + payload = (fragment_payload_t*)message->get_payload(message, PLV1_FRAGMENT); + if (!payload) + { + return INVALID_ARG; + } + if (!this->fragments || this->message_id != payload->get_id(payload)) + { + reset_defrag(this); + this->message_id = payload->get_id(payload); + /* we don't know the total number of fragments, assume something */ + this->fragments = array_create(0, 4); + } + + num = payload->get_number(payload); + data = payload->get_data(payload); + if (!this->frag->last && payload->is_last(payload)) + { + this->frag->last = num; + } + status = add_fragment(this, num, data); + if (status != SUCCESS) + { + return status; + } + + if (array_count(this->fragments) != this->frag->last) + { + /* there are some fragments missing */ + DBG1(DBG_ENC, "received fragment #%hhu, waiting for complete IKE " + "message", num); + return NEED_MORE; + } + + DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE " + "message", num); + + data = merge_fragments(this, message); + this->packet->set_data(this->packet, data); + this->parser = parser_create(data); + + if (parse_header(this) != SUCCESS) + { + DBG1(DBG_IKE, "failed to parse header of reassembled IKE message"); + return FAILED; + } + return SUCCESS; +} + +METHOD(message_t, add_fragment_v2, status_t, + private_message_t *this, message_t *message) +{ + encrypted_fragment_payload_t *encrypted_fragment; + encrypted_payload_t *encrypted; + payload_t *payload; + enumerator_t *enumerator; + chunk_t data; + u_int16_t total, num; + status_t status; + + if (!this->frag) + { + return INVALID_STATE; + } + payload = message->get_payload(message, PLV2_FRAGMENT); + if (!payload || this->message_id != message->get_message_id(message)) + { + return INVALID_ARG; + } + encrypted_fragment = (encrypted_fragment_payload_t*)payload; + total = encrypted_fragment->get_total_fragments(encrypted_fragment); + if (total > MAX_FRAGMENTS) + { + DBG1(DBG_IKE, "maximum fragment count exceeded"); + reset_defrag(this); + return FAILED; + } + if (!this->fragments || total > this->frag->last) + { + reset_defrag(this); + this->frag->last = total; + this->fragments = array_create(0, total); + } + num = encrypted_fragment->get_fragment_number(encrypted_fragment); + data = encrypted_fragment->get_content(encrypted_fragment); + status = add_fragment(this, num, data); + if (status != SUCCESS) + { + return status; + } + + if (num == 1) + { + /* the first fragment denotes the payload type of the first payload in + * the original encrypted payload, cache that */ + this->first_payload = payload->get_next_type(payload); + /* move all unencrypted payloads contained in the first fragment */ + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) + { + if (payload->get_type(payload) != PLV2_FRAGMENT) + { + message->remove_payload_at(message, enumerator); + this->payloads->insert_last(this->payloads, payload); + } + } + enumerator->destroy(enumerator); + } + + if (array_count(this->fragments) != total) + { + /* there are some fragments missing */ + DBG1(DBG_ENC, "received fragment #%hu of %hu, waiting for complete IKE " + "message", num, total); + return NEED_MORE; + } + + DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE " + "message", num, total); + + data = merge_fragments(this, message); + encrypted = encrypted_payload_create_from_plain(this->first_payload, data); + this->payloads->insert_last(this->payloads, encrypted); + /* update next payload type (could be an unencrypted payload) */ + this->payloads->get_first(this->payloads, (void**)&payload); + this->first_payload = payload->get_type(payload); + return SUCCESS; +} + METHOD(message_t, destroy, void, private_message_t *this) { DESTROY_IF(this->ike_sa_id); + DESTROY_IF(this->parser); this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy)); this->packet->destroy(this->packet); - this->parser->destroy(this->parser); + if (this->frag) + { + reset_defrag(this); + free(this->frag); + } + else + { + array_destroy_offset(this->fragments, offsetof(packet_t, destroy)); + } free(this); } @@ -2195,6 +2893,9 @@ message_t *message_create_from_packet(packet_t *packet) .disable_sort = _disable_sort, .generate = _generate, .is_encoded = _is_encoded, + .is_fragmented = _is_fragmented, + .fragment = _fragment, + .add_fragment = _add_fragment_v2, .set_source = _set_source, .get_source = _get_source, .set_destination = _set_destination, @@ -2207,6 +2908,7 @@ message_t *message_create_from_packet(packet_t *packet) .parse_body = _parse_body, .get_packet = _get_packet, .get_packet_data = _get_packet_data, + .get_fragments = _get_fragments, .destroy = _destroy, }, .exchange_type = EXCHANGE_TYPE_UNDEFINED, @@ -2232,3 +2934,34 @@ message_t *message_create(int major, int minor) return this; } + +/* + * Described in header. + */ +message_t *message_create_defrag(message_t *fragment) +{ + private_message_t *this; + + if (!fragment->get_payload(fragment, PLV1_FRAGMENT) && + !fragment->get_payload(fragment, PLV2_FRAGMENT)) + { + return NULL; + } + this = (private_message_t*)clone_message((private_message_t*)fragment); + /* we don't need a parser for IKEv2, the one for IKEv1 is created after + * reassembling the original message */ + this->parser->destroy(this->parser); + this->parser = NULL; + if (fragment->get_major_version(fragment) == IKEV1_MAJOR_VERSION) + { + /* we store the fragment ID in the message ID field, which should be + * zero for fragments, but make sure */ + this->message_id = 0; + this->public.add_fragment = _add_fragment_v1; + } + INIT(this->frag, + .max_packet = lib->settings->get_int(lib->settings, + "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns), + ); + return &this->public; +} diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 7631a7c3a..a03aa8e96 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2011 Tobias Brunner + * Copyright (C) 2006-2014 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -39,7 +39,7 @@ typedef struct message_t message_t; * * The message handles parsing and generation of payloads * via parser_t/generator_t. Encryption is done transparently - * via the encryption_payload_t. A set of rules for messages + * via the encrypted_payload_t. A set of rules for messages * and payloads does check parsed messages. */ struct message_t { @@ -265,6 +265,53 @@ struct message_t { bool (*is_encoded)(message_t *this); /** + * Generates the message split into fragments of the given size (total IP + * datagram length). + * + * @param keymat keymat to encrypt/sign message(s) + * @param frag_len fragment length (maximum total IP datagram length), 0 + * for default value depending on address family + * @param fragments receives an enumerator with generated packet_t*, + * which are owned by the enumerator + * @return + * - SUCCESS if message could be fragmented + * - FAILED if fragmentation failed + * - and the possible return values of generate() + */ + status_t (*fragment)(message_t *this, keymat_t *keymat, size_t frag_len, + enumerator_t **fragments); + + /** + * Check if the message has been encoded and fragmented using fragment(), + * and whether there actually resulted fragments (if not is_encoded() will + * be TRUE). + * + * The packets of individual fragments can be retrieved with + * get_fragments(). + * + * @return TRUE if message has been encoded and fragmented + */ + bool (*is_fragmented)(message_t *this); + + /** + * Add a fragment to the message if it was created with + * message_create_defrag(). + * + * Once the message is completed it should be processed like any other + * inbound message. + * + * @param fragment fragment to add + * @return + * - SUCCESS if message was reassembled + * - NEED_MORE if not all fragments have yet been received + * - FAILED if reassembling failed + * - INVALID_ARG if fragment is invalid for some reason + * - INVALID_STATE if message was not created using + * message_create_defrag() + */ + status_t (*add_fragment)(message_t *this, message_t *fragment); + + /** * Gets the source host informations. * * @warning Returned host_t object is not getting cloned, @@ -337,11 +384,11 @@ struct message_t { notify_payload_t* (*get_notify)(message_t *this, notify_type_t type); /** - * Returns a clone of the internal stored packet_t object. + * Returns a clone of the internally stored packet_t object. * * @return packet_t object as clone of internal one */ - packet_t * (*get_packet) (message_t *this); + packet_t *(*get_packet) (message_t *this); /** * Returns a chunk pointing to internal packet_t data. @@ -351,6 +398,13 @@ struct message_t { chunk_t (*get_packet_data) (message_t *this); /** + * Returns internally stored packet_t* objects for each fragment. + * + * @return enumerator internal packet_t* objects + */ + enumerator_t *(*get_fragments)(message_t *this); + + /** * Destroys a message and all including objects. */ void (*destroy) (message_t *this); @@ -380,4 +434,14 @@ message_t *message_create_from_packet(packet_t *packet); */ message_t *message_create(int major, int minor); +/** + * Creates a message_t object that is used to reassemble fragmented messages. + * + * Use add_fragment() to add fragments. + * + * @param fragment initial fragment (is not added) + * @return message_t object, NULL if fragment is not actually one + */ +message_t *message_create_defrag(message_t *fragment); + #endif /** MESSAGE_H_ @}*/ diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index c33e30dd3..d6240fde2 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -32,7 +32,7 @@ #include <encoding/payloads/nonce_payload.h> #include <encoding/payloads/id_payload.h> #include <encoding/payloads/notify_payload.h> -#include <encoding/payloads/encryption_payload.h> +#include <encoding/payloads/encrypted_payload.h> #include <encoding/payloads/auth_payload.h> #include <encoding/payloads/cert_payload.h> #include <encoding/payloads/certreq_payload.h> diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h new file mode 100644 index 000000000..1c2cc379f --- /dev/null +++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup encrypted_fragment_payload encrypted_fragment_payload + * @{ @ingroup payloads + */ + +#ifndef ENCRYPTED_FRAGMENT_PAYLOAD_H_ +#define ENCRYPTED_FRAGMENT_PAYLOAD_H_ + +typedef struct encrypted_fragment_payload_t encrypted_fragment_payload_t; + +#include <encoding/payloads/encrypted_payload.h> + +/** + * The Encrypted Fragment Payload as described in RFC 7383 + * + * The implementation is located in encrypted_payload.c as it is very similar. + */ +struct encrypted_fragment_payload_t { + + /** + * Implements payload_t interface. + */ + encrypted_payload_t encrypted; + + /** + * Get the fragment number. + * + * @return fragment number + */ + u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this); + + /** + * Get the total number of fragments. + * + * @return total number of fragments + */ + u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this); + + /** + * Get the (decrypted) content of this payload. + * + * @return internal payload data + */ + chunk_t (*get_content)(encrypted_fragment_payload_t *this); + + /** + * Destroys an encrypted_fragment_payload_t object. + */ + void (*destroy)(encrypted_fragment_payload_t *this); +}; + +/** + * Creates an empty encrypted_fragment_payload_t object. + * + * @return encrypted_fragment_payload_t object + */ +encrypted_fragment_payload_t *encrypted_fragment_payload_create(); + +/** + * Creates an encrypted fragment payload from the given data. + * + * @param num fragment number (first one should be 1) + * @param total total number of fragments + * @param data fragment data (gets cloned) + * @return encrypted_fragment_payload_t object + */ +encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( + u_int16_t num, u_int16_t total, chunk_t data); + +#endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c new file mode 100644 index 000000000..5c574c34d --- /dev/null +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -0,0 +1,1022 @@ +/* + * Copyright (C) 2011-2014 Tobias Brunner + * Copyright (C) 2005-2010 Martin Willi + * Copyright (C) 2010 revosec AG + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stddef.h> +#include <string.h> + +#include "encrypted_payload.h" +#include "encrypted_fragment_payload.h" + +#include <daemon.h> +#include <encoding/payloads/encodings.h> +#include <collections/linked_list.h> +#include <encoding/parser.h> + +typedef struct private_encrypted_payload_t private_encrypted_payload_t; +typedef struct private_encrypted_fragment_payload_t private_encrypted_fragment_payload_t; + +struct private_encrypted_payload_t { + + /** + * Public encrypted_payload_t interface. + */ + encrypted_payload_t public; + + /** + * There is no next payload for an encrypted payload, + * since encrypted payload MUST be the last one. + * next_payload means here the first payload of the + * contained, encrypted payload. + */ + u_int8_t next_payload; + + /** + * Flags, including reserved bits + */ + u_int8_t flags; + + /** + * Length of this payload + */ + u_int16_t payload_length; + + /** + * Chunk containing the IV, plain, padding and ICV. + */ + chunk_t encrypted; + + /** + * AEAD transform to use + */ + aead_t *aead; + + /** + * Contained payloads + */ + linked_list_t *payloads; + + /** + * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED + */ + payload_type_t type; +}; + +struct private_encrypted_fragment_payload_t { + + /** + * Public interface. + */ + encrypted_fragment_payload_t public; + + /** + * The first fragment contains the type of the first payload contained in + * the original encrypted payload, for all other fragments it MUST be set + * to zero. + */ + u_int8_t next_payload; + + /** + * Flags, including reserved bits + */ + u_int8_t flags; + + /** + * Length of this payload + */ + u_int16_t payload_length; + + /** + * Chunk containing the IV, plain, padding and ICV. + */ + chunk_t encrypted; + + /** + * Fragment number + */ + u_int16_t fragment_number; + + /** + * Total fragments + */ + u_int16_t total_fragments; + + /** + * AEAD transform to use + */ + aead_t *aead; + + /** + * Chunk containing the plain packet data. + */ + chunk_t plain; +}; + +/** + * Encoding rules to parse or generate a IKEv2-Encrypted Payload. + * + * The defined offsets are the positions in a object of type + * private_encrypted_payload_t. + */ +static encoding_rule_t encodings_v2[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_encrypted_payload_t, next_payload) }, + /* Critical and 7 reserved bits, all stored for reconstruction */ + { U_INT_8, offsetof(private_encrypted_payload_t, flags) }, + /* Length of the whole encrypted payload*/ + { PAYLOAD_LENGTH, offsetof(private_encrypted_payload_t, payload_length) }, + /* encrypted data, stored in a chunk. contains iv, data, padding */ + { CHUNK_DATA, offsetof(private_encrypted_payload_t, encrypted) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Initialization Vector ! + ! (length is block size for encryption algorithm) ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Encrypted IKE Payloads ! + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! Padding (0-255 octets) ! + +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ + ! ! Pad Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Integrity Checksum Data ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Encoding rules to parse or generate a complete encrypted IKEv1 message. + * + * The defined offsets are the positions in a object of type + * private_encrypted_payload_t. + */ +static encoding_rule_t encodings_v1[] = { + /* encrypted data, stored in a chunk */ + { ENCRYPTED_DATA, offsetof(private_encrypted_payload_t, encrypted) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Encrypted IKE Payloads ! + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! Padding (0-255 octets) ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Encoding rules to parse or generate an IKEv2-Encrypted Fragment Payload. + * + * The defined offsets are the positions in a object of type + * private_encrypted_payload_t. + */ +static encoding_rule_t encodings_fragment[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_encrypted_fragment_payload_t, next_payload) }, + /* Critical and 7 reserved bits, all stored for reconstruction */ + { U_INT_8, offsetof(private_encrypted_fragment_payload_t, flags) }, + /* Length of the whole encryption payload*/ + { PAYLOAD_LENGTH, offsetof(private_encrypted_fragment_payload_t, payload_length) }, + /* Fragment number */ + { U_INT_16, offsetof(private_encrypted_fragment_payload_t, fragment_number) }, + /* Total number of fragments */ + { U_INT_16, offsetof(private_encrypted_fragment_payload_t, total_fragments) }, + /* encrypted data, stored in a chunk. contains iv, data, padding */ + { CHUNK_DATA, offsetof(private_encrypted_fragment_payload_t, encrypted) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Fragment Number | Total Fragments ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Initialization Vector ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Encrypted IKE Payloads ! + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! Padding (0-255 octets) ! + +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ + ! ! Pad Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Integrity Checksum Data ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +METHOD(payload_t, verify, status_t, + private_encrypted_payload_t *this) +{ + return SUCCESS; +} + +METHOD(payload_t, get_encoding_rules, int, + private_encrypted_payload_t *this, encoding_rule_t **rules) +{ + if (this->type == PLV2_ENCRYPTED) + { + *rules = encodings_v2; + return countof(encodings_v2); + } + *rules = encodings_v1; + return countof(encodings_v1); +} + +METHOD(payload_t, get_header_length, int, + private_encrypted_payload_t *this) +{ + if (this->type == PLV2_ENCRYPTED) + { + return 4; + } + return 0; +} + +METHOD(payload_t, get_type, payload_type_t, + private_encrypted_payload_t *this) +{ + return this->type; +} + +METHOD(payload_t, get_next_type, payload_type_t, + private_encrypted_payload_t *this) +{ + return this->next_payload; +} + +METHOD(payload_t, set_next_type, void, + private_encrypted_payload_t *this, payload_type_t type) +{ + /* the next payload is set during add, still allow this for IKEv1 */ + this->next_payload = type; +} + +/** + * Get length of encryption/integrity overhead for the given plaintext length + */ +static size_t compute_overhead(aead_t *aead, size_t len) +{ + size_t bs, overhead; + + /* padding */ + bs = aead->get_block_size(aead); + overhead = bs - (len % bs); + /* add iv */ + overhead += aead->get_iv_size(aead); + /* add icv */ + overhead += aead->get_icv_size(aead); + return overhead; +} + +/** + * Compute the length of the whole payload + */ +static void compute_length(private_encrypted_payload_t *this) +{ + enumerator_t *enumerator; + payload_t *payload; + size_t length = 0; + + if (this->encrypted.len) + { + length = this->encrypted.len; + } + else + { + enumerator = this->payloads->create_enumerator(this->payloads); + while (enumerator->enumerate(enumerator, &payload)) + { + length += payload->get_length(payload); + } + enumerator->destroy(enumerator); + + if (this->aead) + { + length += compute_overhead(this->aead, length); + } + } + length += get_header_length(this); + this->payload_length = length; +} + +METHOD2(payload_t, encrypted_payload_t, get_length, size_t, + private_encrypted_payload_t *this) +{ + compute_length(this); + return this->payload_length; +} + +METHOD(encrypted_payload_t, add_payload, void, + private_encrypted_payload_t *this, payload_t *payload) +{ + payload_t *last_payload; + + if (this->payloads->get_count(this->payloads) > 0) + { + this->payloads->get_last(this->payloads, (void **)&last_payload); + last_payload->set_next_type(last_payload, payload->get_type(payload)); + } + else + { + this->next_payload = payload->get_type(payload); + } + payload->set_next_type(payload, PL_NONE); + this->payloads->insert_last(this->payloads, payload); + compute_length(this); +} + +METHOD(encrypted_payload_t, remove_payload, payload_t *, + private_encrypted_payload_t *this) +{ + payload_t *payload; + + if (this->payloads->remove_first(this->payloads, + (void**)&payload) == SUCCESS) + { + return payload; + } + return NULL; +} + +/** + * Generate payload before encryption + */ +static chunk_t generate(private_encrypted_payload_t *this, + generator_t *generator) +{ + payload_t *current, *next; + enumerator_t *enumerator; + u_int32_t *lenpos; + chunk_t chunk = chunk_empty; + + enumerator = this->payloads->create_enumerator(this->payloads); + if (enumerator->enumerate(enumerator, ¤t)) + { + this->next_payload = current->get_type(current); + + while (enumerator->enumerate(enumerator, &next)) + { + current->set_next_type(current, next->get_type(next)); + generator->generate_payload(generator, current); + current = next; + } + current->set_next_type(current, PL_NONE); + generator->generate_payload(generator, current); + + chunk = generator->get_chunk(generator, &lenpos); + DBG2(DBG_ENC, "generated content in encrypted payload"); + } + enumerator->destroy(enumerator); + return chunk; +} + +METHOD(encrypted_payload_t, generate_payloads, void, + private_encrypted_payload_t *this, generator_t *generator) +{ + generate(this, generator); +} + +/** + * Append the encrypted payload header to the associated data + */ +static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc) +{ + struct { + u_int8_t next_payload; + u_int8_t flags; + u_int16_t length; + } __attribute__((packed)) header = { + .next_payload = this->next_payload, + .flags = this->flags, + .length = htons(get_length(this)), + }; + return chunk_cat("cc", assoc, chunk_from_thing(header)); +} + +/** + * Encrypts the data in plain and returns it in an allocated chunk. + */ +static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid, + chunk_t plain, chunk_t assoc, chunk_t *encrypted) +{ + chunk_t iv, padding, icv, crypt; + iv_gen_t *iv_gen; + rng_t *rng; + size_t bs; + + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng) + { + DBG1(DBG_ENC, "encrypting %s failed, no RNG found", label); + return NOT_SUPPORTED; + } + + iv_gen = aead->get_iv_gen(aead); + if (!iv_gen) + { + DBG1(DBG_ENC, "encrypting %s failed, no IV generator", label); + return NOT_SUPPORTED; + } + + bs = aead->get_block_size(aead); + /* we need at least one byte padding to store the padding length */ + padding.len = bs - (plain.len % bs); + iv.len = aead->get_iv_size(aead); + icv.len = aead->get_icv_size(aead); + + /* prepare data to authenticate-encrypt: + * | IV | plain | padding | ICV | + * \____crypt______/ ^ + * | / + * v / + * assoc -> + ------->/ + */ + *encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len); + iv.ptr = encrypted->ptr; + memcpy(iv.ptr + iv.len, plain.ptr, plain.len); + plain.ptr = iv.ptr + iv.len; + padding.ptr = plain.ptr + plain.len; + icv.ptr = padding.ptr + padding.len; + crypt = chunk_create(plain.ptr, plain.len + padding.len); + + if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) || + !rng->get_bytes(rng, padding.len - 1, padding.ptr)) + { + DBG1(DBG_ENC, "encrypting %s failed, no IV or padding", label); + rng->destroy(rng); + + return FAILED; + } + padding.ptr[padding.len - 1] = padding.len - 1; + rng->destroy(rng); + + DBG3(DBG_ENC, "%s encryption:", label); + DBG3(DBG_ENC, "IV %B", &iv); + DBG3(DBG_ENC, "plain %B", &plain); + DBG3(DBG_ENC, "padding %B", &padding); + DBG3(DBG_ENC, "assoc %B", &assoc); + + if (!aead->encrypt(aead, crypt, assoc, iv, NULL)) + { + return FAILED; + } + DBG3(DBG_ENC, "encrypted %B", &crypt); + DBG3(DBG_ENC, "ICV %B", &icv); + return SUCCESS; +} + +METHOD(encrypted_payload_t, encrypt, status_t, + private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc) +{ + generator_t *generator; + chunk_t plain; + status_t status; + + if (this->aead == NULL) + { + DBG1(DBG_ENC, "encrypting encrypted payload failed, transform missing"); + return INVALID_STATE; + } + + free(this->encrypted.ptr); + generator = generator_create(); + plain = generate(this, generator); + assoc = append_header(this, assoc); + status = encrypt_content("encrypted payload", this->aead, mid, plain, assoc, + &this->encrypted); + generator->destroy(generator); + free(assoc.ptr); + return status; +} + +METHOD(encrypted_payload_t, encrypt_v1, status_t, + private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv) +{ + generator_t *generator; + chunk_t plain, padding; + size_t bs; + + if (this->aead == NULL) + { + DBG1(DBG_ENC, "encryption failed, transform missing"); + return INVALID_STATE; + } + + generator = generator_create(); + plain = generate(this, generator); + bs = this->aead->get_block_size(this->aead); + padding.len = bs - (plain.len % bs); + + /* prepare data to encrypt: + * | plain | padding | */ + free(this->encrypted.ptr); + this->encrypted = chunk_alloc(plain.len + padding.len); + memcpy(this->encrypted.ptr, plain.ptr, plain.len); + plain.ptr = this->encrypted.ptr; + padding.ptr = plain.ptr + plain.len; + memset(padding.ptr, 0, padding.len); + generator->destroy(generator); + + DBG3(DBG_ENC, "encrypting payloads:"); + DBG3(DBG_ENC, "IV %B", &iv); + DBG3(DBG_ENC, "plain %B", &plain); + DBG3(DBG_ENC, "padding %B", &padding); + + if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL)) + { + return FAILED; + } + + DBG3(DBG_ENC, "encrypted %B", &this->encrypted); + + return SUCCESS; +} + +/** + * Parse the payloads after decryption. + */ +static status_t parse(private_encrypted_payload_t *this, chunk_t plain) +{ + parser_t *parser; + payload_type_t type; + + parser = parser_create(plain); + type = this->next_payload; + while (type != PL_NONE) + { + payload_t *payload; + + if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len) + { + DBG1(DBG_ENC, "invalid %N payload length, decryption failed?", + payload_type_names, type); + parser->destroy(parser); + return PARSE_ERROR; + } + if (parser->parse_payload(parser, type, &payload) != SUCCESS) + { + parser->destroy(parser); + return PARSE_ERROR; + } + if (payload->verify(payload) != SUCCESS) + { + DBG1(DBG_ENC, "%N verification failed", + payload_type_names, payload->get_type(payload)); + payload->destroy(payload); + parser->destroy(parser); + return VERIFY_ERROR; + } + type = payload->get_next_type(payload); + this->payloads->insert_last(this->payloads, payload); + } + parser->destroy(parser); + DBG2(DBG_ENC, "parsed content of encrypted payload"); + return SUCCESS; +} + +/** + * Decrypts the given data in-place and returns a chunk pointing to the + * resulting plaintext. + */ +static status_t decrypt_content(char *label, aead_t *aead, chunk_t encrypted, + chunk_t assoc, chunk_t *plain) +{ + chunk_t iv, padding, icv, crypt; + size_t bs; + + /* prepare data to authenticate-decrypt: + * | IV | plain | padding | ICV | + * \____crypt______/ ^ + * | / + * v / + * assoc -> + ------->/ + */ + bs = aead->get_block_size(aead); + iv.len = aead->get_iv_size(aead); + iv.ptr = encrypted.ptr; + icv.len = aead->get_icv_size(aead); + icv.ptr = encrypted.ptr + encrypted.len - icv.len; + crypt.ptr = iv.ptr + iv.len; + crypt.len = encrypted.len - iv.len; + + if (iv.len + icv.len > encrypted.len || + (crypt.len - icv.len) % bs) + { + DBG1(DBG_ENC, "decrypting %s payload failed, invalid length", label); + return FAILED; + } + + DBG3(DBG_ENC, "%s decryption:", label); + DBG3(DBG_ENC, "IV %B", &iv); + DBG3(DBG_ENC, "encrypted %B", &crypt); + DBG3(DBG_ENC, "ICV %B", &icv); + DBG3(DBG_ENC, "assoc %B", &assoc); + + if (!aead->decrypt(aead, crypt, assoc, iv, NULL)) + { + DBG1(DBG_ENC, "verifying %s integrity failed", label); + return FAILED; + } + + *plain = chunk_create(crypt.ptr, crypt.len - icv.len); + padding.len = plain->ptr[plain->len - 1] + 1; + if (padding.len > plain->len) + { + DBG1(DBG_ENC, "decrypting %s failed, padding invalid %B", label, + &crypt); + return PARSE_ERROR; + } + plain->len -= padding.len; + padding.ptr = plain->ptr + plain->len; + + DBG3(DBG_ENC, "plain %B", plain); + DBG3(DBG_ENC, "padding %B", &padding); + return SUCCESS; +} + +METHOD(encrypted_payload_t, decrypt, status_t, + private_encrypted_payload_t *this, chunk_t assoc) +{ + chunk_t plain; + status_t status; + + if (this->aead == NULL) + { + DBG1(DBG_ENC, "decrypting encrypted payload failed, transform missing"); + return INVALID_STATE; + } + + assoc = append_header(this, assoc); + status = decrypt_content("encrypted payload", this->aead, this->encrypted, + assoc, &plain); + free(assoc.ptr); + + if (status != SUCCESS) + { + return status; + } + return parse(this, plain); +} + +METHOD(encrypted_payload_t, decrypt_plain, status_t, + private_encrypted_payload_t *this, chunk_t assoc) +{ + if (!this->encrypted.ptr) + { + return FAILED; + } + return parse(this, this->encrypted); +} + +METHOD(encrypted_payload_t, decrypt_v1, status_t, + private_encrypted_payload_t *this, chunk_t iv) +{ + if (this->aead == NULL) + { + DBG1(DBG_ENC, "decryption failed, transform missing"); + return INVALID_STATE; + } + + /* data must be a multiple of block size */ + if (iv.len != this->aead->get_block_size(this->aead) || + this->encrypted.len < iv.len || this->encrypted.len % iv.len) + { + DBG1(DBG_ENC, "decryption failed, invalid length"); + return FAILED; + } + + DBG3(DBG_ENC, "decrypting payloads:"); + DBG3(DBG_ENC, "encrypted %B", &this->encrypted); + + if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL)) + { + return FAILED; + } + + DBG3(DBG_ENC, "plain %B", &this->encrypted); + + return parse(this, this->encrypted); +} + +METHOD(encrypted_payload_t, set_transform, void, + private_encrypted_payload_t *this, aead_t* aead) +{ + this->aead = aead; +} + +METHOD2(payload_t, encrypted_payload_t, destroy, void, + private_encrypted_payload_t *this) +{ + this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy)); + free(this->encrypted.ptr); + free(this); +} + +/* + * Described in header + */ +encrypted_payload_t *encrypted_payload_create(payload_type_t type) +{ + private_encrypted_payload_t *this; + + INIT(this, + .public = { + .payload_interface = { + .verify = _verify, + .get_encoding_rules = _get_encoding_rules, + .get_header_length = _get_header_length, + .get_length = _get_length, + .get_next_type = _get_next_type, + .set_next_type = _set_next_type, + .get_type = _get_type, + .destroy = _destroy, + }, + .get_length = _get_length, + .add_payload = _add_payload, + .remove_payload = _remove_payload, + .generate_payloads = _generate_payloads, + .set_transform = _set_transform, + .encrypt = _encrypt, + .decrypt = _decrypt, + .destroy = _destroy, + }, + .next_payload = PL_NONE, + .payloads = linked_list_create(), + .type = type, + ); + this->payload_length = get_header_length(this); + + if (type == PLV1_ENCRYPTED) + { + this->public.encrypt = _encrypt_v1; + this->public.decrypt = _decrypt_v1; + } + + return &this->public; +} + +/* + * Described in header + */ +encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next, + chunk_t plain) +{ + private_encrypted_payload_t *this; + + this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED); + this->public.decrypt = _decrypt_plain; + this->next_payload = next; + this->encrypted = plain; + compute_length(this); + + return &this->public; +} + +METHOD(payload_t, frag_verify, status_t, + private_encrypted_fragment_payload_t *this) +{ + if (!this->fragment_number || !this->total_fragments || + this->fragment_number > this->total_fragments) + { + DBG1(DBG_ENC, "invalid fragment number (%u) or total fragments (%u)", + this->fragment_number, this->total_fragments); + return FAILED; + } + if (this->fragment_number > 1 && this->next_payload != 0) + { + DBG1(DBG_ENC, "invalid next payload (%u) for fragment %u, ignored", + this->next_payload, this->fragment_number); + this->next_payload = 0; + } + return SUCCESS; +} + +METHOD(payload_t, frag_get_encoding_rules, int, + private_encrypted_fragment_payload_t *this, encoding_rule_t **rules) +{ + *rules = encodings_fragment; + return countof(encodings_fragment); +} + +METHOD(payload_t, frag_get_header_length, int, + private_encrypted_fragment_payload_t *this) +{ + return 8; +} + +METHOD(payload_t, frag_get_type, payload_type_t, + private_encrypted_fragment_payload_t *this) +{ + return PLV2_FRAGMENT; +} + +METHOD(payload_t, frag_get_next_type, payload_type_t, + private_encrypted_fragment_payload_t *this) +{ + return this->next_payload; +} + +METHOD(payload_t, frag_set_next_type, void, + private_encrypted_fragment_payload_t *this, payload_type_t type) +{ + if (this->fragment_number == 1 && this->next_payload == PL_NONE) + { + this->next_payload = type; + } +} + +METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t, + private_encrypted_fragment_payload_t *this) +{ + if (this->encrypted.len) + { + this->payload_length = this->encrypted.len; + } + else + { + this->payload_length = this->plain.len; + + if (this->aead) + { + this->payload_length += compute_overhead(this->aead, + this->payload_length); + } + } + this->payload_length += frag_get_header_length(this); + return this->payload_length; +} + +METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t, + private_encrypted_fragment_payload_t *this) +{ + return this->fragment_number; +} + +METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t, + private_encrypted_fragment_payload_t *this) +{ + return this->total_fragments; +} + +METHOD(encrypted_fragment_payload_t, frag_get_content, chunk_t, + private_encrypted_fragment_payload_t *this) +{ + return this->plain; +} + +METHOD(encrypted_payload_t, frag_add_payload, void, + private_encrypted_fragment_payload_t *this, payload_t* payload) +{ + payload->destroy(payload); +} + +METHOD(encrypted_payload_t, frag_set_transform, void, + private_encrypted_fragment_payload_t *this, aead_t* aead) +{ + this->aead = aead; +} + +/** + * Append the encrypted fragment payload header to the associated data + */ +static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this, + chunk_t assoc) +{ + struct { + u_int8_t next_payload; + u_int8_t flags; + u_int16_t length; + u_int16_t fragment_number; + u_int16_t total_fragments; + } __attribute__((packed)) header = { + .next_payload = this->next_payload, + .flags = this->flags, + .length = htons(frag_get_length(this)), + .fragment_number = htons(this->fragment_number), + .total_fragments = htons(this->total_fragments), + }; + return chunk_cat("cc", assoc, chunk_from_thing(header)); +} + +METHOD(encrypted_payload_t, frag_encrypt, status_t, + private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc) +{ + status_t status; + + if (!this->aead) + { + DBG1(DBG_ENC, "encrypting encrypted fragment payload failed, " + "transform missing"); + return INVALID_STATE; + } + free(this->encrypted.ptr); + assoc = append_header_frag(this, assoc); + status = encrypt_content("encrypted fragment payload", this->aead, mid, + this->plain, assoc, &this->encrypted); + free(assoc.ptr); + return status; +} + +METHOD(encrypted_payload_t, frag_decrypt, status_t, + private_encrypted_fragment_payload_t *this, chunk_t assoc) +{ + status_t status; + + if (!this->aead) + { + DBG1(DBG_ENC, "decrypting encrypted fragment payload failed, " + "transform missing"); + return INVALID_STATE; + } + free(this->plain.ptr); + assoc = append_header_frag(this, assoc); + status = decrypt_content("encrypted fragment payload", this->aead, + this->encrypted, assoc, &this->plain); + this->plain = chunk_clone(this->plain); + free(assoc.ptr); + return status; +} + +METHOD2(payload_t, encrypted_payload_t, frag_destroy, void, + private_encrypted_fragment_payload_t *this) +{ + free(this->encrypted.ptr); + free(this->plain.ptr); + free(this); +} + +/* + * Described in header + */ +encrypted_fragment_payload_t *encrypted_fragment_payload_create() +{ + private_encrypted_fragment_payload_t *this; + + INIT(this, + .public = { + .encrypted = { + .payload_interface = { + .verify = _frag_verify, + .get_encoding_rules = _frag_get_encoding_rules, + .get_header_length = _frag_get_header_length, + .get_length = _frag_get_length, + .get_next_type = _frag_get_next_type, + .set_next_type = _frag_set_next_type, + .get_type = _frag_get_type, + .destroy = _frag_destroy, + }, + .get_length = _frag_get_length, + .add_payload = _frag_add_payload, + .remove_payload = (void*)return_null, + .generate_payloads = nop, + .set_transform = _frag_set_transform, + .encrypt = _frag_encrypt, + .decrypt = _frag_decrypt, + .destroy = _frag_destroy, + }, + .get_fragment_number = _get_fragment_number, + .get_total_fragments = _get_total_fragments, + .get_content = _frag_get_content, + }, + .next_payload = PL_NONE, + ); + this->payload_length = frag_get_header_length(this); + + return &this->public; +} + +/* + * Described in header + */ +encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( + u_int16_t num, u_int16_t total, chunk_t plain) +{ + private_encrypted_fragment_payload_t *this; + + this = (private_encrypted_fragment_payload_t*)encrypted_fragment_payload_create(); + this->fragment_number = num; + this->total_fragments = total; + this->plain = chunk_clone(plain); + + return &this->public; +} diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index ee44c2de1..be59e3c2d 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2014 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter @@ -16,23 +17,24 @@ */ /** - * @defgroup encryption_payload encryption_payload + * @defgroup encrypted_payload encrypted_payload * @{ @ingroup payloads */ -#ifndef ENCRYPTION_PAYLOAD_H_ -#define ENCRYPTION_PAYLOAD_H_ +#ifndef ENCRYPTED_PAYLOAD_H_ +#define ENCRYPTED_PAYLOAD_H_ -typedef struct encryption_payload_t encryption_payload_t; +typedef struct encrypted_payload_t encrypted_payload_t; #include <library.h> #include <crypto/aead.h> #include <encoding/payloads/payload.h> +#include <encoding/generator.h> /** - * The encryption payload as described in RFC section 3.14. + * The encrypted payload as described in RFC section 3.14. */ -struct encryption_payload_t { +struct encrypted_payload_t { /** * Implements payload_t interface. @@ -44,14 +46,14 @@ struct encryption_payload_t { * * @return (expected) payload length */ - size_t (*get_length)(encryption_payload_t *this); + size_t (*get_length)(encrypted_payload_t *this); /** * Adds a payload to this encryption payload. * * @param payload payload_t object to add */ - void (*add_payload) (encryption_payload_t *this, payload_t *payload); + void (*add_payload) (encrypted_payload_t *this, payload_t *payload); /** * Remove the first payload in the list @@ -59,14 +61,22 @@ struct encryption_payload_t { * @param payload removed payload * @return payload, NULL if none left */ - payload_t* (*remove_payload)(encryption_payload_t *this); + payload_t* (*remove_payload)(encrypted_payload_t *this); + + /** + * Uses the given generator to generate the contained payloads. + * + * @param generator generator used to generate the contained payloads + */ + void (*generate_payloads)(encrypted_payload_t *this, + generator_t *generator); /** * Set the AEAD transform to use. * * @param aead aead transform to use */ - void (*set_transform) (encryption_payload_t *this, aead_t *aead); + void (*set_transform) (encrypted_payload_t *this, aead_t *aead); /** * Generate, encrypt and sign contained payloads. @@ -78,7 +88,7 @@ struct encryption_payload_t { * - FAILED if encryption failed * - INVALID_STATE if aead not supplied, but needed */ - status_t (*encrypt) (encryption_payload_t *this, u_int64_t mid, + status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid, chunk_t assoc); /** @@ -92,20 +102,31 @@ struct encryption_payload_t { * - FAILED if integrity check failed * - INVALID_STATE if aead not supplied, but needed */ - status_t (*decrypt) (encryption_payload_t *this, chunk_t assoc); + status_t (*decrypt) (encrypted_payload_t *this, chunk_t assoc); /** - * Destroys an encryption_payload_t object. + * Destroys an encrypted_payload_t object. */ - void (*destroy) (encryption_payload_t *this); + void (*destroy) (encrypted_payload_t *this); }; /** - * Creates an empty encryption_payload_t object. + * Creates an empty encrypted_payload_t object. * * @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED - * @return encryption_payload_t object + * @return encrypted_payload_t object + */ +encrypted_payload_t *encrypted_payload_create(payload_type_t type); + +/** + * Creates an encrypted payload with the given plain text data and next payload + * type. + * + * @param next next payload type + * @param plain plaintext data (gets adopted) + * @return encrypted_payload_t object */ -encryption_payload_t *encryption_payload_create(payload_type_t type); +encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next, + chunk_t plain); -#endif /** ENCRYPTION_PAYLOAD_H_ @}*/ +#endif /** ENCRYPTED_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c deleted file mode 100644 index 5784562f8..000000000 --- a/src/libcharon/encoding/payloads/encryption_payload.c +++ /dev/null @@ -1,634 +0,0 @@ -/* - * Copyright (C) 2005-2010 Martin Willi - * Copyright (C) 2010 revosec AG - * Copyright (C) 2011 Tobias Brunner - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <stddef.h> -#include <string.h> - -#include "encryption_payload.h" - -#include <daemon.h> -#include <encoding/payloads/encodings.h> -#include <collections/linked_list.h> -#include <encoding/generator.h> -#include <encoding/parser.h> - -typedef struct private_encryption_payload_t private_encryption_payload_t; - -/** - * Private data of an encryption_payload_t' Object. - * - */ -struct private_encryption_payload_t { - - /** - * Public encryption_payload_t interface. - */ - encryption_payload_t public; - - /** - * There is no next payload for an encryption payload, - * since encryption payload MUST be the last one. - * next_payload means here the first payload of the - * contained, encrypted payload. - */ - u_int8_t next_payload; - - /** - * Flags, including reserved bits - */ - u_int8_t flags; - - /** - * Length of this payload - */ - u_int16_t payload_length; - - /** - * Chunk containing the IV, plain, padding and ICV. - */ - chunk_t encrypted; - - /** - * AEAD transform to use - */ - aead_t *aead; - - /** - * Contained payloads - */ - linked_list_t *payloads; - - /** - * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED - */ - payload_type_t type; -}; - -/** - * Encoding rules to parse or generate a IKEv2-Encryption Payload. - * - * The defined offsets are the positions in a object of type - * private_encryption_payload_t. - */ -static encoding_rule_t encodings_v2[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_encryption_payload_t, next_payload) }, - /* Critical and 7 reserved bits, all stored for reconstruction */ - { U_INT_8, offsetof(private_encryption_payload_t, flags) }, - /* Length of the whole encryption payload*/ - { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) }, - /* encrypted data, stored in a chunk. contains iv, data, padding */ - { CHUNK_DATA, offsetof(private_encryption_payload_t, encrypted) }, -}; - -/* - 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Next Payload !C! RESERVED ! Payload Length ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Initialization Vector ! - ! (length is block size for encryption algorithm) ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Encrypted IKE Payloads ! - + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! ! Padding (0-255 octets) ! - +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ - ! ! Pad Length ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ~ Integrity Checksum Data ~ - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ - -/** - * Encoding rules to parse or generate a complete encrypted IKEv1 message. - * - * The defined offsets are the positions in a object of type - * private_encryption_payload_t. - */ -static encoding_rule_t encodings_v1[] = { - /* encrypted data, stored in a chunk */ - { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) }, -}; - -/* - 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Encrypted IKE Payloads ! - + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! ! Padding (0-255 octets) ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ - -METHOD(payload_t, verify, status_t, - private_encryption_payload_t *this) -{ - return SUCCESS; -} - -METHOD(payload_t, get_encoding_rules, int, - private_encryption_payload_t *this, encoding_rule_t **rules) -{ - if (this->type == PLV2_ENCRYPTED) - { - *rules = encodings_v2; - return countof(encodings_v2); - } - *rules = encodings_v1; - return countof(encodings_v1); -} - -METHOD(payload_t, get_header_length, int, - private_encryption_payload_t *this) -{ - if (this->type == PLV2_ENCRYPTED) - { - return 4; - } - return 0; -} - -METHOD(payload_t, get_type, payload_type_t, - private_encryption_payload_t *this) -{ - return this->type; -} - -METHOD(payload_t, get_next_type, payload_type_t, - private_encryption_payload_t *this) -{ - return this->next_payload; -} - -METHOD(payload_t, set_next_type, void, - private_encryption_payload_t *this, payload_type_t type) -{ - /* the next payload is set during add, still allow this for IKEv1 */ - this->next_payload = type; -} - -/** - * Compute the length of the whole payload - */ -static void compute_length(private_encryption_payload_t *this) -{ - enumerator_t *enumerator; - payload_t *payload; - size_t bs, length = 0; - - if (this->encrypted.len) - { - length = this->encrypted.len; - } - else - { - enumerator = this->payloads->create_enumerator(this->payloads); - while (enumerator->enumerate(enumerator, &payload)) - { - length += payload->get_length(payload); - } - enumerator->destroy(enumerator); - - if (this->aead) - { - /* append padding */ - bs = this->aead->get_block_size(this->aead); - length += bs - (length % bs); - /* add iv */ - length += this->aead->get_iv_size(this->aead); - /* add icv */ - length += this->aead->get_icv_size(this->aead); - } - } - length += get_header_length(this); - this->payload_length = length; -} - -METHOD2(payload_t, encryption_payload_t, get_length, size_t, - private_encryption_payload_t *this) -{ - compute_length(this); - return this->payload_length; -} - -METHOD(encryption_payload_t, add_payload, void, - private_encryption_payload_t *this, payload_t *payload) -{ - payload_t *last_payload; - - if (this->payloads->get_count(this->payloads) > 0) - { - this->payloads->get_last(this->payloads, (void **)&last_payload); - last_payload->set_next_type(last_payload, payload->get_type(payload)); - } - else - { - this->next_payload = payload->get_type(payload); - } - payload->set_next_type(payload, PL_NONE); - this->payloads->insert_last(this->payloads, payload); - compute_length(this); -} - -METHOD(encryption_payload_t, remove_payload, payload_t *, - private_encryption_payload_t *this) -{ - payload_t *payload; - - if (this->payloads->remove_first(this->payloads, - (void**)&payload) == SUCCESS) - { - return payload; - } - return NULL; -} - -/** - * Generate payload before encryption - */ -static chunk_t generate(private_encryption_payload_t *this, - generator_t *generator) -{ - payload_t *current, *next; - enumerator_t *enumerator; - u_int32_t *lenpos; - chunk_t chunk = chunk_empty; - - enumerator = this->payloads->create_enumerator(this->payloads); - if (enumerator->enumerate(enumerator, ¤t)) - { - this->next_payload = current->get_type(current); - - while (enumerator->enumerate(enumerator, &next)) - { - current->set_next_type(current, next->get_type(next)); - generator->generate_payload(generator, current); - current = next; - } - current->set_next_type(current, PL_NONE); - generator->generate_payload(generator, current); - - chunk = generator->get_chunk(generator, &lenpos); - DBG2(DBG_ENC, "generated content in encryption payload"); - } - enumerator->destroy(enumerator); - return chunk; -} - -/** - * Append the encryption payload header to the associated data - */ -static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc) -{ - struct { - u_int8_t next_payload; - u_int8_t flags; - u_int16_t length; - } __attribute__((packed)) header = { - .next_payload = this->next_payload, - .flags = this->flags, - .length = htons(get_length(this)), - }; - return chunk_cat("cc", assoc, chunk_from_thing(header)); -} - -METHOD(encryption_payload_t, encrypt, status_t, - private_encryption_payload_t *this, u_int64_t mid, chunk_t assoc) -{ - chunk_t iv, plain, padding, icv, crypt; - generator_t *generator; - iv_gen_t *iv_gen; - rng_t *rng; - size_t bs; - - if (this->aead == NULL) - { - DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing"); - return INVALID_STATE; - } - - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) - { - DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found"); - return NOT_SUPPORTED; - } - - iv_gen = this->aead->get_iv_gen(this->aead); - if (!iv_gen) - { - DBG1(DBG_ENC, "encrypting encryption payload failed, no IV generator"); - return NOT_SUPPORTED; - } - - assoc = append_header(this, assoc); - - generator = generator_create(); - plain = generate(this, generator); - bs = this->aead->get_block_size(this->aead); - /* we need at least one byte padding to store the padding length */ - padding.len = bs - (plain.len % bs); - iv.len = this->aead->get_iv_size(this->aead); - icv.len = this->aead->get_icv_size(this->aead); - - /* prepare data to authenticate-encrypt: - * | IV | plain | padding | ICV | - * \____crypt______/ ^ - * | / - * v / - * assoc -> + ------->/ - */ - free(this->encrypted.ptr); - this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len); - iv.ptr = this->encrypted.ptr; - memcpy(iv.ptr + iv.len, plain.ptr, plain.len); - plain.ptr = iv.ptr + iv.len; - padding.ptr = plain.ptr + plain.len; - icv.ptr = padding.ptr + padding.len; - crypt = chunk_create(plain.ptr, plain.len + padding.len); - generator->destroy(generator); - - if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) || - !rng->get_bytes(rng, padding.len - 1, padding.ptr)) - { - DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding"); - rng->destroy(rng); - free(assoc.ptr); - return FAILED; - } - padding.ptr[padding.len - 1] = padding.len - 1; - rng->destroy(rng); - - DBG3(DBG_ENC, "encryption payload encryption:"); - DBG3(DBG_ENC, "IV %B", &iv); - DBG3(DBG_ENC, "plain %B", &plain); - DBG3(DBG_ENC, "padding %B", &padding); - DBG3(DBG_ENC, "assoc %B", &assoc); - - if (!this->aead->encrypt(this->aead, crypt, assoc, iv, NULL)) - { - free(assoc.ptr); - return FAILED; - } - - DBG3(DBG_ENC, "encrypted %B", &crypt); - DBG3(DBG_ENC, "ICV %B", &icv); - - free(assoc.ptr); - - return SUCCESS; -} - -METHOD(encryption_payload_t, encrypt_v1, status_t, - private_encryption_payload_t *this, u_int64_t mid, chunk_t iv) -{ - generator_t *generator; - chunk_t plain, padding; - size_t bs; - - if (this->aead == NULL) - { - DBG1(DBG_ENC, "encryption failed, transform missing"); - return INVALID_STATE; - } - - generator = generator_create(); - plain = generate(this, generator); - bs = this->aead->get_block_size(this->aead); - padding.len = bs - (plain.len % bs); - - /* prepare data to encrypt: - * | plain | padding | */ - free(this->encrypted.ptr); - this->encrypted = chunk_alloc(plain.len + padding.len); - memcpy(this->encrypted.ptr, plain.ptr, plain.len); - plain.ptr = this->encrypted.ptr; - padding.ptr = plain.ptr + plain.len; - memset(padding.ptr, 0, padding.len); - generator->destroy(generator); - - DBG3(DBG_ENC, "encrypting payloads:"); - DBG3(DBG_ENC, "plain %B", &plain); - DBG3(DBG_ENC, "padding %B", &padding); - - if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL)) - { - return FAILED; - } - - DBG3(DBG_ENC, "encrypted %B", &this->encrypted); - - return SUCCESS; -} - -/** - * Parse the payloads after decryption. - */ -static status_t parse(private_encryption_payload_t *this, chunk_t plain) -{ - parser_t *parser; - payload_type_t type; - - parser = parser_create(plain); - type = this->next_payload; - while (type != PL_NONE) - { - payload_t *payload; - - if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len) - { - DBG1(DBG_ENC, "invalid %N payload length, decryption failed?", - payload_type_names, type); - parser->destroy(parser); - return PARSE_ERROR; - } - if (parser->parse_payload(parser, type, &payload) != SUCCESS) - { - parser->destroy(parser); - return PARSE_ERROR; - } - if (payload->verify(payload) != SUCCESS) - { - DBG1(DBG_ENC, "%N verification failed", - payload_type_names, payload->get_type(payload)); - payload->destroy(payload); - parser->destroy(parser); - return VERIFY_ERROR; - } - type = payload->get_next_type(payload); - this->payloads->insert_last(this->payloads, payload); - } - parser->destroy(parser); - DBG2(DBG_ENC, "parsed content of encryption payload"); - return SUCCESS; -} - -METHOD(encryption_payload_t, decrypt, status_t, - private_encryption_payload_t *this, chunk_t assoc) -{ - chunk_t iv, plain, padding, icv, crypt; - size_t bs; - - if (this->aead == NULL) - { - DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing"); - return INVALID_STATE; - } - - /* prepare data to authenticate-decrypt: - * | IV | plain | padding | ICV | - * \____crypt______/ ^ - * | / - * v / - * assoc -> + ------->/ - */ - - bs = this->aead->get_block_size(this->aead); - iv.len = this->aead->get_iv_size(this->aead); - iv.ptr = this->encrypted.ptr; - icv.len = this->aead->get_icv_size(this->aead); - icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len; - crypt.ptr = iv.ptr + iv.len; - crypt.len = this->encrypted.len - iv.len; - - if (iv.len + icv.len > this->encrypted.len || - (crypt.len - icv.len) % bs) - { - DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length"); - return FAILED; - } - - assoc = append_header(this, assoc); - - DBG3(DBG_ENC, "encryption payload decryption:"); - DBG3(DBG_ENC, "IV %B", &iv); - DBG3(DBG_ENC, "encrypted %B", &crypt); - DBG3(DBG_ENC, "ICV %B", &icv); - DBG3(DBG_ENC, "assoc %B", &assoc); - - if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL)) - { - DBG1(DBG_ENC, "verifying encryption payload integrity failed"); - free(assoc.ptr); - return FAILED; - } - free(assoc.ptr); - - plain = chunk_create(crypt.ptr, crypt.len - icv.len); - padding.len = plain.ptr[plain.len - 1] + 1; - if (padding.len > plain.len) - { - DBG1(DBG_ENC, "decrypting encryption payload failed, " - "padding invalid %B", &crypt); - return PARSE_ERROR; - } - plain.len -= padding.len; - padding.ptr = plain.ptr + plain.len; - - DBG3(DBG_ENC, "plain %B", &plain); - DBG3(DBG_ENC, "padding %B", &padding); - - return parse(this, plain); -} - -METHOD(encryption_payload_t, decrypt_v1, status_t, - private_encryption_payload_t *this, chunk_t iv) -{ - if (this->aead == NULL) - { - DBG1(DBG_ENC, "decryption failed, transform missing"); - return INVALID_STATE; - } - - /* data must be a multiple of block size */ - if (iv.len != this->aead->get_block_size(this->aead) || - this->encrypted.len < iv.len || this->encrypted.len % iv.len) - { - DBG1(DBG_ENC, "decryption failed, invalid length"); - return FAILED; - } - - DBG3(DBG_ENC, "decrypting payloads:"); - DBG3(DBG_ENC, "encrypted %B", &this->encrypted); - - if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL)) - { - return FAILED; - } - - DBG3(DBG_ENC, "plain %B", &this->encrypted); - - return parse(this, this->encrypted); -} - -METHOD(encryption_payload_t, set_transform, void, - private_encryption_payload_t *this, aead_t* aead) -{ - this->aead = aead; -} - -METHOD2(payload_t, encryption_payload_t, destroy, void, - private_encryption_payload_t *this) -{ - this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy)); - free(this->encrypted.ptr); - free(this); -} - -/* - * Described in header - */ -encryption_payload_t *encryption_payload_create(payload_type_t type) -{ - private_encryption_payload_t *this; - - INIT(this, - .public = { - .payload_interface = { - .verify = _verify, - .get_encoding_rules = _get_encoding_rules, - .get_header_length = _get_header_length, - .get_length = _get_length, - .get_next_type = _get_next_type, - .set_next_type = _set_next_type, - .get_type = _get_type, - .destroy = _destroy, - }, - .get_length = _get_length, - .add_payload = _add_payload, - .remove_payload = _remove_payload, - .set_transform = _set_transform, - .encrypt = _encrypt, - .decrypt = _decrypt, - .destroy = _destroy, - }, - .next_payload = PL_NONE, - .payloads = linked_list_create(), - .type = type, - ); - this->payload_length = get_header_length(this); - - if (type == PLV1_ENCRYPTED) - { - this->public.encrypt = _encrypt_v1; - this->public.decrypt = _decrypt_v1; - } - - return &this->public; -} diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 7015667ee..c96738a34 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -210,8 +210,9 @@ METHOD(payload_t, verify, status_t, case TRANSACTION: case QUICK_MODE: case NEW_GROUP_MODE: - if (this->maj_version != IKEV1_MAJOR_VERSION) + if (this->maj_version == IKEV2_MAJOR_VERSION) { + /* IKEv1 exchange type in IKEv2? */ return FAILED; } break; @@ -223,14 +224,20 @@ METHOD(payload_t, verify, status_t, #ifdef ME case ME_CONNECT: #endif /* ME */ - if (this->maj_version != IKEV2_MAJOR_VERSION) + if (this->maj_version == IKEV1_MAJOR_VERSION) { + /* IKEv2 exchange type in IKEv1? */ return FAILED; } break; default: - /* unsupported exchange type */ - return FAILED; + if (this->maj_version == IKEV1_MAJOR_VERSION || + this->maj_version == IKEV2_MAJOR_VERSION) + { + /* unsupported exchange type for known version */ + return FAILED; + } + break; } if (this->initiator_spi == 0) { @@ -501,4 +508,3 @@ ike_header_t *ike_header_create_version(int major, int minor) } return this; } - diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index dd92e429a..94723ddd7 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_ "ME_CONNECT_FAILED"); ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_NOTIFY_STATUS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -110,8 +110,10 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS, "PSK_PERSIST", "PSK_CONFIRM", "ERX_SUPPORTED", - "IFOM_CAPABILITY"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY, + "IFOM_CAPABILITY", + "SENDER_REQUEST_ID", + "FRAGMENTATION_SUPPORTED"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -128,7 +130,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE, "ME_CONNECTKEY", "ME_CONNECTAUTH", "ME_RESPONSE", - "RADIUS_ATTRIBUTE",); + "RADIUS_ATTRIBUTE"); ENUM_END(notify_type_names, RADIUS_ATTRIBUTE); @@ -172,7 +174,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S "ME_CONN_FAIL"); ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_STATUS"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -217,8 +219,10 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_S "PSK_PST", "PSK_CFM", "ERX_SUP", - "IFOM_CAP"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY, + "IFOM_CAP", + "SENDER_REQ_ID", + "FRAG_SUP"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 3c56f0673..25521c2bb 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -147,6 +147,10 @@ enum notify_type_t { ERX_SUPPORTED = 16427, /* IFOM capability, 3GPP TS 24.303, annex B.2 */ IFOM_CAPABILITY = 16428, + /* SENDER_REQUEST_ID (draft-yeung-g-ikev2) */ + SENDER_REQUEST_ID = 16429, + /* IKEv2 fragmentation supported, RFC 7383 */ + FRAGMENTATION_SUPPORTED = 16430, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index fd616620d..600b6dd68 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -28,7 +28,8 @@ #include <encoding/payloads/auth_payload.h> #include <encoding/payloads/cert_payload.h> #include <encoding/payloads/certreq_payload.h> -#include <encoding/payloads/encryption_payload.h> +#include <encoding/payloads/encrypted_payload.h> +#include <encoding/payloads/encrypted_fragment_payload.h> #include <encoding/payloads/ts_payload.h> #include <encoding/payloads/delete_payload.h> #include <encoding/payloads/vendor_id_payload.h> @@ -59,7 +60,7 @@ ENUM_NEXT(payload_type_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_ ENUM_NEXT(payload_type_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT_D_V1", "NAT_OA_V1"); -ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, +ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", @@ -76,16 +77,20 @@ ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, "ENCRYPTED", "CONFIGURATION", "EAP", - "GSPM"); + "GSPM", + "GROUP_ID", + "GROUP_SECURITY_ASSOCIATION", + "KEY_DOWNLOAD", + "ENCRYPTED_FRAGMENT"); #ifdef ME -ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, +ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT, "ID_PEER"); ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); #else -ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, +ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); @@ -125,7 +130,7 @@ ENUM_NEXT(payload_type_short_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATIO ENUM_NEXT(payload_type_short_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT-D", "NAT-OA"); -ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, +ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA, "SA", "KE", "IDi", @@ -142,16 +147,20 @@ ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_N "E", "CP", "EAP", - "GSPM"); + "GSPM", + "IDg", + "GSA", + "KD", + "EF"); #ifdef ME -ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, +ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT, "IDp"); ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT-D", "NAT-OA", "FRAG"); #else -ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT, "NAT-D", "NAT-OA", "FRAG"); @@ -244,9 +253,11 @@ payload_t *payload_create(payload_type_t type) return (payload_t*)eap_payload_create(); case PLV2_ENCRYPTED: case PLV1_ENCRYPTED: - return (payload_t*)encryption_payload_create(type); + return (payload_t*)encrypted_payload_create(type); case PLV1_FRAGMENT: return (payload_t*)fragment_payload_create(); + case PLV2_FRAGMENT: + return (payload_t*)encrypted_fragment_payload_create(); default: return (payload_t*)unknown_payload_create(type); } @@ -261,15 +272,19 @@ bool payload_is_known(payload_type_t type) { return TRUE; } - if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) + if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) { return TRUE; } - if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) + if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) { return TRUE; } - if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) + if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) + { + return TRUE; + } + if (type == PLV2_FRAGMENT) { return TRUE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index d9dd619f7..036cd422d 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -193,7 +193,7 @@ enum payload_type_t { PLV2_TS_RESPONDER = 45, /** - * Encryption payload, contains other payloads (E). + * Encrypted payload, contains other payloads (E). */ PLV2_ENCRYPTED = 46, @@ -212,6 +212,26 @@ enum payload_type_t { */ PLV2_GSPM = 49, + /** + * Group Identification (draft-yeung-g-ikev2) + */ + PLV2_IDG = 50, + + /** + * Group Security Association (draft-yeung-g-ikev2) + */ + PLV2_GSA = 51, + + /** + * Key Download (draft-yeung-g-ikev2) + */ + PLV2_KD = 52, + + /** + * Encrypted fragment payload (SKF), RFC 7383 + */ + PLV2_FRAGMENT = 53, + #ifdef ME /** * Identification payload for peers has a value from @@ -231,7 +251,7 @@ enum payload_type_t { PLV1_NAT_OA_DRAFT_00_03 = 131, /** - * IKE fragment (proprietary IKEv1 extension) + * IKEv1 fragment (proprietary IKEv1 extension) */ PLV1_FRAGMENT = 132, diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 8e3a01285..407038a2d 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -296,7 +296,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, linked_list_t *substructs, *list; if (this->type == PLV1_SECURITY_ASSOCIATION) - { /* IKEv1 proposals start with 0 */ + { /* IKEv1 proposals may start with 0 or 1 (or any other number really) */ struct_number = ignore_struct_number = -1; } @@ -309,17 +309,22 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &substruct)) { + int current_number = substruct->get_proposal_number(substruct); + /* check if a proposal has a single protocol */ - if (substruct->get_proposal_number(substruct) == struct_number) + if (current_number == struct_number) { if (ignore_struct_number < struct_number) - { /* remove an already added, if first of series */ + { /* remove an already added substruct, if first of series */ substructs->remove_last(substructs, (void**)&substruct); ignore_struct_number = struct_number; } continue; } - struct_number++; + /* for IKEv1 the numbers don't have to be consecutive, for IKEv2 they do + * but since we don't really care for the actual number we accept them + * anyway. we already verified that they increase monotonically. */ + struct_number = current_number; substructs->insert_last(substructs, substruct); } enumerator->destroy(enumerator); @@ -364,7 +369,7 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, } if (proposal_number != current_proposal) { /* start of a new proposal */ - if (espah && ipcomp) + if (espah && ipcomp && ipcomp->get_cpi(ipcomp, NULL)) { /* previous proposal is valid */ break; } diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index a2a3b1f89..5ce9471bd 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) #ifdef USE_IKEV2 send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL, INVALID_MAJOR_VERSION, chunk_empty); -#endif /* USE_IKEV2 */ -#ifdef USE_IKEV1 +#elif defined(USE_IKEV1) send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1, INVALID_MAJOR_VERSION, chunk_empty); #endif /* USE_IKEV1 */ @@ -684,4 +683,3 @@ receiver_t *receiver_create() return &this->public; } - diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 0655959ca..c3b014c3c 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index 287c94acc..50594a452 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 9fd515073..700a4219c 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index edda93e77..08101d51d 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 5670f4323..679d2dae6 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index da364b06e..768c2b32b 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index d408cd24e..3484e08a3 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 97432f1b1..381d7a119 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 5b20fe5a6..3b0f8763c 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index d0ee19899..839a379ea 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 78b66ac96..fdbad6234 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 7f18792c4..9675104da 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 5275a348c..0610b5859 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 5dd623d6e..38c9d0b7c 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index c0e42198c..f5dfd6814 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 615a916c1..5ccd58158 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index cd4355dfa..04cc422f5 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 6719497d3..60d12dc1d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -414,6 +414,30 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id, } /** + * Add a DNS/NBNS configuration attribute + */ +static void add_nameserver_attribute(eap_radius_provider_t *provider, + u_int32_t id, int type, chunk_t data) +{ + /* these are from different vendors, but there is currently no conflict */ + switch (type) + { + case 5: /* CVPN3000-Primary-DNS */ + case 6: /* CVPN3000-Secondary-DNS */ + case 28: /* MS-Primary-DNS-Server */ + case 29: /* MS-Secondary-DNS-Server */ + provider->add_attribute(provider, id, INTERNAL_IP4_DNS, data); + break; + case 7: /* CVPN3000-Primary-WINS */ + case 8: /* CVPN3000-Secondary-WINS */ + case 30: /* MS-Primary-NBNS-Server */ + case 31: /* MS-Secondary-NBNS-Server */ + provider->add_attribute(provider, id, INTERNAL_IP4_NBNS, data); + break; + } +} + +/** * Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute */ static void add_unity_split_attribute(eap_radius_provider_t *provider, @@ -515,6 +539,16 @@ static void process_cfg_attributes(radius_message_t *msg) { switch (type) { + case 5: /* CVPN3000-Primary-DNS */ + case 6: /* CVPN3000-Secondary-DNS */ + case 7: /* CVPN3000-Primary-WINS */ + case 8: /* CVPN3000-Secondary-WINS */ + if (data.len == 4) + { + add_nameserver_attribute(provider, + ike_sa->get_unique_id(ike_sa), type, data); + } + break; case 15: /* CVPN3000-IPSec-Banner1 */ case 28: /* CVPN3000-IPSec-Default-Domain */ case 29: /* CVPN3000-IPSec-Split-DNS-Names */ @@ -546,6 +580,22 @@ static void process_cfg_attributes(radius_message_t *msg) break; } } + if (vendor == PEN_MICROSOFT) + { + switch (type) + { + case 28: /* MS-Primary-DNS-Server */ + case 29: /* MS-Secondary-DNS-Server */ + case 30: /* MS-Primary-NBNS-Server */ + case 31: /* MS-Secondary-NBNS-Server */ + if (data.len == 4) + { + add_nameserver_attribute(provider, + ike_sa->get_unique_id(ike_sa), type, data); + } + break; + } + } } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 0020c5d57..31c96d229 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -488,6 +488,16 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) message->add(message, RAT_ACCT_SESSION_ID, chunk_create(entry->sid, strlen(entry->sid))); + if (!entry->interim.interval) + { + entry->interim.interval = lib->settings->get_time(lib->settings, + "%s.plugins.eap-radius.accounting_interval", 0, lib->ns); + if (entry->interim.interval) + { + DBG1(DBG_CFG, "scheduling RADIUS Interim-Updates every %us", + entry->interim.interval); + } + } schedule_interim(this, entry); this->mutex->unlock(this->mutex); diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 494efd99a..6a00ea74d 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 82e7561f8..7a08f4e0e 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 9a7a1909e..a1ec7adc1 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 886b0c575..bf99ab095 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 57c64246b..ce4602365 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index eb4d3fa95..0c0b7fd52 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index c63d56b53..25696f524 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 97552dfd0..2d5d65875 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 70cc18405..38c7632ac 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 0782dde53..d9fa454ca 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/ext_auth/Makefile.am b/src/libcharon/plugins/ext_auth/Makefile.am new file mode 100644 index 000000000..d51ea8881 --- /dev/null +++ b/src/libcharon/plugins/ext_auth/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ext-auth.la +else +plugin_LTLIBRARIES = libstrongswan-ext-auth.la +endif + +libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \ + ext_auth_listener.h ext_auth_listener.c + +libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in new file mode 100644 index 000000000..a1b47dd33 --- /dev/null +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -0,0 +1,774 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/ext_auth +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/depcomp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ext_auth_la_LIBADD = +am_libstrongswan_ext_auth_la_OBJECTS = ext_auth_plugin.lo \ + ext_auth_listener.lo +libstrongswan_ext_auth_la_OBJECTS = \ + $(am_libstrongswan_ext_auth_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_ext_auth_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ext_auth_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ext_auth_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ext_auth_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_ext_auth_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ext_auth_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ext-auth.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ext-auth.la +libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \ + ext_auth_listener.h ext_auth_listener.c + +libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-ext-auth.la: $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_DEPENDENCIES) $(EXTRA_libstrongswan_ext_auth_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_ext_auth_la_LINK) $(am_libstrongswan_ext_auth_la_rpath) $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_auth_listener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_auth_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.c b/src/libcharon/plugins/ext_auth/ext_auth_listener.c new file mode 100644 index 000000000..06cec20d7 --- /dev/null +++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.c @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr) + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/* for vasprintf() */ +#define _GNU_SOURCE +#include "ext_auth_listener.h" + +#include <daemon.h> +#include <utils/process.h> + +#include <stdio.h> +#include <unistd.h> + +typedef struct private_ext_auth_listener_t private_ext_auth_listener_t; + +/** + * Private data of an ext_auth_listener_t object. + */ +struct private_ext_auth_listener_t { + + /** + * Public ext_auth_listener_listener_t interface. + */ + ext_auth_listener_t public; + + /** + * Path to authorization program + */ + char *script; +}; + +/** + * Allocate and push a format string to the environment + */ +static bool push_env(char *envp[], u_int count, char *fmt, ...) +{ + int i = 0; + char *str; + va_list args; + + while (envp[i]) + { + if (++i + 1 >= count) + { + return FALSE; + } + } + va_start(args, fmt); + if (vasprintf(&str, fmt, args) >= 0) + { + envp[i] = str; + } + va_end(args); + return envp[i] != NULL; +} + +/** + * Free all allocated environment strings + */ +static void free_env(char *envp[]) +{ + int i; + + for (i = 0; envp[i]; i++) + { + free(envp[i]); + } +} + +METHOD(listener_t, authorize, bool, + private_ext_auth_listener_t *this, ike_sa_t *ike_sa, + bool final, bool *success) +{ + if (final) + { + FILE *shell; + process_t *process; + char *envp[32] = {}; + int out, retval; + + *success = FALSE; + + push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u", + ike_sa->get_unique_id(ike_sa)); + push_env(envp, countof(envp), "IKE_NAME=%s", + ike_sa->get_name(ike_sa)); + + push_env(envp, countof(envp), "IKE_LOCAL_HOST=%H", + ike_sa->get_my_host(ike_sa)); + push_env(envp, countof(envp), "IKE_REMOTE_HOST=%H", + ike_sa->get_other_host(ike_sa)); + + push_env(envp, countof(envp), "IKE_LOCAL_ID=%Y", + ike_sa->get_my_id(ike_sa)); + push_env(envp, countof(envp), "IKE_REMOTE_ID=%Y", + ike_sa->get_other_id(ike_sa)); + + if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) || + ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED)) + { + push_env(envp, countof(envp), "IKE_REMOTE_EAP_ID=%Y", + ike_sa->get_other_eap_id(ike_sa)); + } + + process = process_start_shell(envp, NULL, &out, NULL, + "2>&1 %s", this->script); + if (process) + { + shell = fdopen(out, "r"); + if (shell) + { + while (TRUE) + { + char resp[128], *e; + + if (fgets(resp, sizeof(resp), shell) == NULL) + { + if (ferror(shell)) + { + DBG1(DBG_CFG, "error reading from ext-auth script"); + } + break; + } + else + { + e = resp + strlen(resp); + if (e > resp && e[-1] == '\n') + { + e[-1] = '\0'; + } + DBG1(DBG_CHD, "ext-auth: %s", resp); + } + } + fclose(shell); + } + else + { + close(out); + } + if (process->wait(process, &retval)) + { + if (retval == EXIT_SUCCESS) + { + *success = TRUE; + } + else + { + DBG1(DBG_CFG, "rejecting IKE_SA for ext-auth result: %d", + retval); + } + } + } + free_env(envp); + } + return TRUE; +} + +METHOD(ext_auth_listener_t, destroy, void, + private_ext_auth_listener_t *this) +{ + free(this); +} + +/** + * See header + */ +ext_auth_listener_t *ext_auth_listener_create(char *script) +{ + private_ext_auth_listener_t *this; + + INIT(this, + .public = { + .listener = { + .authorize = _authorize, + }, + .destroy = _destroy, + }, + .script = script, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.h b/src/libcharon/plugins/ext_auth/ext_auth_listener.h new file mode 100644 index 000000000..3fec83066 --- /dev/null +++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup ext_auth_listener ext_auth_listener + * @{ @ingroup ext_auth + */ + +#ifndef EXT_AUTH_LISTENER_H_ +#define EXT_AUTH_LISTENER_H_ + +#include <bus/listeners/listener.h> + +typedef struct ext_auth_listener_t ext_auth_listener_t; + +/** + * Listener using an external script to authorize connection + */ +struct ext_auth_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy the listener. + */ + void (*destroy)(ext_auth_listener_t *this); +}; + +/** + * Create ext_auth_listener instance. + * + * @param script path to authorization script + * @return listener instance + */ +ext_auth_listener_t *ext_auth_listener_create(char *script); + +#endif /** ext_auth_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.c b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c new file mode 100644 index 000000000..b3698c767 --- /dev/null +++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr) + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "ext_auth_plugin.h" +#include "ext_auth_listener.h" + +#include <daemon.h> + +typedef struct private_ext_auth_plugin_t private_ext_auth_plugin_t; + +/** + * private data of ext_auth plugin + */ +struct private_ext_auth_plugin_t { + + /** + * implements plugin interface + */ + ext_auth_plugin_t public; + + /** + * Listener verifying peers during authorization + */ + ext_auth_listener_t *listener; +}; + +METHOD(plugin_t, get_name, char*, + private_ext_auth_plugin_t *this) +{ + return "ext-auth"; +} + +/** + * Create a listener instance, NULL on error + */ +static ext_auth_listener_t* create_listener() +{ + char *script; + + script = lib->settings->get_str(lib->settings, + "%s.plugins.ext-auth.script", NULL, lib->ns); + if (!script) + { + DBG1(DBG_CFG, "no script for ext-auth script defined, disabled"); + return NULL; + } + DBG1(DBG_CFG, "using ext-auth script '%s'", script); + return ext_auth_listener_create(script); +} + +/** + * Register listener + */ +static bool plugin_cb(private_ext_auth_plugin_t *this, + plugin_feature_t *feature, bool reg, void *cb_data) +{ + if (reg) + { + this->listener = create_listener(); + if (!this->listener) + { + return FALSE; + } + charon->bus->add_listener(charon->bus, &this->listener->listener); + } + else + { + if (this->listener) + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + } + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + private_ext_auth_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), + PLUGIN_PROVIDE(CUSTOM, "ext_auth"), + }; + *features = f; + return countof(f); +} + + +METHOD(plugin_t, reload, bool, + private_ext_auth_plugin_t *this) +{ + ext_auth_listener_t *listener; + + /* reload new listener overlapped */ + listener = create_listener(); + if (listener) + { + charon->bus->add_listener(charon->bus, &listener->listener); + } + if (this->listener) + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + } + this->listener = listener; + + return TRUE; +} + +METHOD(plugin_t, destroy, void, + private_ext_auth_plugin_t *this) +{ + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *ext_auth_plugin_create() +{ + private_ext_auth_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .reload = _reload, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.h b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h new file mode 100644 index 000000000..1288e240c --- /dev/null +++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup ext_auth ext_auth + * @ingroup cplugins + * + * @defgroup ext_auth_plugin ext_auth_plugin + * @{ @ingroup ext_auth + */ + +#ifndef EXT_AUTH_PLUGIN_H_ +#define EXT_AUTH_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct ext_auth_plugin_t ext_auth_plugin_t; + +/** + * Plugin using an external script to authorize connections. + */ +struct ext_auth_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** EXT_AUTH_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 75ff158a8..2bfd38ba1 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index cec73620a..aa5bdb747 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 6ff24c334..e20e872c1 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -437,11 +437,13 @@ static void process_ike_update(private_ha_dispatcher_t *this, pools->destroy(pools); } } +#ifdef USE_IKEV1 if (ike_sa->get_version(ike_sa) == IKEV1) { lib->processor->queue_job(lib->processor, (job_t*) adopt_children_job_create(ike_sa->get_id(ike_sa))); } +#endif /* USE_IKEV1 */ this->cache->cache(this->cache, ike_sa, message); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index da2e8d7fb..bd3fd63aa 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index 460c7b730..7e1f79bd8 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index a4e5ba931..c961c0bd8 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index ff987f8d4..1c92e30fc 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 78ec6660e..db4552dde 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index df75c0f4b..418dccba5 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -245,6 +245,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -305,6 +306,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -370,6 +372,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -417,6 +421,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index deb517ed8..f0f2c75f4 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -241,6 +241,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -301,6 +302,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -366,6 +368,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -413,6 +417,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index aa3ade079..3a866e968 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 919b936c0..e0f70ce44 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index ce81fb1a8..adb61e817 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 870b42790..a0c21c442 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index 35ebf9975..14abba99a 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 35e7f2a87..7c5b030f4 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index bee1259e6..548524a38 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 081d3efc7..9cc39955b 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -45,9 +45,6 @@ #include <daemon.h> #include <threading/thread.h> -/* Maximum size of a packet */ -#define MAX_PACKET 10000 - /* these are not defined on some platforms */ #ifndef SOL_IP #define SOL_IP IPPROTO_IP @@ -739,7 +736,7 @@ socket_default_socket_t *socket_default_socket_create() .natt = lib->settings->get_int(lib->settings, "%s.port_nat_t", CHARON_NATT_PORT, lib->ns), .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, lib->ns), + "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns), .set_source = lib->settings->get_bool(lib->settings, "%s.plugins.socket-default.set_source", TRUE, lib->ns), diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 073806d64..892549c6c 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index 3161a709f..b82a69e1b 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -42,9 +42,6 @@ #include <threading/rwlock.h> #include <collections/hashtable.h> -/* Maximum size of a packet */ -#define MAX_PACKET 10000 - /* these are not defined on some platforms */ #ifndef SOL_IP #define SOL_IP IPPROTO_IP @@ -668,7 +665,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create() }, .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, lib->ns), + "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns), ); if (pipe(this->notify) != 0) diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index ff38e8158..88b2ac3f0 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c index 5ebe04aac..fbfbedae1 100644 --- a/src/libcharon/plugins/socket_win/socket_win_socket.c +++ b/src/libcharon/plugins/socket_win/socket_win_socket.c @@ -25,9 +25,6 @@ #include <mswsock.h> -/* Maximum size of a packet */ -#define MAX_PACKET 10000 - /* number of sockets in use */ #define SOCKET_COUNT 2 @@ -458,7 +455,7 @@ socket_win_socket_t *socket_win_socket_create() "%s.port_nat_t", CHARON_NATT_PORT, lib->ns), }, .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, lib->ns), + "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns), ); for (i = 0; i < SOCKET_COUNT; i++) diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 208b900e1..3c132457b 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 59a59834a..d4680186a 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index f908219ed..83431d17c 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -65,6 +65,11 @@ struct private_stroke_cred_t { stroke_cred_t public; /** + * secrets file with credential information + */ + char *secrets_file; + + /** * credentials */ mem_cred_t *creds; @@ -1297,7 +1302,7 @@ METHOD(stroke_cred_t, reread, void, if (msg->reread.flags & REREAD_SECRETS) { DBG1(DBG_CFG, "rereading secrets"); - load_secrets(this, NULL, SECRETS_FILE, 0, prompt); + load_secrets(this, NULL, this->secrets_file, 0, prompt); } if (msg->reread.flags & REREAD_CACERTS) { @@ -1370,6 +1375,9 @@ stroke_cred_t *stroke_cred_create() .cachecrl = _cachecrl, .destroy = _destroy, }, + .secrets_file = lib->settings->get_str(lib->settings, + "%s.plugins.stroke.secrets_file", SECRETS_FILE, + lib->ns), .creds = mem_cred_create(), ); @@ -1380,7 +1388,7 @@ stroke_cred_t *stroke_cred_create() FALSE, lib->ns); load_certs(this); - load_secrets(this, NULL, SECRETS_FILE, 0, NULL); + load_secrets(this, NULL, this->secrets_file, 0, NULL); return &this->public; } diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 769ad52bc..0e477f9f3 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 51d46a673..3f2952c4b 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index 531c00c0c..97c479632 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -239,6 +239,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -299,6 +300,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -364,6 +366,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -411,6 +415,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 948db7e3c..5e16c3c35 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 6e4dbff2b..1aca319c7 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 4d411f68e..1e04ebced 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 9f72a80da..52a2c7f24 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -139,6 +139,23 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local) configured->destroy(configured); } +/** + * Check if any Split-Include attributes are active on this IKE_SA + */ +static bool has_split_includes(private_unity_narrow_t *this, ike_sa_t *ike_sa) +{ + enumerator_t *enumerator; + traffic_selector_t *ts; + bool has; + + enumerator = this->handler->create_include_enumerator(this->handler, + ike_sa->get_unique_id(ike_sa)); + has = enumerator->enumerate(enumerator, &ts); + enumerator->destroy(enumerator); + + return has; +} + METHOD(listener_t, narrow, bool, private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, narrow_hook_t type, linked_list_t *local, linked_list_t *remote) @@ -146,23 +163,43 @@ METHOD(listener_t, narrow, bool, if (ike_sa->get_version(ike_sa) == IKEV1 && ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY)) { - switch (type) + /* depending on who initiates a rekeying the hooks will not match the + * roles in the IKE_SA */ + if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) { - case NARROW_INITIATOR_PRE_AUTH: - narrow_pre(remote, "other"); - break; - case NARROW_INITIATOR_POST_AUTH: - narrow_initiator(this, ike_sa, - child_sa->get_config(child_sa), remote); - break; - case NARROW_RESPONDER: - narrow_pre(local, "us"); - break; - case NARROW_RESPONDER_POST: - narrow_responder_post(child_sa->get_config(child_sa), local); - break; - default: - break; + switch (type) + { + case NARROW_INITIATOR_PRE_AUTH: + case NARROW_RESPONDER: + if (has_split_includes(this, ike_sa)) + { + narrow_pre(remote, "other"); + } + break; + case NARROW_INITIATOR_POST_AUTH: + case NARROW_RESPONDER_POST: + narrow_initiator(this, ike_sa, + child_sa->get_config(child_sa), remote); + break; + default: + break; + } + } + else + { + switch (type) + { + case NARROW_INITIATOR_PRE_AUTH: + case NARROW_RESPONDER: + narrow_pre(local, "us"); + break; + case NARROW_INITIATOR_POST_AUTH: + case NARROW_RESPONDER_POST: + narrow_responder_post(child_sa->get_config(child_sa), local); + break; + default: + break; + } } } return TRUE; diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index b377110ec..834d373f3 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 200f298a1..1d15cc55e 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -16,9 +16,11 @@ #define _GNU_SOURCE #include <stdio.h> +#include <unistd.h> #include "updown_listener.h" +#include <utils/process.h> #include <hydra.h> #include <daemon.h> #include <config/child_cfg.h> @@ -97,53 +99,84 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) } /** - * Create variables for handled DNS attributes + * Allocate and push a format string to the environment */ -static char *make_dns_vars(private_updown_listener_t *this, ike_sa_t *ike_sa) +static bool push_env(char *envp[], u_int count, char *fmt, ...) { - enumerator_t *enumerator; - host_t *host; - int v4 = 0, v6 = 0; - char total[512] = "", current[64]; + int i = 0; + char *str; + va_list args; - if (!this->handler) + while (envp[i]) { - return strdup(""); + if (++i + 1 >= count) + { + return FALSE; + } } + va_start(args, fmt); + if (vasprintf(&str, fmt, args) >= 0) + { + envp[i] = str; + } + va_end(args); + return envp[i] != NULL; +} - enumerator = this->handler->create_dns_enumerator(this->handler, - ike_sa->get_unique_id(ike_sa)); - while (enumerator->enumerate(enumerator, &host)) +/** + * Free all allocated environment strings + */ +static void free_env(char *envp[]) +{ + int i; + + for (i = 0; envp[i]; i++) { - switch (host->get_family(host)) + free(envp[i]); + } +} + +/** + * Push variables for handled DNS attributes + */ +static void push_dns_env(private_updown_listener_t *this, ike_sa_t *ike_sa, + char *envp[], u_int count) +{ + enumerator_t *enumerator; + host_t *host; + int v4 = 0, v6 = 0; + + if (this->handler) + { + enumerator = this->handler->create_dns_enumerator(this->handler, + ike_sa->get_unique_id(ike_sa)); + while (enumerator->enumerate(enumerator, &host)) { - case AF_INET: - snprintf(current, sizeof(current), - "PLUTO_DNS4_%d='%H' ", ++v4, host); - break; - case AF_INET6: - snprintf(current, sizeof(current), - "PLUTO_DNS6_%d='%H' ", ++v6, host); - break; - default: - continue; + switch (host->get_family(host)) + { + case AF_INET: + push_env(envp, count, "PLUTO_DNS4_%d=%H", ++v4, host); + break; + case AF_INET6: + push_env(envp, count, "PLUTO_DNS6_%d=%H", ++v6, host); + break; + default: + continue; + } } - strncat(total, current, sizeof(total) - strlen(total) - 1); + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); - - return strdup(total); } /** - * Create variables for local virtual IPs + * Push variables for local virtual IPs */ -static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa) +static void push_vip_env(private_updown_listener_t *this, ike_sa_t *ike_sa, + char *envp[], u_int count) { enumerator_t *enumerator; host_t *host; int v4 = 0, v6 = 0; - char total[512] = "", current[64]; bool first = TRUE; enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE); @@ -151,28 +184,22 @@ static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa) { if (first) { /* legacy variable for first VIP */ - snprintf(current, sizeof(current), - "PLUTO_MY_SOURCEIP='%H' ", host); - strncat(total, current, sizeof(total) - strlen(total) - 1); + first = FALSE; + push_env(envp, count, "PLUTO_MY_SOURCEIP=%H", host); } switch (host->get_family(host)) { case AF_INET: - snprintf(current, sizeof(current), - "PLUTO_MY_SOURCEIP4_%d='%H' ", ++v4, host); + push_env(envp, count, "PLUTO_MY_SOURCEIP4_%d=%H", ++v4, host); break; case AF_INET6: - snprintf(current, sizeof(current), - "PLUTO_MY_SOURCEIP6_%d='%H' ", ++v6, host); + push_env(envp, count, "PLUTO_MY_SOURCEIP6_%d=%H", ++v6, host); break; default: continue; } - strncat(total, current, sizeof(total) - strlen(total) - 1); } enumerator->destroy(enumerator); - - return strdup(total); } /** @@ -196,240 +223,182 @@ static u_int16_t get_port(traffic_selector_t *me, return local ? me->get_from_port(me) : other->get_from_port(other); } -METHOD(listener_t, child_updown, bool, - private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, - bool up) +/** + * Invoke the updown script once for given traffic selectors + */ +static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, child_cfg_t *config, bool up, + traffic_selector_t *my_ts, traffic_selector_t *other_ts) { - traffic_selector_t *my_ts, *other_ts; - enumerator_t *enumerator; - child_cfg_t *config; - host_t *me, *other; - char *script; + host_t *me, *other, *host; + char *iface; + u_int8_t mask; + mark_t mark; + bool is_host, is_ipv6; + int out; + FILE *shell; + process_t *process; + char *envp[128] = {}; - config = child_sa->get_config(child_sa); - script = config->get_updown(config); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); - if (script == NULL) + push_env(envp, countof(envp), "PLUTO_VERSION=1.1"); + is_host = my_ts->is_host(my_ts, me); + if (is_host) { - return TRUE; + is_ipv6 = me->get_family(me) == AF_INET6; } - - enumerator = child_sa->create_policy_enumerator(child_sa); - while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) + else { - char command[2048]; - host_t *my_client, *other_client; - u_int8_t my_client_mask, other_client_mask; - char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth; - mark_t mark; - bool is_host, is_ipv6, use_ipcomp; - FILE *shell; - - my_ts->to_subnet(my_ts, &my_client, &my_client_mask); - other_ts->to_subnet(other_ts, &other_client, &other_client_mask); - - virtual_ip = make_vip_vars(this, ike_sa); - - /* check for the presence of an inbound mark */ - mark = config->get_mark(config, TRUE); - if (mark.value) - { - if (asprintf(&mark_in, "PLUTO_MARK_IN='%u/0x%08x' ", - mark.value, mark.mask ) < 0) - { - mark_in = NULL; - } - } - else - { - if (asprintf(&mark_in, "") < 0) - { - mark_in = NULL; - } - } - - /* check for the presence of an outbound mark */ - mark = config->get_mark(config, FALSE); - if (mark.value) - { - if (asprintf(&mark_out, "PLUTO_MARK_OUT='%u/0x%08x' ", - mark.value, mark.mask ) < 0) - { - mark_out = NULL; - } - } - else - { - if (asprintf(&mark_out, "") < 0) - { - mark_out = NULL; - } - } - - /* check for a NAT condition causing ESP_IN_UDP encapsulation */ - if (ike_sa->has_condition(ike_sa, COND_NAT_ANY)) + is_ipv6 = my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE; + } + push_env(envp, countof(envp), "PLUTO_VERB=%s%s%s", + up ? "up" : "down", + is_host ? "-host" : "-client", + is_ipv6 ? "-v6" : ""); + push_env(envp, countof(envp), "PLUTO_CONNECTION=%s", + config->get_name(config)); + if (up) + { + if (hydra->kernel_interface->get_interface(hydra->kernel_interface, + me, &iface)) { - if (asprintf(&udp_enc, "PLUTO_UDP_ENC='%u' ", - other->get_port(other)) < 0) - { - udp_enc = NULL; - } - + cache_iface(this, child_sa->get_reqid(child_sa), iface); } else { - if (asprintf(&udp_enc, "") < 0) - { - udp_enc = NULL; - } - + iface = NULL; } + } + else + { + iface = uncache_iface(this, child_sa->get_reqid(child_sa)); + } + push_env(envp, countof(envp), "PLUTO_INTERFACE=%s", + iface ? iface : "unknown"); + push_env(envp, countof(envp), "PLUTO_REQID=%u", + child_sa->get_reqid(child_sa)); + push_env(envp, countof(envp), "PLUTO_PROTO=%s", + child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah"); + push_env(envp, countof(envp), "PLUTO_UNIQUEID=%u", + ike_sa->get_unique_id(ike_sa)); + push_env(envp, countof(envp), "PLUTO_ME=%H", me); + push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa)); + if (my_ts->to_subnet(my_ts, &host, &mask)) + { + push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask); + host->destroy(host); + } + push_env(envp, countof(envp), "PLUTO_MY_PORT=%u", + get_port(my_ts, other_ts, TRUE)); + push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u", + my_ts->get_protocol(my_ts)); + push_env(envp, countof(envp), "PLUTO_PEER=%H", other); + push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y", + ike_sa->get_other_id(ike_sa)); + if (other_ts->to_subnet(other_ts, &host, &mask)) + { + push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask); + host->destroy(host); + } + push_env(envp, countof(envp), "PLUTO_PEER_PORT=%u", + get_port(my_ts, other_ts, FALSE)); + push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u", + other_ts->get_protocol(other_ts)); + if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) || + ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED)) + { + push_env(envp, countof(envp), "PLUTO_XAUTH_ID=%Y", + ike_sa->get_other_eap_id(ike_sa)); + } + push_vip_env(this, ike_sa, envp, countof(envp)); + mark = config->get_mark(config, TRUE); + if (mark.value) + { + push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x", + mark.value, mark.mask); + } + mark = config->get_mark(config, FALSE); + if (mark.value) + { + push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x", + mark.value, mark.mask); + } + if (ike_sa->has_condition(ike_sa, COND_NAT_ANY)) + { + push_env(envp, countof(envp), "PLUTO_UDP_ENC=%u", + other->get_port(other)); + } + if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE) + { + push_env(envp, countof(envp), "PLUTO_IPCOMP=1"); + } + push_dns_env(this, ike_sa, envp, countof(envp)); + if (config->get_hostaccess(config)) + { + push_env(envp, countof(envp), "PLUTO_HOST_ACCESS=1"); + } - if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) || - ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED)) - { - if (asprintf(&xauth, "PLUTO_XAUTH_ID='%Y' ", - ike_sa->get_other_eap_id(ike_sa)) < 0) - { - xauth = NULL; - } - } - else + process = process_start_shell(envp, NULL, &out, NULL, "2>&1 %s", + config->get_updown(config)); + if (process) + { + shell = fdopen(out, "r"); + if (shell) { - if (asprintf(&xauth, "") < 0) + while (TRUE) { - xauth = NULL; - } - } + char resp[128]; - if (up) - { - if (hydra->kernel_interface->get_interface(hydra->kernel_interface, - me, &iface)) - { - cache_iface(this, child_sa->get_reqid(child_sa), iface); - } - else - { - iface = NULL; + if (fgets(resp, sizeof(resp), shell) == NULL) + { + if (ferror(shell)) + { + DBG1(DBG_CHD, "error reading from updown script"); + } + break; + } + else + { + char *e = resp + strlen(resp); + if (e > resp && e[-1] == '\n') + { + e[-1] = '\0'; + } + DBG1(DBG_CHD, "updown: %s", resp); + } } + fclose(shell); } else { - iface = uncache_iface(this, child_sa->get_reqid(child_sa)); + close(out); } + process->wait(process, NULL); + } + free(iface); + free_env(envp); +} - dns = make_dns_vars(this, ike_sa); - - /* check for IPComp */ - use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE; - - /* determine IPv4/IPv6 and client/host situation */ - is_host = my_ts->is_host(my_ts, me); - is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) : - (my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE); - - /* build the command with all env variables. - */ - snprintf(command, sizeof(command), - "2>&1 " - "PLUTO_VERSION='1.1' " - "PLUTO_VERB='%s%s%s' " - "PLUTO_CONNECTION='%s' " - "PLUTO_INTERFACE='%s' " - "PLUTO_REQID='%u' " - "PLUTO_PROTO='%s' " - "PLUTO_UNIQUEID='%u' " - "PLUTO_ME='%H' " - "PLUTO_MY_ID='%Y' " - "PLUTO_MY_CLIENT='%+H/%u' " - "PLUTO_MY_PORT='%u' " - "PLUTO_MY_PROTOCOL='%u' " - "PLUTO_PEER='%H' " - "PLUTO_PEER_ID='%Y' " - "PLUTO_PEER_CLIENT='%+H/%u' " - "PLUTO_PEER_PORT='%u' " - "PLUTO_PEER_PROTOCOL='%u' " - "%s" - "%s" - "%s" - "%s" - "%s" - "%s" - "%s" - "%s" - "%s", - up ? "up" : "down", - is_host ? "-host" : "-client", - is_ipv6 ? "-v6" : "", - config->get_name(config), - iface ? iface : "unknown", - child_sa->get_reqid(child_sa), - child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah", - ike_sa->get_unique_id(ike_sa), - me, ike_sa->get_my_id(ike_sa), - my_client, my_client_mask, - get_port(my_ts, other_ts, TRUE), - my_ts->get_protocol(my_ts), - other, ike_sa->get_other_id(ike_sa), - other_client, other_client_mask, - get_port(my_ts, other_ts, FALSE), - other_ts->get_protocol(other_ts), - xauth, - virtual_ip, - mark_in, - mark_out, - udp_enc, - use_ipcomp ? "PLUTO_IPCOMP='1' " : "", - config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "", - dns, - script); - my_client->destroy(my_client); - other_client->destroy(other_client); - free(virtual_ip); - free(mark_in); - free(mark_out); - free(udp_enc); - free(dns); - free(iface); - free(xauth); - - DBG3(DBG_CHD, "running updown script: %s", command); - shell = popen(command, "r"); - - if (shell == NULL) - { - DBG1(DBG_CHD, "could not execute updown script '%s'", script); - return TRUE; - } +METHOD(listener_t, child_updown, bool, + private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + bool up) +{ + traffic_selector_t *my_ts, *other_ts; + enumerator_t *enumerator; + child_cfg_t *config; - while (TRUE) + config = child_sa->get_config(child_sa); + if (config->get_updown(config)) + { + enumerator = child_sa->create_policy_enumerator(child_sa); + while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - char resp[128]; - - if (fgets(resp, sizeof(resp), shell) == NULL) - { - if (ferror(shell)) - { - DBG1(DBG_CHD, "error reading output from updown script"); - } - break; - } - else - { - char *e = resp + strlen(resp); - if (e > resp && e[-1] == '\n') - { /* trim trailing '\n' */ - e[-1] = '\0'; - } - DBG1(DBG_CHD, "updown: %s", resp); - } + invoke_once(this, ike_sa, child_sa, config, up, my_ts, other_ts); } - pclose(shell); + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); return TRUE; } diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am index 7e459c58d..da71de394 100644 --- a/src/libcharon/plugins/vici/Makefile.am +++ b/src/libcharon/plugins/vici/Makefile.am @@ -67,3 +67,10 @@ vici_tests_LDFLAGS = @COVERAGE_LDFLAGS@ vici_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la + + +SUBDIRS = + +if USE_RUBY_GEMS +SUBDIRS += ruby +endif diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index e0a6a1b5d..34546b905 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -80,6 +80,7 @@ build_triplet = @build@ host_triplet = @host@ TESTS = vici_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) +@USE_RUBY_GEMS_TRUE@am__append_1 = ruby subdir = src/libcharon/plugins/vici DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp @@ -206,11 +207,27 @@ SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \ $(vici_tests_SOURCES) DIST_SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \ $(vici_tests_SOURCES) +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -252,7 +269,33 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +DIST_SUBDIRS = ruby DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -284,6 +327,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -344,6 +388,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -409,6 +454,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -456,6 +503,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -520,7 +571,8 @@ vici_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la -all: all-am +SUBDIRS = $(am__append_1) +all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -869,14 +921,61 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am +tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ @@ -889,7 +988,7 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-am +ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) @@ -902,7 +1001,7 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am +cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ @@ -1044,24 +1143,50 @@ distdir: $(DISTFILES) || exit 1; \ fi; \ done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS -check: check-am +check: check-recursive all-am: Makefile $(LTLIBRARIES) -installdirs: +installdirs: installdirs-recursive +installdirs-am: for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-am +installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ @@ -1085,96 +1210,97 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -clean: clean-am +clean: clean-recursive clean-am: clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ mostlyclean-am -distclean: distclean-am +distclean: distclean-recursive -rm -rf ./$(DEPDIR) suites/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags -dvi: dvi-am +dvi: dvi-recursive dvi-am: -html: html-am +html: html-recursive html-am: -info: info-am +info: info-recursive info-am: install-data-am: install-ipseclibLTLIBRARIES install-pluginLTLIBRARIES -install-dvi: install-dvi-am +install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: -install-html: install-html-am +install-html: install-html-recursive install-html-am: -install-info: install-info-am +install-info: install-info-recursive install-info-am: install-man: -install-pdf: install-pdf-am +install-pdf: install-pdf-recursive install-pdf-am: -install-ps: install-ps-am +install-ps: install-ps-recursive install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-am +maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) suites/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-am +mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -pdf: pdf-am +pdf: pdf-recursive pdf-am: -ps: ps-am +ps: ps-recursive ps-am: uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-pluginLTLIBRARIES -.MAKE: check-am install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \ - clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-ipseclibLTLIBRARIES \ - install-man install-pdf install-pdf-am \ - install-pluginLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ +.MAKE: $(am__recursive_targets) check-am install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-TESTS check-am clean clean-checkPROGRAMS clean-generic \ + clean-ipseclibLTLIBRARIES clean-libtool \ + clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipseclibLTLIBRARIES install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index aeabbbd4d..272491052 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -84,12 +84,12 @@ The message encoding consists of a sequence of elements. Each element starts with the element type, optionally followed by an element name and/or an element value. Currently the following message element types are defined: -* _SECTION_START = 0_: Begin a new section having a name -* _SECTION_END = 1_: End a previously started section -* _KEY_VALUE = 2_: Define a value for a named key in the current section -* _LIST_START = 3_: Begin a named list for list items -* _LIST_ITEM = 4_: Define an unnamed item value in the current list -* _LIST_END = 5_: End a previously started list +* _SECTION_START = 1_: Begin a new section having a name +* _SECTION_END = 2_: End a previously started section +* _KEY_VALUE = 3_: Define a value for a named key in the current section +* _LIST_START = 4_: Begin a named list for list items +* _LIST_ITEM = 5_: Define an unnamed item value in the current list +* _LIST_END = 6_: End a previously started list Types are encoded as 8-bit values. Types having a name (SECTION_START, KEY_VALUE and LIST_START) have an ASCII string following the type, which itself @@ -103,7 +103,8 @@ the length field itself. The interpretation of any value is not defined by the message format; it can take arbitrary blobs. The application may specify types for specific keys, such -as strings or integer representations. +as strings or integer representations. The vici plugin currently uses +non-null terminated strings as values only; numbers get encoded as strings. ### Sections ### @@ -165,6 +166,513 @@ the following C array: 1, }; +## Client-initiated commands ## + +Based on the packet layer, VICI implements commands requested by the client +and responded to by the server using named _CMD_REQUEST_ and _CMD_RESPONSE_ +packets wrapping messages. The request message may contain command arguments, +the response message the reply. + +Some commands use response streaming, that is, a request triggers a series of +events to consecutively stream data to the client before the response message +completes the stream. A client must register for the appropriate event to +receive the stream, and unregister after the response has been received. + +The following client issued commands with the appropriate command input and +output messages are currently defined: + +### version() ### + +Returns daemon and system specific version information. + + {} => { + daemon = <IKE daemon name> + version = <strongSwan version> + sysname = <operating system name> + release = <operating system release> + machine = <hardware identifier> + } + +### stats() ### + +Returns IKE daemon statistics and load information. + + {} => { + uptime = { + running = <relative uptime in human-readable form> + since = <absolute startup time> + } + workers = { + total = <total number of worker threads> + idle = <worker threads currently idle> + active = { + critical = <threads processing "critical" priority jobs> + high = <threads processing "high" priority jobs> + medium = <threads processing "medium" priority jobs> + low = <threads processing "low" priority jobs> + } + } + queues = { + critical = <jobs queued with "critical" priority> + high = <jobs queued with "high" priority> + medium = <jobs queued with "medium" priority> + low = <jobs queued with "low" priority> + } + scheduled = <number of jobs scheduled for timed execution> + ikesas = { + total = <total number of IKE_SAs active> + half-open = <number of IKE_SAs in half-open state> + } + plugins = [ + <names of loaded plugins> + ] + mem = { # available if built with leak-detective or on Windows + total = <total heap memory usage in bytes> + allocs = <total heap allocation blocks> + <heap-name>* = { # on Windows only + total = <heap memory usage in bytes by this heap> + allocs = <allocated blocks for this heap> + } + } + mallinfo = { # available with mallinfo() support + sbrk = <non-mmaped space available> + mmap = <mmaped space available> + used = <total number of bytes used> + free = <available but unused bytes> + } + } + +### reload-settings() ### + +Reloads _strongswan.conf_ settings and all plugins supporting configuration +reload. + + {} => { + success = <yes or no> + errmsg = <error string on failure> + } + +### initiate() ### + +Initiates an SA while streaming _control-log_ events. + + { + child = <CHILD_SA configuration name to initiate> + timeout = <timeout in seconds before returning> + loglevel = <loglevel to issue "control-log" events for> + } => { + success = <yes or no> + errmsg = <error string on failure or timeout> + } + +### terminate() ### + +Terminates an SA while streaming _control-log_ events. + + { + child = <terminate a CHILD_SA by configuration name> + ike = <terminate an IKE_SA by configuration name> + child_id = <terminate a CHILD_SA by its reqid> + ike_id = <terminate an IKE_SA by its unique id> + timeout = <timeout in seconds before returning> + loglevel = <loglevel to issue "control-log" events for> + } => { + success = <yes or no> + errmsg = <error string on failure or timeout> + } + +### install() ### + +Install a trap, drop or bypass policy defined by a CHILD_SA config. + + { + child = <CHILD_SA configuration name to install> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### uninstall() ### + +Uninstall a trap, drop or bypass policy defined by a CHILD_SA config. + + { + child = <CHILD_SA configuration name to install> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### list-sas() ### + +Lists currently active IKE_SAs and associated CHILD_SAs by streaming _list-sa_ +events. + + { + noblock = <use non-blocking mode if key is set> + ike = <filter listed IKE_SAs by its name> + ike_id = <filter listed IKE_SA by its unique id> + } => { + # completes after streaming list-sa events + } + +### list-policies() ### + +List currently installed trap, drop and bypass policies by streaming +_list-policy_ events. + + { + drop = <set to yes to list drop policies> + pass = <set to yes to list bypass policies> + trap = <set to yes to list trap policies> + child = <filter by CHILD_SA configuration name> + } => { + # completes after streaming list-sa events + } + +### list-conns() ### + +List currently loaded connections by streaming _list-conn_ events. This +call includes all connections known by the daemon, not only those loaded +over vici. + + { + ike = <list connections matching a given configuration name only> + } => { + # completes after streaming list-conn events + } + +### get-conns() ### + +Return a list of connection names loaded exclusively over vici, not including +connections found in other backends. + + {} => { + conns = [ + <list of connection names> + ] + } + +### list-certs() ### + +List currently loaded certificates by streaming _list-cert_ events. This +call includes all certificates known by the daemon, not only those loaded +over vici. + + { + type = <certificate type to filter for, or ANY> + subject = <set to list only certificates having subject> + } => { + # completes after streaming list-cert events + } + +### load-conn() ### + +Load a single connection definition into the daemon. An existing connection +with the same name gets updated or replaced. + + { + <IKE_SA config name> = { + # IKE configuration parameters with authentication and CHILD_SA + # subsections. Refer to swanctl.conf(5) for details. + } => { + success = <yes or no> + errmsg = <error string on failure> + } + } + +### unload-conn() ### + +Unload a previously loaded connection definition by name. + + { + name = <IKE_SA config name> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### load-cert() ### + +Load a certificate into the daemon. + + { + type = <certificate type, X509|X509CA|X509AA|X509CRL|X509AC> + data = <PEM or DER encoded certificate data> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### load-key() ### + +Load a private key into the daemon. + + { + type = <private key type, RSA|ECDSA> + data = <PEM or DER encoded key data> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### load-shared() ### + +Load a shared IKE PSK, EAP or XAuth secret into the daemon. + + { + type = <private key type, IKE|EAP|XAUTH> + data = <raw shared key data> + owners = [ + <list of shared key owner identities> + ] + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### clear-creds() ### + +Clear all loaded certificate, private key and shared key credentials. This +affects only credentials loaded over vici, but additionally flushes the +credential cache. + + {} => { + success = <yes or no> + errmsg = <error string on failure> + } + +### load-pool() ### + +Load an in-memory virtual IP and configuration attribute pool. Existing +pools with the same name get updated, if possible. + + { + <pool name> = { + addrs = <subnet of virtual IP pool addresses> + <attribute type>* = [ + # attribute type is one of address, dns, nbns, dhcp, netmask, + # server, subnet, split_include, split_exclude or a numerical + # attribute type identifier. + <list of attributes for type> + ] + } + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### unload-pool() ### + +Unload a previously loaded virtual IP and configuration attribute pool. +Unloading fails for pools with leases currently online. + + { + name = <virtual IP address pool to delete> + } => { + success = <yes or no> + errmsg = <error string on failure> + } + +### get-pools() ### + +List the currently loaded pools. + + {} => { + <pool name>* = { + base = <virtual IP pool base address> + size = <total number of addresses in the pool> + online = <number of leases online> + offline = <number of leases offline> + } + } + +## Server-issued events ## + +Based on the packet layer, the vici plugin raises event messages using named +EVENT packets wrapping messages. The message contains event details. + +### log ### + +The _log_ event is issued to registered clients for each debug log message. +This event is not associated with a command. + + { + group = <subsystem identifier for debug message> + level = <log level, 0-4> + thread = <numerical thread identifier issuing the log message> + ikesa-name = <name of IKE_SA, if log is associated with any> + ikesa-uniqued = <unique identifier of IKE_A, if log associated with any> + msg = <log message text> + } + +### control-log ### + +The _control-log_ event is issued for log events during active _initiate_ or +_terminate_ commands. It is issued only to clients currently having such +a command active. + + { + group = <subsystem identifier for debug message> + level = <log level, 0-4> + ikesa-name = <name of IKE_SA, if log associated with any> + ikesa-uniqued = <unique identifier of IKE_A, if log associated with any> + msg = <log message text> + } + +### list-sa ### + +The _list-sa_ event is issued to stream IKE_SAs during an active _list-sas_ +command. + + { + <IKE_SA config name> = { + uniqueid = <IKE_SA unique identifier> + version = <IKE version, 1 or 2> + state = <IKE_SA state name> + local-host = <local IKE endpoint address> + local-id = <local IKE identity> + remote-host = <remote IKE endpoint address> + remote-id = <remote IKE identity> + remote-xauth-id = <remote XAuth identity, if XAuth-authenticated> + remote-eap-id = <remote EAP identity, if EAP-authenticated> + initiator = <yes, if initiator of IKE_SA> + initiator-spi = <hex encoded initiator SPI / cookie> + responder-spi = <hex encoded responder SPI / cookie> + encr-alg = <IKE encryption algorithm string> + encr-keysize = <key size for encr-alg, if applicable> + integ-alg = <IKE integrity algorithm string> + integ-keysize = <key size for encr-alg, if applicable> + prf-alg = <IKE pseudo random function string> + dh-group = <IKE Diffie-Hellman group string> + established = <seconds the IKE_SA has been established> + rekey-time = <seconds before IKE_SA gets rekeyed> + reauth-time = <seconds before IKE_SA gets re-authenticated> + tasks-queued = [ + <list of currently queued tasks for execution> + ] + tasks-active = [ + <list of tasks currently initiating actively> + ] + tasks-passive = [ + <list of tasks currently handling passively> + ] + child-sas = { + <child-sa-name>* = { + reqid = <reqid of CHILD_SA> + state = <state string of CHILD_SA> + mode = <IPsec mode, tunnel|transport|beet> + protocol = <IPsec protocol AH|ESP> + encap = <yes if using UDP encapsulation> + spi-in = <hex encoded inbound SPI> + spi-out = <hex encoded outbound SPI> + cpi-in = <hex encoded inbound CPI, if using compression> + cpi-out = <hex encoded outbound CPI, if using compression> + encr-alg = <ESP encryption algorithm name, if any> + encr-keysize = <ESP encryption key size, if applicable> + integ-alg = <ESP or AH integrity algorithm name, if any> + integ-keysize = <ESP or AH integrity key size, if applicable> + prf-alg = <CHILD_SA pseudo random function name> + dh-group = <CHILD_SA PFS rekeying DH group name, if any> + esn = <1 if using extended sequence numbers> + bytes-in = <number of input bytes processed> + packets-in = <number of input packets processed> + use-in = <seconds since last inbound packet, if any> + bytes-out = <number of output bytes processed> + packets-out = <number of output packets processed> + use-out = <seconds since last outbound packet, if any> + rekey-time = <seconds before CHILD_SA gets rekeyed> + life-time = <seconds before CHILD_SA expires> + install-time = <seconds the CHILD_SA has been installed> + local-ts = [ + <list of local traffic selectors> + ] + remote-ts = [ + <list of remote traffic selectors> + ] + } + } + } + } + +### list-policy ### + +The _list-policy_ event is issued to stream installed policies during an active +_list-policies_ command. + + { + <child-sa-config-name> = { + mode = <policy mode, tunnel|transport|pass|drop> + local-ts = [ + <list of local traffic selectors> + ] + remote-ts = [ + <list of remote traffic selectors> + ] + } + } + +### list-conn ### + +The _list-conn_ event is issued to stream loaded connection during an active +_list-conns_ command. + + { + <IKE_SA connection name> = { + local_addrs = [ + <list of valid local IKE endpoint addresses> + ] + remote_addrs = [ + <list of valid remote IKE endpoint addresses> + ] + version = <IKE version as string, IKEv1|IKEv2 or 0 for any> + + local*, remote* = { # multiple local and remote auth sections + class = <authentication type> + eap-type = <EAP type to authenticate if when using EAP> + eap-vendor = <EAP vendor for type, if any> + xauth = <xauth backend name> + revocation = <revocation policy> + id = <IKE identity> + aaa_id = <AAA authentication backend identity> + eap_id = <EAP identity for authentication> + xauth_id = <XAuth username for authentication> + groups = [ + <group membership required to use connection> + ] + certs = [ + <certificates allowed for authentication> + ] + cacerts = [ + <CA certificates allowed for authentication> + ] + } + children = { + <CHILD_SA config name>* = { + mode = <IPsec mode> + local-ts = [ + <list of local traffic selectors> + ] + remote-ts = [ + <list of remote traffic selectors> + ] + } + } + } + } + +### list-cert ### + +The _list-cert_ event is issued to stream loaded certificates during an active +_list-certs_ command. + + { + type = <certificate type> + has_privkey = <set if a private key for the certificate is available> + data = <ASN1 encoded certificate data> + } + + # libvici C client library # libvici is the reference implementation of a C client library implementing @@ -172,5 +680,177 @@ the vici protocol. It builds upon libstrongswan, but provides a stable API to implement client applications in the C programming language. libvici uses the libstrongswan thread pool to deliver event messages asynchronously. -More information about the libvici API is available in the libvici.h header -file. +## Connecting to the daemon ## + +This example shows how to connect to the daemon using the default URI, and +then perform proper cleanup: + + #include <stdio.h> + #include <errno.h> + #include <string.h> + + #include <libvici.h> + + int main(int argc, char *argv[]) + { + vici_conn_t *conn; + int ret = 0; + + vici_init(); + conn = vici_connect(NULL); + if (conn) + { + /* do stuff */ + vici_disconnect(conn); + } + else + { + ret = errno; + fprintf(stderr, "connecting failed: %s\n", strerror(errno)); + } + vici_deinit(); + return ret; + } + +## A simple client request ## + +In the following example, a simple _version_ request is issued to the daemon +and the result is printed: + + int get_version(vici_conn_t *conn) + { + vici_req_t *req; + vici_res_t *res; + int ret = 0; + + req = vici_begin("version"); + res = vici_submit(req, conn); + if (res) + { + printf("%s %s (%s, %s, %s)\n", + vici_find_str(res, "", "daemon"), + vici_find_str(res, "", "version"), + vici_find_str(res, "", "sysname"), + vici_find_str(res, "", "release"), + vici_find_str(res, "", "machine")); + vici_free_res(res); + } + else + { + ret = errno; + fprintf(stderr, "version request failed: %s\n", strerror(errno)); + } + return ret; + } + +## A request with event streaming and callback parsing ## + +In this more advanced example, the _list-conns_ command is used to stream +loaded connections with the _list-conn_ event. The event message is parsed +with a simple callback to print the connection name: + + int conn_cb(void *null, vici_res_t *res, char *name) + { + printf("%s\n", name); + return 0; + } + + void list_cb(void *null, char *name, vici_res_t *res) + { + if (vici_parse_cb(res, conn_cb, NULL, NULL, NULL) != 0) + { + fprintf(stderr, "parsing failed: %s\n", strerror(errno)); + } + } + + int list_conns(vici_conn_t *conn) + { + vici_req_t *req; + vici_res_t *res; + int ret = 0; + + if (vici_register(conn, "list-conn", list_cb, NULL) == 0) + { + req = vici_begin("list-conns"); + res = vici_submit(req, conn); + if (res) + { + vici_free_res(res); + } + else + { + ret = errno; + fprintf(stderr, "request failed: %s\n", strerror(errno)); + } + vici_register(conn, "list-conn", NULL, NULL); + } + else + { + ret = errno; + fprintf(stderr, "registration failed: %s\n", strerror(errno)); + } + return ret; + } + +## API documentation ## + +More information about the libvici API is available in the _libvici.h_ header +file or the generated Doxygen documentation. + +# vici ruby gem # + +The _vici ruby gem_ is a pure ruby implementation of the VICI protocol to +implement client applications. It is provided in the _ruby_ subdirectory, and +gets built and installed if strongSwan has been _./configure_'d with +_--enable-vici_ and _--enable-ruby-gems_. + +The _Connection_ class from the _Vici_ module provides the high level interface, +the underlying classes are usually not required to build ruby applications +using VICI. The _Connection_ class provides methods for the supported VICI +commands and an event listening mechanism. + +To represent the VICI message data tree, the gem converts the binary encoding +to ruby data types. The _Connection_ class takes and returns ruby objects for +the exchanged message data: + * Sections get encoded as Hash, containing other sections as Hash, or + * Key/Values, where the values are Strings as Hash values + * Lists get encoded as Arrays with String values +Non-String values that are not a Hash nor an Array get converted with .to_s +during encoding. + +## Connecting to the daemon ## + +To create a connection to the daemon, a socket must be passed to the +_Connection_ constructor. There is no default, but on Unix systems usually +a Unix socket over _/var/run/charon.vici_ is used: + + require "vici" + require "socket" + + v = Vici::Connection.new(UNIXSocket.new("/var/run/charon.vici")) + +## A simple client request ## + +An example to print the daemon version information is as simple as: + + x = v.version + puts "%s %s (%s, %s, %s)" % [ + x["daemon"], x["version"], x["sysname"], x["release"], x["machine"] + ] + +## A request with closure invocation ## + +The _Connection_ class takes care of event streaming by invoking a closure +for each event. The following example lists all loaded connections using the +_list-conns_ command and implicitly the _list-conn_ event: + + v.list_conns { |conn| + conn.each { |key, value| + puts key + } + } + +## API documentation ## + +For more details about the ruby gem refer to the comments in the gem source +code or the generated documentation. diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c index a2cbb3082..c0205ccb6 100644 --- a/src/libcharon/plugins/vici/libvici.c +++ b/src/libcharon/plugins/vici/libvici.c @@ -438,7 +438,7 @@ void vici_free_req(vici_req_t *req) free(req); } -int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out) +int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out) { if (res->message->dump(res->message, label, pretty, out)) { @@ -754,11 +754,14 @@ void vici_init() library_init(NULL, "vici"); if (lib->processor->get_total_threads(lib->processor) < 4) { + dbg_default_set_level(0); lib->processor->set_threads(lib->processor, 4); + dbg_default_set_level(1); } } void vici_deinit() { + lib->processor->cancel(lib->processor); library_deinit(); } diff --git a/src/libcharon/plugins/vici/libvici.h b/src/libcharon/plugins/vici/libvici.h index 58595d8cc..641370efd 100644 --- a/src/libcharon/plugins/vici/libvici.h +++ b/src/libcharon/plugins/vici/libvici.h @@ -75,8 +75,6 @@ #include <stdio.h> -#include <utils/utils.h> - /** * Opaque vici connection contex. */ @@ -284,7 +282,7 @@ void vici_free_req(vici_req_t *req); * @param out FILE to dump to * @return 0 if dumped complete message, 1 on error */ -int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out); +int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out); /** * Parse next element from a vici response message. diff --git a/src/libcharon/plugins/vici/ruby/Makefile.am b/src/libcharon/plugins/vici/ruby/Makefile.am new file mode 100644 index 000000000..ce38e1c3d --- /dev/null +++ b/src/libcharon/plugins/vici/ruby/Makefile.am @@ -0,0 +1,22 @@ +EXTRA_DIST = vici.gemspec.in lib/vici.rb + +vici.gemspec: $(srcdir)/vici.gemspec.in + $(AM_V_GEN) sed \ + -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/vici.gemspec.in > $@ + +vici-$(PACKAGE_VERSION).gem: vici.gemspec + $(GEM) build vici.gemspec + +all-local: vici-$(PACKAGE_VERSION).gem + +clean-local: + rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem + +install-data-local: vici-$(PACKAGE_VERSION).gem + $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \ + vici-$(PACKAGE_VERSION).gem + +uninstall-local: + $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \ + --version $(PACKAGE_VERSION) vici diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in new file mode 100644 index 000000000..c8a8c11fb --- /dev/null +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -0,0 +1,556 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/vici/ruby +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +EXTRA_DIST = vici.gemspec.in lib/vici.rb +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile all-local +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am all-local check check-am clean clean-generic \ + clean-libtool clean-local cscopelist-am ctags-am distclean \ + distclean-generic distclean-libtool distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-local + + +vici.gemspec: $(srcdir)/vici.gemspec.in + $(AM_V_GEN) sed \ + -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/vici.gemspec.in > $@ + +vici-$(PACKAGE_VERSION).gem: vici.gemspec + $(GEM) build vici.gemspec + +all-local: vici-$(PACKAGE_VERSION).gem + +clean-local: + rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem + +install-data-local: vici-$(PACKAGE_VERSION).gem + $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \ + vici-$(PACKAGE_VERSION).gem + +uninstall-local: + $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \ + --version $(PACKAGE_VERSION) vici + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb new file mode 100644 index 000000000..e8a9ddca9 --- /dev/null +++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb @@ -0,0 +1,569 @@ +## +# The Vici module implements a native ruby client side library for the +# strongSwan VICI protocol. The Connection class provides a high-level +# interface to issue requests or listen for events. +# +# Copyright (C) 2014 Martin Willi +# Copyright (C) 2014 revosec AG +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +module Vici + + ## + # Vici specific exception all others inherit from + class Error < StandardError + end + + ## + # Error while parsing a vici message from the daemon + class ParseError < Error + end + + ## + # Error while encoding a vici message from ruby data structures + class EncodeError < Error + end + + ## + # Error while exchanging messages over the vici Transport layer + class TransportError < Error + end + + ## + # Generic vici command execution error + class CommandError < Error + end + + ## + # Error if an issued vici command is unknown by the daemon + class CommandUnknownError < CommandError + end + + ## + # Error if a command failed to execute in the daemon + class CommandExecError < CommandError + end + + ## + # Generic vici event handling error + class EventError < Error + end + + ## + # Tried to register to / unregister from an unknown vici event + class EventUnknownError < EventError + end + + ## + # Exception to raise from an event listening closure to stop listening + class StopEventListening < Exception + end + + + ## + # The Message class provides the low level encoding and decoding of vici + # protocol messages. Directly using this class is usually not required. + class Message + + SECTION_START = 1 + SECTION_END = 2 + KEY_VALUE = 3 + LIST_START = 4 + LIST_ITEM = 5 + LIST_END = 6 + + def initialize(data = "") + if data == nil + @root = Hash.new() + elsif data.is_a?(Hash) + @root = data + else + @encoded = data + end + end + + ## + # Get the raw byte encoding of an on-the-wire message + def encoding + if @encoded == nil + @encoded = encode(@root) + end + @encoded + end + + ## + # Get the root element of the parsed ruby data structures + def root + if @root == nil + @root = parse(@encoded) + end + @root + end + + private + + def encode_name(name) + [name.length].pack("c") << name + end + + def encode_value(value) + if value.class != String + value = value.to_s + end + [value.length].pack("n") << value + end + + def encode_kv(encoding, key, value) + encoding << KEY_VALUE << encode_name(key) << encode_value(value) + end + + def encode_section(encoding, key, value) + encoding << SECTION_START << encode_name(key) + encoding << encode(value) << SECTION_END + end + + def encode_list(encoding, key, value) + encoding << LIST_START << encode_name(key) + value.each do |item| + encoding << LIST_ITEM << encode_value(item) + end + encoding << LIST_END + end + + def encode(node) + encoding = "" + node.each do |key, value| + case value.class + when String, Fixnum, true, false + encoding = encode_kv(encoding, key, value) + else + if value.is_a?(Hash) + encoding = encode_section(encoding, key, value) + elsif value.is_a?(Array) + encoding = encode_list(encoding, key, value) + else + encoding = encode_kv(encoding, key, value) + end + end + end + encoding + end + + def parse_name(encoding) + len = encoding.unpack("c")[0] + name = encoding[1, len] + return encoding[(1 + len)..-1], name + end + + def parse_value(encoding) + len = encoding.unpack("n")[0] + value = encoding[2, len] + return encoding[(2 + len)..-1], value + end + + def parse(encoding) + stack = [Hash.new] + list = nil + while encoding.length != 0 do + type = encoding.unpack("c")[0] + encoding = encoding[1..-1] + case type + when SECTION_START + encoding, name = parse_name(encoding) + stack.push(stack[-1][name] = Hash.new) + when SECTION_END + if stack.length() == 1 + raise ParseError, "unexpected section end" + end + stack.pop() + when KEY_VALUE + encoding, name = parse_name(encoding) + encoding, value = parse_value(encoding) + stack[-1][name] = value + when LIST_START + encoding, name = parse_name(encoding) + stack[-1][name] = [] + list = name + when LIST_ITEM + raise ParseError, "unexpected list item" if list == nil + encoding, value = parse_value(encoding) + stack[-1][list].push(value) + when LIST_END + raise ParseError, "unexpected list end" if list == nil + list = nil + else + raise ParseError, "invalid type: #{type}" + end + end + if stack.length() > 1 + raise ParseError, "unexpected message end" + end + stack[0] + end + end + + + ## + # The Transport class implements to low level segmentation of packets + # to the underlying transport stream. Directly using this class is usually + # not required. + class Transport + + CMD_REQUEST = 0 + CMD_RESPONSE = 1 + CMD_UNKNOWN = 2 + EVENT_REGISTER = 3 + EVENT_UNREGISTER = 4 + EVENT_CONFIRM = 5 + EVENT_UNKNOWN = 6 + EVENT = 7 + + ## + # Create a transport layer using a provided socket for communication. + def initialize(socket) + @socket = socket + @events = Hash.new + end + + ## + # Write a packet prefixed by its length over the transport socket. Type + # specifies the message, the optional label and message get appended. + def write(type, label, message) + encoding = "" + if label + encoding << label.length << label + end + if message + encoding << message.encoding + end + @socket.send([encoding.length + 1, type].pack("Nc") + encoding, 0) + end + + ## + # Read a packet from the transport socket. Returns the packet type, and + # if available in the packet a label and the contained message. + def read + len = @socket.recv(4).unpack("N")[0] + encoding = @socket.recv(len) + type = encoding.unpack("c")[0] + len = 1 + case type + when CMD_REQUEST, EVENT_REGISTER, EVENT_UNREGISTER, EVENT + label = encoding[2, encoding[1].unpack("c")[0]] + len += label.length + 1 + when CMD_RESPONSE, CMD_UNKNOWN, EVENT_CONFIRM, EVENT_UNKNOWN + label = nil + else + raise TransportError, "invalid message: #{type}" + end + if encoding.length == len + return type, label, Message.new + end + return type, label, Message.new(encoding[len..-1]) + end + + def dispatch_event(name, message) + @events[name].each do |handler| + handler.call(name, message) + end + end + + def read_and_dispatch_event + type, label, message = read + p + if type == EVENT + dispatch_event(label, message) + else + raise TransportError, "unexpected message: #{type}" + end + end + + def read_and_dispatch_events + loop do + type, label, message = read + if type == EVENT + dispatch_event(label, message) + else + return type, label, message + end + end + end + + ## + # Send a command with a given name, and optionally a message. Returns + # the reply message on success. + def request(name, message = nil) + write(CMD_REQUEST, name, message) + type, label, message = read_and_dispatch_events + case type + when CMD_RESPONSE + return message + when CMD_UNKNOWN + raise CommandUnknownError, name + else + raise CommandError, "invalid response for #{name}" + end + end + + ## + # Register a handler method for the given event name + def register(name, handler) + write(EVENT_REGISTER, name, nil) + type, label, message = read_and_dispatch_events + case type + when EVENT_CONFIRM + if @events.has_key?(name) + @events[name] += [handler] + else + @events[name] = [handler]; + end + when EVENT_UNKNOWN + raise EventUnknownError, name + else + raise EventError, "invalid response for #{name} register" + end + end + + ## + # Unregister a handler method for the given event name + def unregister(name, handler) + write(EVENT_UNREGISTER, name, nil) + type, label, message = read_and_dispatch_events + case type + when EVENT_CONFIRM + @events[name] -= [handler] + when EVENT_UNKNOWN + raise EventUnknownError, name + else + raise EventError, "invalid response for #{name} unregister" + end + end + end + + + ## + # The Connection class provides the high-level interface to monitor, configure + # and control the IKE daemon. It takes a connected stream-oriented Socket for + # the communication with the IKE daemon. + # + # This class takes and returns ruby objects for the exchanged message data. + # * Sections get encoded as Hash, containing other sections as Hash, or + # * Key/Values, where the values are Strings as Hash values + # * Lists get encoded as Arrays with String values + # Non-String values that are not a Hash nor an Array get converted with .to_s + # during encoding. + class Connection + + def initialize(socket) + @transp = Transport.new(socket) + end + + ## + # List matching loaded connections. The provided closure is invoked + # for each matching connection. + def list_conns(match = nil, &block) + call_with_event("list-conns", Message.new(match), "list-conn", &block) + end + + ## + # List matching active SAs. The provided closure is invoked for each + # matching SA. + def list_sas(match = nil, &block) + call_with_event("list-sas", Message.new(match), "list-sa", &block) + end + + ## + # List matching installed policies. The provided closure is invoked + # for each matching policy. + def list_policies(match, &block) + call_with_event("list-policies", Message.new(match), "list-policy", + &block) + end + + ## + # List matching loaded certificates. The provided closure is invoked + # for each matching certificate definition. + def list_certs(match = nil, &block) + call_with_event("list-certs", Message.new(match), "list-cert", &block) + end + + ## + # Load a connection into the daemon. + def load_conn(conn) + check_success(@transp.request("load-conn", Message.new(conn))) + end + + ## + # Unload a connection from the daemon. + def unload_conn(conn) + check_success(@transp.request("unload-conn", Message.new(conn))) + end + + ## + # Get the names of connections managed by vici. + def get_conns() + @transp.request("get-conns").root + end + + ## + # Clear all loaded credentials. + def clear_creds() + check_success(@transp.request("clear-creds")) + end + + ## + # Load a certificate into the daemon. + def load_cert(cert) + check_success(@transp.request("load-cert", Message.new(cert))) + end + + ## + # Load a private key into the daemon. + def load_key(key) + check_success(@transp.request("load-key", Message.new(key))) + end + + ## + # Load a shared key into the daemon. + def load_shared(shared) + check_success(@transp.request("load-shared", Message.new(shared))) + end + + ## + # Load a virtual IP / attribute pool + def load_pool(pool) + check_success(@transp.request("load-pool", Message.new(pool))) + end + + ## + # Unload a virtual IP / attribute pool + def unload_pool(pool) + check_success(@transp.request("unload-pool", Message.new(pool))) + end + + ## + # Get the currently loaded pools. + def get_pools() + @transp.request("get-pools").root + end + + ## + # Initiate a connection. The provided closure is invoked for each log line. + def initiate(options, &block) + check_success(call_with_event("initiate", Message.new(options), + "control-log", &block)) + end + + ## + # Terminate a connection. The provided closure is invoked for each log line. + def terminate(options, &block) + check_success(call_with_event("terminate", Message.new(options), + "control-log", &block)) + end + + ## + # Install a shunt/route policy. + def install(policy) + check_success(@transp.request("install", Message.new(policy))) + end + + ## + # Uninstall a shunt/route policy. + def uninstall(policy) + check_success(@transp.request("uninstall", Message.new(policy))) + end + + ## + # Reload strongswan.conf settings. + def reload_settings + check_success(@transp.request("reload-settings", nil)) + end + + ## + # Get daemon statistics and information. + def stats + @transp.request("stats", nil).root + end + + ## + # Get daemon version information + def version + @transp.request("version", nil).root + end + + ## + # Listen for a set of event messages. This call is blocking, and invokes + # the passed closure for each event received. The closure receives the + # event name and the event message as argument. To stop listening, the + # closure may raise a StopEventListening exception, the only catched + # exception. + def listen_events(events, &block) + self.class.instance_eval do + define_method(:listen_event) do |label, message| + block.call(label, message.root) + end + end + events.each do |event| + @transp.register(event, method(:listen_event)) + end + begin + loop do + @transp.read_and_dispatch_event + end + rescue StopEventListening + ensure + events.each do |event| + @transp.unregister(event, method(:listen_event)) + end + end + end + + ## + # Issue a command request, but register for a specific event while the + # command is active. VICI uses this mechanism to stream potentially large + # data objects continuously. The provided closure is invoked for all + # event messages. + def call_with_event(command, request, event, &block) + self.class.instance_eval do + define_method(:call_event) do |label, message| + block.call(message.root) + end + end + @transp.register(event, method(:call_event)) + begin + reply = @transp.request(command, request) + ensure + @transp.unregister(event, method(:call_event)) + end + reply + end + + ## + # Check if the reply of a command indicates "success", otherwise raise a + # CommandExecError exception + def check_success(reply) + root = reply.root + if root["success"] != "yes" + raise CommandExecError, root["errmsg"] + end + root + end + end +end diff --git a/src/libcharon/plugins/vici/ruby/vici.gemspec.in b/src/libcharon/plugins/vici/ruby/vici.gemspec.in new file mode 100644 index 000000000..5ad61c0a0 --- /dev/null +++ b/src/libcharon/plugins/vici/ruby/vici.gemspec.in @@ -0,0 +1,16 @@ +Gem::Specification.new do |s| + s.name = "vici" + s.version = "@GEM_VERSION@" + s.authors = ["Martin Willi"] + s.email = ["martin@strongswan.ch"] + s.description = %q{ + The strongSwan VICI protocol allows external application to monitor, + configure and control the IKE daemon charon. This ruby gem provides a + native client side implementation of the VICI protocol, well suited to + script automated tasks in a relaible way. + } + s.summary = "Native ruby interface for strongSwan VICI" + s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici" + s.license = "MIT" + s.files = "lib/vici.rb" +end diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c index 293117348..e76d27332 100644 --- a/src/libcharon/plugins/vici/suites/test_message.c +++ b/src/libcharon/plugins/vici/suites/test_message.c @@ -347,7 +347,7 @@ START_TEST(test_get_int) ck_assert_int_eq(m->get_int(m, 2, "section1.key2"), 0x12); ck_assert_int_eq(m->get_int(m, 2, "section1.section2.key3"), -1); ck_assert_int_eq(m->get_int(m, 2, "section1.key4"), 2); - ck_assert_int_eq(m->get_int(m, 2, "key5"), 0); + ck_assert_int_eq(m->get_int(m, 2, "key5"), 2); ck_assert_int_eq(m->get_int(m, 2, "nonexistent"), 2); ck_assert_int_eq(m->get_int(m, 2, "n.o.n.e.x.i.s.t.e.n.t"), 2); diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index 3cd008162..292a40032 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -450,6 +450,17 @@ CALLBACK(uninstall, vici_message_t*, return send_reply(this, "policy '%s' not found", child); } +CALLBACK(reload_settings, vici_message_t*, + private_vici_control_t *this, char *name, u_int id, vici_message_t *request) +{ + if (lib->settings->load_files(lib->settings, lib->conf, FALSE)) + { + lib->plugins->reload(lib->plugins, NULL); + return send_reply(this, NULL); + } + return send_reply(this, "reloading '%s' failed", lib->conf); +} + static void manage_command(private_vici_control_t *this, char *name, vici_command_cb_t cb, bool reg) { @@ -466,6 +477,7 @@ static void manage_commands(private_vici_control_t *this, bool reg) manage_command(this, "terminate", terminate, reg); manage_command(this, "install", install, reg); manage_command(this, "uninstall", uninstall, reg); + manage_command(this, "reload-settings", reload_settings, reg); this->dispatcher->manage_event(this->dispatcher, "control-log", reg); } diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index cc6434b62..d4c02de6d 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -270,13 +270,10 @@ CALLBACK(load_shared, vici_message_t*, CALLBACK(clear_creds, vici_message_t*, private_vici_cred_t *this, char *name, u_int id, vici_message_t *message) { - vici_builder_t *builder; - this->creds->clear(this->creds); lib->credmgr->flush_cache(lib->credmgr, CERT_ANY); - builder = vici_builder_create(); - return builder->finalize(builder); + return create_reply(NULL); } static void manage_command(private_vici_cred_t *this, diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index dcc175f67..e79fbc8d3 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -355,6 +355,10 @@ METHOD(vici_message_t, vget_int, int, found = find_value(this, &value, fmt, args); if (found) { + if (value.len == 0) + { + return def; + } if (chunk_printable(value, NULL, 0)) { snprintf(buf, sizeof(buf), "%.*s", (int)value.len, value.ptr); diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 8a714a9ea..b1cc1d118 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 26bb6fb1a..e393ee163 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index f06fdb593..f0e772700 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 72f3dc668..a4c1aaeb2 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index 9af015e29..296ccaa1c 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c index f99c0b932..fb480eee2 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.c +++ b/src/libcharon/processing/jobs/adopt_children_job.c @@ -17,6 +17,7 @@ #include <daemon.h> #include <hydra.h> +#include <collections/array.h> typedef struct private_adopt_children_job_t private_adopt_children_job_t; @@ -34,11 +35,17 @@ struct private_adopt_children_job_t { * IKE_SA id to adopt children from */ ike_sa_id_t *id; + + /** + * Tasks queued for execution + */ + array_t *tasks; }; METHOD(job_t, destroy, void, private_adopt_children_job_t *this) { + array_destroy_offset(this->tasks, offsetof(task_t, destroy)); this->id->destroy(this->id); free(this); } @@ -149,6 +156,32 @@ METHOD(job_t, execute, job_requeue_t, } } children->destroy_offset(children, offsetof(child_sa_t, destroy)); + + if (array_count(this->tasks)) + { + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->id); + if (ike_sa) + { + task_t *task; + + while (array_remove(this->tasks, ARRAY_HEAD, &task)) + { + task->migrate(task, ike_sa); + ike_sa->queue_task(ike_sa, task); + } + if (ike_sa->initiate(ike_sa, NULL, 0, NULL, NULL) == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + ike_sa); + } + } + } } return JOB_REQUEUE_NONE; } @@ -159,6 +192,12 @@ METHOD(job_t, get_priority, job_priority_t, return JOB_PRIO_HIGH; } +METHOD(adopt_children_job_t, queue_task, void, + private_adopt_children_job_t *this, task_t *task) +{ + array_insert_create(&this->tasks, ARRAY_TAIL, task); +} + /** * See header */ @@ -173,6 +212,7 @@ adopt_children_job_t *adopt_children_job_create(ike_sa_id_t *id) .get_priority = _get_priority, .destroy = _destroy, }, + .queue_task = _queue_task, }, .id = id->clone(id), ); diff --git a/src/libcharon/processing/jobs/adopt_children_job.h b/src/libcharon/processing/jobs/adopt_children_job.h index 073504abd..ee99ee4e5 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.h +++ b/src/libcharon/processing/jobs/adopt_children_job.h @@ -24,6 +24,7 @@ #include <library.h> #include <processing/jobs/job.h> #include <sa/ike_sa_id.h> +#include <sa/task.h> typedef struct adopt_children_job_t adopt_children_job_t; @@ -36,6 +37,13 @@ struct adopt_children_job_t { * Implements job_t. */ job_t job_interface; + + /** + * Queue a job for execution after completing migration. + * + * @param task task to queue for execution + */ + void (*queue_task)(adopt_children_job_t *this, task_t *task); }; /** diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 694318522..e6d7da2c6 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -63,12 +63,7 @@ METHOD(job_t, execute, job_requeue_t, } else { - /* we update only if other host is NATed, but not our */ - if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) && - !ike_sa->has_condition(ike_sa, COND_NAT_HERE)) - { - ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE); - } + ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } return JOB_REQUEUE_NONE; diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index c338cdaef..d92b9df8e 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2014 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -16,6 +16,28 @@ * for more details. */ +/* + * Copyright (c) 2014 Volker Rümelin + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + #include <string.h> #include <sys/stat.h> #include <errno.h> @@ -251,6 +273,11 @@ struct private_ike_sa_t { * Flush auth configs once established? */ bool flush_auth_cfg; + + /** + * Maximum length of a single fragment, 0 for address-specific defaults + */ + size_t fragment_size; }; /** @@ -909,11 +936,14 @@ METHOD(ike_sa_t, update_hosts, void, update = TRUE; } - if (!other->equals(other, this->other_host)) + if (!other->equals(other, this->other_host) && + (force || has_condition(this, COND_NAT_THERE))) { - /* update others address if we are NOT NATed */ - if ((has_condition(this, COND_NAT_THERE) && - !has_condition(this, COND_NAT_HERE)) || force ) + /* only update other's address if we are behind a static NAT, + * which we assume is the case if we are not initiator */ + if (force || + (!has_condition(this, COND_NAT_HERE) || + !has_condition(this, COND_ORIGINAL_INITIATOR))) { set_other_host(this, other->clone(other)); update = TRUE; @@ -994,6 +1024,69 @@ METHOD(ike_sa_t, generate_message, status_t, return status; } +static bool filter_fragments(private_ike_sa_t *this, packet_t **fragment, + packet_t **packet) +{ + *packet = (*fragment)->clone(*fragment); + set_dscp(this, *packet); + return TRUE; +} + +METHOD(ike_sa_t, generate_message_fragmented, status_t, + private_ike_sa_t *this, message_t *message, enumerator_t **packets) +{ + enumerator_t *fragments; + packet_t *packet; + status_t status; + bool use_frags = FALSE; + + if (this->ike_cfg) + { + switch (this->ike_cfg->fragmentation(this->ike_cfg)) + { + case FRAGMENTATION_FORCE: + use_frags = TRUE; + break; + case FRAGMENTATION_YES: + use_frags = supports_extension(this, EXT_IKE_FRAGMENTATION); + if (use_frags && this->version == IKEV1 && + supports_extension(this, EXT_MS_WINDOWS)) + { + /* It seems Windows 7 and 8 peers only accept proprietary + * fragmented messages if they expect certificates. */ + use_frags = message->get_payload(message, + PLV1_CERTIFICATE) != NULL; + } + break; + default: + break; + } + } + if (!use_frags) + { + status = generate_message(this, message, &packet); + if (status != SUCCESS) + { + return status; + } + *packets = enumerator_create_single(packet, NULL); + return SUCCESS; + } + + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); + message->set_ike_sa_id(message, this->ike_sa_id); + charon->bus->message(charon->bus, message, FALSE, TRUE); + status = message->fragment(message, this->keymat, this->fragment_size, + &fragments); + if (status == SUCCESS) + { + charon->bus->message(charon->bus, message, FALSE, FALSE); + *packets = enumerator_create_filter(fragments, (void*)filter_fragments, + this, NULL); + } + return status; +} + METHOD(ike_sa_t, set_kmaddress, void, private_ike_sa_t *this, host_t *local, host_t *remote) { @@ -1487,6 +1580,14 @@ METHOD(ike_sa_t, reauth, status_t, { return INVALID_STATE; } + if (this->state == IKE_CONNECTING) + { + DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]", + get_name(this), this->unique_id); + reset(this); + this->task_manager->queue_ike(this->task_manager); + return this->task_manager->initiate(this->task_manager); + } /* we can't reauthenticate as responder when we use EAP or virtual IPs. * If the peer does not support RFC4478, there is no way to keep the * IKE_SA up. */ @@ -1650,6 +1751,7 @@ METHOD(ike_sa_t, reestablish, status_t, new->set_other_host(new, host->clone(host)); host = this->my_host; new->set_my_host(new, host->clone(host)); + charon->bus->ike_reestablish_pre(charon->bus, &this->public, new); /* resolve hosts but use the old addresses above as fallback */ resolve_hosts((private_ike_sa_t*)new); /* if we already have a virtual IP, we reuse it */ @@ -1734,12 +1836,15 @@ METHOD(ike_sa_t, reestablish, status_t, if (status == DESTROY_ME) { + charon->bus->ike_reestablish_post(charon->bus, &this->public, new, + FALSE); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new); status = FAILED; } else { - charon->bus->ike_reestablish(charon->bus, &this->public, new); + charon->bus->ike_reestablish_post(charon->bus, &this->public, new, + TRUE); charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); status = SUCCESS; } @@ -1899,11 +2004,29 @@ static bool is_any_path_valid(private_ike_sa_t *this) bool valid = FALSE; enumerator_t *enumerator; host_t *src = NULL, *addr; + int family = AF_UNSPEC; + + switch (charon->socket->supported_families(charon->socket)) + { + case SOCKET_FAMILY_IPV4: + family = AF_INET; + break; + case SOCKET_FAMILY_IPV6: + family = AF_INET6; + break; + case SOCKET_FAMILY_BOTH: + case SOCKET_FAMILY_NONE: + break; + } DBG1(DBG_IKE, "old path is not available anymore, try to find another"); enumerator = create_peer_address_enumerator(this); while (enumerator->enumerate(enumerator, &addr)) { + if (family != AF_UNSPEC && addr->get_family(addr) != family) + { + continue; + } DBG1(DBG_IKE, "looking for a route to %H ...", addr); src = hydra->kernel_interface->get_source_addr( hydra->kernel_interface, addr, NULL); @@ -2332,6 +2455,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .inherit_pre = _inherit_pre, .inherit_post = _inherit_post, .generate_message = _generate_message, + .generate_message_fragmented = _generate_message_fragmented, .reset = _reset, .get_unique_id = _get_unique_id, .add_virtual_ip = _add_virtual_ip, @@ -2377,6 +2501,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, "%s.retry_initiate_interval", 0, lib->ns), .flush_auth_cfg = lib->settings->get_bool(lib->settings, "%s.flush_auth_cfg", FALSE, lib->ns), + .fragment_size = lib->settings->get_int(lib->settings, + "%s.fragment_size", 0, lib->ns), ); if (version == IKEV2) diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 15fb47484..c72d87367 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2014 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -102,7 +102,7 @@ enum ike_extension_t { EXT_EAP_ONLY_AUTHENTICATION = (1<<5), /** - * peer is probably a Windows 7 RAS client + * peer is probably a Windows RAS client */ EXT_MS_WINDOWS = (1<<6), @@ -128,7 +128,7 @@ enum ike_extension_t { EXT_NATT_DRAFT_02_03 = (1<<10), /** - * peer support proprietary IKE fragmentation + * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation */ EXT_IKE_FRAGMENTATION = (1<<11), }; @@ -756,7 +756,7 @@ struct ike_sa_t { status_t (*roam)(ike_sa_t *this, bool address); /** - * Processes a incoming IKEv2-Message. + * Processes an incoming IKE message. * * Message processing may fail. If a critical failure occurs, * process_message() return DESTROY_ME. Then the caller must @@ -768,10 +768,10 @@ struct ike_sa_t { * - FAILED * - DESTROY_ME if this IKE_SA MUST be deleted */ - status_t (*process_message) (ike_sa_t *this, message_t *message); + status_t (*process_message)(ike_sa_t *this, message_t *message); /** - * Generate a IKE message to send it to the peer. + * Generate an IKE message to send it to the peer. * * This method generates all payloads in the message and encrypts/signs * the packet. @@ -783,8 +783,26 @@ struct ike_sa_t { * - FAILED * - DESTROY_ME if this IKE_SA MUST be deleted */ - status_t (*generate_message) (ike_sa_t *this, message_t *message, - packet_t **packet); + status_t (*generate_message)(ike_sa_t *this, message_t *message, + packet_t **packet); + + /** + * Generate an IKE message to send it to the peer. If enabled and supported + * it will be fragmented. + * + * This method generates all payloads in the message and encrypts/signs + * the packet/fragments. + * + * @param message message to generate + * @param packets enumerator of generated packet_t* (are not destroyed + * with the enumerator) + * @return + * - SUCCESS + * - FAILED + * - DESTROY_ME if this IKE_SA MUST be deleted + */ + status_t (*generate_message_fragmented)(ike_sa_t *this, message_t *message, + enumerator_t **packets); /** * Retransmits a request. diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 8e68e7bee..bdabc59b5 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -384,11 +384,6 @@ struct private_ike_sa_manager_t { rng_t *rng; /** - * SHA1 hasher for IKE_SA_INIT retransmit detection - */ - hasher_t *hasher; - - /** * reuse existing IKE_SAs in checkout_by_config */ bool reuse_ikesa; @@ -962,49 +957,39 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) * * @returns TRUE on success */ -static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message, - chunk_t *hash) +static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash) { host_t *src; - if (!this->hasher) - { /* this might be the case when flush() has been called */ - return FALSE; - } if (message->get_first_payload_type(message) == PLV1_FRAGMENT) { /* only hash the source IP, port and SPI for fragmented init messages */ u_int16_t port; u_int64_t spi; src = message->get_source(message); - if (!this->hasher->allocate_hash(this->hasher, - src->get_address(src), NULL)) + if (!hasher->allocate_hash(hasher, src->get_address(src), NULL)) { return FALSE; } port = src->get_port(src); - if (!this->hasher->allocate_hash(this->hasher, - chunk_from_thing(port), NULL)) + if (!hasher->allocate_hash(hasher, chunk_from_thing(port), NULL)) { return FALSE; } spi = message->get_initiator_spi(message); - return this->hasher->allocate_hash(this->hasher, - chunk_from_thing(spi), hash); + return hasher->allocate_hash(hasher, chunk_from_thing(spi), hash); } if (message->get_exchange_type(message) == ID_PROT) { /* include the source for Main Mode as the hash will be the same if * SPIs are reused by two initiators that use the same proposal */ src = message->get_source(message); - if (!this->hasher->allocate_hash(this->hasher, - src->get_address(src), NULL)) + if (!hasher->allocate_hash(hasher, src->get_address(src), NULL)) { return FALSE; } } - return this->hasher->allocate_hash(this->hasher, - message->get_packet_data(message), hash); + return hasher->allocate_hash(hasher, message->get_packet_data(message), hash); } /** @@ -1227,15 +1212,19 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, if (is_init) { + hasher_t *hasher; u_int64_t our_spi; chunk_t hash; - if (!get_init_hash(this, message, &hash)) + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher || !get_init_hash(hasher, message, &hash)) { DBG1(DBG_MGR, "ignoring message, failed to hash message"); + DESTROY_IF(hasher); id->destroy(id); return NULL; } + hasher->destroy(hasher); /* ensure this is not a retransmit of an already handled init message */ switch (check_and_put_init_hash(this, hash, &our_spi)) @@ -1313,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, ike_id = entry->ike_sa->get_id(entry->ike_sa); entry->checked_out = TRUE; - if (message->get_first_payload_type(message) != PLV1_FRAGMENT) - { + if (message->get_first_payload_type(message) != PLV1_FRAGMENT && + message->get_first_payload_type(message) != PLV2_FRAGMENT) + { /* TODO-FRAG: this fails if there are unencrypted payloads */ entry->processing = get_message_id_or_hash(message); } if (ike_id->get_responder_spi(ike_id) == 0) @@ -2058,8 +2048,6 @@ METHOD(ike_sa_manager_t, flush, void, this->rng->destroy(this->rng); this->rng = NULL; - this->hasher->destroy(this->hasher); - this->hasher = NULL; } METHOD(ike_sa_manager_t, destroy, void, @@ -2134,18 +2122,10 @@ ike_sa_manager_t *ike_sa_manager_create() }, ); - this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (this->hasher == NULL) - { - DBG1(DBG_MGR, "manager initialization failed, no hasher supported"); - free(this); - return NULL; - } this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (this->rng == NULL) { DBG1(DBG_MGR, "manager initialization failed, no RNG supported"); - this->hasher->destroy(this->hasher); free(this); return NULL; } diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 114b8a3e4..d01a831f8 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -536,6 +536,7 @@ METHOD(phase1_t, select_config, peer_cfg_t*, enumerator_t *enumerator; peer_cfg_t *current; host_t *me, *other; + int unusable = 0; if (this->peer_cfg) { /* try to find an alternative config */ @@ -571,6 +572,10 @@ METHOD(phase1_t, select_config, peer_cfg_t*, this->candidates->insert_last(this->candidates, current); } } + else + { + unusable++; + } } enumerator->destroy(enumerator); @@ -580,6 +585,13 @@ METHOD(phase1_t, select_config, peer_cfg_t*, this->peer_cfg->get_name(this->peer_cfg)); return this->peer_cfg->get_ref(this->peer_cfg); } + if (unusable) + { + DBG1(DBG_IKE, "found %d matching config%s, but none allows %N " + "authentication using %s Mode", unusable, unusable > 1 ? "s" : "", + auth_method_names, method, aggressive ? "Aggressive" : "Main"); + return NULL; + } DBG1(DBG_IKE, "no peer config found"); return NULL; } diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 97812a5c5..0f8e8bc6d 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2013 Tobias Brunner + * Copyright (C) 2007-2014 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -38,8 +38,7 @@ #include <processing/jobs/dpd_timeout_job.h> #include <processing/jobs/process_message_job.h> -#include <encoding/payloads/fragment_payload.h> -#include <bio/bio_writer.h> +#include <collections/array.h> /** * Number of old messages hashes we keep for retransmission. @@ -51,20 +50,6 @@ #define MAX_OLD_HASHES 2 /** - * Maximum packet size for fragmented packets (same as in sockets) - */ -#define MAX_PACKET 10000 - -/** - * Maximum size of fragment data when sending packets (currently the same is - * used for IPv4 and IPv6, even though the latter has a higher minimum datagram - * size). 576 (= min. IPv4) - 20 (= IP header) - 8 (= UDP header) - - * - 28 (= IKE header) - 8 (= fragment header) = 512 - * This is reduced by 4 in case of NAT-T (due to the non-ESP marker). - */ -#define MAX_FRAGMENT_SIZE 512 - -/** * First sequence number of responding packets. * * To distinguish retransmission jobs for initiating and responding packets, @@ -127,9 +112,9 @@ struct private_task_manager_t { u_int32_t hash; /** - * packet for retransmission + * packet(s) for retransmission */ - packet_t *packet; + array_t *packets; /** * Sequence number of the last sent message @@ -173,9 +158,9 @@ struct private_task_manager_t { u_int retransmitted; /** - * packet for retransmission + * packet(s) for retransmission */ - packet_t *packet; + array_t *packets; /** * type of the initiated exchange @@ -185,50 +170,9 @@ struct private_task_manager_t { } initiating; /** - * Data used to reassemble a fragmented message + * Message we are currently defragmenting, if any (only one at a time) */ - struct { - - /** - * Fragment ID (currently only one is supported at a time) - */ - u_int16_t id; - - /** - * The number of the last fragment (in case we receive the fragments out - * of order), since the first starts with 1 this defines the number of - * fragments we expect - */ - u_int8_t last; - - /** - * List of fragments (fragment_t*) - */ - linked_list_t *list; - - /** - * Length of all currently received fragments - */ - size_t len; - - /** - * Maximum length of a fragmented packet - */ - size_t max_packet; - - /** - * Maximum length of a single fragment (when sending) - */ - size_t size; - - /** - * The exchange type we use for fragments. Always the initial type even - * for fragmented quick mode or transaction messages (i.e. either - * ID_PROT or AGGRESSIVE) - */ - exchange_type_t exchange; - - } frag; + message_t *defrag; /** * List of queued tasks not yet in action @@ -277,31 +221,16 @@ struct private_task_manager_t { }; /** - * A single fragment within a fragmented message + * Reset retransmission packet list */ -typedef struct { - - /** fragment number */ - u_int8_t num; - - /** fragment data */ - chunk_t data; - -} fragment_t; - -static void fragment_destroy(fragment_t *this) +static void clear_packets(array_t *array) { - chunk_free(&this->data); - free(this); -} + packet_t *packet; -static void clear_fragments(private_task_manager_t *this, u_int16_t id) -{ - DESTROY_FUNCTION_IF(this->frag.list, (void*)fragment_destroy); - this->frag.list = NULL; - this->frag.last = 0; - this->frag.len = 0; - this->frag.id = id; + while (array_remove(array, ARRAY_TAIL, &packet)) + { + packet->destroy(packet); + } } METHOD(task_manager_t, flush_queue, void, @@ -321,8 +250,7 @@ METHOD(task_manager_t, flush_queue, void, list = this->active_tasks; /* cancel pending retransmits */ this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - DESTROY_IF(this->initiating.packet); - this->initiating.packet = NULL; + clear_packets(this->initiating.packets); break; case TASK_QUEUE_PASSIVE: list = this->passive_tasks; @@ -373,110 +301,53 @@ static bool activate_task(private_task_manager_t *this, task_type_t type) } /** - * Send a single fragment with the given data + * Send packets in the given array (they get cloned) */ -static bool send_fragment(private_task_manager_t *this, bool request, - host_t *src, host_t *dst, fragment_payload_t *fragment) +static void send_packets(private_task_manager_t *this, array_t *packets) { - message_t *message; + enumerator_t *enumerator; packet_t *packet; - status_t status; - message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION); - /* other implementations seem to just use 0 as message ID, so here we go */ - message->set_message_id(message, 0); - message->set_request(message, request); - message->set_source(message, src->clone(src)); - message->set_destination(message, dst->clone(dst)); - message->set_exchange_type(message, this->frag.exchange); - message->add_payload(message, (payload_t*)fragment); - - status = this->ike_sa->generate_message(this->ike_sa, message, &packet); - if (status != SUCCESS) + enumerator = array_create_enumerator(packets); + while (enumerator->enumerate(enumerator, &packet)) { - DBG1(DBG_IKE, "failed to generate IKE fragment"); - message->destroy(message); - return FALSE; + charon->sender->send(charon->sender, packet->clone(packet)); } - charon->sender->send(charon->sender, packet); - message->destroy(message); - return TRUE; + enumerator->destroy(enumerator); } /** - * Send a packet, if supported and required do so in fragments + * Generates the given message and stores packet(s) in the given array */ -static bool send_packet(private_task_manager_t *this, bool request, - packet_t *packet) +static bool generate_message(private_task_manager_t *this, message_t *message, + array_t **packets) { - bool use_frags = FALSE; - ike_cfg_t *ike_cfg; - chunk_t data; + enumerator_t *fragments; + packet_t *fragment; - ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); - if (ike_cfg) + if (this->ike_sa->generate_message_fragmented(this->ike_sa, message, + &fragments) != SUCCESS) { - switch (ike_cfg->fragmentation(ike_cfg)) - { - case FRAGMENTATION_FORCE: - use_frags = TRUE; - break; - case FRAGMENTATION_YES: - use_frags = this->ike_sa->supports_extension(this->ike_sa, - EXT_IKE_FRAGMENTATION); - break; - default: - break; - } + return FALSE; } - data = packet->get_data(packet); - if (data.len > this->frag.size && use_frags) + while (fragments->enumerate(fragments, &fragment)) { - fragment_payload_t *fragment; - u_int8_t num, count; - size_t len, frag_size; - host_t *src, *dst; - - src = packet->get_source(packet); - dst = packet->get_destination(packet); - - frag_size = this->frag.size; - if (dst->get_port(dst) != IKEV2_UDP_PORT && - src->get_port(src) != IKEV2_UDP_PORT) - { /* reduce size due to non-ESP marker */ - frag_size -= 4; - } - count = data.len / frag_size + (data.len % frag_size ? 1 : 0); - - DBG1(DBG_IKE, "sending IKE message with length of %zu bytes in " - "%hhu fragments", data.len, count); - for (num = 1; num <= count; num++) - { - len = min(data.len, frag_size); - fragment = fragment_payload_create_from_data(num, num == count, - chunk_create(data.ptr, len)); - if (!send_fragment(this, request, src, dst, fragment)) - { - packet->destroy(packet); - return FALSE; - } - data = chunk_skip(data, len); - } - packet->destroy(packet); - return TRUE; + array_insert_create(packets, ARRAY_TAIL, fragment); } - charon->sender->send(charon->sender, packet); + fragments->destroy(fragments); return TRUE; } /** - * Retransmit a packet, either as initiator or as responder + * Retransmit a packet (or its fragments) */ -static status_t retransmit_packet(private_task_manager_t *this, bool request, - u_int32_t seqnr, u_int mid, u_int retransmitted, packet_t *packet) +static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, + u_int mid, u_int retransmitted, array_t *packets) { + packet_t *packet; u_int32_t t; + array_get(packets, 0, &packet); if (retransmitted > this->retransmit_tries) { DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1); @@ -492,10 +363,7 @@ static status_t retransmit_packet(private_task_manager_t *this, bool request, mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ); charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); } - if (!send_packet(this, request, packet->clone(packet))) - { - return DESTROY_ME; - } + send_packets(this, packets); lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*) retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t); return NEED_MORE; @@ -506,20 +374,22 @@ METHOD(task_manager_t, retransmit, status_t, { status_t status = SUCCESS; - if (seqnr == this->initiating.seqnr && this->initiating.packet) + if (seqnr == this->initiating.seqnr && + array_count(this->initiating.packets)) { - status = retransmit_packet(this, TRUE, seqnr, this->initiating.mid, - this->initiating.retransmitted, this->initiating.packet); + status = retransmit_packet(this, seqnr, this->initiating.mid, + this->initiating.retransmitted, this->initiating.packets); if (status == NEED_MORE) { this->initiating.retransmitted++; status = SUCCESS; } } - if (seqnr == this->responding.seqnr && this->responding.packet) + if (seqnr == this->responding.seqnr && + array_count(this->responding.packets)) { - status = retransmit_packet(this, FALSE, seqnr, this->responding.mid, - this->responding.retransmitted, this->responding.packet); + status = retransmit_packet(this, seqnr, this->responding.mid, + this->responding.retransmitted, this->responding.packets); if (status == NEED_MORE) { this->responding.retransmitted++; @@ -586,7 +456,6 @@ METHOD(task_manager_t, initiate, status_t, task_t *task; message_t *message; host_t *me, *other; - status_t status; exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED; bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE; @@ -790,10 +659,8 @@ METHOD(task_manager_t, initiate, status_t, return initiate(this); } - DESTROY_IF(this->initiating.packet); - status = this->ike_sa->generate_message(this->ike_sa, message, - &this->initiating.packet); - if (status != SUCCESS) + clear_packets(this->initiating.packets); + if (!generate_message(this, message, &this->initiating.packets)) { /* message generation failed. There is nothing more to do than to * close the SA */ @@ -811,13 +678,12 @@ METHOD(task_manager_t, initiate, status_t, } if (keep) { /* keep the packet for retransmission, the responder might request it */ - send_packet(this, TRUE, - this->initiating.packet->clone(this->initiating.packet)); + send_packets(this, this->initiating.packets); } else { - send_packet(this, TRUE, this->initiating.packet); - this->initiating.packet = NULL; + send_packets(this, this->initiating.packets); + clear_packets(this->initiating.packets); } message->destroy(message); @@ -848,7 +714,6 @@ static status_t build_response(private_task_manager_t *this, message_t *request) message_t *message; host_t *me, *other; bool delete = FALSE, cancelled = FALSE, expect_request = FALSE; - status_t status; me = request->get_destination(request); other = request->get_source(request); @@ -900,28 +765,25 @@ static status_t build_response(private_task_manager_t *this, message_t *request) } enumerator->destroy(enumerator); - DESTROY_IF(this->responding.packet); - this->responding.packet = NULL; + clear_packets(this->responding.packets); if (cancelled) { message->destroy(message); return initiate(this); } - status = this->ike_sa->generate_message(this->ike_sa, message, - &this->responding.packet); - message->destroy(message); - if (status != SUCCESS) + if (!generate_message(this, message, &this->responding.packets)) { + message->destroy(message); charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } + message->destroy(message); if (expect_request && !delete) { return retransmit(this, this->responding.seqnr); } - send_packet(this, FALSE, - this->responding.packet->clone(this->responding.packet)); + send_packets(this, this->responding.packets); if (delete) { return DESTROY_ME; @@ -937,7 +799,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, notify_type_t type) { message_t *response; - packet_t *packet; + array_t *packets = NULL; host_t *me, *other; u_int32_t mid; @@ -973,11 +835,12 @@ static void send_notify(private_task_manager_t *this, message_t *request, } response->set_source(response, me->clone(me)); response->set_destination(response, other->clone(other)); - if (this->ike_sa->generate_message(this->ike_sa, response, - &packet) == SUCCESS) + if (generate_message(this, response, &packets)) { - send_packet(this, TRUE, packet); + send_packets(this, packets); } + clear_packets(packets); + array_destroy(packets); response->destroy(response); } @@ -1075,7 +938,6 @@ static status_t process_request(private_task_manager_t *this, this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); - this->frag.exchange = AGGRESSIVE; break; case QUICK_MODE: if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED) @@ -1164,8 +1026,7 @@ static status_t process_request(private_task_manager_t *this, else { /* We don't send a response, so don't retransmit one if we get * the same message again. */ - DESTROY_IF(this->responding.packet); - this->responding.packet = NULL; + clear_packets(this->responding.packets); } if (this->passive_tasks->get_count(this->passive_tasks) == 0 && this->queued_tasks->get_count(this->queued_tasks) > 0) @@ -1237,8 +1098,7 @@ static status_t process_response(private_task_manager_t *this, enumerator->destroy(enumerator); this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - DESTROY_IF(this->initiating.packet); - this->initiating.packet = NULL; + clear_packets(this->initiating.packets); if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0) { @@ -1258,107 +1118,23 @@ static status_t process_response(private_task_manager_t *this, static status_t handle_fragment(private_task_manager_t *this, message_t *msg) { - fragment_payload_t *payload; - enumerator_t *enumerator; - fragment_t *fragment; - status_t status = SUCCESS; - chunk_t data; - u_int8_t num; - - payload = (fragment_payload_t*)msg->get_payload(msg, PLV1_FRAGMENT); - if (!payload) - { - return FAILED; - } - - if (!this->frag.list || this->frag.id != payload->get_id(payload)) - { - clear_fragments(this, payload->get_id(payload)); - this->frag.list = linked_list_create(); - } - - num = payload->get_number(payload); - if (!this->frag.last && payload->is_last(payload)) - { - this->frag.last = num; - } + status_t status; - enumerator = this->frag.list->create_enumerator(this->frag.list); - while (enumerator->enumerate(enumerator, &fragment)) + if (!this->defrag) { - if (fragment->num == num) - { /* ignore a duplicate fragment */ - DBG1(DBG_IKE, "received duplicate fragment #%hhu", num); - enumerator->destroy(enumerator); - return NEED_MORE; - } - if (fragment->num > num) + this->defrag = message_create_defrag(msg); + if (!this->defrag) { - break; + return FAILED; } } - - data = payload->get_data(payload); - this->frag.len += data.len; - if (this->frag.len > this->frag.max_packet) - { - DBG1(DBG_IKE, "fragmented IKE message is too large"); - enumerator->destroy(enumerator); - clear_fragments(this, 0); - return FAILED; - } - - INIT(fragment, - .num = num, - .data = chunk_clone(data), - ); - - this->frag.list->insert_before(this->frag.list, enumerator, fragment); - enumerator->destroy(enumerator); - - if (this->frag.list->get_count(this->frag.list) == this->frag.last) + status = this->defrag->add_fragment(this->defrag, msg); + if (status == SUCCESS) { - message_t *message; - packet_t *pkt; - host_t *src, *dst; - bio_writer_t *writer; - - writer = bio_writer_create(this->frag.len); - DBG1(DBG_IKE, "received fragment #%hhu, reassembling fragmented IKE " - "message", num); - enumerator = this->frag.list->create_enumerator(this->frag.list); - while (enumerator->enumerate(enumerator, &fragment)) - { - writer->write_data(writer, fragment->data); - } - enumerator->destroy(enumerator); - - src = msg->get_source(msg); - dst = msg->get_destination(msg); - pkt = packet_create_from_data(src->clone(src), dst->clone(dst), - writer->extract_buf(writer)); - writer->destroy(writer); - - message = message_create_from_packet(pkt); - if (message->parse_header(message) != SUCCESS) - { - DBG1(DBG_IKE, "failed to parse header of reassembled IKE message"); - message->destroy(message); - status = FAILED; - } - else - { - lib->processor->queue_job(lib->processor, - (job_t*)process_message_job_create(message)); - status = NEED_MORE; - - } - clear_fragments(this, 0); - } - else - { /* there are some fragments missing */ - DBG1(DBG_IKE, "received fragment #%hhu, waiting for complete IKE " - "message", num); + lib->processor->queue_job(lib->processor, + (job_t*)process_message_job_create(this->defrag)); + this->defrag = NULL; + /* do not process the last fragment */ status = NEED_MORE; } return status; @@ -1435,15 +1211,14 @@ METHOD(task_manager_t, process_message, status_t, { if (this->initiating.old_hashes[i] == hash) { - if (this->initiating.packet && + if (array_count(this->initiating.packets) && i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) && (msg->get_exchange_type(msg) == QUICK_MODE || msg->get_exchange_type(msg) == AGGRESSIVE)) { DBG1(DBG_IKE, "received retransmit of response with ID %u, " "resending last request", mid); - send_packet(this, TRUE, - this->initiating.packet->clone(this->initiating.packet)); + send_packets(this, this->initiating.packets); return SUCCESS; } DBG1(DBG_IKE, "received retransmit of response with ID %u, " @@ -1484,20 +1259,18 @@ METHOD(task_manager_t, process_message, status_t, { if (hash == this->responding.hash) { - if (this->responding.packet) + if (array_count(this->responding.packets)) { DBG1(DBG_IKE, "received retransmit of request with ID %u, " "retransmitting response", mid); - send_packet(this, FALSE, - this->responding.packet->clone(this->responding.packet)); + send_packets(this, this->responding.packets); } - else if (this->initiating.packet && + else if (array_count(this->initiating.packets) && this->initiating.type == INFORMATIONAL_V1) { DBG1(DBG_IKE, "received retransmit of DPD request, " "retransmitting response"); - send_packet(this, TRUE, - this->initiating.packet->clone(this->initiating.packet)); + send_packets(this, this->initiating.packets); } else { @@ -1593,13 +1366,6 @@ METHOD(task_manager_t, process_message, status_t, return SUCCESS; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) -{ - DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task)); - this->queued_tasks->insert_last(this->queued_tasks, task); -} - /** * Check if a given task has been queued already */ @@ -1622,6 +1388,28 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) return found; } +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + task_type_t type = task->get_type(task); + + switch (type) + { + case TASK_MODE_CONFIG: + case TASK_XAUTH: + if (has_queued(this, type)) + { + task->destroy(task); + return; + } + break; + default: + break; + } + DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task)); + this->queued_tasks->insert_last(this->queued_tasks, task); +} + METHOD(task_manager_t, queue_ike, void, private_task_manager_t *this) { @@ -1642,7 +1430,6 @@ METHOD(task_manager_t, queue_ike, void, { queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE)); } - this->frag.exchange = AGGRESSIVE; } else { @@ -1969,17 +1756,16 @@ METHOD(task_manager_t, reset, void, task_t *task; /* reset message counters and retransmit packets */ - DESTROY_IF(this->responding.packet); - DESTROY_IF(this->initiating.packet); - this->responding.packet = NULL; + clear_packets(this->responding.packets); + clear_packets(this->initiating.packets); this->responding.seqnr = RESPONDING_SEQ; this->responding.retransmitted = 0; - this->initiating.packet = NULL; this->initiating.mid = 0; this->initiating.seqnr = 0; this->initiating.retransmitted = 0; this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - clear_fragments(this, 0); + DESTROY_IF(this->defrag); + this->defrag = NULL; if (initiate != UINT_MAX) { this->dpd_send = initiate; @@ -2030,11 +1816,13 @@ METHOD(task_manager_t, destroy, void, this->active_tasks->destroy(this->active_tasks); this->queued_tasks->destroy(this->queued_tasks); this->passive_tasks->destroy(this->passive_tasks); - clear_fragments(this, 0); + DESTROY_IF(this->defrag); DESTROY_IF(this->queued); - DESTROY_IF(this->responding.packet); - DESTROY_IF(this->initiating.packet); + clear_packets(this->responding.packets); + array_destroy(this->responding.packets); + clear_packets(this->initiating.packets); + array_destroy(this->initiating.packets); DESTROY_IF(this->rng); free(this); } @@ -2079,13 +1867,6 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .responding = { .seqnr = RESPONDING_SEQ, }, - .frag = { - .exchange = ID_PROT, - .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, lib->ns), - .size = lib->settings->get_int(lib->settings, - "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns), - }, .ike_sa = ike_sa, .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), .queued_tasks = linked_list_create(), diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 7009ae95d..710bf1cd2 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -475,6 +475,9 @@ METHOD(task_t, process_r, status_t, } case AM_AUTH: { + adopt_children_job_t *job = NULL; + xauth_t *xauth = NULL; + while (TRUE) { if (this->ph1->verify_auth(this->ph1, this->method, message, @@ -504,8 +507,8 @@ METHOD(task_t, process_r, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - this->ike_sa->queue_task(this->ike_sa, - (task_t*)xauth_create(this->ike_sa, TRUE)); + xauth = xauth_create(this->ike_sa, TRUE); + this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth); break; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: @@ -524,9 +527,8 @@ METHOD(task_t, process_r, status_t, { return send_delete(this); } - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create( - this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create( + this->ike_sa->get_id(this->ike_sa)); break; } /* check for and prepare mode config push/pull */ @@ -542,10 +544,26 @@ METHOD(task_t, process_r, status_t, { if (!this->peer_cfg->use_pull_mode(this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + if (job) + { + job->queue_task(job, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } + else if (xauth) + { + xauth->queue_mode_config_push(xauth); + } + else + { + this->ike_sa->queue_task(this->ike_sa, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } } } + if (job) + { + lib->processor->queue_job(lib->processor, (job_t*)job); + } return SUCCESS; } default: diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c index b742dbef9..2798978b2 100644 --- a/src/libcharon/sa/ikev1/tasks/informational.c +++ b/src/libcharon/sa/ikev1/tasks/informational.c @@ -112,16 +112,16 @@ METHOD(task_t, process_r, status_t, IKEV2_UDP_PORT); if (redirect) { /* treat the redirect as reauthentication */ - DBG1(DBG_IKE, "received %N notify. redirected to %H", + DBG1(DBG_IKE, "received %N notify, redirected to %H", notify_type_names, type, redirect); /* Cisco boxes reject the first message from 4500 */ me = this->ike_sa->get_my_host(this->ike_sa); me->set_port(me, charon->socket->get_port( charon->socket, FALSE)); this->ike_sa->set_other_host(this->ike_sa, redirect); - this->ike_sa->reauth(this->ike_sa); + status = this->ike_sa->reauth(this->ike_sa); enumerator->destroy(enumerator); - return DESTROY_ME; + return status; } else { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 426c4bd69..0162fd84e 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -15,7 +15,7 @@ */ /* - * Copyright (C) 2012 Volker Rümelin + * Copyright (C) 2012-2014 Volker Rümelin * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -106,10 +106,15 @@ static struct { "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"}, /* Proprietary IKE fragmentation extension. Capabilities are handled - * specially on receipt of this VID. */ + * specially on receipt of this VID. Windows peers send this VID + * without capabilities, but accept it with and without capabilities. */ { "FRAGMENTATION", EXT_IKE_FRAGMENTATION, FALSE, 20, "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00"}, + /* Windows peers send this VID and a version number */ + { "MS NT5 ISAKMPOAKLEY", EXT_MS_WINDOWS, FALSE, 20, + "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x00"}, + }, vendor_natt_ids[] = { /* NAT-Traversal VIDs ordered by preference */ @@ -167,15 +172,27 @@ static struct { */ static const u_int32_t fragmentation_ike = 0x80000000; -/** - * Check if the given vendor ID indicate support for fragmentation - */ -static bool fragmentation_supported(chunk_t data, int i) +static bool is_known_vid(chunk_t data, int i) { - if (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION && - data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16)) + switch (vendor_ids[i].extension) { - return untoh32(&data.ptr[16]) & fragmentation_ike; + case EXT_IKE_FRAGMENTATION: + if (data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16)) + { + switch (data.len) + { + case 16: + return TRUE; + case 20: + return untoh32(&data.ptr[16]) & fragmentation_ike; + } + } + break; + case EXT_MS_WINDOWS: + return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16); + default: + return chunk_equals(data, chunk_create(vendor_ids[i].id, + vendor_ids[i].len)); } return FALSE; } @@ -251,9 +268,7 @@ static void process(private_isakmp_vendor_t *this, message_t *message) for (i = 0; i < countof(vendor_ids); i++) { - if (chunk_equals(data, chunk_create(vendor_ids[i].id, - vendor_ids[i].len)) || - fragmentation_supported(data, i)) + if (is_known_vid(data, i)) { DBG1(DBG_IKE, "received %s vendor ID", vendor_ids[i].desc); if (vendor_ids[i].extension) diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 8a5d9ae16..2fb4c6935 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -479,6 +479,8 @@ METHOD(task_t, build_r, status_t, { id_payload_t *id_payload; identification_t *id; + adopt_children_job_t *job = NULL; + xauth_t *xauth = NULL; id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); if (!id) @@ -502,8 +504,8 @@ METHOD(task_t, build_r, status_t, case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: case AUTH_HYBRID_INIT_RSA: - this->ike_sa->queue_task(this->ike_sa, - (task_t*)xauth_create(this->ike_sa, TRUE)); + xauth = xauth_create(this->ike_sa, TRUE); + this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth); break; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: @@ -522,9 +524,8 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, AUTHENTICATION_FAILED); } - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create( - this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create( + this->ike_sa->get_id(this->ike_sa)); break; } if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg)) @@ -539,10 +540,26 @@ METHOD(task_t, build_r, status_t, { if (!this->peer_cfg->use_pull_mode(this->peer_cfg)) { - this->ike_sa->queue_task(this->ike_sa, - (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + if (job) + { + job->queue_task(job, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } + else if (xauth) + { + xauth->queue_mode_config_push(xauth); + } + else + { + this->ike_sa->queue_task(this->ike_sa, (task_t*) + mode_config_create(this->ike_sa, TRUE, FALSE)); + } } } + if (job) + { + lib->processor->queue_job(lib->processor, (job_t*)job); + } return SUCCESS; } default: diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index e6273682d..1133aab65 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -1030,7 +1030,8 @@ METHOD(task_t, process_r, status_t, } tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); - if (!this->config || !this->tsi || !this->tsr) + if (!this->config || !this->tsi || !this->tsr || + this->mode != this->config->get_mode(this->config)) { DBG1(DBG_IKE, "no matching CHILD_SA config found"); return send_notify(this, INVALID_ID_INFORMATION); @@ -1117,11 +1118,22 @@ METHOD(task_t, process_r, status_t, } case QM_NEGOTIATED: { - if (message->get_exchange_type(message) == INFORMATIONAL_V1 || - has_notify_errors(this, message)) + if (has_notify_errors(this, message)) { return SUCCESS; } + if (message->get_exchange_type(message) == INFORMATIONAL_V1) + { + if (message->get_payload(message, PLV1_DELETE)) + { + /* If the DELETE for a Quick Mode follows immediately + * after rekeying, we might receive it before the + * third completing Quick Mode message. Ignore it, as + * it gets handled by a separately queued delete task. */ + return NEED_MORE; + } + return SUCCESS; + } if (!install(this)) { ike_sa_t *ike_sa = this->ike_sa; @@ -1198,6 +1210,14 @@ METHOD(task_t, build_r, status_t, this->state = QM_NEGOTIATED; return NEED_MORE; } + case QM_NEGOTIATED: + if (message->get_exchange_type(message) == INFORMATIONAL_V1) + { + /* skip INFORMATIONAL response if we received a INFORMATIONAL + * delete, see process_r() */ + return ALREADY_DONE; + } + /* fall */ default: return FAILED; } diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index bdc5d67f7..a770e90ff 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -19,6 +19,7 @@ #include <hydra.h> #include <encoding/payloads/cp_payload.h> #include <processing/jobs/adopt_children_job.h> +#include <sa/ikev1/tasks/mode_config.h> typedef struct private_xauth_t private_xauth_t; @@ -74,6 +75,11 @@ struct private_xauth_t { * status of Xauth exchange */ xauth_status_t status; + + /** + * Queue a Mode Config Push mode after completing XAuth? + */ + bool mode_config_push; }; /** @@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t, private_xauth_t *this, message_t *message) { cp_payload_t *cp; + adopt_children_job_t *job; cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp || cp->get_type(cp) != CFG_ACK) @@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t, return FAILED; } this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE); - lib->processor->queue_job(lib->processor, (job_t*) - adopt_children_job_create(this->ike_sa->get_id(this->ike_sa))); + job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)); + if (this->mode_config_push) + { + job->queue_task(job, + (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE)); + } + lib->processor->queue_job(lib->processor, (job_t*)job); return SUCCESS; } @@ -511,6 +523,12 @@ METHOD(task_t, migrate, void, } } +METHOD(xauth_t, queue_mode_config_push, void, + private_xauth_t *this) +{ + this->mode_config_push = TRUE; +} + METHOD(task_t, destroy, void, private_xauth_t *this) { @@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator) .migrate = _migrate, .destroy = _destroy, }, + .queue_mode_config_push = _queue_mode_config_push, }, .initiator = initiator, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev1/tasks/xauth.h b/src/libcharon/sa/ikev1/tasks/xauth.h index 303eb31ce..ffaf32a32 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.h +++ b/src/libcharon/sa/ikev1/tasks/xauth.h @@ -36,6 +36,11 @@ struct xauth_t { * Implements the task_t interface */ task_t task; + + /** + * Queue a Mode Config in Push mode after completing XAuth. + */ + void (*queue_mode_config_push)(xauth_t *this); }; /** diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index ada798bdc..eb7df3516 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2011 Tobias Brunner + * Copyright (C) 2007-2014 Tobias Brunner * Copyright (C) 2007-2010 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -90,9 +90,14 @@ struct private_task_manager_t { u_int32_t mid; /** - * packet for retransmission + * packet(s) for retransmission */ - packet_t *packet; + array_t *packets; + + /** + * Helper to defragment the request + */ + message_t *defrag; } responding; @@ -111,15 +116,25 @@ struct private_task_manager_t { u_int retransmitted; /** - * packet for retransmission + * packet(s) for retransmission */ - packet_t *packet; + array_t *packets; /** * type of the initated exchange */ exchange_type_t type; + /** + * TRUE if exchange was deferred because no path was available + */ + bool deferred; + + /** + * Helper to defragment the response + */ + message_t *defrag; + } initiating; /** @@ -158,6 +173,19 @@ struct private_task_manager_t { double retransmit_base; }; +/** + * Reset retransmission packet list + */ +static void clear_packets(array_t *array) +{ + packet_t *packet; + + while (array_remove(array, ARRAY_TAIL, &packet)) + { + packet->destroy(packet); + } +} + METHOD(task_manager_t, flush_queue, void, private_task_manager_t *this, task_queue_t queue) { @@ -217,10 +245,60 @@ static bool activate_task(private_task_manager_t *this, task_type_t type) return found; } +/** + * Send packets in the given array (they get cloned). Optionally, the + * source and destination addresses are changed before sending it. + */ +static void send_packets(private_task_manager_t *this, array_t *packets, + host_t *src, host_t *dst) +{ + packet_t *packet, *clone; + int i; + + for (i = 0; i < array_count(packets); i++) + { + array_get(packets, i, &packet); + clone = packet->clone(packet); + if (src) + { + clone->set_source(clone, src->clone(src)); + } + if (dst) + { + clone->set_destination(clone, dst->clone(dst)); + } + charon->sender->send(charon->sender, clone); + } +} + +/** + * Generates the given message and stores packet(s) in the given array + */ +static bool generate_message(private_task_manager_t *this, message_t *message, + array_t **packets) +{ + enumerator_t *fragments; + packet_t *fragment; + + if (this->ike_sa->generate_message_fragmented(this->ike_sa, message, + &fragments) != SUCCESS) + { + return FALSE; + } + while (fragments->enumerate(fragments, &fragment)) + { + array_insert_create(packets, ARRAY_TAIL, fragment); + } + fragments->destroy(fragments); + array_compress(*packets); + return TRUE; +} + METHOD(task_manager_t, retransmit, status_t, private_task_manager_t *this, u_int32_t message_id) { - if (this->initiating.packet && message_id == this->initiating.mid) + if (message_id == this->initiating.mid && + array_count(this->initiating.packets)) { u_int32_t timeout; job_t *job; @@ -229,23 +307,24 @@ METHOD(task_manager_t, retransmit, status_t, task_t *task; ike_mobike_t *mobike = NULL; + array_get(this->initiating.packets, 0, &packet); + /* check if we are retransmitting a MOBIKE routability check */ - enumerator = array_create_enumerator(this->active_tasks); - while (enumerator->enumerate(enumerator, (void*)&task)) + if (this->initiating.type == INFORMATIONAL) { - if (task->get_type(task) == TASK_IKE_MOBIKE) + enumerator = array_create_enumerator(this->active_tasks); + while (enumerator->enumerate(enumerator, (void*)&task)) { - mobike = (ike_mobike_t*)task; - if (!mobike->is_probing(mobike)) + if (task->get_type(task) == TASK_IKE_MOBIKE) { - mobike = NULL; + mobike = (ike_mobike_t*)task; + break; } - break; } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); - if (mobike == NULL) + if (!mobike || !mobike->is_probing(mobike)) { if (this->initiating.retransmitted <= this->retransmit_tries) { @@ -257,7 +336,7 @@ METHOD(task_manager_t, retransmit, status_t, DBG1(DBG_IKE, "giving up after %d retransmits", this->initiating.retransmitted - 1); charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, - this->initiating.packet); + packet); return DESTROY_ME; } @@ -265,11 +344,29 @@ METHOD(task_manager_t, retransmit, status_t, { DBG1(DBG_IKE, "retransmit %d of request with message ID %d", this->initiating.retransmitted, message_id); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, - this->initiating.packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + } + if (!mobike) + { + send_packets(this, this->initiating.packets, + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa)); + } + else + { + if (!mobike->transmit(mobike, packet)) + { + DBG1(DBG_IKE, "no route found to reach peer, MOBIKE update " + "deferred"); + this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE); + this->initiating.deferred = TRUE; + return SUCCESS; + } + else if (mobike->is_probing(mobike)) + { + timeout = ROUTEABILITY_CHECK_INTERVAL; + } } - packet = this->initiating.packet->clone(this->initiating.packet); - charon->sender->send(charon->sender, packet); } else { /* for routeability checks, we use a more aggressive behavior */ @@ -289,7 +386,16 @@ METHOD(task_manager_t, retransmit, status_t, DBG1(DBG_IKE, "path probing attempt %d", this->initiating.retransmitted); } - mobike->transmit(mobike, this->initiating.packet); + /* TODO-FRAG: presumably these small packets are not fragmented, + * we should maybe ensure this is the case when generating them */ + if (!mobike->transmit(mobike, packet)) + { + DBG1(DBG_IKE, "no route found to reach peer, path probing " + "deferred"); + this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE); + this->initiating.deferred = TRUE; + return SUCCESS; + } } this->initiating.retransmitted++; @@ -307,7 +413,6 @@ METHOD(task_manager_t, initiate, status_t, task_t *task; message_t *message; host_t *me, *other; - status_t status; exchange_type_t exchange = 0; if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED) @@ -315,6 +420,12 @@ METHOD(task_manager_t, initiate, status_t, DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress", exchange_type_names, this->initiating.type); /* do not initiate if we already have a message in the air */ + if (this->initiating.deferred) + { /* re-initiate deferred exchange */ + this->initiating.deferred = FALSE; + this->initiating.retransmitted = 0; + return retransmit(this, this->initiating.mid); + } return SUCCESS; } @@ -347,39 +458,39 @@ METHOD(task_manager_t, initiate, status_t, } break; case IKE_ESTABLISHED: - if (activate_task(this, TASK_CHILD_CREATE)) + if (activate_task(this, TASK_IKE_MOBIKE)) { - exchange = CREATE_CHILD_SA; + exchange = INFORMATIONAL; break; } - if (activate_task(this, TASK_CHILD_DELETE)) + if (activate_task(this, TASK_IKE_DELETE)) { exchange = INFORMATIONAL; break; } - if (activate_task(this, TASK_CHILD_REKEY)) + if (activate_task(this, TASK_CHILD_DELETE)) { - exchange = CREATE_CHILD_SA; + exchange = INFORMATIONAL; break; } - if (activate_task(this, TASK_IKE_DELETE)) + if (activate_task(this, TASK_IKE_REAUTH)) { exchange = INFORMATIONAL; break; } - if (activate_task(this, TASK_IKE_REKEY)) + if (activate_task(this, TASK_CHILD_CREATE)) { exchange = CREATE_CHILD_SA; break; } - if (activate_task(this, TASK_IKE_REAUTH)) + if (activate_task(this, TASK_CHILD_REKEY)) { - exchange = INFORMATIONAL; + exchange = CREATE_CHILD_SA; break; } - if (activate_task(this, TASK_IKE_MOBIKE)) + if (activate_task(this, TASK_IKE_REKEY)) { - exchange = INFORMATIONAL; + exchange = CREATE_CHILD_SA; break; } if (activate_task(this, TASK_IKE_DPD)) @@ -458,6 +569,7 @@ METHOD(task_manager_t, initiate, status_t, message->set_exchange_type(message, exchange); this->initiating.type = exchange; this->initiating.retransmitted = 0; + this->initiating.deferred = FALSE; enumerator = array_create_enumerator(this->active_tasks); while (enumerator->enumerate(enumerator, &task)) @@ -493,9 +605,7 @@ METHOD(task_manager_t, initiate, status_t, /* update exchange type if a task changed it */ this->initiating.type = message->get_exchange_type(message); - status = this->ike_sa->generate_message(this->ike_sa, message, - &this->initiating.packet); - if (status != SUCCESS) + if (!generate_message(this, message, &this->initiating.packets)) { /* message generation failed. There is nothing more to do than to * close the SA */ @@ -567,8 +677,7 @@ static status_t process_response(private_task_manager_t *this, this->initiating.mid++; this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - this->initiating.packet->destroy(this->initiating.packet); - this->initiating.packet = NULL; + clear_packets(this->initiating.packets); array_compress(this->active_tasks); @@ -636,8 +745,8 @@ static status_t build_response(private_task_manager_t *this, message_t *request) host_t *me, *other; bool delete = FALSE, hook = FALSE; ike_sa_id_t *id = NULL; - u_int64_t responder_spi; - status_t status; + u_int64_t responder_spi = 0; + bool result; me = request->get_destination(request); other = request->get_source(request); @@ -699,23 +808,20 @@ static status_t build_response(private_task_manager_t *this, message_t *request) } /* message complete, send it */ - DESTROY_IF(this->responding.packet); - this->responding.packet = NULL; - status = this->ike_sa->generate_message(this->ike_sa, message, - &this->responding.packet); + clear_packets(this->responding.packets); + result = generate_message(this, message, &this->responding.packets); message->destroy(message); if (id) { id->set_responder_spi(id, responder_spi); } - if (status != SUCCESS) + if (!result) { charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - charon->sender->send(charon->sender, - this->responding.packet->clone(this->responding.packet)); + send_packets(this, this->responding.packets, NULL, NULL); if (delete) { if (hook) @@ -964,6 +1070,48 @@ METHOD(task_manager_t, incr_mid, void, } /** + * Handle the given IKE fragment, if it is one. + * + * Returns SUCCESS if the message is not a fragment, and NEED_MORE if it was + * handled properly. Error states are returned if the fragment was invalid or + * the reassembled message could not have been processed properly. + */ +static status_t handle_fragment(private_task_manager_t *this, + message_t **defrag, message_t *msg) +{ + message_t *reassembled; + status_t status; + + if (!msg->get_payload(msg, PLV2_FRAGMENT)) + { + return SUCCESS; + } + if (!*defrag) + { + *defrag = message_create_defrag(msg); + if (!*defrag) + { + return FAILED; + } + } + status = (*defrag)->add_fragment(*defrag, msg); + if (status == SUCCESS) + { + /* reinject the reassembled message */ + reassembled = *defrag; + *defrag = NULL; + status = this->ike_sa->process_message(this->ike_sa, reassembled); + if (status == SUCCESS) + { + /* avoid processing the last fragment */ + status = NEED_MORE; + } + reassembled->destroy(reassembled); + } + return status; +} + +/** * Send a notify back to the sender */ static void send_notify_response(private_task_manager_t *this, @@ -1156,6 +1304,11 @@ METHOD(task_manager_t, process_message, status_t, { /* with MOBIKE, we do no implicit updates */ this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1); } + status = handle_fragment(this, &this->responding.defrag, msg); + if (status != SUCCESS) + { + return status; + } charon->bus->message(charon->bus, msg, TRUE, TRUE); if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED) { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ @@ -1168,20 +1321,19 @@ METHOD(task_manager_t, process_message, status_t, } this->responding.mid++; } - else if ((mid == this->responding.mid - 1) && this->responding.packet) + else if ((mid == this->responding.mid - 1) && + array_count(this->responding.packets)) { - packet_t *clone; - host_t *host; - + status = handle_fragment(this, &this->responding.defrag, msg); + if (status != SUCCESS) + { + return status; + } DBG1(DBG_IKE, "received retransmit of request with ID %d, " "retransmitting response", mid); charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg); - clone = this->responding.packet->clone(this->responding.packet); - host = msg->get_destination(msg); - clone->set_source(clone, host->clone(host)); - host = msg->get_source(msg); - clone->set_destination(clone, host->clone(host)); - charon->sender->send(charon->sender, clone); + send_packets(this, this->responding.packets, + msg->get_destination(msg), msg->get_source(msg)); } else { @@ -1209,6 +1361,11 @@ METHOD(task_manager_t, process_message, status_t, this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE); } } + status = handle_fragment(this, &this->initiating.defrag, msg); + if (status != SUCCESS) + { + return status; + } charon->bus->message(charon->bus, msg, TRUE, TRUE); if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED) { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ @@ -1368,7 +1525,25 @@ METHOD(task_manager_t, queue_mobike, void, mobike = ike_mobike_create(this->ike_sa, TRUE); if (roam) { + enumerator_t *enumerator; + task_t *current; + mobike->roam(mobike, address); + + /* enable path probing for a currently active MOBIKE task. This might + * not be the case if an address appeared on a new interface while the + * current address is not working but has not yet disappeared. */ + enumerator = array_create_enumerator(this->active_tasks); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->get_type(current) == TASK_IKE_MOBIKE) + { + ike_mobike_t *active = (ike_mobike_t*)current; + active->enable_probing(active); + break; + } + } + enumerator->destroy(enumerator); } else { @@ -1485,10 +1660,12 @@ METHOD(task_manager_t, reset, void, task_t *task; /* reset message counters and retransmit packets */ - DESTROY_IF(this->responding.packet); - DESTROY_IF(this->initiating.packet); - this->responding.packet = NULL; - this->initiating.packet = NULL; + clear_packets(this->responding.packets); + clear_packets(this->initiating.packets); + DESTROY_IF(this->responding.defrag); + DESTROY_IF(this->initiating.defrag); + this->responding.defrag = NULL; + this->initiating.defrag = NULL; if (initiate != UINT_MAX) { this->initiating.mid = initiate; @@ -1542,8 +1719,12 @@ METHOD(task_manager_t, destroy, void, array_destroy(this->queued_tasks); array_destroy(this->passive_tasks); - DESTROY_IF(this->responding.packet); - DESTROY_IF(this->initiating.packet); + clear_packets(this->responding.packets); + array_destroy(this->responding.packets); + clear_packets(this->initiating.packets); + array_destroy(this->initiating.packets); + DESTROY_IF(this->responding.defrag); + DESTROY_IF(this->initiating.defrag); free(this); } diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index e3c18ea0f..71c5f22fa 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message) message->add_payload(message, (payload_t*)ke_payload); message->add_payload(message, (payload_t*)nonce_payload); } + + /* negotiate fragmentation if we are not rekeying */ + if (!this->old_sa && + this->config->fragmentation(this->config) != FRAGMENTATION_NO) + { + if (this->initiator || + this->ike_sa->supports_extension(this->ike_sa, + EXT_IKE_FRAGMENTATION)) + { + message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED, + chunk_empty); + } + } } /** @@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message) this->other_nonce = nonce_payload->get_nonce(nonce_payload); break; } + case PLV2_NOTIFY: + { + notify_payload_t *notify = (notify_payload_t*)payload; + + if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED) + { + this->ike_sa->enable_extension(this->ike_sa, + EXT_IKE_FRAGMENTATION); + } + } default: break; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index 00ca615d8..d91fa5862 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Tobias Brunner + * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -77,6 +77,11 @@ struct private_ike_mobike_t { * additional addresses got updated */ bool addresses_updated; + + /** + * whether the pending updates counter was increased + */ + bool pending_update; }; /** @@ -301,35 +306,61 @@ static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local) host->set_port(host, port); } -METHOD(ike_mobike_t, transmit, void, +METHOD(ike_mobike_t, transmit, bool, private_ike_mobike_t *this, packet_t *packet) { host_t *me, *other, *me_old, *other_old; enumerator_t *enumerator; ike_cfg_t *ike_cfg; packet_t *copy; + int family = AF_UNSPEC; + bool found = FALSE; + + me_old = this->ike_sa->get_my_host(this->ike_sa); + other_old = this->ike_sa->get_other_host(this->ike_sa); + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); if (!this->check) { - return; + me = hydra->kernel_interface->get_source_addr(hydra->kernel_interface, + other_old, me_old); + if (me) + { + if (me->ip_equals(me, me_old)) + { + charon->sender->send(charon->sender, packet->clone(packet)); + me->destroy(me); + return TRUE; + } + me->destroy(me); + } + this->check = TRUE; } - me_old = this->ike_sa->get_my_host(this->ike_sa); - other_old = this->ike_sa->get_other_host(this->ike_sa); - ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + switch (charon->socket->supported_families(charon->socket)) + { + case SOCKET_FAMILY_IPV4: + family = AF_INET; + break; + case SOCKET_FAMILY_IPV6: + family = AF_INET6; + break; + case SOCKET_FAMILY_BOTH: + case SOCKET_FAMILY_NONE: + break; + } enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa); while (enumerator->enumerate(enumerator, (void**)&other)) { + if (family != AF_UNSPEC && other->get_family(other) != family) + { + continue; + } me = hydra->kernel_interface->get_source_addr( hydra->kernel_interface, other, NULL); if (me) { - if (me->get_family(me) != other->get_family(other)) - { - me->destroy(me); - continue; - } /* reuse port for an active address, 4500 otherwise */ apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE); other = other->clone(other); @@ -339,9 +370,11 @@ METHOD(ike_mobike_t, transmit, void, copy->set_source(copy, me); copy->set_destination(copy, other); charon->sender->send(charon->sender, copy); + found = TRUE; } } enumerator->destroy(enumerator); + return found; } METHOD(task_t, build_i, status_t, @@ -481,9 +514,7 @@ METHOD(task_t, process_i, status_t, } else if (message->get_exchange_type(message) == INFORMATIONAL) { - u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1; - this->ike_sa->set_pending_updates(this->ike_sa, updates); - if (updates > 0) + if (this->ike_sa->get_pending_updates(this->ike_sa) > 1) { /* newer update queued, ignore this one */ return SUCCESS; @@ -560,7 +591,6 @@ METHOD(task_t, process_i, status_t, this->natd = ike_natd_create(this->ike_sa, this->initiator); } this->check = FALSE; - this->ike_sa->set_pending_updates(this->ike_sa, 1); return NEED_MORE; } } @@ -573,8 +603,12 @@ METHOD(ike_mobike_t, addresses, void, private_ike_mobike_t *this) { this->address = TRUE; - this->ike_sa->set_pending_updates(this->ike_sa, + if (!this->pending_update) + { + this->pending_update = TRUE; + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); + } } METHOD(ike_mobike_t, roam, void, @@ -582,8 +616,12 @@ METHOD(ike_mobike_t, roam, void, { this->check = TRUE; this->address = address; - this->ike_sa->set_pending_updates(this->ike_sa, + if (!this->pending_update) + { + this->pending_update = TRUE; + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); + } } METHOD(ike_mobike_t, dpd, void, @@ -593,8 +631,12 @@ METHOD(ike_mobike_t, dpd, void, { this->natd = ike_natd_create(this->ike_sa, this->initiator); } - this->ike_sa->set_pending_updates(this->ike_sa, + if (!this->pending_update) + { + this->pending_update = TRUE; + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); + } } METHOD(ike_mobike_t, is_probing, bool, @@ -603,6 +645,12 @@ METHOD(ike_mobike_t, is_probing, bool, return this->check; } +METHOD(ike_mobike_t, enable_probing, void, + private_ike_mobike_t *this) +{ + this->check = TRUE; +} + METHOD(task_t, get_type, task_type_t, private_ike_mobike_t *this) { @@ -618,11 +666,21 @@ METHOD(task_t, migrate, void, { this->natd->task.migrate(&this->natd->task, ike_sa); } + if (this->pending_update) + { + this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->get_pending_updates(this->ike_sa) + 1); + } } METHOD(task_t, destroy, void, private_ike_mobike_t *this) { + if (this->pending_update) + { + this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->get_pending_updates(this->ike_sa) - 1); + } chunk_free(&this->cookie2); if (this->natd) { @@ -650,6 +708,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) .dpd = _dpd, .transmit = _transmit, .is_probing = _is_probing, + .enable_probing = _enable_probing, }, .ike_sa = ike_sa, .initiator = initiator, diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h index b145a9a8b..bb2318c9c 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h @@ -70,8 +70,9 @@ struct ike_mobike_t { * probing. * * @param packet the packet to transmit + * @return TRUE if transmitted, FALSE if no path found */ - void (*transmit)(ike_mobike_t *this, packet_t *packet); + bool (*transmit)(ike_mobike_t *this, packet_t *packet); /** * Check if this task is probing for routability. @@ -79,6 +80,11 @@ struct ike_mobike_t { * @return TRUE if task is probing */ bool (*is_probing)(ike_mobike_t *this); + + /** + * Enable probing for routability. + */ + void (*enable_probing)(ike_mobike_t *this); }; /** diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index cc4f6f77e..f0e9cbe35 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am index 0c8ecda9e..510f2a124 100644 --- a/src/libhydra/Makefile.am +++ b/src/libhydra/Makefile.am @@ -21,8 +21,7 @@ endif AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" \ - -DPLUGINDIR=\"${plugindir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" + -DPLUGINDIR=\"${plugindir}\" AM_LDFLAGS = \ -no-undefined diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in index 0b494b3ca..e3ff1981c 100644 --- a/src/libhydra/Makefile.in +++ b/src/libhydra/Makefile.in @@ -291,6 +291,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -351,6 +352,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -416,6 +418,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -463,6 +467,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -492,8 +500,7 @@ libhydra_la_LIBADD = \ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" \ - -DPLUGINDIR=\"${plugindir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" + -DPLUGINDIR=\"${plugindir}\" AM_LDFLAGS = \ -no-undefined diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index ddf2a4486..50ea066c5 100644 --- a/src/libhydra/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index 6f27bf37e..076e1f8f2 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index 2a67bd595..a9b523eb8 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index d9b55cfa7..dfd71f3bd 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -310,6 +310,12 @@ struct private_kernel_netlink_ipsec_t { bool install_routes; /** + * Whether to set protocol and ports on selector installed with transport + * mode IPsec SAs + */ + bool proto_port_transport; + + /** * Whether to track the history of a policy */ bool policy_history; @@ -810,7 +816,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, u_int32_t reqid = 0; int proto = 0; - acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr); + acquire = NLMSG_DATA(hdr); rta = XFRM_RTA(hdr, struct xfrm_user_acquire); rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire); @@ -856,7 +862,7 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, u_int32_t spi, reqid; u_int8_t protocol; - expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr); + expire = NLMSG_DATA(hdr); protocol = expire->state.id.proto; spi = expire->state.id.spi; reqid = expire->state.reqid; @@ -890,7 +896,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, u_int32_t reqid = 0; policy_dir_t dir; - policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); + policy_id = NLMSG_DATA(hdr); rta = XFRM_RTA(hdr, struct xfrm_userpolicy_id); rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id); @@ -957,7 +963,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, struct xfrm_user_mapping *mapping; u_int32_t spi, reqid; - mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr); + mapping = NLMSG_DATA(hdr); spi = mapping->id.spi; reqid = mapping->reqid; @@ -1059,12 +1065,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_ALLOCSPI; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userspi_info)); - userspi = (struct xfrm_userspi_info*)NLMSG_DATA(hdr); + userspi = NLMSG_DATA(hdr); host2xfrm(src, &userspi->info.saddr); host2xfrm(dst, &userspi->info.id.daddr); userspi->info.id.proto = proto; @@ -1208,12 +1214,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark " "%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); - sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr); + sa = NLMSG_DATA(hdr); host2xfrm(src, &sa->saddr); host2xfrm(dst, &sa->id.daddr); sa->id.spi = spi; @@ -1235,12 +1241,15 @@ METHOD(kernel_ipsec_t, add_sa, status_t, if (src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); - /* don't install proto/port on SA. This would break - * potential secondary SAs for the same address using a - * different prot/port. */ - sa->sel.proto = 0; - sa->sel.dport = sa->sel.dport_mask = 0; - sa->sel.sport = sa->sel.sport_mask = 0; + if (!this->proto_port_transport) + { + /* don't install proto/port on SA. This would break + * potential secondary SAs for the same address using a + * different prot/port. */ + sa->sel.proto = 0; + sa->sel.dport = sa->sel.dport_mask = 0; + sa->sel.sport = sa->sel.sport_mask = 0; + } } break; default: @@ -1512,7 +1521,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, status = SUCCESS; failed: - memwipe(request, sizeof(request)); + memwipe(&request, sizeof(request)); return status; } @@ -1540,12 +1549,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETAE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); - aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr); + aevent_id = NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; host2xfrm(dst, &aevent_id->sa_id.daddr); @@ -1632,12 +1641,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t, DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); + sa_id = NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = protocol; @@ -1657,7 +1666,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t, { case XFRM_MSG_NEWSA: { - sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr); + sa = NLMSG_DATA(hdr); break; } case NLMSG_ERROR: @@ -1735,12 +1744,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t, DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); + sa_id = NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = protocol; @@ -1804,12 +1813,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t, DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); /* query the existing SA first */ - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); + sa_id = NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = protocol; @@ -1867,7 +1876,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); /* copy over the SA from out to request */ - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); @@ -1958,7 +1967,7 @@ failed: free(replay); free(replay_esn); memwipe(out, len); - memwipe(request, sizeof(request)); + memwipe(&request, sizeof(request)); free(out); return status; @@ -1975,12 +1984,12 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, DBG2(DBG_KNL, "flushing all SAD entries"); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_FLUSHSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); - flush = (struct xfrm_usersa_flush*)NLMSG_DATA(hdr); + flush = NLMSG_DATA(hdr); flush->proto = IPSEC_PROTO_ANY; if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) @@ -2011,12 +2020,12 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, memcpy(&clone, policy, sizeof(policy_entry_t)); memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = update ? XFRM_MSG_UPDPOLICY : XFRM_MSG_NEWPOLICY; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)); - policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); + policy_info = NLMSG_DATA(hdr); policy_info->sel = policy->sel; policy_info->dir = policy->direction; @@ -2335,12 +2344,12 @@ METHOD(kernel_ipsec_t, query_policy, status_t, src_ts, dst_ts, policy_dir_names, direction, mark.value, mark.mask); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETPOLICY; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id)); - policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); + policy_id = NLMSG_DATA(hdr); policy_id->sel = ts2selector(src_ts, dst_ts); policy_id->dir = direction; @@ -2358,7 +2367,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, { case XFRM_MSG_NEWPOLICY: { - policy = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); + policy = NLMSG_DATA(hdr); break; } case NLMSG_ERROR: @@ -2492,12 +2501,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t, memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELPOLICY; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id)); - policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); + policy_id = NLMSG_DATA(hdr); policy_id->sel = current->sel; policy_id->dir = direction; @@ -2551,7 +2560,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, DBG2(DBG_KNL, "flushing all policies from SPD"); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_FLUSHPOLICY; hdr->nlmsg_len = NLMSG_LENGTH(0); /* no data associated */ @@ -2683,6 +2692,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() .policy_history = TRUE, .install_routes = lib->settings->get_bool(lib->settings, "%s.install_routes", TRUE, lib->ns), + .proto_port_transport = lib->settings->get_bool(lib->settings, + "%s.plugins.kernel-netlink.set_proto_port_transport_sa", + FALSE, lib->ns), ); if (streq(lib->ns, "starter")) @@ -2699,7 +2711,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() fclose(f); } - this->socket_xfrm = netlink_socket_create(NETLINK_XFRM); + this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names); if (!this->socket_xfrm) { destroy(this); diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index 82b637d1e..9d9f15974 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -78,6 +78,27 @@ #define ROUTING_TABLE_PRIO 0 #endif +ENUM(rt_msg_names, RTM_NEWLINK, RTM_GETRULE, + "RTM_NEWLINK", + "RTM_DELLINK", + "RTM_GETLINK", + "RTM_SETLINK", + "RTM_NEWADDR", + "RTM_DELADDR", + "RTM_GETADDR", + "31", + "RTM_NEWROUTE", + "RTM_DELROUTE", + "RTM_GETROUTE", + "35", + "RTM_NEWNEIGH", + "RTM_DELNEIGH", + "RTM_GETNEIGH", + "RTM_NEWRULE", + "RTM_DELRULE", + "RTM_GETRULE", +); + typedef struct addr_entry_t addr_entry_t; /** @@ -478,6 +499,16 @@ struct private_kernel_netlink_net_t { * list with routing tables to be excluded from route lookup */ linked_list_t *rt_exclude; + + /** + * MTU to set on installed routes + */ + u_int32_t mtu; + + /** + * MSS to set on installed routes + */ + u_int32_t mss; }; /** @@ -928,7 +959,7 @@ static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface, static void process_link(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr, bool event) { - struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr)); + struct ifinfomsg* msg = NLMSG_DATA(hdr); struct rtattr *rta = IFLA_RTA(msg); size_t rtasize = IFLA_PAYLOAD (hdr); enumerator_t *enumerator; @@ -1030,7 +1061,7 @@ static void process_link(private_kernel_netlink_net_t *this, static void process_addr(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr, bool event) { - struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr)); + struct ifaddrmsg* msg = NLMSG_DATA(hdr); struct rtattr *rta = IFA_RTA(msg); size_t rtasize = IFA_PAYLOAD (hdr); host_t *host = NULL; @@ -1173,7 +1204,7 @@ static void process_addr(private_kernel_netlink_net_t *this, */ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr) { - struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr)); + struct rtmsg* msg = NLMSG_DATA(hdr); struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); u_int32_t rta_oif = 0; @@ -1530,7 +1561,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) struct rtmsg *msg; size_t rtasize; - msg = (struct rtmsg*)(NLMSG_DATA(hdr)); + msg = NLMSG_DATA(hdr); rta = RTM_RTA(msg); rtasize = RTM_PAYLOAD(hdr); @@ -1615,7 +1646,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, memset(&request, 0, sizeof(request)); family = dest->get_family(dest); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; if (family == AF_INET || this->rta_prefsrc_for_ipv6 || this->routing_table || match_net) @@ -1627,7 +1658,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, hdr->nlmsg_type = RTM_GETROUTE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); - msg = (struct rtmsg*)NLMSG_DATA(hdr); + msg = NLMSG_DATA(hdr); msg->rtm_family = family; if (candidate) { @@ -1854,12 +1885,12 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type chunk = ip->get_address(ip); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; hdr->nlmsg_type = nlmsg_type; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); - msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); + msg = NLMSG_DATA(hdr); msg->ifa_family = ip->get_family(ip); msg->ifa_flags = 0; msg->ifa_prefixlen = prefix < 0 ? chunk.len * 8 : prefix; @@ -2055,6 +2086,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, netlink_buf_t request; struct nlmsghdr *hdr; struct rtmsg *msg; + struct rtattr *rta; int ifindex; chunk_t chunk; @@ -2081,12 +2113,12 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; hdr->nlmsg_type = nlmsg_type; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); - msg = (struct rtmsg*)NLMSG_DATA(hdr); + msg = NLMSG_DATA(hdr); msg->rtm_family = src_ip->get_family(src_ip); msg->rtm_dst_len = prefixlen; msg->rtm_table = this->routing_table; @@ -2107,6 +2139,30 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, chunk.len = sizeof(ifindex); netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request)); + if (this->mtu || this->mss) + { + chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) + + sizeof(u_int32_t)) * 2)); + chunk.len = 0; + rta = (struct rtattr*)chunk.ptr; + if (this->mtu) + { + rta->rta_type = RTAX_MTU; + rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); + memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t)); + chunk.len = rta->rta_len; + } + if (this->mss) + { + rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len)); + rta->rta_type = RTAX_ADVMSS; + rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); + memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t)); + chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len; + } + netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request)); + } + return this->socket->send_ack(this->socket, hdr); } @@ -2186,10 +2242,10 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) memset(&request, 0, sizeof(request)); - in = (struct nlmsghdr*)&request; + in = &request.hdr; in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)); in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; - msg = (struct rtgenmsg*)NLMSG_DATA(in); + msg = NLMSG_DATA(in); msg->rtgen_family = AF_UNSPEC; /* get all links */ @@ -2273,7 +2329,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, char *fwmark; memset(&request, 0, sizeof(request)); - hdr = (struct nlmsghdr*)request; + hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = nlmsg_type; if (nlmsg_type == RTM_NEWRULE) @@ -2282,7 +2338,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, } hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); - msg = (struct rtmsg*)NLMSG_DATA(hdr); + msg = NLMSG_DATA(hdr); msg->rtm_table = table; msg->rtm_family = family; msg->rtm_protocol = RTPROT_BOOT; @@ -2434,7 +2490,7 @@ kernel_netlink_net_t *kernel_netlink_net_create() .destroy = _destroy, }, }, - .socket = netlink_socket_create(NETLINK_ROUTE), + .socket = netlink_socket_create(NETLINK_ROUTE, rt_msg_names), .rt_exclude = linked_list_create(), .routes = hashtable_create((hashtable_hash_t)route_entry_hash, (hashtable_equals_t)route_entry_equals, 16), @@ -2466,6 +2522,10 @@ kernel_netlink_net_t *kernel_netlink_net_create() "%s.prefer_temporary_addrs", FALSE, lib->ns), .roam_events = lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns), + .mtu = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.mtu", 0, lib->ns), + .mss = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.mss", 0, lib->ns), ); timerclear(&this->last_route_reinstall); timerclear(&this->next_roam); diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c index fd00c23af..b4cece720 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c @@ -46,14 +46,14 @@ struct private_netlink_socket_t { int seq; /** - * netlink socket protocol + * netlink socket */ - int protocol; + int socket; /** - * netlink socket + * Enum names for Netlink messages */ - int socket; + enum_name_t *names; }; /** @@ -65,10 +65,13 @@ METHOD(netlink_socket_t, netlink_send, status_t, private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out, size_t *out_len) { - int len, addr_len; + union { + struct nlmsghdr hdr; + u_char bytes[4096]; + } response; struct sockaddr_nl addr; - chunk_t result = chunk_empty, tmp; - struct nlmsghdr *msg, peek; + chunk_t result = chunk_empty; + int len; this->mutex->lock(this->mutex); @@ -80,13 +83,11 @@ METHOD(netlink_socket_t, netlink_send, status_t, addr.nl_pid = 0; addr.nl_groups = 0; - if (this->protocol == NETLINK_XFRM) + if (this->names) { - chunk_t in_chunk = { (u_char*)in, in->nlmsg_len }; - - DBG3(DBG_KNL, "sending %N: %B", xfrm_msg_names, in->nlmsg_type, &in_chunk); + DBG3(DBG_KNL, "sending %N: %b", + this->names, in->nlmsg_type, in, in->nlmsg_len); } - while (TRUE) { len = sendto(this->socket, in, in->nlmsg_len, 0, @@ -108,20 +109,7 @@ METHOD(netlink_socket_t, netlink_send, status_t, while (TRUE) { - char buf[4096]; - tmp.len = sizeof(buf); - tmp.ptr = buf; - msg = (struct nlmsghdr*)tmp.ptr; - - memset(&addr, 0, sizeof(addr)); - addr.nl_family = AF_NETLINK; - addr.nl_pid = getpid(); - addr.nl_groups = 0; - addr_len = sizeof(addr); - - len = recvfrom(this->socket, tmp.ptr, tmp.len, 0, - (struct sockaddr*)&addr, &addr_len); - + len = recv(this->socket, &response, sizeof(response), 0); if (len < 0) { if (errno == EINTR) @@ -135,17 +123,17 @@ METHOD(netlink_socket_t, netlink_send, status_t, free(result.ptr); return FAILED; } - if (!NLMSG_OK(msg, len)) + if (!NLMSG_OK(&response.hdr, len)) { DBG1(DBG_KNL, "received corrupted netlink message"); this->mutex->unlock(this->mutex); free(result.ptr); return FAILED; } - if (msg->nlmsg_seq != this->seq) + if (response.hdr.nlmsg_seq != this->seq) { DBG1(DBG_KNL, "received invalid netlink sequence number"); - if (msg->nlmsg_seq < this->seq) + if (response.hdr.nlmsg_seq < this->seq) { continue; } @@ -154,17 +142,13 @@ METHOD(netlink_socket_t, netlink_send, status_t, return FAILED; } - tmp.len = len; - result.ptr = realloc(result.ptr, result.len + tmp.len); - memcpy(result.ptr + result.len, tmp.ptr, tmp.len); - result.len += tmp.len; + result = chunk_cat("mc", result, chunk_create(response.bytes, len)); /* NLM_F_MULTI flag does not seem to be set correctly, we use sequence * numbers to detect multi header messages */ - len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT, - (struct sockaddr*)&addr, &addr_len); - - if (len == sizeof(peek) && peek.nlmsg_seq == this->seq) + len = recv(this->socket, &response.hdr, sizeof(response.hdr), + MSG_PEEK | MSG_DONTWAIT); + if (len == sizeof(response.hdr) && response.hdr.nlmsg_seq == this->seq) { /* seems to be multipart */ continue; @@ -197,7 +181,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t, { case NLMSG_ERROR: { - struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr); + struct nlmsgerr* err = NLMSG_DATA(hdr); if (err->error) { @@ -235,7 +219,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t, METHOD(netlink_socket_t, destroy, void, private_netlink_socket_t *this) { - if (this->socket > 0) + if (this->socket != -1) { close(this->socket); } @@ -246,10 +230,12 @@ METHOD(netlink_socket_t, destroy, void, /** * Described in header. */ -netlink_socket_t *netlink_socket_create(int protocol) +netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names) { private_netlink_socket_t *this; - struct sockaddr_nl addr; + struct sockaddr_nl addr = { + .nl_family = AF_NETLINK, + }; INIT(this, .public = { @@ -259,21 +245,16 @@ netlink_socket_t *netlink_socket_create(int protocol) }, .seq = 200, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), - .protocol = protocol, + .socket = socket(AF_NETLINK, SOCK_RAW, protocol), + .names = names, ); - memset(&addr, 0, sizeof(addr)); - addr.nl_family = AF_NETLINK; - - this->socket = socket(AF_NETLINK, SOCK_RAW, protocol); - if (this->socket < 0) + if (this->socket == -1) { DBG1(DBG_KNL, "unable to create netlink socket"); destroy(this); return NULL; } - - addr.nl_groups = 0; if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { DBG1(DBG_KNL, "unable to bind netlink socket"); diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h index 8be935bc3..069f746d1 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h @@ -26,7 +26,10 @@ * 1024 byte is currently sufficient for all operations. Some platform * require an enforced aligment to four bytes (e.g. ARM). */ -typedef u_char netlink_buf_t[1024] __attribute__((aligned(RTA_ALIGNTO))); +typedef union { + struct nlmsghdr hdr; + u_char bytes[1024]; +} netlink_buf_t __attribute__((aligned(RTA_ALIGNTO))); typedef struct netlink_socket_t netlink_socket_t; @@ -61,9 +64,10 @@ struct netlink_socket_t { /** * Create a netlink_socket_t object. * - * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE) + * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE) + * @param names optional enum names for Netlink messages */ -netlink_socket_t *netlink_socket_create(int protocol); +netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names); /** * Creates an rtattr and adds it to the given netlink message. diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in index 767769698..821ad7710 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.in +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index e1a58aa94..00ab5ab5a 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1978,8 +1978,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } if (packets) { - /* not supported by PF_KEY */ - *packets = 0; + /* at least on Linux and FreeBSD this contains the number of packets */ + *packets = response.lft_current->sadb_lifetime_allocations; } if (time) { diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in index 7938a3d23..662f2fd7d 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.in +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index c4e8664f7..26fae0d6b 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -875,6 +875,41 @@ static void process_link(private_kernel_pfroute_net_t *this, } } +#ifdef HAVE_RTM_IFANNOUNCE + +/** + * Process an RTM_IFANNOUNCE message from the kernel + */ +static void process_announce(private_kernel_pfroute_net_t *this, + struct if_announcemsghdr *msg) +{ + enumerator_t *enumerator; + iface_entry_t *iface; + + if (msg->ifan_what != IFAN_DEPARTURE) + { + /* we handle new interfaces in process_link() */ + return; + } + + this->lock->write_lock(this->lock); + enumerator = this->ifaces->create_enumerator(this->ifaces); + while (enumerator->enumerate(enumerator, &iface)) + { + if (iface->ifindex == msg->ifan_index) + { + DBG1(DBG_KNL, "interface %s disappeared", iface->ifname); + this->ifaces->remove_at(this->ifaces, enumerator); + iface_entry_destroy(iface); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +#endif /* HAVE_RTM_IFANNOUNCE */ + /** * Process an RTM_*ROUTE message from the kernel */ @@ -895,6 +930,9 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd, struct rt_msghdr rtm; struct if_msghdr ifm; struct ifa_msghdr ifam; +#ifdef HAVE_RTM_IFANNOUNCE + struct if_announcemsghdr ifanm; +#endif }; char buf[sizeof(struct sockaddr_storage) * RTAX_MAX]; } msg; @@ -935,6 +973,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd, case RTM_IFINFO: hdrlen = sizeof(msg.ifm); break; +#ifdef HAVE_RTM_IFANNOUNCE + case RTM_IFANNOUNCE: + hdrlen = sizeof(msg.ifanm); + break; +#endif /* HAVE_RTM_IFANNOUNCE */ case RTM_ADD: case RTM_DELETE: case RTM_GET: @@ -957,6 +1000,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd, case RTM_IFINFO: process_link(this, &msg.ifm); break; +#ifdef HAVE_RTM_IFANNOUNCE + case RTM_IFANNOUNCE: + process_announce(this, &msg.ifanm); + break; +#endif /* HAVE_RTM_IFANNOUNCE */ case RTM_ADD: case RTM_DELETE: process_route(this, &msg.rtm); @@ -1518,8 +1566,7 @@ retry: { /* timed out? */ break; } - if (this->reply->rtm_msglen < sizeof(*this->reply) || - msg.hdr.rtm_seq != this->reply->rtm_seq) + if (!this->reply) { continue; } @@ -1559,6 +1606,8 @@ retry: { failed = TRUE; } + free(this->reply); + this->reply = NULL; /* signal completion of query to a waiting thread */ this->waiting_seq = 0; this->condvar->signal(this->condvar); diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in index 32eed617a..5b4c7bc6a 100644 --- a/src/libhydra/plugins/resolve/Makefile.in +++ b/src/libhydra/plugins/resolve/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 4253fe274..8269d7296 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -41,7 +41,62 @@ libimcv_la_SOURCES := \ os_info/os_info.h os_info/os_info.c \ pa_tnc/pa_tnc_attr.h \ pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \ - pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c + pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \ + pts/pts.h pts/pts.c \ + pts/pts_error.h pts/pts_error.c \ + pts/pts_pcr.h pts/pts_pcr.c \ + pts/pts_proto_caps.h \ + pts/pts_req_func_comp_evid.h \ + pts/pts_simple_evid_final.h \ + pts/pts_creds.h pts/pts_creds.c \ + pts/pts_database.h pts/pts_database.c \ + pts/pts_dh_group.h pts/pts_dh_group.c \ + pts/pts_file_meas.h pts/pts_file_meas.c \ + pts/pts_file_meta.h pts/pts_file_meta.c \ + pts/pts_file_type.h pts/pts_file_type.c \ + pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ + pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ + pts/pts_meas_algo.h pts/pts_meas_algo.c \ + pts/components/pts_component.h \ + pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ + pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ + pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ + pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ + pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ + pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ + pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ + pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ + seg/seg_contract.h seg/seg_contract.c \ + seg/seg_contract_manager.h seg/seg_contract_manager.c \ + seg/seg_env.h seg/seg_env.c \ + swid/swid_error.h swid/swid_error.c \ + swid/swid_inventory.h swid/swid_inventory.c \ + swid/swid_tag.h swid/swid_tag.c \ + swid/swid_tag_id.h swid/swid_tag_id.c \ + tcg/tcg_attr.h tcg/tcg_attr.c \ + tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ + tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ + tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ + tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ + tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ + tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ + tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ + tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ + tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ + tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ + tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ + tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ + tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ + tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ + tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ + tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ + tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ + tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES)) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 4bed3bf03..d9a5cd50d 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif + -I$(top_srcdir)/src/libtncif \ + -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la @@ -11,6 +12,10 @@ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la +if USE_TROUSERS + libimcv_la_LIBADD += -ltspi +endif + if USE_WINDOWS libimcv_la_LIBADD += -lws2_32 endif @@ -54,7 +59,62 @@ libimcv_la_SOURCES = \ os_info/os_info.h os_info/os_info.c \ pa_tnc/pa_tnc_attr.h \ pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \ - pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c + pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \ + pts/pts.h pts/pts.c \ + pts/pts_error.h pts/pts_error.c \ + pts/pts_pcr.h pts/pts_pcr.c \ + pts/pts_proto_caps.h \ + pts/pts_req_func_comp_evid.h \ + pts/pts_simple_evid_final.h \ + pts/pts_creds.h pts/pts_creds.c \ + pts/pts_database.h pts/pts_database.c \ + pts/pts_dh_group.h pts/pts_dh_group.c \ + pts/pts_file_meas.h pts/pts_file_meas.c \ + pts/pts_file_meta.h pts/pts_file_meta.c \ + pts/pts_file_type.h pts/pts_file_type.c \ + pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ + pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ + pts/pts_meas_algo.h pts/pts_meas_algo.c \ + pts/components/pts_component.h \ + pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ + pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ + pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ + pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ + pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ + pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ + pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ + pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ + seg/seg_contract.h seg/seg_contract.c \ + seg/seg_contract_manager.h seg/seg_contract_manager.c \ + seg/seg_env.h seg/seg_env.c \ + swid/swid_error.h swid/swid_error.c \ + swid/swid_inventory.h swid/swid_inventory.c \ + swid/swid_tag.h swid/swid_tag.c \ + swid/swid_tag_id.h swid/swid_tag_id.c \ + tcg/tcg_attr.h tcg/tcg_attr.c \ + tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ + tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ + tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ + tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ + tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ + tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ + tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ + tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ + tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ + tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ + tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ + tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ + tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ + tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ + tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ + tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ + tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ + tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -95,3 +155,45 @@ endif if USE_IMV_OS SUBDIRS += plugins/imv_os endif + +if USE_IMC_ATTESTATION + SUBDIRS += plugins/imc_attestation +endif + +if USE_IMV_ATTESTATION + SUBDIRS += plugins/imv_attestation +endif + +if USE_IMC_SWID + SUBDIRS += plugins/imc_swid +endif + +if USE_IMV_SWID + SUBDIRS += plugins/imv_swid +endif + +TESTS = imcv_tests + +check_PROGRAMS = $(TESTS) + +imcv_tests_SOURCES = \ + ita/ita_attr_command.c \ + pa_tnc/pa_tnc_attr_manager.c \ + seg/seg_env.c seg/seg_contract.c \ + seg/seg_contract_manager.c \ + suites/test_imcv_seg.c \ + ietf/ietf_attr_pa_tnc_error.c \ + tcg/seg/tcg_seg_attr_seg_env.c \ + imcv.c imcv_tests.h imcv_tests.c + +imcv_tests_CFLAGS = \ + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + @COVERAGE_CFLAGS@ + +imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +imcv_tests_LDADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index 4614dd607..239e62a17 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -81,14 +81,21 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@USE_WINDOWS_TRUE@am__append_1 = -lws2_32 +@USE_TROUSERS_TRUE@am__append_1 = -ltspi +@USE_WINDOWS_TRUE@am__append_2 = -lws2_32 ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) -@USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test -@USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test -@USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner -@USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner -@USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os -@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os +@USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test +@USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test +@USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner +@USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner +@USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os +@USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os +@USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation +@USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation +@USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid +@USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid +TESTS = imcv_tests$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp $(dist_templates_DATA) @@ -142,7 +149,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) + $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ imc/imc_os_info.lo imv/imv_agent.lo imv/imv_database.lo \ @@ -163,7 +171,42 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ ita/ita_attr_get_settings.lo ita/ita_attr_settings.lo \ ita/ita_attr_angel.lo ita/ita_attr_device_id.lo \ os_info/os_info.lo pa_tnc/pa_tnc_msg.lo \ - pa_tnc/pa_tnc_attr_manager.lo + pa_tnc/pa_tnc_attr_manager.lo pts/pts.lo pts/pts_error.lo \ + pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \ + pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \ + pts/pts_file_type.lo pts/pts_ima_bios_list.lo \ + pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \ + pts/components/pts_component_manager.lo \ + pts/components/pts_comp_evidence.lo \ + pts/components/pts_comp_func_name.lo \ + pts/components/ita/ita_comp_func_name.lo \ + pts/components/ita/ita_comp_ima.lo \ + pts/components/ita/ita_comp_tboot.lo \ + pts/components/ita/ita_comp_tgrub.lo \ + pts/components/tcg/tcg_comp_func_name.lo seg/seg_contract.lo \ + seg/seg_contract_manager.lo seg/seg_env.lo swid/swid_error.lo \ + swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \ + tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \ + tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ + tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ + tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \ + tcg/pts/tcg_pts_attr_meas_algo.lo \ + tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \ + tcg/pts/tcg_pts_attr_tpm_version_info.lo \ + tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \ + tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \ + tcg/pts/tcg_pts_attr_gen_attest_evid.lo \ + tcg/pts/tcg_pts_attr_simple_comp_evid.lo \ + tcg/pts/tcg_pts_attr_simple_evid_final.lo \ + tcg/pts/tcg_pts_attr_req_file_meas.lo \ + tcg/pts/tcg_pts_attr_file_meas.lo \ + tcg/pts/tcg_pts_attr_req_file_meta.lo \ + tcg/pts/tcg_pts_attr_unix_file_meta.lo \ + tcg/seg/tcg_seg_attr_max_size.lo \ + tcg/seg/tcg_seg_attr_seg_env.lo \ + tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \ + tcg/swid/tcg_swid_attr_tag_id_inv.lo \ + tcg/swid/tcg_swid_attr_tag_inv.lo libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -172,7 +215,24 @@ am__v_lt_1 = libimcv_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libimcv_la_LDFLAGS) $(LDFLAGS) -o $@ +am__EXEEXT_1 = imcv_tests$(EXEEXT) PROGRAMS = $(ipsec_PROGRAMS) +am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \ + pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT) \ + seg/imcv_tests-seg_env.$(OBJEXT) \ + seg/imcv_tests-seg_contract.$(OBJEXT) \ + seg/imcv_tests-seg_contract_manager.$(OBJEXT) \ + suites/imcv_tests-test_imcv_seg.$(OBJEXT) \ + ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT) \ + tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT) \ + imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT) +imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS) +imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la +imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(imcv_tests_CFLAGS) \ + $(CFLAGS) $(imcv_tests_LDFLAGS) $(LDFLAGS) -o $@ am_imv_policy_manager_OBJECTS = imv/imv_policy_manager.$(OBJEXT) \ imv/imv_policy_manager_usage.$(OBJEXT) imv_policy_manager_OBJECTS = $(am_imv_policy_manager_OBJECTS) @@ -213,8 +273,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES) -DIST_SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES) +SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \ + $(imv_policy_manager_SOURCES) +DIST_SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \ + $(imv_policy_manager_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -256,8 +318,32 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red='[0;31m'; \ + grn='[0;32m'; \ + lgn='[1;32m'; \ + blu='[1;34m'; \ + mgn='[0;35m'; \ + brg='[1m'; \ + std='[m'; \ + fi; \ +} DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ - plugins/imv_scanner plugins/imc_os plugins/imv_os + plugins/imv_scanner plugins/imc_os plugins/imv_os \ + plugins/imc_attestation plugins/imv_attestation \ + plugins/imc_swid plugins/imv_swid DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -315,6 +401,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -375,6 +462,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -440,6 +528,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -487,6 +577,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -498,7 +592,8 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif + -I$(top_srcdir)/src/libtncif \ + -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la libimcv_la_LDFLAGS = \ @@ -506,7 +601,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) + $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \ + $(am__append_2) libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -546,7 +642,62 @@ libimcv_la_SOURCES = \ os_info/os_info.h os_info/os_info.c \ pa_tnc/pa_tnc_attr.h \ pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \ - pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c + pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \ + pts/pts.h pts/pts.c \ + pts/pts_error.h pts/pts_error.c \ + pts/pts_pcr.h pts/pts_pcr.c \ + pts/pts_proto_caps.h \ + pts/pts_req_func_comp_evid.h \ + pts/pts_simple_evid_final.h \ + pts/pts_creds.h pts/pts_creds.c \ + pts/pts_database.h pts/pts_database.c \ + pts/pts_dh_group.h pts/pts_dh_group.c \ + pts/pts_file_meas.h pts/pts_file_meas.c \ + pts/pts_file_meta.h pts/pts_file_meta.c \ + pts/pts_file_type.h pts/pts_file_type.c \ + pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ + pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ + pts/pts_meas_algo.h pts/pts_meas_algo.c \ + pts/components/pts_component.h \ + pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ + pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ + pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ + pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ + pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ + pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ + pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ + pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ + seg/seg_contract.h seg/seg_contract.c \ + seg/seg_contract_manager.h seg/seg_contract_manager.c \ + seg/seg_env.h seg/seg_env.c \ + swid/swid_error.h swid/swid_error.c \ + swid/swid_inventory.h swid/swid_inventory.c \ + swid/swid_tag.h swid/swid_tag.c \ + swid/swid_tag_id.h swid/swid_tag_id.c \ + tcg/tcg_attr.h tcg/tcg_attr.c \ + tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ + tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ + tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ + tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ + tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ + tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ + tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ + tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ + tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ + tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ + tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ + tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ + tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ + tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ + tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ + tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ + tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ + tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ + tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ + tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -560,8 +711,32 @@ imv_policy_manager_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la #imv/imv_policy_manager.o : $(top_builddir)/config.status -SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ - $(am__append_5) $(am__append_6) $(am__append_7) +SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \ + $(am__append_6) $(am__append_7) $(am__append_8) \ + $(am__append_9) $(am__append_10) $(am__append_11) \ + $(am__append_12) +imcv_tests_SOURCES = \ + ita/ita_attr_command.c \ + pa_tnc/pa_tnc_attr_manager.c \ + seg/seg_env.c seg/seg_contract.c \ + seg/seg_contract_manager.c \ + suites/test_imcv_seg.c \ + ietf/ietf_attr_pa_tnc_error.c \ + tcg/seg/tcg_seg_attr_seg_env.c \ + imcv.c imcv_tests.h imcv_tests.c + +imcv_tests_CFLAGS = \ + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + @COVERAGE_CFLAGS@ + +imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +imcv_tests_LDADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la + all: all-recursive .SUFFIXES: @@ -728,9 +903,176 @@ pa_tnc/pa_tnc_msg.lo: pa_tnc/$(am__dirstamp) \ pa_tnc/$(DEPDIR)/$(am__dirstamp) pa_tnc/pa_tnc_attr_manager.lo: pa_tnc/$(am__dirstamp) \ pa_tnc/$(DEPDIR)/$(am__dirstamp) +pts/$(am__dirstamp): + @$(MKDIR_P) pts + @: > pts/$(am__dirstamp) +pts/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) pts/$(DEPDIR) + @: > pts/$(DEPDIR)/$(am__dirstamp) +pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_file_meas.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_file_meta.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_file_type.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/pts_meas_algo.lo: pts/$(am__dirstamp) \ + pts/$(DEPDIR)/$(am__dirstamp) +pts/components/$(am__dirstamp): + @$(MKDIR_P) pts/components + @: > pts/components/$(am__dirstamp) +pts/components/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) pts/components/$(DEPDIR) + @: > pts/components/$(DEPDIR)/$(am__dirstamp) +pts/components/pts_component_manager.lo: \ + pts/components/$(am__dirstamp) \ + pts/components/$(DEPDIR)/$(am__dirstamp) +pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \ + pts/components/$(DEPDIR)/$(am__dirstamp) +pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \ + pts/components/$(DEPDIR)/$(am__dirstamp) +pts/components/ita/$(am__dirstamp): + @$(MKDIR_P) pts/components/ita + @: > pts/components/ita/$(am__dirstamp) +pts/components/ita/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) pts/components/ita/$(DEPDIR) + @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp) +pts/components/ita/ita_comp_func_name.lo: \ + pts/components/ita/$(am__dirstamp) \ + pts/components/ita/$(DEPDIR)/$(am__dirstamp) +pts/components/ita/ita_comp_ima.lo: \ + pts/components/ita/$(am__dirstamp) \ + pts/components/ita/$(DEPDIR)/$(am__dirstamp) +pts/components/ita/ita_comp_tboot.lo: \ + pts/components/ita/$(am__dirstamp) \ + pts/components/ita/$(DEPDIR)/$(am__dirstamp) +pts/components/ita/ita_comp_tgrub.lo: \ + pts/components/ita/$(am__dirstamp) \ + pts/components/ita/$(DEPDIR)/$(am__dirstamp) +pts/components/tcg/$(am__dirstamp): + @$(MKDIR_P) pts/components/tcg + @: > pts/components/tcg/$(am__dirstamp) +pts/components/tcg/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) pts/components/tcg/$(DEPDIR) + @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp) +pts/components/tcg/tcg_comp_func_name.lo: \ + pts/components/tcg/$(am__dirstamp) \ + pts/components/tcg/$(DEPDIR)/$(am__dirstamp) +seg/$(am__dirstamp): + @$(MKDIR_P) seg + @: > seg/$(am__dirstamp) +seg/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) seg/$(DEPDIR) + @: > seg/$(DEPDIR)/$(am__dirstamp) +seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) +seg/seg_contract_manager.lo: seg/$(am__dirstamp) \ + seg/$(DEPDIR)/$(am__dirstamp) +seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) +swid/$(am__dirstamp): + @$(MKDIR_P) swid + @: > swid/$(am__dirstamp) +swid/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) swid/$(DEPDIR) + @: > swid/$(DEPDIR)/$(am__dirstamp) +swid/swid_error.lo: swid/$(am__dirstamp) \ + swid/$(DEPDIR)/$(am__dirstamp) +swid/swid_inventory.lo: swid/$(am__dirstamp) \ + swid/$(DEPDIR)/$(am__dirstamp) +swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) +swid/swid_tag_id.lo: swid/$(am__dirstamp) \ + swid/$(DEPDIR)/$(am__dirstamp) +tcg/$(am__dirstamp): + @$(MKDIR_P) tcg + @: > tcg/$(am__dirstamp) +tcg/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tcg/$(DEPDIR) + @: > tcg/$(DEPDIR)/$(am__dirstamp) +tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp) +tcg/pts/$(am__dirstamp): + @$(MKDIR_P) tcg/pts + @: > tcg/pts/$(am__dirstamp) +tcg/pts/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tcg/pts/$(DEPDIR) + @: > tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \ + tcg/pts/$(DEPDIR)/$(am__dirstamp) +tcg/seg/$(am__dirstamp): + @$(MKDIR_P) tcg/seg + @: > tcg/seg/$(am__dirstamp) +tcg/seg/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tcg/seg/$(DEPDIR) + @: > tcg/seg/$(DEPDIR)/$(am__dirstamp) +tcg/seg/tcg_seg_attr_max_size.lo: tcg/seg/$(am__dirstamp) \ + tcg/seg/$(DEPDIR)/$(am__dirstamp) +tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \ + tcg/seg/$(DEPDIR)/$(am__dirstamp) +tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \ + tcg/seg/$(DEPDIR)/$(am__dirstamp) +tcg/swid/$(am__dirstamp): + @$(MKDIR_P) tcg/swid + @: > tcg/swid/$(am__dirstamp) +tcg/swid/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tcg/swid/$(DEPDIR) + @: > tcg/swid/$(DEPDIR)/$(am__dirstamp) +tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \ + tcg/swid/$(DEPDIR)/$(am__dirstamp) +tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \ + tcg/swid/$(DEPDIR)/$(am__dirstamp) +tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \ + tcg/swid/$(DEPDIR)/$(am__dirstamp) libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES) $(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS) + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ @@ -780,6 +1122,32 @@ clean-ipsecPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +ita/imcv_tests-ita_attr_command.$(OBJEXT): ita/$(am__dirstamp) \ + ita/$(DEPDIR)/$(am__dirstamp) +pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT): \ + pa_tnc/$(am__dirstamp) pa_tnc/$(DEPDIR)/$(am__dirstamp) +seg/imcv_tests-seg_env.$(OBJEXT): seg/$(am__dirstamp) \ + seg/$(DEPDIR)/$(am__dirstamp) +seg/imcv_tests-seg_contract.$(OBJEXT): seg/$(am__dirstamp) \ + seg/$(DEPDIR)/$(am__dirstamp) +seg/imcv_tests-seg_contract_manager.$(OBJEXT): seg/$(am__dirstamp) \ + seg/$(DEPDIR)/$(am__dirstamp) +suites/$(am__dirstamp): + @$(MKDIR_P) suites + @: > suites/$(am__dirstamp) +suites/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) suites/$(DEPDIR) + @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/imcv_tests-test_imcv_seg.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT): \ + ietf/$(am__dirstamp) ietf/$(DEPDIR)/$(am__dirstamp) +tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT): \ + tcg/seg/$(am__dirstamp) tcg/seg/$(DEPDIR)/$(am__dirstamp) + +imcv_tests$(EXEEXT): $(imcv_tests_OBJECTS) $(imcv_tests_DEPENDENCIES) $(EXTRA_imcv_tests_DEPENDENCIES) + @rm -f imcv_tests$(EXEEXT) + $(AM_V_CCLD)$(imcv_tests_LINK) $(imcv_tests_OBJECTS) $(imcv_tests_LDADD) $(LIBS) imv/imv_policy_manager.$(OBJEXT): imv/$(am__dirstamp) \ imv/$(DEPDIR)/$(am__dirstamp) imv/imv_policy_manager_usage.$(OBJEXT): imv/$(am__dirstamp) \ @@ -838,11 +1206,34 @@ mostlyclean-compile: -rm -f os_info/*.lo -rm -f pa_tnc/*.$(OBJEXT) -rm -f pa_tnc/*.lo + -rm -f pts/*.$(OBJEXT) + -rm -f pts/*.lo + -rm -f pts/components/*.$(OBJEXT) + -rm -f pts/components/*.lo + -rm -f pts/components/ita/*.$(OBJEXT) + -rm -f pts/components/ita/*.lo + -rm -f pts/components/tcg/*.$(OBJEXT) + -rm -f pts/components/tcg/*.lo + -rm -f seg/*.$(OBJEXT) + -rm -f seg/*.lo + -rm -f suites/*.$(OBJEXT) + -rm -f swid/*.$(OBJEXT) + -rm -f swid/*.lo + -rm -f tcg/*.$(OBJEXT) + -rm -f tcg/*.lo + -rm -f tcg/pts/*.$(OBJEXT) + -rm -f tcg/pts/*.lo + -rm -f tcg/seg/*.$(OBJEXT) + -rm -f tcg/seg/*.lo + -rm -f tcg/swid/*.$(OBJEXT) + -rm -f tcg/swid/*.lo distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv_tests-imcv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv_tests-imcv_tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_assess_result.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_attr_request.Plo@am__quote@ @@ -856,6 +1247,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_product_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_remediation_instr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_string_version.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_os_info.Plo@am__quote@ @@ -871,6 +1263,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_session.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_session_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_workitem.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_angel.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_command.Plo@am__quote@ @@ -879,8 +1272,65 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_get_settings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_settings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@os_info/$(DEPDIR)/os_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/pa_tnc_attr_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/pa_tnc_msg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_database.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_dh_group.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meas.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meta.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_type.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_bios_list.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_event_list.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_meas_algo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_pcr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_evidence.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_func_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_component_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_env.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -906,6 +1356,146 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +ita/imcv_tests-ita_attr_command.o: ita/ita_attr_command.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.o -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c + +ita/imcv_tests-ita_attr_command.obj: ita/ita_attr_command.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.obj -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi` + +pa_tnc/imcv_tests-pa_tnc_attr_manager.o: pa_tnc/pa_tnc_attr_manager.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.o -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c + +pa_tnc/imcv_tests-pa_tnc_attr_manager.obj: pa_tnc/pa_tnc_attr_manager.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.obj -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi` + +seg/imcv_tests-seg_env.o: seg/seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c + +seg/imcv_tests-seg_env.obj: seg/seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi` + +seg/imcv_tests-seg_contract.o: seg/seg_contract.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c + +seg/imcv_tests-seg_contract.obj: seg/seg_contract.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi` + +seg/imcv_tests-seg_contract_manager.o: seg/seg_contract_manager.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c + +seg/imcv_tests-seg_contract_manager.obj: seg/seg_contract_manager.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi` + +suites/imcv_tests-test_imcv_seg.o: suites/test_imcv_seg.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c + +suites/imcv_tests-test_imcv_seg.obj: suites/test_imcv_seg.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.obj -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi` + +ietf/imcv_tests-ietf_attr_pa_tnc_error.o: ietf/ietf_attr_pa_tnc_error.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.o -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c + +ietf/imcv_tests-ietf_attr_pa_tnc_error.obj: ietf/ietf_attr_pa_tnc_error.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.obj -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi` + +tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o: tcg/seg/tcg_seg_attr_seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c + +tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj: tcg/seg/tcg_seg_attr_seg_env.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi` + +imcv_tests-imcv.o: imcv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c + +imcv_tests-imcv.obj: imcv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi` + +imcv_tests-imcv_tests.o: imcv_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c + +imcv_tests-imcv_tests.obj: imcv_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi` + mostlyclean-libtool: -rm -f *.lo @@ -917,6 +1507,16 @@ clean-libtool: -rm -rf ita/.libs ita/_libs -rm -rf os_info/.libs os_info/_libs -rm -rf pa_tnc/.libs pa_tnc/_libs + -rm -rf pts/.libs pts/_libs + -rm -rf pts/components/.libs pts/components/_libs + -rm -rf pts/components/ita/.libs pts/components/ita/_libs + -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs + -rm -rf seg/.libs seg/_libs + -rm -rf swid/.libs swid/_libs + -rm -rf tcg/.libs tcg/_libs + -rm -rf tcg/pts/.libs tcg/pts/_libs + -rm -rf tcg/seg/.libs tcg/seg/_libs + -rm -rf tcg/swid/.libs tcg/swid/_libs install-dist_templatesDATA: $(dist_templates_DATA) @$(NORMAL_INSTALL) @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ @@ -1038,6 +1638,99 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -1094,6 +1787,8 @@ distdir: $(DISTFILES) fi; \ done check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-recursive all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) installdirs: installdirs-recursive @@ -1139,17 +1834,39 @@ distclean-generic: -rm -f os_info/$(am__dirstamp) -rm -f pa_tnc/$(DEPDIR)/$(am__dirstamp) -rm -f pa_tnc/$(am__dirstamp) + -rm -f pts/$(DEPDIR)/$(am__dirstamp) + -rm -f pts/$(am__dirstamp) + -rm -f pts/components/$(DEPDIR)/$(am__dirstamp) + -rm -f pts/components/$(am__dirstamp) + -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp) + -rm -f pts/components/ita/$(am__dirstamp) + -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp) + -rm -f pts/components/tcg/$(am__dirstamp) + -rm -f seg/$(DEPDIR)/$(am__dirstamp) + -rm -f seg/$(am__dirstamp) + -rm -f suites/$(DEPDIR)/$(am__dirstamp) + -rm -f suites/$(am__dirstamp) + -rm -f swid/$(DEPDIR)/$(am__dirstamp) + -rm -f swid/$(am__dirstamp) + -rm -f tcg/$(DEPDIR)/$(am__dirstamp) + -rm -f tcg/$(am__dirstamp) + -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp) + -rm -f tcg/pts/$(am__dirstamp) + -rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp) + -rm -f tcg/seg/$(am__dirstamp) + -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp) + -rm -f tcg/swid/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive -clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \ - clean-libtool mostlyclean-am +clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \ + clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) + -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1196,7 +1913,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) + -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1216,17 +1933,17 @@ ps-am: uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES -.MAKE: $(am__recursive_targets) install-am install-strip +.MAKE: $(am__recursive_targets) check-am install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-ipsecPROGRAMS \ - clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dist_templatesDATA install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ + check-TESTS check-am clean clean-checkPROGRAMS clean-generic \ + clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES clean-libtool \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dist_templatesDATA \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ install-ipsecPROGRAMS install-ipsecSCRIPTS \ install-ipseclibLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 2f3819898..67269af53 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -47,34 +47,35 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, /** * See header */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value) +pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, + chunk_t value) { switch (type) { case IETF_ATTR_ATTRIBUTE_REQUEST: - return ietf_attr_attr_request_create_from_data(value); + return ietf_attr_attr_request_create_from_data(length, value); case IETF_ATTR_PRODUCT_INFORMATION: - return ietf_attr_product_info_create_from_data(value); + return ietf_attr_product_info_create_from_data(length, value); case IETF_ATTR_NUMERIC_VERSION: - return ietf_attr_numeric_version_create_from_data(value); + return ietf_attr_numeric_version_create_from_data(length, value); case IETF_ATTR_STRING_VERSION: - return ietf_attr_string_version_create_from_data(value); + return ietf_attr_string_version_create_from_data(length, value); case IETF_ATTR_OPERATIONAL_STATUS: - return ietf_attr_op_status_create_from_data(value); + return ietf_attr_op_status_create_from_data(length, value); case IETF_ATTR_PORT_FILTER: - return ietf_attr_port_filter_create_from_data(value); + return ietf_attr_port_filter_create_from_data(length, value); case IETF_ATTR_INSTALLED_PACKAGES: - return ietf_attr_installed_packages_create_from_data(value); + return ietf_attr_installed_packages_create_from_data(length, value); case IETF_ATTR_PA_TNC_ERROR: - return ietf_attr_pa_tnc_error_create_from_data(value); + return ietf_attr_pa_tnc_error_create_from_data(length, value); case IETF_ATTR_ASSESSMENT_RESULT: - return ietf_attr_assess_result_create_from_data(value); + return ietf_attr_assess_result_create_from_data(length, value); case IETF_ATTR_REMEDIATION_INSTRUCTIONS: - return ietf_attr_remediation_instr_create_from_data(value); + return ietf_attr_remediation_instr_create_from_data(length, value); case IETF_ATTR_FORWARDING_ENABLED: - return ietf_attr_fwd_enabled_create_from_data(value); + return ietf_attr_fwd_enabled_create_from_data(length, value); case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: - return ietf_attr_default_pwd_enabled_create_from_data(value); + return ietf_attr_default_pwd_enabled_create_from_data(length, value); case IETF_ATTR_TESTING: case IETF_ATTR_RESERVED: default: diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index d22175d94..169ed78e8 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -56,8 +56,10 @@ extern enum_name_t *ietf_attr_names; * Create an IETF PA-TNC attribute from data * * @param type attribute type - * @param value attribute value + * @param length attribute length + * @param value attribute value or segment */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value); +pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, + chunk_t value); #endif /** IETF_ATTR_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c index 55226e3bb..1cffdcaae 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.c +++ b/src/libimcv/ietf/ietf_attr_assess_result.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,7 +50,12 @@ struct private_ietf_attr_assess_result_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void, writer = bio_writer_create(ASSESS_RESULT_SIZE); writer->write_uint32(writer, this->result); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -115,10 +121,15 @@ METHOD(pa_tnc_attr_t, process, status_t, { bio_reader_t *reader; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < ASSESS_RESULT_SIZE) { DBG1(DBG_TNC, "insufficient data for IETF assessment result"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -128,6 +139,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_assess_result_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_assess_result_t *this) { @@ -167,6 +184,7 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -183,7 +201,8 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result) /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_assess_result_t *this; @@ -196,12 +215,14 @@ pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_result = _get_result, }, .type = { PEN_IETF, IETF_ATTR_ASSESSMENT_RESULT }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h index e94b57b88..b1a5166dc 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.h +++ b/src/libimcv/ietf/ietf_attr_assess_result.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result); /** * Creates an ietf_attr_assess_result_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_ASSESS_RESULT_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c index 3b4fd26cd..3862a0aa8 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.c +++ b/src/libimcv/ietf/ietf_attr_attr_request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -59,7 +59,12 @@ struct private_ietf_attr_attr_request_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -126,6 +131,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -150,11 +156,17 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int8_t reserved; int count; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } + count = this->value.len / ATTR_REQUEST_ENTRY_SIZE; if (this->value.len != ATTR_REQUEST_ENTRY_SIZE * count) { DBG1(DBG_TNC, "incorrect attribute length for IETF attribute request"); - *offset = 0; return FAILED; } @@ -184,6 +196,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_attr_request_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_attr_request_t *this) { @@ -224,6 +242,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -246,7 +265,8 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type) /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_attr_request_t *this; @@ -259,6 +279,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -266,6 +287,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data) .create_enumerator = _create_enumerator, }, .type = { PEN_IETF, IETF_ATTR_ATTRIBUTE_REQUEST }, + .length = length, .value = chunk_clone(data), .list = linked_list_create(), .ref = 1, diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h index fc9e08676..47b038605 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.h +++ b/src/libimcv/ietf/ietf_attr_attr_request.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -62,10 +62,10 @@ struct ietf_attr_attr_request_t { pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type); /** - * Creates an ietf_attr_attr_request_t object from received data - * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_ATTR_REQUEST_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c index 2c6b3d542..ee5864d29 100644 --- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c +++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,7 +50,12 @@ struct private_ietf_attr_default_pwd_enabled_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32(writer, this->status); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len != DEFAULT_PWD_ENABLED_SIZE) { DBG1(DBG_TNC, "incorrect size for IETF factory default password " @@ -139,6 +149,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_default_pwd_enabled_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_default_pwd_enabled_t *this) { @@ -178,6 +194,7 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -194,7 +211,8 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status) /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_default_pwd_enabled_t *this; @@ -207,12 +225,14 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_status = _get_status, }, .type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h index 6fe1a02b1..3999590d4 100644 --- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h +++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h @@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create(bool status); /** * Creates an ietf_attr_default_pwd_enabled_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_PWD_ENABLED_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c index a906b2258..c00a5efc2 100644 --- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c +++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,7 +50,12 @@ struct private_ietf_attr_fwd_enabled_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32(writer, this->fwd_status); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len != FORWARDING_ENABLED_SIZE) { DBG1(DBG_TNC, "incorrect size for IETF forwarding enabled attribute"); @@ -138,6 +148,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_fwd_enabled_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_fwd_enabled_t *this) { @@ -177,6 +193,7 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -193,7 +210,8 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status) /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_fwd_enabled_t *this; @@ -206,12 +224,14 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_status = _get_status, }, .type = { PEN_IETF, IETF_ATTR_FORWARDING_ENABLED }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.h b/src/libimcv/ietf/ietf_attr_fwd_enabled.h index 41714380e..c4b6c1547 100644 --- a/src/libimcv/ietf/ietf_attr_fwd_enabled.h +++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-14 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -57,8 +57,10 @@ pa_tnc_attr_t* ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status); /** * Creates an ietf_attr_fwd_enabled_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_FWD_ENABLED_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c index f33f643af..39eea555a 100644 --- a/src/libimcv/ietf/ietf_attr_installed_packages.c +++ b/src/libimcv/ietf/ietf_attr_installed_packages.c @@ -57,16 +57,36 @@ struct private_ietf_attr_installed_packages_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer */ chunk_t value; /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** * Noskip flag */ bool noskip_flag; /** + * Number of Installed Packages in attribute + */ + uint16_t count; + + /** * List of Installed Package entries */ linked_list_t *packages; @@ -143,6 +163,8 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; writer->destroy(writer); } @@ -151,72 +173,91 @@ METHOD(pa_tnc_attr_t, process, status_t, { bio_reader_t *reader; package_entry_t *entry; - status_t status = FAILED; + status_t status = NEED_MORE; chunk_t name, version; - u_int16_t reserved, count; + u_int16_t reserved; u_char *pos; - *offset = 0; - - if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for IETF installed packages"); - return FAILED; + if (this->offset == 0) + { + if (this->length < IETF_INSTALLED_PACKAGES_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint16(reader, &reserved); + reader->read_uint16(reader, &this->count); + this->offset = IETF_INSTALLED_PACKAGES_MIN_SIZE; + this->value = reader->peek(reader); + reader->destroy(reader); } + reader = bio_reader_create(this->value); - reader->read_uint16(reader, &reserved); - reader->read_uint16(reader, &count); - *offset = IETF_INSTALLED_PACKAGES_MIN_SIZE; - while (reader->remaining(reader)) + while (this->count) { - if (!reader->read_data8(reader, &name)) + if (!reader->read_data8(reader, &name) || + !reader->read_data8(reader, &version)) { - DBG1(DBG_TNC, "insufficient data for IETF installed package name"); goto end; } pos = memchr(name.ptr, '\0', name.len); if (pos) { DBG1(DBG_TNC, "nul termination in IETF installed package name"); - *offset += 1 + (pos - name.ptr); - goto end; - } - *offset += 1 + name.len; - - if (!reader->read_data8(reader, &version)) - { - DBG1(DBG_TNC, "insufficient data for IETF installed package version"); + *offset = this->offset + 1 + (pos - name.ptr); + status = FAILED; goto end; } pos = memchr(version.ptr, '\0', version.len); if (pos) { DBG1(DBG_TNC, "nul termination in IETF installed package version"); - *offset += 1 + (pos - version.ptr); + *offset = this->offset + 1 + name.len + 1 + (pos - version.ptr); + status = FAILED; goto end; } - *offset += 1 + version.len; + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); entry = malloc_thing(package_entry_t); entry->name = chunk_clone(name); entry->version = chunk_clone(version); this->packages->insert_last(this->packages, entry); + + /* at least one tag ID was processed */ + status = SUCCESS; + this->count--; } - if (count != this->packages->get_count(this->packages)) + if (this->length != this->offset) { - DBG1(DBG_TNC, "IETF installed package count unequal to " - "number of included packages"); - goto end; + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; } - status = SUCCESS; end: reader->destroy(reader); return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_installed_packages_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_installed_packages_t *this) { @@ -230,7 +271,7 @@ METHOD(pa_tnc_attr_t, destroy, void, if (ref_put(&this->ref)) { this->packages->destroy_function(this->packages, (void*)free_package_entry); - free(this->value.ptr); + free(this->segment.ptr); free(this); } } @@ -269,6 +310,23 @@ METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*, (void*)package_filter, NULL, NULL); } +METHOD(ietf_attr_installed_packages_t, get_count, uint16_t, + private_ietf_attr_installed_packages_t *this) +{ + return this->count; +} + +METHOD(ietf_attr_installed_packages_t, clear_packages, void, + private_ietf_attr_installed_packages_t *this) +{ + package_entry_t *entry; + + while (this->packages->remove_first(this->packages,(void**)&entry) == SUCCESS) + { + free_package_entry(entry); + } +} + /** * Described in header. */ @@ -285,11 +343,14 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .create_enumerator = _create_enumerator, + .get_count = _get_count, + .clear_packages = _clear_packages, }, .type = { PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES }, .packages = linked_list_create(), @@ -300,9 +361,11 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void) } /** - * Described in header. + * Described in header. .length = length, + */ -pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_installed_packages_t *this; @@ -315,18 +378,25 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .create_enumerator = _create_enumerator, + .get_count = _get_count, + .clear_packages = _clear_packages, }, .type = {PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES }, - .value = chunk_clone(data), + .length = length, + .segment = chunk_clone(data), .packages = linked_list_create(), .ref = 1, ); + /* received either complete attribute value or first segment */ + this->value = this->segment; + return &this->public.pa_tnc_attribute; } diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.h b/src/libimcv/ietf/ietf_attr_installed_packages.h index e19d0f47b..9f7b7cbcf 100644 --- a/src/libimcv/ietf/ietf_attr_installed_packages.h +++ b/src/libimcv/ietf/ietf_attr_installed_packages.h @@ -56,6 +56,18 @@ struct ietf_attr_installed_packages_t { */ enumerator_t* (*create_enumerator)(ietf_attr_installed_packages_t *this); + /** + * Number of Installed Packages still missing + * + * @return Number of missing installed packages + */ + uint16_t (*get_count)(ietf_attr_installed_packages_t *this); + + /** + * Remove all Installed Packages from list + */ + void (*clear_packages)(ietf_attr_installed_packages_t *this); + }; /** @@ -67,8 +79,10 @@ pa_tnc_attr_t* ietf_attr_installed_packages_create(void); /** * Creates an ietf_attr_installed_packages_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_INSTALLED_PACKAGES_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c index 739256457..c8fd6c1ca 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.c +++ b/src/libimcv/ietf/ietf_attr_numeric_version.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -56,7 +56,12 @@ struct private_ietf_attr_numeric_version_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -138,6 +143,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, this->service_pack_minor); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -146,10 +152,15 @@ METHOD(pa_tnc_attr_t, process, status_t, { bio_reader_t *reader; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < NUMERIC_VERSION_SIZE) { DBG1(DBG_TNC, "insufficient data for IETF numeric version"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -163,6 +174,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_numeric_version_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_numeric_version_t *this) { @@ -231,6 +248,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -253,7 +271,8 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_numeric_version_t *this; @@ -266,6 +285,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -274,6 +294,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data) .get_service_pack = _get_service_pack, }, .type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h index bbda6b895..34393c673 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.h +++ b/src/libimcv/ietf/ietf_attr_numeric_version.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-14 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -77,8 +77,10 @@ pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor /** * Creates an ietf_attr_numeric_version_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_NUMERIC_VERSION_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c index 23530684a..d061a52f9 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.c +++ b/src/libimcv/ietf/ietf_attr_op_status.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -76,7 +76,12 @@ struct private_ietf_attr_op_status_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -154,6 +159,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, chunk_create(last_use, 20)); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -167,6 +173,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len != OP_STATUS_SIZE) { DBG1(DBG_TNC, "incorrect size for IETF operational status"); @@ -212,6 +222,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_op_status_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_op_status_t *this) { @@ -264,6 +280,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -284,7 +301,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_op_status_create_from_data(size_t length, chunk_t data) { private_ietf_attr_op_status_t *this; @@ -297,6 +314,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h index b70fab608..f19185f0a 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.h +++ b/src/libimcv/ietf/ietf_attr_op_status.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-14 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -100,8 +100,10 @@ pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result, /** * Creates an ietf_attr_op_status_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_op_status_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_op_status_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_OP_STATUS_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index 5f20f8958..0dbb4aaef 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -113,7 +113,12 @@ struct private_ietf_attr_pa_tnc_error_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -133,14 +138,19 @@ struct private_ietf_attr_pa_tnc_error_t { chunk_t msg_info; /** - * First 8 bytes of unsupported PA-TNC attribute + * Flags of unsupported PA-TNC attribute + */ + uint8_t flags; + + /** + * Vendor ID and type of unsupported PA-TNC attribute */ - chunk_t attr_info; + pen_type_t unsupported_type; /** * PA-TNC error offset */ - u_int32_t error_offset; + uint32_t error_offset; /** * Reference count @@ -200,26 +210,35 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, PA_ERROR_VERSION_RESERVED); break; case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED: - writer->write_data(writer, this->attr_info); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->unsupported_type.vendor_id); + writer->write_uint32(writer, this->unsupported_type.type); break; default: break; } } this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_pa_tnc_error_t *this, u_int32_t *offset) + private_ietf_attr_pa_tnc_error_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; + uint32_t vendor_id, type; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PA_ERROR_HEADER_SIZE) { DBG1(DBG_TNC, "insufficient data for PA-TNC error header"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -250,8 +269,7 @@ METHOD(pa_tnc_attr_t, process, status_t, } break; case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED: - if (!reader->read_data(reader, PA_ERROR_ATTR_INFO_SIZE, - &this->attr_info)) + if (reader->remaining(reader) < PA_ERROR_ATTR_INFO_SIZE) { reader->destroy(reader); DBG1(DBG_TNC, "insufficient data for unsupported attribute " @@ -259,7 +277,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE; return FAILED; } - this->attr_info = chunk_clone(this->attr_info); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &vendor_id); + reader->read_uint32(reader, &type); + this->unsupported_type = pen_type_create(vendor_id, type); break; default: break; @@ -275,6 +296,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_pa_tnc_error_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_pa_tnc_error_t *this) { @@ -289,7 +316,6 @@ METHOD(pa_tnc_attr_t, destroy, void, { free(this->value.ptr); free(this->msg_info.ptr); - free(this->attr_info.ptr); free(this); } } @@ -306,19 +332,24 @@ METHOD(ietf_attr_pa_tnc_error_t, get_msg_info, chunk_t, return this->msg_info; } -METHOD(ietf_attr_pa_tnc_error_t, get_attr_info, chunk_t, - private_ietf_attr_pa_tnc_error_t *this) +METHOD(ietf_attr_pa_tnc_error_t, get_unsupported_attr, pen_type_t, + private_ietf_attr_pa_tnc_error_t *this, uint8_t *flags) { - return this->attr_info; + if (flags) + { + *flags = this->flags; + } + return this->unsupported_type; } -METHOD(ietf_attr_pa_tnc_error_t, set_attr_info, void, - private_ietf_attr_pa_tnc_error_t *this, chunk_t attr_info) +METHOD(ietf_attr_pa_tnc_error_t, set_unsupported_attr, void, + private_ietf_attr_pa_tnc_error_t *this, uint8_t flags, pen_type_t type) { - this->attr_info = chunk_clone(attr_info); + this->flags = flags; + this->unsupported_type = type; } -METHOD(ietf_attr_pa_tnc_error_t, get_offset, u_int32_t, +METHOD(ietf_attr_pa_tnc_error_t, get_offset, uint32_t, private_ietf_attr_pa_tnc_error_t *this) { return this->error_offset; @@ -340,13 +371,14 @@ static private_ietf_attr_pa_tnc_error_t* create_generic() .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_error_code = _get_error_code, .get_msg_info = _get_msg_info, - .get_attr_info = _get_attr_info, - .set_attr_info = _set_attr_info, + .get_unsupported_attr = _get_unsupported_attr, + .set_unsupported_attr = _set_unsupported_attr, .get_offset = _get_offset, }, .type = { PEN_IETF, IETF_ATTR_PA_TNC_ERROR }, @@ -385,7 +417,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_type_t error_code, */ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code, chunk_t msg_info, - u_int32_t error_offset) + uint32_t error_offset) { private_ietf_attr_pa_tnc_error_t *this; @@ -403,11 +435,13 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_pa_tnc_error_t *this; this = create_generic(); + this->length = length; this->value = chunk_clone(data); return &this->public.pa_tnc_attribute; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index faa38f8f9..b1df1945a 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -69,25 +69,29 @@ struct ietf_attr_pa_tnc_error_t { chunk_t (*get_msg_info)(ietf_attr_pa_tnc_error_t *this); /** - * Get first 8 bytes of unsupported PA-TNC attribute + * Get flags, vendor ID and type of unsupported PA-TNC attribute * - * @return PA-TNC attribute info + * @param flags PA-TNC attribute flags + * @return PA-TNC attribute vendor ID and type */ - chunk_t (*get_attr_info)(ietf_attr_pa_tnc_error_t *this); + pen_type_t (*get_unsupported_attr)(ietf_attr_pa_tnc_error_t *this, + uint8_t *flags); /** - * Set first 8 bytes of unsupported PA-TNC attribute + * Set flags, vendor ID and type of unsupported PA-TNC attribute * - * @param attr_info PA-TNC message info + * @param flags PA-TNC attribute flags + * @param attr_info PA-TNC attribute vendor ID and type */ - void (*set_attr_info)(ietf_attr_pa_tnc_error_t *this, chunk_t attr_info); + void (*set_unsupported_attr)(ietf_attr_pa_tnc_error_t *this, uint8_t flags, + pen_type_t type); /** * Get the PA-TNC error offset * * @return PA-TNC error offset */ - u_int32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this); + uint32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this); }; @@ -111,13 +115,15 @@ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_type_t error_code, */ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code, chunk_t header, - u_int32_t error_offset); + uint32_t error_offset); /** * Creates an ietf_attr_pa_tnc_error_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_PA_TNC_ERROR_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c index 1d516a51f..46824406a 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.c +++ b/src/libimcv/ietf/ietf_attr_port_filter.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -63,7 +64,12 @@ struct private_ietf_attr_port_filter_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -131,6 +137,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -141,11 +148,16 @@ METHOD(pa_tnc_attr_t, process, status_t, port_entry_t *entry; u_int8_t blocked; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len % PORT_FILTER_ENTRY_SIZE) { DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d", PORT_FILTER_ENTRY_SIZE); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -164,6 +176,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_port_filter_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_port_filter_t *this) { @@ -231,6 +249,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -248,7 +267,8 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void) /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_port_filter_t *this; @@ -261,6 +281,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -268,6 +289,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data) .create_port_enumerator = _create_port_enumerator, }, .type = {PEN_IETF, IETF_ATTR_PORT_FILTER }, + .length = length, .value = chunk_clone(data), .ports = linked_list_create(), .ref = 1, diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h index 93b696e45..d383b19a2 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.h +++ b/src/libimcv/ietf/ietf_attr_port_filter.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -67,8 +67,10 @@ pa_tnc_attr_t* ietf_attr_port_filter_create(void); /** * Creates an ietf_attr_port_filter_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_PORT_FILTER_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c index a107c27d3..37c89e9e5 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.c +++ b/src/libimcv/ietf/ietf_attr_product_info.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -51,7 +52,12 @@ struct private_ietf_attr_product_info_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -120,6 +126,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, this->product_name); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -129,10 +136,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; chunk_t product_name; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PRODUCT_INFO_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for IETF product information"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -153,6 +165,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_product_info_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_product_info_t *this) { @@ -202,6 +220,7 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -220,7 +239,8 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_product_info_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_product_info_t *this; @@ -233,12 +253,14 @@ pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_info = _get_info, }, .type = { PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h index d0b2d2a84..5151b5808 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.h +++ b/src/libimcv/ietf/ietf_attr_product_info.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, /** * Creates an ietf_attr_product_info_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_product_info_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_product_info_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_PRODUCT_INFO_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c index 5d85e5d89..64070374e 100644 --- a/src/libimcv/ietf/ietf_attr_remediation_instr.c +++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -79,7 +79,12 @@ struct private_ietf_attr_remediation_instr_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -155,6 +160,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, this->parameters); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -168,6 +174,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < REMEDIATION_INSTR_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for IETF remediation instructions"); @@ -218,6 +228,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_remediation_instr_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_remediation_instr_t *this) { @@ -275,6 +291,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create(pen_type_t parameters_type, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -328,7 +345,8 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_string(chunk_t string, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_remediation_instr_t *this; @@ -341,6 +359,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -350,6 +369,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data) .get_string = _get_string, }, .type = { PEN_IETF, IETF_ATTR_REMEDIATION_INSTRUCTIONS }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.h b/src/libimcv/ietf/ietf_attr_remediation_instr.h index 5c7c8891b..bc03e995a 100644 --- a/src/libimcv/ietf/ietf_attr_remediation_instr.h +++ b/src/libimcv/ietf/ietf_attr_remediation_instr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -102,8 +102,10 @@ pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_string(chunk_t string, /** * Creates an ietf_attr_remediation_instr_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_REMEDIATION_INSTR_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c index 68adde612..c46200b8f 100644 --- a/src/libimcv/ietf/ietf_attr_string_version.c +++ b/src/libimcv/ietf/ietf_attr_string_version.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -54,7 +54,12 @@ struct private_ietf_attr_string_version_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -124,6 +129,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data8(writer, this->config); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -137,6 +143,10 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < STRING_VERSION_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for IETF string version"); @@ -198,6 +208,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_attr_string_version_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ietf_attr_string_version_t *this) { @@ -254,6 +270,7 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -272,7 +289,8 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data) +pa_tnc_attr_t *ietf_attr_string_version_create_from_data(size_t length, + chunk_t data) { private_ietf_attr_string_version_t *this; @@ -285,12 +303,14 @@ pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_version = _get_version, }, .type = { PEN_IETF, IETF_ATTR_STRING_VERSION }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ietf/ietf_attr_string_version.h b/src/libimcv/ietf/ietf_attr_string_version.h index 9ccc1f0ee..432ed4a0f 100644 --- a/src/libimcv/ietf/ietf_attr_string_version.h +++ b/src/libimcv/ietf/ietf_attr_string_version.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_string_version_create(chunk_t version, chunk_t build, /** * Creates an ietf_attr_string_version_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ietf_attr_string_version_create_from_data(chunk_t value); +pa_tnc_attr_t* ietf_attr_string_version_create_from_data(size_t length, + chunk_t value); #endif /** IETF_ATTR_STRING_VERSION_H_ @}*/ diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 533151799..0d622f1b8 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -59,6 +59,11 @@ struct private_imc_agent_t { linked_list_t *additional_ids; /** + * list of non-fatal unsupported PA-TNC attribute types + */ + linked_list_t *non_fatal_attr_types; + + /** * list of TNCC connection entries */ linked_list_t *connections; @@ -510,11 +515,29 @@ METHOD(imc_agent_t, create_id_enumerator, enumerator_t*, return this->additional_ids->create_enumerator(this->additional_ids); } +METHOD(imc_agent_t, add_non_fatal_attr_type, void, + private_imc_agent_t *this, pen_type_t type) +{ + pen_type_t *type_p; + + type_p = malloc_thing(pen_type_t); + *type_p = type; + this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p); +} + +METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*, + private_imc_agent_t *this) +{ + return this->non_fatal_attr_types; +} + METHOD(imc_agent_t, destroy, void, private_imc_agent_t *this) { DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name); this->additional_ids->destroy(this->additional_ids); + this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types, + free); this->connections->destroy_function(this->connections, free); this->connection_lock->destroy(this->connection_lock); free(this); @@ -550,6 +573,8 @@ imc_agent_t *imc_agent_create(const char *name, .reserve_additional_ids = _reserve_additional_ids, .count_additional_ids = _count_additional_ids, .create_id_enumerator = _create_id_enumerator, + .add_non_fatal_attr_type = _add_non_fatal_attr_type, + .get_non_fatal_attr_types = _get_non_fatal_attr_types, .destroy = _destroy, }, .name = name, @@ -557,6 +582,7 @@ imc_agent_t *imc_agent_create(const char *name, .type_count = type_count, .id = id, .additional_ids = linked_list_create(), + .non_fatal_attr_types = linked_list_create(), .connections = linked_list_create(), .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index 0a1638f47..8bdfb6c32 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -172,6 +172,16 @@ struct imc_agent_t { enumerator_t* (*create_id_enumerator)(imc_agent_t *this); /** + * Add an item to the list of non-fatal unsupported PA-TNC attribute types + */ + void (*add_non_fatal_attr_type)(imc_agent_t *this, pen_type_t type); + + /** + * Get a list of non-fatal unsupported PA-TNC attribute types + */ + linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this); + + /** * Destroys an imc_agent_t object */ void (*destroy)(imc_agent_t *this); diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c index 1cf81c730..83337cf7b 100644 --- a/src/libimcv/imc/imc_msg.c +++ b/src/libimcv/imc/imc_msg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,8 +18,12 @@ #include "ietf/ietf_attr.h" #include "ietf/ietf_attr_assess_result.h" #include "ietf/ietf_attr_remediation_instr.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "tcg/seg/tcg_seg_attr_next_seg.h" #include <tncif_names.h> +#include <tncif_pa_subtypes.h> #include <pen/pen.h> #include <collections/linked_list.h> @@ -104,11 +108,18 @@ METHOD(imc_msg_t, send_, TNC_Result, pa_tnc_attr_t *attr; TNC_UInt32 msg_flags; TNC_MessageType msg_type; - bool attr_added; + bool attr_added, oversize; chunk_t msg; + seg_contract_t *contract; + seg_contract_manager_t *contracts; enumerator_t *enumerator; TNC_Result result = TNC_RESULT_SUCCESS; + /* Get IF-M segmentation contract for this subtype if any */ + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->dst_id); + while (this->attr_list->get_count(this->attr_list)) { pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state)); @@ -117,6 +128,17 @@ METHOD(imc_msg_t, send_, TNC_Result, enumerator = this->attr_list->create_enumerator(this->attr_list); while (enumerator->enumerate(enumerator, &attr)) { + if (contract && contract->check_size(contract, attr, &oversize)) + { + if (oversize) + { + /* TODO generate SWID error msg */ + } + else + { + attr = contract->first_segment(contract, attr); + } + } if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) { attr_added = TRUE; @@ -208,8 +230,9 @@ static void print_assessment_trailer(bool first) } METHOD(imc_msg_t, receive, TNC_Result, - private_imc_msg_t *this, bool *fatal_error) + private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error) { + linked_list_t *non_fatal_types; TNC_UInt32 target_imc_id; enumerator_t *enumerator; pa_tnc_attr_t *attr; @@ -251,26 +274,14 @@ METHOD(imc_msg_t, receive, TNC_Result, break; case VERIFY_ERROR: { - imc_msg_t *error_msg; - TNC_Result result; - - error_msg = imc_msg_create_as_reply(&this->public); - /* extract and copy by reference all error attributes */ enumerator = this->pa_msg->create_error_enumerator(this->pa_msg); while (enumerator->enumerate(enumerator, &attr)) { - error_msg->add_attribute(error_msg, attr->get_ref(attr)); + out_msg->add_attribute(out_msg, attr->get_ref(attr)); } enumerator->destroy(enumerator); - - /* - * send the PA-TNC message containing all error attributes - * with the excl flag set - */ - result = error_msg->send(error_msg, TRUE); - error_msg->destroy(error_msg); - return result; + return TNC_RESULT_SUCCESS; } case FAILED: default: @@ -281,8 +292,192 @@ METHOD(imc_msg_t, receive, TNC_Result, target_imc_id = (this->dst_id != TNC_IMCID_ANY) ? this->dst_id : this->agent->get_id(this->agent); + /* process any IF-M segmentation contracts */ + enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + pen_type_t type; + + type = attr->get_type(attr); + + contracts = this->state->get_contracts(this->state); + + if (type.vendor_id != PEN_TCG) + { + continue; + } + + switch (type.type) + { + case TCG_SEG_MAX_ATTR_SIZE_REQ: + { + tcg_seg_attr_max_size_t *attr_cast; + + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, + &max_seg_size); + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->src_id); + if (contract) + { + contract->set_max_size(contract, max_attr_size, + max_seg_size); + } + else + { + contract = seg_contract_create(this->msg_type, max_attr_size, + max_seg_size, FALSE, this->src_id, TRUE); + contract->set_responder(contract, target_imc_id); + contracts->add_contract(contracts, contract); + } + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + + /* Determine maximum PA-TNC attribute segment size */ + my_max_seg_size = this->state->get_max_msg_len(this->state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* If segmentation is possible select lower segment size */ + if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + max_seg_size > my_max_seg_size) + { + max_seg_size = my_max_seg_size; + contract->set_max_size(contract, max_attr_size, + max_seg_size); + DBG2(DBG_IMC, " lowered maximum segment size to %u bytes", + max_seg_size); + } + + /* Add Maximum Attribute Size Response attribute */ + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, FALSE); + out_msg->add_attribute(out_msg, attr); + break; + } + case TCG_SEG_MAX_ATTR_SIZE_RESP: + { + tcg_seg_attr_max_size_t *attr_cast; + + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, + &max_seg_size); + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, this->src_id); + if (!contract) + { + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, TNC_IMCID_ANY); + if (contract) + { + contract = contract->clone(contract); + contract->set_responder(contract, this->src_id); + contracts->add_contract(contracts, contract); + } + } + if (contract) + { + contract->get_max_size(contract, &my_max_attr_size, + &my_max_seg_size); + if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + my_max_seg_size > max_seg_size) + { + my_max_seg_size = max_seg_size; + contract->set_max_size(contract, my_max_attr_size, + my_max_seg_size); + } + contract->get_info_string(contract, buf, BUF_LEN, FALSE); + DBG2(DBG_IMC, "%s", buf); + } + else + { + /* TODO no request pending */ + DBG1(DBG_IMC, "no contract for this PA message type found"); + } + break; + } + case TCG_SEG_ATTR_SEG_ENV: + { + tcg_seg_attr_seg_env_t *seg_env_attr; + pa_tnc_attr_t *error; + uint32_t base_attr_id; + bool more; + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, this->src_id); + if (!contract) + { + DBG2(DBG_IMC, "no contract for received attribute segment " + "with base attribute ID %u", base_attr_id); + continue; + } + attr = contract->add_segment(contract, attr, &error, &more); + if (error) + { + out_msg->add_attribute(out_msg, error); + } + if (attr) + { + this->pa_msg->add_attribute(this->pa_msg, attr); + } + if (more) + { + /* Send Next Segment Request */ + attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE); + out_msg->add_attribute(out_msg, attr); + } + break; + } + case TCG_SEG_NEXT_SEG_REQ: + { + tcg_seg_attr_next_seg_t *attr_cast; + uint32_t base_attr_id; + + attr_cast = (tcg_seg_attr_next_seg_t*)attr; + base_attr_id = attr_cast->get_base_attr_id(attr_cast); + + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->src_id); + if (!contract) + { + /* TODO no contract - generate error message */ + DBG1(DBG_IMC, "no contract for received next segment " + "request with base attribute ID %u", base_attr_id); + continue; + } + attr = contract->next_segment(contract, base_attr_id); + if (attr) + { + out_msg->add_attribute(out_msg, attr); + } + else + { + /* TODO no more segments - generate error message */ + DBG1(DBG_IMC, "no more segments found for " + "base attribute ID %u", base_attr_id); + } + break; + } + default: + break; + } + } + enumerator->destroy(enumerator); + /* preprocess any received IETF standard error attributes */ - *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg); + non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent); + *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg, + non_fatal_types); /* preprocess any received IETF assessment result attribute */ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); @@ -297,16 +492,16 @@ METHOD(imc_msg_t, receive, TNC_Result, if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT) { ietf_attr_assess_result_t *attr_cast; - TNC_IMV_Evaluation_Result result; + TNC_IMV_Evaluation_Result res; attr_cast = (ietf_attr_assess_result_t*)attr; - result = attr_cast->get_result(attr_cast); - this->state->set_result(this->state, target_imc_id, result); + res = attr_cast->get_result(attr_cast); + this->state->set_result(this->state, target_imc_id, res); print_assessment_header(this->agent->get_name(this->agent), target_imc_id, this->src_id, &first); DBG1(DBG_IMC, "assessment result is '%N'", - TNC_IMV_Evaluation_Result_names, result); + TNC_IMV_Evaluation_Result_names, res); } else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS) { diff --git a/src/libimcv/imc/imc_msg.h b/src/libimcv/imc/imc_msg.h index 588225dbe..a8c4d3c02 100644 --- a/src/libimcv/imc/imc_msg.h +++ b/src/libimcv/imc/imc_msg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -65,10 +65,12 @@ struct imc_msg_t { /** * Processes a received PA-TNC message * + * @param out_msg outgoing PA-TN message * @param fatal_error TRUE if IMV sent a fatal error message * @return TNC result code */ - TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error); + TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg, + bool *fatal_error); /** * Add a PA-TNC attribute to the send queue diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h index a6db44314..6bb0e960c 100644 --- a/src/libimcv/imc/imc_os_info.h +++ b/src/libimcv/imc/imc_os_info.h @@ -15,7 +15,7 @@ /** * @defgroup imc_os_info imc_os_info - * @{ @ingroup libimcv + * @{ @ingroup libimcv_imc */ #ifndef IMC_OS_INFO_H_ diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index 7e763fbe1..efcf567f0 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -22,6 +22,8 @@ #ifndef IMC_STATE_H_ #define IMC_STATE_H_ +#include "seg/seg_contract_manager.h" + #include <tncif.h> #include <tncifimv.h> #include <tncifimc.h> @@ -80,6 +82,13 @@ struct imc_state_t { u_int32_t (*get_max_msg_len)(imc_state_t *this); /** + * Get attribute segmentation contracts associated with TNCCS Connection + * + * @return contracts associated with TNCCS Connection + */ + seg_contract_manager_t* (*get_contracts)(imc_state_t *this); + + /** * Change the connection state * * @param new_state new connection state diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c index 30679a33d..bd4156c19 100644 --- a/src/libimcv/imcv.c +++ b/src/libimcv/imcv.c @@ -15,6 +15,14 @@ #include "imcv.h" #include "ietf/ietf_attr.h" #include "ita/ita_attr.h" +#include "tcg/tcg_attr.h" +#include "pts/components/pts_component.h" +#include "pts/components/pts_component_manager.h" +#include "pts/components/tcg/tcg_comp_func_name.h" +#include "pts/components/ita/ita_comp_func_name.h" +#include "pts/components/ita/ita_comp_ima.h" +#include "pts/components/ita/ita_comp_tboot.h" +#include "pts/components/ita/ita_comp_tgrub.h" #include <utils/debug.h> #include <utils/utils.h> @@ -24,8 +32,12 @@ #include <syslog.h> #endif +#ifndef IPSEC_SCRIPT +#define IPSEC_SCRIPT "ipsec" +#endif + #define IMCV_DEBUG_LEVEL 1 -#define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy" +#define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy" /** @@ -44,6 +56,11 @@ imv_session_manager_t *imcv_sessions; imv_database_t *imcv_db; /** + * PTS Functional Component manager + */ +pts_component_manager_t *imcv_pts_components; + +/** * Reference count for libimcv */ static refcount_t libimcv_ref = 0; @@ -162,7 +179,26 @@ bool libimcv_init(bool is_imv) ietf_attr_create_from_data, ietf_attr_names); imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA, ita_attr_create_from_data, ita_attr_names); - + imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG, + tcg_attr_create_from_data, tcg_attr_names); + + imcv_pts_components = pts_component_manager_create(); + imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG, + pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE, + pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names); + imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA, + pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE, + pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names); + + imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, + PTS_ITA_COMP_FUNC_NAME_TGRUB, + pts_ita_comp_tgrub_create); + imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, + PTS_ITA_COMP_FUNC_NAME_TBOOT, + pts_ita_comp_tboot_create); + imcv_pts_components->add_component(imcv_pts_components, PEN_ITA, + PTS_ITA_COMP_FUNC_NAME_IMA, + pts_ita_comp_ima_create); if (is_imv) { /* instantiate global IMV session manager */ @@ -193,8 +229,13 @@ void libimcv_deinit(void) { if (ref_put(&libimcv_ref)) { + imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG); + imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA); + imcv_pts_components->destroy(imcv_pts_components); + imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF); imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA); + imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG); DESTROY_IF(imcv_pa_tnc_attributes); imcv_pa_tnc_attributes = NULL; DESTROY_IF(imcv_db); diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h index 771038803..31536eca5 100644 --- a/src/libimcv/imcv.h +++ b/src/libimcv/imcv.h @@ -27,6 +27,12 @@ * @defgroup libimcv_plugins plugins * @ingroup libimcv * + * @defgroup libimcv_seg seg + * @ingroup libimcv + * + * @defgroup libimcv_swid swid + * @ingroup libimcv + * * @addtogroup libimcv * @{ */ @@ -37,6 +43,7 @@ #include "pa_tnc/pa_tnc_attr_manager.h" #include "imv/imv_database.h" #include "imv/imv_session_manager.h" +#include "pts/components/pts_component_manager.h" #include <library.h> @@ -68,4 +75,9 @@ extern imv_database_t* imcv_db; */ extern imv_session_manager_t* imcv_sessions; +/** + * PTS Functional Component manager + */ +extern pts_component_manager_t* imcv_pts_components; + #endif /** IMCV_H_ @}*/ diff --git a/src/libimcv/imcv_tests.c b/src/libimcv/imcv_tests.c new file mode 100644 index 000000000..e9bb303b4 --- /dev/null +++ b/src/libimcv/imcv_tests.c @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <test_runner.h> + +#include <library.h> + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#include "imcv_tests.h" +#undef TEST_SUITE + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#include "imcv_tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (!init) + { + lib->processor->set_threads(lib->processor, 0); + lib->processor->cancel(lib->processor); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("libimcv", tests, test_runner_init); +} diff --git a/src/libimcv/imcv_tests.h b/src/libimcv/imcv_tests.h new file mode 100644 index 000000000..d3ea24b1f --- /dev/null +++ b/src/libimcv/imcv_tests.h @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(imcv_seg_suite_create) + diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index b45cad487..425748f59 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -306,6 +306,23 @@ INSERT INTO products ( /* 51 */ 'Android 4.4.4' ); +INSERT INTO products ( /* 52 */ + name +) VALUES ( + 'Debian 7.6 i686' +); + +INSERT INTO products ( /* 53 */ + name +) VALUES ( + 'Debian 7.6 x86_64' +); +INSERT INTO products ( /* 54 */ + name +) VALUES ( + 'Debian 7.6 armv6l' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -777,6 +794,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 4, 52 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 5, 2 ); @@ -825,6 +848,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 5, 53 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 6, 9 ); @@ -1026,6 +1055,12 @@ INSERT INTO groups_product_defaults ( 14, 48 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 14, 54 +); + /* Policies */ INSERT INTO policies ( /* 1 */ diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index a46455d47..6b24f4b28 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -65,6 +65,11 @@ struct private_imv_agent_t { linked_list_t *additional_ids; /** + * list of non-fatal unsupported PA-TNC attribute types + */ + linked_list_t *non_fatal_attr_types; + + /** * list of TNCS connection entries */ linked_list_t *connections; @@ -772,11 +777,29 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result, return this->provide_recommendation(this->id, connection_id, rec, eval); } +METHOD(imv_agent_t, add_non_fatal_attr_type, void, + private_imv_agent_t *this, pen_type_t type) +{ + pen_type_t *type_p; + + type_p = malloc_thing(pen_type_t); + *type_p = type; + this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p); +} + +METHOD(imv_agent_t, get_non_fatal_attr_types, linked_list_t*, + private_imv_agent_t *this) +{ + return this->non_fatal_attr_types; +} + METHOD(imv_agent_t, destroy, void, private_imv_agent_t *this) { DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name); this->additional_ids->destroy(this->additional_ids); + this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types, + free); this->connections->destroy_offset(this->connections, offsetof(imv_state_t, destroy)); this->connection_lock->destroy(this->connection_lock); @@ -815,6 +838,8 @@ imv_agent_t *imv_agent_create(const char *name, .create_id_enumerator = _create_id_enumerator, .create_language_enumerator = _create_language_enumerator, .provide_recommendation = _provide_recommendation, + .add_non_fatal_attr_type = _add_non_fatal_attr_type, + .get_non_fatal_attr_types = _get_non_fatal_attr_types, .destroy = _destroy, }, .name = name, @@ -822,6 +847,7 @@ imv_agent_t *imv_agent_create(const char *name, .type_count = type_count, .id = id, .additional_ids = linked_list_create(), + .non_fatal_attr_types = linked_list_create(), .connections = linked_list_create(), .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h index 47ce770bc..1f6a10b7c 100644 --- a/src/libimcv/imv/imv_agent.h +++ b/src/libimcv/imv/imv_agent.h @@ -189,6 +189,16 @@ struct imv_agent_t { TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state); /** + * Add an item to the list of non-fatal unsupported PA-TNC attribute types + */ + void (*add_non_fatal_attr_type)(imv_agent_t *this, pen_type_t type); + + /** + * Get a list of non-fatal unsupported PA-TNC attribute types + */ + linked_list_t* (*get_non_fatal_attr_types)(imv_agent_t *this); + + /** * Destroys an imv_agent_t object */ void (*destroy)(imv_agent_t *this); diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c index e7181750c..fdf63325d 100644 --- a/src/libimcv/imv/imv_msg.c +++ b/src/libimcv/imv/imv_msg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,8 +18,12 @@ #include "ietf/ietf_attr.h" #include "ietf/ietf_attr_assess_result.h" #include "ietf/ietf_attr_remediation_instr.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "tcg/seg/tcg_seg_attr_next_seg.h" #include <tncif_names.h> +#include <tncif_pa_subtypes.h> #include <pen/pen.h> #include <collections/linked_list.h> @@ -121,11 +125,18 @@ METHOD(imv_msg_t, send_, TNC_Result, pa_tnc_attr_t *attr; TNC_UInt32 msg_flags; TNC_MessageType msg_type; - bool attr_added; + bool attr_added, oversize; chunk_t msg; + seg_contract_t *contract; + seg_contract_manager_t *contracts; enumerator_t *enumerator; TNC_Result result = TNC_RESULT_SUCCESS; + /* Get IF-M segmentation contract for this subtype if any */ + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->dst_id); + while (this->attr_list->get_count(this->attr_list)) { pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state)); @@ -134,6 +145,17 @@ METHOD(imv_msg_t, send_, TNC_Result, enumerator = this->attr_list->create_enumerator(this->attr_list); while (enumerator->enumerate(enumerator, &attr)) { + if (contract && contract->check_size(contract, attr, &oversize)) + { + if (oversize) + { + /* TODO generate SWID error msg */ + } + else + { + attr = contract->first_segment(contract, attr); + } + } if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) { attr_added = TRUE; @@ -246,8 +268,11 @@ METHOD(imv_msg_t, send_assessment, TNC_Result, } METHOD(imv_msg_t, receive, TNC_Result, - private_imv_msg_t *this, bool *fatal_error) + private_imv_msg_t *this, imv_msg_t *out_msg, bool *fatal_error) { + TNC_Result result = TNC_RESULT_SUCCESS; + TNC_UInt32 target_imv_id; + linked_list_t *non_fatal_types; enumerator_t *enumerator; pa_tnc_attr_t *attr; chunk_t msg; @@ -286,36 +311,211 @@ METHOD(imv_msg_t, receive, TNC_Result, break; case VERIFY_ERROR: { - imv_msg_t *error_msg; - TNC_Result result; - - error_msg = imv_msg_create_as_reply(&this->public); - /* extract and copy by reference all error attributes */ enumerator = this->pa_msg->create_error_enumerator(this->pa_msg); while (enumerator->enumerate(enumerator, &attr)) { - error_msg->add_attribute(error_msg, attr->get_ref(attr)); + out_msg->add_attribute(out_msg, attr->get_ref(attr)); } enumerator->destroy(enumerator); - - /* - * send the PA-TNC message containing all error attributes - * with the excl flag set - */ - result = error_msg->send(error_msg, TRUE); - error_msg->destroy(error_msg); - return result; } case FAILED: default: return TNC_RESULT_FATAL; } + /* determine target IMV ID */ + target_imv_id = (this->dst_id != TNC_IMVID_ANY) ? + this->dst_id : this->agent->get_id(this->agent); + + /* process IF-M segmentation attributes */ + enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size; + seg_contract_manager_t *contracts; + seg_contract_t *contract; + char buf[BUF_LEN]; + pen_type_t type; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_TCG) + { + continue; + } + + contracts = this->state->get_contracts(this->state); + + switch (type.type) + { + case TCG_SEG_MAX_ATTR_SIZE_REQ: + { + tcg_seg_attr_max_size_t *attr_cast; + + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, + &max_seg_size); + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->src_id); + if (contract) + { + contract->set_max_size(contract, max_attr_size, + max_seg_size); + } + else + { + contract = seg_contract_create(this->msg_type, max_attr_size, + max_seg_size, FALSE, this->src_id, FALSE); + contract->set_responder(contract, target_imv_id); + contracts->add_contract(contracts, contract); + } + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + + /* Determine maximum PA-TNC attribute segment size */ + my_max_seg_size = this->state->get_max_msg_len(this->state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* If segmentation is possible select lower segment size */ + if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + max_seg_size > my_max_seg_size) + { + max_seg_size = my_max_seg_size; + contract->set_max_size(contract, max_attr_size, + max_seg_size); + DBG2(DBG_IMV, " lowered maximum segment size to %u bytes", + max_seg_size); + } + + /* Add Maximum Attribute Size Response attribute */ + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, FALSE); + out_msg->add_attribute(out_msg, attr); + break; + } + case TCG_SEG_MAX_ATTR_SIZE_RESP: + { + tcg_seg_attr_max_size_t *attr_cast; + + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, + &max_seg_size); + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, this->src_id); + if (!contract) + { + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, TNC_IMCID_ANY); + if (contract) + { + contract = contract->clone(contract); + contract->set_responder(contract, this->src_id); + contracts->add_contract(contracts, contract); + } + } + if (contract) + { + contract->get_max_size(contract, &my_max_attr_size, + &my_max_seg_size); + if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + my_max_seg_size > max_seg_size) + { + my_max_seg_size = max_seg_size; + contract->set_max_size(contract, my_max_attr_size, + my_max_seg_size); + } + contract->get_info_string(contract, buf, BUF_LEN, FALSE); + DBG2(DBG_IMV, "%s", buf); + } + else + { + /* TODO no request pending */ + DBG1(DBG_IMV, "no contract for this PA message type found"); + } + break; + } + case TCG_SEG_ATTR_SEG_ENV: + { + tcg_seg_attr_seg_env_t *seg_env_attr; + pa_tnc_attr_t *error; + uint32_t base_attr_id; + bool more; + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + + contract = contracts->get_contract(contracts, this->msg_type, + TRUE, this->src_id); + if (!contract) + { + DBG2(DBG_IMV, "no contract for received attribute segment " + "with base attribute ID %u", base_attr_id); + continue; + } + attr = contract->add_segment(contract, attr, &error, &more); + if (error) + { + out_msg->add_attribute(out_msg, error); + } + if (attr) + { + this->pa_msg->add_attribute(this->pa_msg, attr); + } + if (more) + { + /* Send Next Segment Request */ + attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE); + out_msg->add_attribute(out_msg, attr); + } + break; + } + case TCG_SEG_NEXT_SEG_REQ: + { + tcg_seg_attr_next_seg_t *attr_cast; + uint32_t base_attr_id; + + attr_cast = (tcg_seg_attr_next_seg_t*)attr; + base_attr_id = attr_cast->get_base_attr_id(attr_cast); + + contract = contracts->get_contract(contracts, this->msg_type, + FALSE, this->src_id); + if (!contract) + { + /* TODO no contract - generate error message */ + DBG1(DBG_IMV, "no contract for received next segment " + "request with base attribute ID %u", base_attr_id); + continue; + } + attr = contract->next_segment(contract, base_attr_id); + if (attr) + { + out_msg->add_attribute(out_msg, attr); + } + else + { + /* TODO no more segments - generate error message */ + DBG1(DBG_IMV, "no more segments found for " + "base attribute ID %u", base_attr_id); + } + break; + } + default: + break; + } + } + enumerator->destroy(enumerator); + /* preprocess any received IETF standard error attributes */ - *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg); + non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent); + *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg, + non_fatal_types); - return TNC_RESULT_SUCCESS; + return result; } METHOD(imv_msg_t, get_attribute_count, int, diff --git a/src/libimcv/imv/imv_msg.h b/src/libimcv/imv/imv_msg.h index dfec169cc..43b91e908 100644 --- a/src/libimcv/imv/imv_msg.h +++ b/src/libimcv/imv/imv_msg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -79,10 +79,12 @@ struct imv_msg_t { /** * Processes a received PA-TNC message * + * @param out_msg outgoing PA-TN message * @param fatal_error TRUE if IMC sent a fatal error message * @return TNC result code */ - TNC_Result (*receive)(imv_msg_t *this, bool *fatal_error); + TNC_Result (*receive)(imv_msg_t *this, imv_msg_t *out_msg, + bool *fatal_error); /** * Add a PA-TNC attribute to the send queue diff --git a/src/libimcv/imv/imv_os_info.h b/src/libimcv/imv/imv_os_info.h index b68a17ee7..7cd609a22 100644 --- a/src/libimcv/imv/imv_os_info.h +++ b/src/libimcv/imv/imv_os_info.h @@ -15,7 +15,7 @@ /** * @defgroup imv_os_info imv_os_info - * @{ @ingroup libimcv + * @{ @ingroup libimcv_imv */ #ifndef IMV_OS_INFO_H_ diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index d11d15e0d..30ed612b3 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -23,6 +23,7 @@ #define IMV_STATE_H_ #include "imv_session.h" +#include "seg/seg_contract_manager.h" #include <tncifimv.h> @@ -108,6 +109,13 @@ struct imv_state_t { imv_session_t* (*get_session)(imv_state_t *this); /** + * Get attribute segmentation contracts associated with TNCCS Connection + * + * @return Contracts associated with TNCCS Connection + */ + seg_contract_manager_t* (*get_contracts)(imv_state_t *this); + + /** * Change the connection state * * @param new_state new connection state diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c index f3956717d..9d7706dba 100644 --- a/src/libimcv/ita/ita_attr.c +++ b/src/libimcv/ita/ita_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -35,24 +35,25 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID, /** * See header */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value) +pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, + chunk_t value) { switch (type) { case ITA_ATTR_COMMAND: - return ita_attr_command_create_from_data(value); + return ita_attr_command_create_from_data(length, value); case ITA_ATTR_DUMMY: - return ita_attr_dummy_create_from_data(value); + return ita_attr_dummy_create_from_data(length, value); case ITA_ATTR_GET_SETTINGS: - return ita_attr_get_settings_create_from_data(value); + return ita_attr_get_settings_create_from_data(length, value); case ITA_ATTR_SETTINGS: - return ita_attr_settings_create_from_data(value); + return ita_attr_settings_create_from_data(length, value); case ITA_ATTR_START_ANGEL: - return ita_attr_angel_create_from_data(TRUE, value); + return ita_attr_angel_create_from_data(TRUE); case ITA_ATTR_STOP_ANGEL: - return ita_attr_angel_create_from_data(FALSE, value); + return ita_attr_angel_create_from_data(FALSE); case ITA_ATTR_DEVICE_ID: - return ita_attr_device_id_create_from_data(value); + return ita_attr_device_id_create_from_data(length, value); default: return NULL; } diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h index ac5d8abaa..7378a1cbe 100644 --- a/src/libimcv/ita/ita_attr.h +++ b/src/libimcv/ita/ita_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,8 +50,10 @@ extern enum_name_t *ita_attr_names; * Create a ITA PA-TNC attribute from data * * @param type attribute type - * @param value attribute value + * @param length attribute length + * @param value attribute value or segment */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value); +pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, + chunk_t value); #endif /** ITA_ATTR_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c index 0e9cff0a9..110863608 100644 --- a/src/libimcv/ita/ita_attr_angel.c +++ b/src/libimcv/ita/ita_attr_angel.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -86,6 +86,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_angel_t *this, chunk_t segment) +{ + /* nothing to add */ +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_angel_t *this) { @@ -118,6 +124,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -132,7 +139,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start) /** * Described in header. */ -pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data) +pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start) { private_ita_attr_angel_t *this; @@ -145,6 +152,7 @@ pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, diff --git a/src/libimcv/ita/ita_attr_angel.h b/src/libimcv/ita/ita_attr_angel.h index d42e7119a..8cd979b01 100644 --- a/src/libimcv/ita/ita_attr_angel.h +++ b/src/libimcv/ita/ita_attr_angel.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -49,8 +49,7 @@ pa_tnc_attr_t* ita_attr_angel_create(bool start); * Creates an ita_attr_angel_t object from received data * * @param start TRUE for Start, FALSE for Stop Angel attribute - * @param value binary value blob */ -pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start, chunk_t value); +pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start); #endif /** ITA_ATTR_ANGEL_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c index 9692e1ffd..a6b187f13 100644 --- a/src/libimcv/ita/ita_attr_command.c +++ b/src/libimcv/ita/ita_attr_command.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -40,7 +40,12 @@ struct private_ita_attr_command_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -91,18 +96,30 @@ METHOD(pa_tnc_attr_t, build, void, { return; } - this->value = chunk_create(this->command, strlen(this->command)); - this->value = chunk_clone(this->value); + this->value = chunk_clone(chunk_from_str(this->command)); + this->length = this->value.len; } METHOD(pa_tnc_attr_t, process, status_t, private_ita_attr_command_t *this, u_int32_t *offset) { + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } this->command = strndup(this->value.ptr, this->value.len); return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_command_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_command_t *this) { @@ -143,6 +160,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -159,7 +177,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command) /** * Described in header. */ -pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data) +pa_tnc_attr_t *ita_attr_command_create_from_data(size_t length, chunk_t data) { private_ita_attr_command_t *this; @@ -172,12 +190,14 @@ pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_command = _get_command, }, .type = {PEN_ITA, ITA_ATTR_COMMAND }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ita/ita_attr_command.h b/src/libimcv/ita/ita_attr_command.h index 3926c3887..dd4701e12 100644 --- a/src/libimcv/ita/ita_attr_command.h +++ b/src/libimcv/ita/ita_attr_command.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -54,8 +54,9 @@ pa_tnc_attr_t* ita_attr_command_create(char *command); /** * Creates an ita_attr_command_t object from received data * - * @param value binary value blob + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ita_attr_command_create_from_data(chunk_t value); +pa_tnc_attr_t* ita_attr_command_create_from_data(size_t length, chunk_t value); #endif /** ITA_ATTR_COMMAND_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_device_id.c b/src/libimcv/ita/ita_attr_device_id.c index 36907eb34..232842695 100644 --- a/src/libimcv/ita/ita_attr_device_id.c +++ b/src/libimcv/ita/ita_attr_device_id.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -38,7 +38,12 @@ struct private_ita_attr_device_id_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -86,9 +91,21 @@ METHOD(pa_tnc_attr_t, build, void, METHOD(pa_tnc_attr_t, process, status_t, private_ita_attr_device_id_t *this, u_int32_t *offset) { + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_device_id_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_device_id_t *this) { @@ -109,7 +126,7 @@ METHOD(pa_tnc_attr_t, destroy, void, /** * Described in header. */ -pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value) +pa_tnc_attr_t *ita_attr_device_id_create_from_data(size_t length, chunk_t value) { private_ita_attr_device_id_t *this; @@ -122,11 +139,13 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, }, .type = { PEN_ITA, ITA_ATTR_DEVICE_ID }, + .length = length, .value = chunk_clone(value), .ref = 1, ); @@ -139,6 +158,6 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value) */ pa_tnc_attr_t *ita_attr_device_id_create(chunk_t value) { - return ita_attr_device_id_create_from_data(value); + return ita_attr_device_id_create_from_data(value.len, value); } diff --git a/src/libimcv/ita/ita_attr_device_id.h b/src/libimcv/ita/ita_attr_device_id.h index ffacdba1e..94bb778c0 100644 --- a/src/libimcv/ita/ita_attr_device_id.h +++ b/src/libimcv/ita/ita_attr_device_id.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -48,8 +48,9 @@ pa_tnc_attr_t* ita_attr_device_id_create(chunk_t value); /** * Creates an ita_attr_device_id_t object from received data * - * @param value binary value blob + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ita_attr_device_id_create_from_data(chunk_t value); +pa_tnc_attr_t* ita_attr_device_id_create_from_data(size_t length, chunk_t value); #endif /** ITA_ATTR_DEVICE_ID_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c index 6497d4645..0d21ac6ea 100644 --- a/src/libimcv/ita/ita_attr_dummy.c +++ b/src/libimcv/ita/ita_attr_dummy.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -38,7 +38,12 @@ struct private_ita_attr_dummy_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -89,18 +94,28 @@ METHOD(pa_tnc_attr_t, build, void, { return; } - this->value = chunk_alloc(this->size); + this->value = chunk_alloc(this->length); memset(this->value.ptr, 0xdd, this->value.len); } METHOD(pa_tnc_attr_t, process, status_t, private_ita_attr_dummy_t *this, u_int32_t *offset) { - this->size = this->value.len; + *offset = 0; + if (this->value.len < this->length) + { + return NEED_MORE; + } return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_dummy_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_dummy_t *this) { @@ -121,13 +136,13 @@ METHOD(pa_tnc_attr_t, destroy, void, METHOD(ita_attr_dummy_t, get_size, int, private_ita_attr_dummy_t *this) { - return this->size; + return this->length; } /** * Described in header. */ -pa_tnc_attr_t *ita_attr_dummy_create(int size) +pa_tnc_attr_t *ita_attr_dummy_create(size_t size) { private_ita_attr_dummy_t *this; @@ -140,13 +155,14 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_size = _get_size, }, .type = { PEN_ITA, ITA_ATTR_DUMMY }, - .size = size, + .length = size, .ref = 1, ); @@ -156,7 +172,7 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size) /** * Described in header. */ -pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data) +pa_tnc_attr_t *ita_attr_dummy_create_from_data(size_t length, chunk_t data) { private_ita_attr_dummy_t *this; @@ -169,12 +185,14 @@ pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_size = _get_size, }, .type = { PEN_ITA, ITA_ATTR_DUMMY }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libimcv/ita/ita_attr_dummy.h b/src/libimcv/ita/ita_attr_dummy.h index 1f85ece54..717862efe 100644 --- a/src/libimcv/ita/ita_attr_dummy.h +++ b/src/libimcv/ita/ita_attr_dummy.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -49,13 +49,14 @@ struct ita_attr_dummy_t { * * @param size size of dummy attribute value */ -pa_tnc_attr_t* ita_attr_dummy_create(int size); +pa_tnc_attr_t* ita_attr_dummy_create(size_t size); /** * Creates an ita_attr_dummy_t object from received data * - * @param value binary value blob + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ita_attr_dummy_create_from_data(chunk_t value); +pa_tnc_attr_t* ita_attr_dummy_create_from_data(size_t length, chunk_t value); #endif /** ITA_ATTR_DUMMY_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c index d0bc31d32..3c047fb82 100644 --- a/src/libimcv/ita/ita_attr_get_settings.c +++ b/src/libimcv/ita/ita_attr_get_settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -64,7 +64,12 @@ struct private_ita_attr_get_settings_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -130,6 +135,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -141,10 +147,15 @@ METHOD(pa_tnc_attr_t, process, status_t, chunk_t name; status_t status = FAILED; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < ITA_GET_SETTINGS_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for ITA Get Settings attribute"); - *offset = 0; return FAILED; } @@ -171,6 +182,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_get_settings_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_get_settings_t *this) { @@ -217,6 +234,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -238,7 +256,8 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name) /** * Described in header. */ -pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data) +pa_tnc_attr_t *ita_attr_get_settings_create_from_data(size_t length, + chunk_t data) { private_ita_attr_get_settings_t *this; @@ -251,6 +270,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -258,6 +278,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data) .create_enumerator = _create_enumerator, }, .type = { PEN_ITA, ITA_ATTR_GET_SETTINGS }, + .length = length, .value = chunk_clone(data), .list = linked_list_create(), .ref = 1, diff --git a/src/libimcv/ita/ita_attr_get_settings.h b/src/libimcv/ita/ita_attr_get_settings.h index 975fd0d9d..2eb43f5c1 100644 --- a/src/libimcv/ita/ita_attr_get_settings.h +++ b/src/libimcv/ita/ita_attr_get_settings.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -61,8 +61,10 @@ pa_tnc_attr_t* ita_attr_get_settings_create(char *name); /** * Creates an ita_attr_get_settings_t object from received data * - * @param value binary value blob + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ita_attr_get_settings_create_from_data(chunk_t value); +pa_tnc_attr_t* ita_attr_get_settings_create_from_data(size_t length, + chunk_t value); #endif /** ITA_ATTR_GET_SETTINGS_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index 0d2967e66..ced347705 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -91,7 +91,12 @@ struct private_ita_attr_settings_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -159,6 +164,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -171,10 +177,15 @@ METHOD(pa_tnc_attr_t, process, status_t, entry_t *entry; status_t status = FAILED; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < ITA_SETTINGS_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for ITA Settings attribute"); - *offset = 0; return FAILED; } @@ -216,6 +227,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_ita_attr_settings_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_ita_attr_settings_t *this) { @@ -279,6 +296,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -296,7 +314,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void) /** * Described in header. */ -pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data) +pa_tnc_attr_t *ita_attr_settings_create_from_data(size_t length, chunk_t data) { private_ita_attr_settings_t *this; @@ -309,6 +327,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -316,6 +335,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data) .create_enumerator = _create_enumerator, }, .type = { PEN_ITA, ITA_ATTR_SETTINGS }, + .length = length, .value = chunk_clone(data), .list = linked_list_create(), .ref = 1, diff --git a/src/libimcv/ita/ita_attr_settings.h b/src/libimcv/ita/ita_attr_settings.h index eb7eedae3..87eb87f60 100644 --- a/src/libimcv/ita/ita_attr_settings.h +++ b/src/libimcv/ita/ita_attr_settings.h @@ -60,8 +60,9 @@ pa_tnc_attr_t* ita_attr_settings_create(void); /** * Creates an ita_attr_settings_t object from received data * - * @param value binary value blob + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* ita_attr_settings_create_from_data(chunk_t value); +pa_tnc_attr_t* ita_attr_settings_create_from_data(size_t length, chunk_t value); #endif /** ITA_ATTR_SETTINGS_H_ @}*/ diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h index 031355458..aa7b137dc 100644 --- a/src/libimcv/os_info/os_info.h +++ b/src/libimcv/os_info/os_info.h @@ -21,7 +21,6 @@ #ifndef OS_INFO_H_ #define OS_INFO_H_ -typedef struct os_info_t os_info_t; typedef enum os_type_t os_type_t; typedef enum os_fwd_status_t os_fwd_status_t; typedef enum os_package_state_t os_package_state_t; diff --git a/src/libimcv/pa_tnc/pa_tnc_attr.h b/src/libimcv/pa_tnc/pa_tnc_attr.h index 1e0c339c9..be0bef32e 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr.h +++ b/src/libimcv/pa_tnc/pa_tnc_attr.h @@ -26,8 +26,12 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t; #include <library.h> #include <pen/pen.h> +#define PA_TNC_ATTR_INFO_SIZE 8 #define PA_TNC_ATTR_HEADER_SIZE 12 +#define PA_TNC_ATTR_FLAG_NONE 0x00 +#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7) + /** * Interface for an RFC 5792 PA-TNC Posture Attribute. * @@ -70,12 +74,19 @@ struct pa_tnc_attr_t { /** * Process the value of an PA-TNC attribute to extract its parameters * - * @param relative error offset within attribute body + * @param offset relative error offset within attribute body * @return result status */ status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset); /** + * Add a data segment to an attribute allowing incremental processing + * + * @param segment data segment to be appended + */ + void (*add_segment)(pa_tnc_attr_t *this, chunk_t segment); + + /** * Get a new reference to the PA-TNC attribute * * @return this, with an increased refcount diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c index 900a55716..522213bd5 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * * HSR Hochschule fuer Technik Rapperswil * @@ -16,6 +16,10 @@ #include "pa_tnc_attr_manager.h" +#include "imcv.h" +#include "pa_tnc_attr.h" +#include "ietf/ietf_attr_pa_tnc_error.h" + #include <collections/linked_list.h> #include <utils/debug.h> @@ -100,14 +104,102 @@ METHOD(pa_tnc_attr_manager_t, get_names, enum_name_t*, return attr_names; } +/** + * PA-TNC attribute + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | PA-TNC Attribute Vendor ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | PA-TNC Attribute Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | PA-TNC Attribute Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Attribute Value (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*, - private_pa_tnc_attr_manager_t *this, pen_t vendor_id, u_int32_t type, - chunk_t value) + private_pa_tnc_attr_manager_t *this, bio_reader_t *reader, bool segmented, + uint32_t *offset, chunk_t msg_info, pa_tnc_attr_t **error) { + uint8_t flags; + uint32_t type, length, value_len; + chunk_t value; + ietf_attr_pa_tnc_error_t *error_attr; + pen_t vendor_id; + pen_type_t unsupported_type; + pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER }; + enum_name_t *pa_attr_names; + pa_tnc_attr_t *attr = NULL; enumerator_t *enumerator; entry_t *entry; - pa_tnc_attr_t *attr = NULL; + /* properly initialize error return argument in case of no error */ + *error = NULL; + + if (reader->remaining(reader) < PA_TNC_ATTR_HEADER_SIZE) + { + DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header"); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, *offset); + return NULL; + } + reader->read_uint8 (reader, &flags); + reader->read_uint24(reader, &vendor_id); + reader->read_uint32(reader, &type); + reader->read_uint32(reader, &length); + + pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, + vendor_id); + if (pa_attr_names) + { + DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' " + "0x%06x/0x%08x", pen_names, vendor_id, + pa_attr_names, type, vendor_id, type); + } + else + { + DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' " + "0x%06x/0x%08x", pen_names, vendor_id, + vendor_id, type); + } + + if (length < PA_TNC_ATTR_HEADER_SIZE) + { + DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length", + length); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, *offset + PA_TNC_ATTR_INFO_SIZE); + return NULL; + } + length -= PA_TNC_ATTR_HEADER_SIZE; + value_len = segmented ? reader->remaining(reader) : length; + + if (!reader->read_data(reader, value_len, &value)) + { + DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value"); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, *offset + PA_TNC_ATTR_INFO_SIZE); + return NULL; + } + DBG3(DBG_TNC, "%B", &value); + + if (vendor_id == PEN_RESERVED) + { + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, *offset + 1); + return NULL; + } + if (type == IETF_ATTR_RESERVED) + { + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, *offset + 4); + return NULL; + } + + /* check if the attribute type is registered */ enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, &entry)) { @@ -115,13 +207,71 @@ METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*, { if (entry->attr_create) { - attr = entry->attr_create(type, value); + attr = entry->attr_create(type, length, value); } break; } } enumerator->destroy(enumerator); + if (!attr) + { + if (!(flags & PA_TNC_ATTR_FLAG_NOSKIP)) + { + DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute"); + (*offset) += PA_TNC_ATTR_HEADER_SIZE + length; + return NULL; + } + + DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag"); + unsupported_type = pen_type_create(vendor_id, type); + error_code = pen_type_create(PEN_IETF, PA_ERROR_ATTR_TYPE_NOT_SUPPORTED); + *error = ietf_attr_pa_tnc_error_create(error_code, msg_info); + error_attr = (ietf_attr_pa_tnc_error_t*)(*error); + error_attr->set_unsupported_attr(error_attr, flags, unsupported_type); + return NULL; + } + (*offset) += PA_TNC_ATTR_HEADER_SIZE; + + return attr; +} + +METHOD(pa_tnc_attr_manager_t, construct, pa_tnc_attr_t*, + private_pa_tnc_attr_manager_t *this, pen_t vendor_id, uint32_t type, + chunk_t value) +{ + enum_name_t *pa_attr_names; + pa_tnc_attr_t *attr = NULL; + enumerator_t *enumerator; + entry_t *entry; + + pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, + vendor_id); + if (pa_attr_names) + { + DBG2(DBG_TNC, "generating PA-TNC attribute type '%N/%N' " + "0x%06x/0x%08x", pen_names, vendor_id, + pa_attr_names, type, vendor_id, type); + } + else + { + DBG2(DBG_TNC, "generating PA-TNC attribute type '%N' " + "0x%06x/0x%08x", pen_names, vendor_id, + vendor_id, type); + } + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->vendor_id == vendor_id) + { + if (entry->attr_create) + { + attr = entry->attr_create(type, value.len, value); + } + break; + } + } + enumerator->destroy(enumerator); return attr; } @@ -145,6 +295,7 @@ pa_tnc_attr_manager_t *pa_tnc_attr_manager_create(void) .remove_vendor = _remove_vendor, .get_names = _get_names, .create = _create, + .construct = _construct, .destroy = _destroy, }, .list = linked_list_create(), diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h index 121be7f90..8607feede 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,8 +26,10 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t; #include "pa_tnc_attr.h" #include <library.h> +#include <bio/bio_reader.h> -typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, chunk_t value); +typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length, + chunk_t value); /** * Manages PA-TNC attributes for arbitrary PENs @@ -61,15 +63,29 @@ struct pa_tnc_attr_manager_t { enum_name_t* (*get_names)(pa_tnc_attr_manager_t *this, pen_t vendor_id); /** - * Create a PA-TNC attribute object from data for a given vendor ID and type + * Create and pre-parse a PA-TNC attribute object from data + * + * @param reader PA-TNC attribute as encoded data + * @param segmented TRUE if attribute is segmented + * @param offset Offset in bytes where an error has been found + * @param msg_info Message info added to an error attribute + * @param error Error attribute if an error occurred + * @return PA-TNC attribute object if supported, NULL else + */ + pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, bio_reader_t *reader, + bool segmented, uint32_t *offset, chunk_t msg_info, + pa_tnc_attr_t **error); + + /** + * Generically construct a PA-TNC attribute from type and data * * @param vendor_id Private Enterprise Number (PEN) * @param type PA-TNC attribute type * @param value PA-TNC attribute value as encoded data * @return PA-TNC attribute object if supported, NULL else */ - pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, pen_t vendor_id, - u_int32_t type, chunk_t value); + pa_tnc_attr_t* (*construct)(pa_tnc_attr_manager_t *this, pen_t vendor_id, + uint32_t type, chunk_t value); /** * Destroys a pa_tnc_attr_manager_t object. diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 77d383b93..d9b441707 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -40,26 +40,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t; #define PA_TNC_RESERVED 0x000000 /** - * PA-TNC attribute - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Flags | PA-TNC Attribute Vendor ID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | PA-TNC Attribute Type | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | PA-TNC Attribute Length | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Attribute Value (Variable Length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define PA_TNC_ATTR_FLAG_NONE 0x00 -#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7) -#define PA_TNC_ATTR_INFO_SIZE 8 - -/** * Private data of a pa_tnc_msg_t object. * */ @@ -96,6 +76,11 @@ struct private_pa_tnc_msg_t { size_t max_msg_len; /** + * TRUE if attribute was extracted from data + */ + bool from_data; + + /** * Encoded message */ chunk_t encoding; @@ -113,17 +98,19 @@ METHOD(pa_tnc_msg_t, add_attribute, bool, chunk_t attr_value; size_t attr_len; - attr->build(attr); - attr_value = attr->get_value(attr); - attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len; - - if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len) + if (!this->from_data) { - /* attribute just does not fit into this message */ - return FALSE; - } - this->msg_len += attr_len; + attr->build(attr); + attr_value = attr->get_value(attr); + attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len; + if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len) + { + /* attribute just does not fit into this message */ + return FALSE; + } + this->msg_len += attr_len; + } this->attributes->insert_last(this->attributes, attr); return TRUE; } @@ -201,7 +188,9 @@ METHOD(pa_tnc_msg_t, process, status_t, private_pa_tnc_msg_t *this) { bio_reader_t *reader; - pa_tnc_attr_t *error; + pa_tnc_attr_t *attr, *error; + pen_type_t attr_type; + chunk_t attr_value; uint8_t version; uint32_t reserved, offset, attr_offset; pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER }; @@ -231,119 +220,38 @@ METHOD(pa_tnc_msg_t, process, status_t, offset = PA_TNC_HEADER_SIZE; /* pre-process PA-TNC attributes */ - while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE) + while (reader->remaining(reader) > 0) { - pen_t vendor_id; - uint8_t flags; - uint32_t type, length; - chunk_t value, attr_info; - pa_tnc_attr_t *attr; - enum_name_t *pa_attr_names; - ietf_attr_pa_tnc_error_t *error_attr; - - attr_info = reader->peek(reader); - attr_info.len = PA_TNC_ATTR_INFO_SIZE; - reader->read_uint8 (reader, &flags); - reader->read_uint24(reader, &vendor_id); - reader->read_uint32(reader, &type); - reader->read_uint32(reader, &length); - - pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, - vendor_id); - if (pa_attr_names) - { - DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' " - "0x%06x/0x%08x", pen_names, vendor_id, - pa_attr_names, type, vendor_id, type); - } - else - { - DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' " - "0x%06x/0x%08x", pen_names, vendor_id, - vendor_id, type); - } - - if (length < PA_TNC_ATTR_HEADER_SIZE) - { - DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length", - length); - error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, offset + PA_TNC_ATTR_INFO_SIZE); - goto err; - } - - if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value)) - { - DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value"); - error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, offset + PA_TNC_ATTR_INFO_SIZE); - goto err; - } - DBG3(DBG_TNC, "%B", &value); - - if (vendor_id == PEN_RESERVED) - { - error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, offset + 1); - goto err; - } - if (type == IETF_ATTR_RESERVED) - { - error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, offset + 4); - goto err; - } attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes, - vendor_id, type, value); + reader, FALSE, &offset, this->encoding, &error); if (!attr) { - if (flags & PA_TNC_ATTR_FLAG_NOSKIP) - { - DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag"); - error_code = pen_type_create(PEN_IETF, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED); - error = ietf_attr_pa_tnc_error_create(error_code, - this->encoding); - error_attr = (ietf_attr_pa_tnc_error_t*)error; - error_attr->set_attr_info(error_attr, attr_info); - goto err; - } - else - { - DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute"); - offset += length; - continue; - } + goto err; } + attr_value = attr->get_value(attr); + attr_type = attr->get_type(attr); if (attr->process(attr, &attr_offset) != SUCCESS) { attr->destroy(attr); - if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR) + + if (attr_type.vendor_id == PEN_IETF && + attr_type.type == IETF_ATTR_PA_TNC_ERROR) { - /* error while processing a PA-TNC error attribute - abort */ - reader->destroy(reader); - return FAILED; + /* suppress error while processing a PA-TNC error attribute */ + offset += attr_value.len; + continue; } - error_code = pen_type_create(PEN_IETF, - PA_ERROR_INVALID_PARAMETER); + error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER); error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, - offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset); + this->encoding, offset + attr_offset); goto err; } + offset += attr_value.len; this->attributes->insert_last(this->attributes, attr); - offset += length; } - - if (reader->remaining(reader) == 0) - { - reader->destroy(reader); - return SUCCESS; - } - DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header"); - error = ietf_attr_pa_tnc_error_create_with_offset(error_code, - this->encoding, offset); + reader->destroy(reader); + return SUCCESS; err: reader->destroy(reader); @@ -352,24 +260,27 @@ err: } METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool, - private_pa_tnc_msg_t *this) + private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types) { - enumerator_t *enumerator; + enumerator_t *e1, *e2; + enum_name_t *pa_attr_names; pa_tnc_attr_t *attr; - pen_type_t type; + pen_type_t type, unsupported_type; + uint8_t flags; bool fatal_error = FALSE; - enumerator = this->attributes->create_enumerator(this->attributes); - while (enumerator->enumerate(enumerator, &attr)) + e1 = this->attributes->create_enumerator(this->attributes); + while (e1->enumerate(e1, &attr)) { type = attr->get_type(attr); if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR) { ietf_attr_pa_tnc_error_t *error_attr; - pen_type_t error_code; - chunk_t msg_info, attr_info; + pen_type_t error_code, *non_fatal_type; + chunk_t msg_info; uint32_t offset; + bool fatal_current_error = TRUE; error_attr = (ietf_attr_pa_tnc_error_t*)attr; error_code = error_attr->get_error_code(error_attr); @@ -391,16 +302,49 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool, DBG1(DBG_TNC, " occurred at offset of %u bytes", offset); break; case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED: - attr_info = error_attr->get_attr_info(error_attr); - DBG1(DBG_TNC, " unsupported attribute %#B", &attr_info); + unsupported_type = + error_attr->get_unsupported_attr(error_attr, &flags); + pa_attr_names = + imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes, + unsupported_type.vendor_id); + if (pa_attr_names) + { + DBG1(DBG_TNC, " unsupported attribute type '%N/%N' " + "0x%06x/0x%08x, flags 0x%02x", + pen_names, unsupported_type.vendor_id, + pa_attr_names, unsupported_type.type, + unsupported_type.vendor_id, unsupported_type.type, + flags); + } + else + { + DBG1(DBG_TNC, " unsupported attribute type '%N' " + "0x%06x/0x%08x, flags 0x%02x", + pen_names, unsupported_type.vendor_id, + unsupported_type.vendor_id, unsupported_type.type, + flags); + } + e2 = non_fatal_types->create_enumerator(non_fatal_types); + while (e2->enumerate(e2, &non_fatal_type)) + { + if (pen_type_equals(unsupported_type, *non_fatal_type)) + { + fatal_current_error = FALSE; + break; + } + } + e2->destroy(e2); break; default: break; } - fatal_error = TRUE; + if (fatal_current_error) + { + fatal_error = TRUE; + } } } - enumerator->destroy(enumerator); + e1->destroy(e1); return fatal_error; } @@ -476,6 +420,7 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data) .encoding = chunk_clone(data), .attributes = linked_list_create(), .errors = linked_list_create(), + .from_data = TRUE, ); return &this->public; diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h index 84814b92b..57ff1a04c 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.h +++ b/src/libimcv/pa_tnc/pa_tnc_msg.h @@ -68,9 +68,11 @@ struct pa_tnc_msg_t { /** * Process all IETF standard error PA-TNC attributes * - * @return TRUE if at least one error attribute processed + * @param non_fatal_types list of non fatal unsupported attribute types + * @return TRUE if at least one fatal error processed */ - bool (*process_ietf_std_errors)(pa_tnc_msg_t *this); + bool (*process_ietf_std_errors)(pa_tnc_msg_t *this, + linked_list_t *non_fatal_types); /** * Enumerates over all PA-TNC attributes diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am index 88d9ddd8b..e7b1f1ce1 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.am +++ b/src/libimcv/plugins/imc_attestation/Makefile.am @@ -1,8 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts + -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -10,8 +9,7 @@ AM_CFLAGS = \ imcv_LTLIBRARIES = imc-attestation.la imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la imc_attestation_la_SOURCES = imc_attestation.c \ imc_attestation_state.h imc_attestation_state.c \ diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index 1f12af63a..3c5017f32 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -78,7 +78,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/libpts/plugins/imc_attestation +subdir = src/libimcv/plugins/imc_attestation DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -129,8 +129,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imc_attestation_la_DEPENDENCIES = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la am_imc_attestation_la_OBJECTS = imc_attestation.lo \ imc_attestation_state.lo imc_attestation_process.lo imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS) @@ -234,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -418,16 +425,14 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts + -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-attestation.la imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la imc_attestation_la_SOURCES = imc_attestation.c \ imc_attestation_state.h imc_attestation_state.c \ @@ -447,9 +452,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile + $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 74bbc468f..0dd88b6a7 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,14 +24,10 @@ #include <ietf/ietf_attr_product_info.h> #include <ietf/ietf_attr_string_version.h> #include <ietf/ietf_attr_assess_result.h> -#include <os_info/os_info.h> - -#include <libpts.h> - -#include <pts/pts_error.h> - #include <tcg/pts/tcg_pts_attr_proto_caps.h> #include <tcg/pts/tcg_pts_attr_meas_algo.h> +#include <os_info/os_info.h> +#include <pts/pts_error.h> #include <tncif_pa_subtypes.h> @@ -90,7 +87,6 @@ TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id, imc_attestation = NULL; return TNC_RESULT_FATAL; } - libpts_init(); if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { @@ -164,13 +160,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -217,7 +216,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) if (result == TNC_RESULT_SUCCESS) { - /* send PA-TNC message with the excl flag set */ + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); @@ -315,9 +314,6 @@ TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id) DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - - libpts_deinit(); - imc_attestation->destroy(imc_attestation); imc_attestation = NULL; diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index fbe81ee48..2fc2998e1 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -446,6 +446,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, msg->add_attribute(msg, attr); break; } + case TCG_SEG_MAX_ATTR_SIZE_REQ: + case TCG_SEG_NEXT_SEG_REQ: + break; + /* TODO: Not implemented yet */ case TCG_PTS_REQ_INTEG_MEAS_LOG: /* Attributes using XML */ @@ -468,8 +472,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, case TCG_PTS_FILE_MEAS: case TCG_PTS_INTEG_MEAS_LOG: default: - DBG1(DBG_IMC, "received unsupported attribute '%N'", - tcg_attr_names, attr->get_type(attr)); + DBG1(DBG_IMC, "received unsupported attribute '%N/%N'", + pen_names, PEN_TCG, tcg_attr_names, attr_type.type); break; } return TRUE; diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h index a2f1b4e3c..a2f1b4e3c 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index 4fcbdfa8a..0b594cb10 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +16,7 @@ #include "imc_attestation_state.h" -#include <libpts.h> +#include <imcv.h> #include <tncif_names.h> @@ -66,6 +67,11 @@ struct private_imc_attestation_state_t { u_int32_t max_msg_len; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * PTS object */ pts_t *pts; @@ -119,6 +125,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_attestation_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -151,6 +163,7 @@ METHOD(imc_state_t, destroy, void, offsetof(pts_component_t, destroy)); this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy)); + this->contracts->destroy(this->contracts); free(this); } @@ -181,7 +194,8 @@ METHOD(imc_attestation_state_t, create_component, pts_component_t*, if (!found) { - component = pts_components->create(pts_components, name, depth, NULL); + component = imcv_pts_components->create(imcv_pts_components, + name, depth, NULL); if (!component) { return NULL; @@ -220,6 +234,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -233,6 +248,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .connection_id = connection_id, .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .contracts = seg_contract_manager_create(), .pts = pts_create(TRUE), .components = linked_list_create(), .list = linked_list_create(), diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h index 4b93931c3..854c8825b 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h @@ -15,7 +15,7 @@ /** * @defgroup imc_attestation imc_attestation - * @ingroup libpts_plugins + * @ingroup libimcv_plugins * * @defgroup imc_attestation_state_t imc_attestation_state * @{ @ingroup imc_attestation diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index 2f0b85404..3f4cf41a9 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index c624d26b1..86d2e09ca 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -30,7 +30,6 @@ #include <ita/ita_attr.h> #include <ita/ita_attr_get_settings.h> #include <ita/ita_attr_settings.h> -#include <ita/ita_attr_angel.h> #include <ita/ita_attr_device_id.h> #include <tncif_pa_subtypes.h> @@ -341,69 +340,24 @@ static void add_device_id(imc_msg_t *msg) */ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg) { - pa_tnc_attr_t *attr = NULL, *attr_angel; + pa_tnc_attr_t *attr; ietf_attr_installed_packages_t *attr_cast; enumerator_t *enumerator; chunk_t name, version; - size_t max_attr_size, attr_size, entry_size; - bool first = TRUE; - - /** - * Compute the maximum IETF Installed Packages attribute size - * leaving space for an additional ITA Angel attribute - */ - max_attr_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE; - /* At least one IETF Installed Packages attribute is sent */ attr = ietf_attr_installed_packages_create(); - attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE; enumerator = os->create_package_enumerator(os); - if (enumerator) + while (enumerator->enumerate(enumerator, &name, &version)) { - while (enumerator->enumerate(enumerator, &name, &version)) - { - DBG2(DBG_IMC, "package '%.*s' (%.*s)", - name.len, name.ptr, version.len, version.ptr); - - entry_size = 2 + name.len + version.len; - if (attr_size + entry_size > max_attr_size) - { - if (first) - { - /** - * Send an ITA Start Angel attribute to the IMV signalling - * that multiple ITA Installed Package attributes follow. - */ - attr_angel = ita_attr_angel_create(TRUE); - msg->add_attribute(msg, attr_angel); - first = FALSE; - } - msg->add_attribute(msg, attr); - - /* create the next IETF Installed Packages attribute */ - attr = ietf_attr_installed_packages_create(); - attr_size = PA_TNC_ATTR_HEADER_SIZE + - IETF_INSTALLED_PACKAGES_MIN_SIZE; - } - attr_cast = (ietf_attr_installed_packages_t*)attr; - attr_cast->add(attr_cast, name, version); - attr_size += entry_size; - } - enumerator->destroy(enumerator); + DBG2(DBG_IMC, "package '%.*s' (%.*s)", + name.len, name.ptr, version.len, version.ptr); + attr_cast = (ietf_attr_installed_packages_t*)attr; + attr_cast->add(attr_cast, name, version); } - msg->add_attribute(msg, attr); + enumerator->destroy(enumerator); - if (!first) - { - /** - * If we sent an ITA Start Angel attribute in the first place, - * terminate by appending a matching ITA Stop Angel attribute. - */ - attr_angel = ita_attr_angel_create(FALSE); - msg->add_attribute(msg, attr_angel); - } + msg->add_attribute(msg, attr); } /** @@ -491,13 +445,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -582,6 +539,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) } else { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index f49959ab9..139ab0597 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,6 +60,11 @@ struct private_imc_os_state_t { * Maximum PA-TNC message size for this TNCCS connection */ u_int32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_os_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_os_state_t *this, TNC_ConnectionState new_state) { @@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_os_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -145,6 +157,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -154,6 +167,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), ); return &this->public.interface; diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index c66bb1afa..a192b0a41 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index 2be6a87df..0478841cb 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -299,13 +299,16 @@ static TNC_Result receive_message(imc_msg_t *in_msg) TNC_Result result = TNC_RESULT_SUCCESS; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -352,6 +355,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg) } else if (result == TNC_RESULT_SUCCESS) { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index b5a6cdd20..d357859fa 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,6 +60,11 @@ struct private_imc_scanner_state_t { * Maximum PA-TNC message size for this TNCCS connection */ u_int32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_scanner_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_scanner_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -145,6 +157,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -154,6 +167,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), ); return &this->public.interface; diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am index ddf596465..c1cdb988a 100644 --- a/src/libpts/plugins/imc_swid/Makefile.am +++ b/src/libimcv/plugins/imc_swid/Makefile.am @@ -21,7 +21,6 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts \ -DSWID_DIRECTORY=\"${prefix}/share\" AM_CFLAGS = \ @@ -31,7 +30,6 @@ imcv_LTLIBRARIES = imc-swid.la imc_swid_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 6c3923ae2..f1859a2cb 100644 --- a/src/libpts/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -79,7 +79,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/libpts/plugins/imc_swid +subdir = src/libimcv/plugins/imc_swid DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -130,7 +130,6 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \ "$(DESTDIR)$(swiddir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS) @@ -234,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -427,7 +434,6 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts \ -DSWID_DIRECTORY=\"${prefix}/share\" AM_CFLAGS = \ @@ -436,7 +442,6 @@ AM_CFLAGS = \ imcv_LTLIBRARIES = imc-swid.la imc_swid_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c @@ -454,9 +459,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile + $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c index ef3a6a3e3..40f352ad9 100644 --- a/src/libpts/plugins/imc_swid/imc_swid.c +++ b/src/libimcv/plugins/imc_swid/imc_swid.c @@ -15,17 +15,15 @@ #include "imc_swid_state.h" -#include "libpts.h" -#include "swid/swid_inventory.h" -#include "swid/swid_error.h" +#include <imc/imc_agent.h> +#include <imc/imc_msg.h> +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/swid/tcg_swid_attr_req.h" #include "tcg/swid/tcg_swid_attr_tag_inv.h" #include "tcg/swid/tcg_swid_attr_tag_id_inv.h" - -#include <imc/imc_agent.h> -#include <imc/imc_msg.h> -#include <ita/ita_attr.h> -#include <ita/ita_attr_angel.h> +#include "swid/swid_inventory.h" +#include "swid/swid_error.h" #include <tncif_pa_subtypes.h> @@ -63,9 +61,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, { return TNC_RESULT_FATAL; } - - libpts_init(); - if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) { DBG1(DBG_IMC, "no common IF-IMC version"); @@ -117,6 +112,14 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_ConnectionID connection_id) { imc_state_t *state; + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + size_t max_attr_size = SWID_MAX_ATTR_SIZE; + size_t max_seg_size; + char buf[BUF_LEN]; + TNC_Result result = TNC_RESULT_SUCCESS; if (!imc_swid) { @@ -128,7 +131,30 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } - return TNC_RESULT_SUCCESS; + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* Announce support of PA-TNC segmentation to IMV */ + contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, + TRUE, imc_id, TRUE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + + /* send PA-TNC message with the excl flag not set */ + out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + out_msg->add_attribute(out_msg, attr); + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; } /** @@ -138,13 +164,12 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, uint32_t request_id, bool full_tags, swid_inventory_t *targets) { - pa_tnc_attr_t *attr, *attr_angel, *attr_error; + pa_tnc_attr_t *attr, *attr_error; imc_swid_state_t *swid_state; swid_inventory_t *swid_inventory; char *swid_directory, *swid_generator; uint32_t eid_epoch; - size_t max_attr_size, attr_size, entry_size; - bool first = TRUE, swid_pretty, swid_full; + bool swid_pretty, swid_full; enumerator_t *enumerator; swid_directory = lib->settings->get_str(lib->settings, @@ -177,63 +202,19 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, swid_state = (imc_swid_state_t*)state; eid_epoch = swid_state->get_eid_epoch(swid_state); - /** - * Compute the maximum TCG SWID Tag [ID] Inventory attribute size - * leaving space for an additional ITA Angel attribute - */ - max_attr_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE; - if (full_tags) { tcg_swid_attr_tag_inv_t *swid_attr; swid_tag_t *tag; - chunk_t encoding, tag_file_path; - /* At least one TCG Tag Inventory attribute is sent */ - attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE; + /* Send a TCG SWID Tag Inventory attribute */ attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1); + swid_attr = (tcg_swid_attr_tag_inv_t*)attr; enumerator = swid_inventory->create_enumerator(swid_inventory); while (enumerator->enumerate(enumerator, &tag)) { - tag_file_path = tag->get_tag_file_path(tag); - encoding = tag->get_encoding(tag); - entry_size = 2 + tag_file_path.len + 4 + encoding.len; - - /* Check for oversize tags that cannot be transported */ - if (PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE + - entry_size > max_attr_size) - { - attr_error = swid_error_create(TCG_SWID_RESPONSE_TOO_LARGE, - request_id, max_attr_size, - "oversize SWID tag omitted"); - msg->add_attribute(msg, attr_error); - continue; - } - - if (attr_size + entry_size > max_attr_size) - { - if (first) - { - /** - * Send an ITA Start Angel attribute to the IMV signalling - * that multiple TGC SWID Tag Inventory attributes follow - */ - attr_angel = ita_attr_angel_create(TRUE); - msg->add_attribute(msg, attr_angel); - first = FALSE; - } - msg->add_attribute(msg, attr); - - /* create the next TCG SWID Tag Inventory attribute */ - attr_size = PA_TNC_ATTR_HEADER_SIZE + - TCG_SWID_TAG_INV_MIN_SIZE; - attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1); - } - swid_attr = (tcg_swid_attr_tag_inv_t*)attr; swid_attr->add(swid_attr, tag->get_ref(tag)); - attr_size += entry_size; } enumerator->destroy(enumerator); } @@ -241,59 +222,22 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, { tcg_swid_attr_tag_id_inv_t *swid_id_attr; swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, tag_file_path; - /* At least one TCG Tag ID Inventory attribute is sent */ - attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE; + /* Send a TCG SWID Tag ID Inventory attribute */ attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1); swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr; enumerator = swid_inventory->create_enumerator(swid_inventory); while (enumerator->enumerate(enumerator, &tag_id)) { - tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path); - entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len + - 2 + tag_file_path.len; - - if (attr_size + entry_size > max_attr_size) - { - if (first) - { - /** - * Send an ITA Start Angel attribute to the IMV signalling - * that multiple TGC SWID Tag ID Inventory attributes follow - */ - attr_angel = ita_attr_angel_create(TRUE); - msg->add_attribute(msg, attr_angel); - first = FALSE; - } - msg->add_attribute(msg, attr); - - /* create the next TCG SWID Tag ID Inventory attribute */ - attr_size = PA_TNC_ATTR_HEADER_SIZE + - TCG_SWID_TAG_ID_INV_MIN_SIZE; - attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1); - } - swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr; swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id)); - attr_size += entry_size; } enumerator->destroy(enumerator); } + msg->add_attribute(msg, attr); swid_inventory->destroy(swid_inventory); - if (!first) - { - /** - * If we sent an ITA Start Angel attribute in the first place, - * terminate by appending a matching ITA Stop Angel attribute. - */ - attr_angel = ita_attr_angel_create(FALSE); - msg->add_attribute(msg, attr_angel); - } - return TRUE; } @@ -306,13 +250,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -358,6 +305,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) } else { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); @@ -455,9 +403,6 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - - libpts_deinit(); - imc_swid->destroy(imc_swid); imc_swid = NULL; diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c index 11f467303..65c279b3f 100644 --- a/src/libpts/plugins/imc_swid/imc_swid_state.c +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -62,6 +62,11 @@ struct private_imc_swid_state_t { u_int32_t max_msg_len; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * Event ID Epoch */ u_int32_t eid_epoch; @@ -104,6 +109,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_swid_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_swid_state_t *this, TNC_ConnectionState new_state) { @@ -131,6 +142,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_swid_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -169,6 +181,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -179,6 +192,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .eid_epoch = eid_epoch, ); diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h index cb3ac4589..cb3ac4589 100644 --- a/src/libpts/plugins/imc_swid/imc_swid_state.h +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h diff --git a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in index 8b7b50fdf..8b7b50fdf 100644 --- a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in +++ b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 1702574f9..3e1d0232f 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c index ee982d93b..d38ace140 100644 --- a/src/libimcv/plugins/imc_test/imc_test.c +++ b/src/libimcv/plugins/imc_test/imc_test.c @@ -181,7 +181,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, } } -static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg) +static void create_message(imc_state_t *state, imc_msg_t *out_msg) { imc_test_state_t *test_state; pa_tnc_attr_t *attr; @@ -196,9 +196,6 @@ static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg) attr = ita_attr_command_create(test_state->get_command(test_state)); attr->set_noskip_flag(attr, TRUE); out_msg->add_attribute(out_msg, attr); - - /* send PA-TNC message with the excl flag set */ - return out_msg->send(out_msg, TRUE); } /** @@ -224,10 +221,11 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } - /* send PA message for primary IMC ID */ + /* send PA message for primary IMC ID with the EXCL flag set */ out_msg = imc_msg_create(imc_test, state, connection_id, imc_id, TNC_IMVID_ANY, msg_types[0]); - result = send_message(state, out_msg); + create_message(state, out_msg); + result = out_msg->send(out_msg, TRUE); out_msg->destroy(out_msg); /* Exit if there are no additional IMC IDs */ @@ -253,7 +251,8 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, additional_id = (TNC_UInt32)pointer; out_msg = imc_msg_create(imc_test, state, connection_id, additional_id, TNC_IMVID_ANY, msg_types[0]); - result = send_message(state, out_msg); + create_message(state, out_msg); + result = out_msg->send(out_msg, TRUE); out_msg->destroy(out_msg); } enumerator->destroy(enumerator); @@ -267,13 +266,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t attr_type; - TNC_Result result; + TNC_Result result = TNC_RESULT_SUCCESS; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -308,16 +311,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) if (fatal_error) { - return TNC_RESULT_FATAL; + result = TNC_RESULT_FATAL; } - - /* if no assessment result is known then repeat the measurement */ - if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL)) + else { - return TNC_RESULT_SUCCESS; + /* if no assessment result is known then repeat the measurement */ + if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL)) + { + create_message(state, out_msg); + } + result = out_msg->send(out_msg, TRUE); } - out_msg = imc_msg_create_as_reply(in_msg); - result = send_message(state, out_msg); out_msg->destroy(out_msg); return result; diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index e7beca0aa..d3f6805ad 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -64,6 +64,11 @@ struct private_imc_test_state_t { u_int32_t max_msg_len; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * Command to transmit to IMV */ char *command; @@ -130,6 +135,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_test_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_test_state_t *this, TNC_ConnectionState new_state) { @@ -195,6 +206,7 @@ METHOD(imc_state_t, destroy, void, private_imc_test_state_t *this) { this->results->destroy_function(this->results, free); + this->contracts->destroy(this->contracts); free(this->command); free(this); } @@ -261,6 +273,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -275,6 +288,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .state = TNC_CONNECTION_STATE_CREATE, .results = linked_list_create(), .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .command = strdup(command), .dummy_size = dummy_size, .first_handshake = TRUE, diff --git a/src/libpts/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am index 8dc74fd54..6c5bf8913 100644 --- a/src/libpts/plugins/imv_attestation/Makefile.am +++ b/src/libimcv/plugins/imv_attestation/Makefile.am @@ -2,7 +2,6 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -12,8 +11,7 @@ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ imv_attestation_state.h imv_attestation_state.c \ @@ -29,7 +27,6 @@ attest_SOURCES = attest.c \ attest_db.h attest_db.c attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la attest.o : $(top_builddir)/config.status diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index b0e3787ae..3ba7c8c88 100644 --- a/src/libpts/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -80,7 +80,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = attest$(EXEEXT) -subdir = src/libpts/plugins/imv_attestation +subdir = src/libimcv/plugins/imv_attestation DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -131,8 +131,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_attestation_la_DEPENDENCIES = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la am_imv_attestation_la_OBJECTS = imv_attestation.lo \ imv_attestation_state.lo imv_attestation_agent.lo \ imv_attestation_process.lo imv_attestation_build.lo @@ -150,7 +149,6 @@ am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \ attest_db.$(OBJEXT) attest_OBJECTS = $(am_attest_OBJECTS) attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -244,6 +242,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -304,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -369,6 +369,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -416,6 +418,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -429,7 +435,6 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -438,8 +443,7 @@ AM_CFLAGS = \ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libpts/libpts.la + $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ imv_attestation_state.h imv_attestation_state.c \ @@ -454,7 +458,6 @@ attest_SOURCES = attest.c \ attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = build-database.sh @@ -471,9 +474,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile + $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libimcv/plugins/imv_attestation/attest.c index 63c0023a7..1143a0356 100644 --- a/src/libpts/plugins/imv_attestation/attest.c +++ b/src/libimcv/plugins/imv_attestation/attest.c @@ -28,7 +28,6 @@ #include <utils/debug.h> #include <imcv.h> -#include <libpts.h> #include <pts/pts_meas_algo.h> #include "attest_db.h" @@ -96,7 +95,6 @@ attest_db_t *attest; static void cleanup(void) { attest->destroy(attest); - libpts_deinit(); libimcv_deinit(); #ifdef HAVE_SYSLOG closelog(); @@ -479,7 +477,6 @@ int main(int argc, char *argv[]) } atexit(cleanup); libimcv_init(FALSE); - libpts_init(); do_args(argc, argv); diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index d7f45ad29..f85a02b3d 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -23,7 +23,7 @@ #include "attest_db.h" -#include "libpts.h" +#include "imcv.h" #include "pts/pts_meas_algo.h" #include "pts/pts_file_meas.h" #include "pts/components/pts_comp_func_name.h" @@ -187,9 +187,10 @@ char* print_cfn(pts_comp_func_name_t *cfn) qualifier = cfn->get_qualifier(cfn); n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier); - names = pts_components->get_comp_func_names(pts_components, vid); - types = pts_components->get_qualifier_type_names(pts_components, vid); - type = pts_components->get_qualifier(pts_components, cfn, flags); + names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid); + types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components, + vid); + type = imcv_pts_components->get_qualifier(imcv_pts_components, cfn, flags); if (names && types) { n = snprintf(buf + n, BUF_LEN - n, " %N/%N [%s] %N", diff --git a/src/libpts/plugins/imv_attestation/attest_db.h b/src/libimcv/plugins/imv_attestation/attest_db.h index 07e55cce7..ab3d046b3 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.h +++ b/src/libimcv/plugins/imv_attestation/attest_db.h @@ -15,7 +15,7 @@ /** * @defgroup attest_db_t attest_db - * @{ @ingroup libpts + * @{ @ingroup libimcv */ #ifndef ATTEST_DB_H_ diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c index 8f4afdbad..8f4afdbad 100644 --- a/src/libpts/plugins/imv_attestation/attest_usage.c +++ b/src/libimcv/plugins/imv_attestation/attest_usage.c diff --git a/src/libpts/plugins/imv_attestation/attest_usage.h b/src/libimcv/plugins/imv_attestation/attest_usage.h index bce801e9d..bce801e9d 100644 --- a/src/libpts/plugins/imv_attestation/attest_usage.h +++ b/src/libimcv/plugins/imv_attestation/attest_usage.h diff --git a/src/libpts/plugins/imv_attestation/build-database.sh b/src/libimcv/plugins/imv_attestation/build-database.sh index f16b5d152..ca2939b49 100755 --- a/src/libpts/plugins/imv_attestation/build-database.sh +++ b/src/libimcv/plugins/imv_attestation/build-database.sh @@ -2,7 +2,7 @@ p="Ubuntu 14.04 x86_64" a="x86_64-linux-gnu" -k="3.13.0-30-generic" +k="3.13.0-37-generic" for hash in sha1 sha256 do diff --git a/src/libpts/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c index 542a561aa..542a561aa 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c index fcfee31c1..8e3736857 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c @@ -34,19 +34,17 @@ #include <ietf/ietf_attr_string_version.h> #include <ita/ita_attr.h> #include <ita/ita_attr_device_id.h> - -#include <libpts.h> - -#include <pts/pts.h> -#include <pts/pts_database.h> -#include <pts/pts_creds.h> -#include <pts/components/ita/ita_comp_func_name.h> - #include <tcg/tcg_attr.h> #include <tcg/pts/tcg_pts_attr_meas_algo.h> #include <tcg/pts/tcg_pts_attr_proto_caps.h> #include <tcg/pts/tcg_pts_attr_req_file_meas.h> #include <tcg/pts/tcg_pts_attr_req_file_meta.h> +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include <pts/pts.h> +#include <pts/pts_database.h> +#include <pts/pts_creds.h> +#include <pts/components/ita/ita_comp_func_name.h> #include <tncif_pa_subtypes.h> @@ -55,6 +53,8 @@ #include <credentials/credential_manager.h> #include <collections/linked_list.h> +#define FILE_MEAS_MAX_ATTR_SIZE 100000000 + typedef struct private_imv_attestation_agent_t private_imv_attestation_agent_t; /* Subscribed PA-TNC message subtypes */ @@ -176,19 +176,21 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this, chunk_t os_name, os_version; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + out_msg->set_msg_type(out_msg, msg_types[0]); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } session = state->get_session(state); os_info = session->get_os_info(session); - out_msg = imv_msg_create_as_reply(in_msg); - out_msg->set_msg_type(out_msg, msg_types[0]); - /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) @@ -305,16 +307,16 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } - - /* send PA-TNC message with excl flag set */ - result = out_msg->send(out_msg, TRUE); + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } out_msg->destroy(out_msg); return result; @@ -467,12 +469,35 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (handshake_state == IMV_ATTESTATION_STATE_INIT) { + size_t max_attr_size = FILE_MEAS_MAX_ATTR_SIZE; + size_t max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; pa_tnc_attr_t *attr; pts_proto_caps_flag_t flags; + char buf[BUF_LEN]; out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY, msg_types[0]); + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + /* Send Request Protocol Capabilities attribute */ flags = pts->get_proto_caps(pts); attr = tcg_pts_attr_proto_caps_create(flags, TRUE); @@ -840,7 +865,6 @@ METHOD(imv_agent_if_t, destroy, void, DESTROY_IF(this->pts_credmgr); DESTROY_IF(this->agent); free(this); - libpts_deinit(); } /** @@ -888,8 +912,6 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id, .pts_db = pts_database_create(imcv_db), ); - libpts_init(); - if (!pts_meas_algo_probe(&this->supported_algorithms) || !pts_dh_group_probe(&this->supported_dh_groups, mandatory_dh_groups) || !pts_meas_algo_update(hash_alg, &this->supported_algorithms) || diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.h b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.h index cc421a29a..cc421a29a 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.h +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.h diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c index 120fe3eaa..c39fe8d47 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c @@ -98,6 +98,11 @@ bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state, uint32_t depth; bool first_component = TRUE; + if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK)) + { + break; + } + attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_END); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h index 88538b198..88538b198 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index 26a57d15c..89a1f02cf 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -218,6 +218,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, } session->get_session_id(session, NULL, &aik_id); pts->set_aik(pts, aik, aik_id); + state->set_action_flags(state, IMV_ATTESTATION_AIK); break; } case TCG_PTS_FILE_MEAS: @@ -529,6 +530,9 @@ quote_error: } break; } + case TCG_SEG_MAX_ATTR_SIZE_RESP: + case TCG_SEG_ATTR_SEG_ENV: + break; /* TODO: Not implemented yet */ case TCG_PTS_INTEG_MEAS_LOG: @@ -554,8 +558,8 @@ quote_error: case TCG_PTS_REQ_FILE_MEAS: case TCG_PTS_REQ_INTEG_MEAS_LOG: default: - DBG1(DBG_IMV, "received unsupported attribute '%N'", - tcg_attr_names, attr->get_type(attr)); + DBG1(DBG_IMV, "received unsupported attribute '%N/%N'", + pen_names, PEN_TCG, tcg_attr_names, attr_type.type); break; } return TRUE; diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.h b/src/libimcv/plugins/imv_attestation/imv_attestation_process.h index af8666b66..af8666b66 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_process.h +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.h diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index 11afbc29d..1c3b91aeb 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -16,8 +16,7 @@ #include "imv_attestation_state.h" -#include <libpts.h> - +#include <imcv.h> #include <imv/imv_lang_string.h> #include "imv/imv_reason_string.h" @@ -76,6 +75,11 @@ struct private_imv_attestation_state_t { imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV Attestation handshake state */ imv_attestation_handshake_state_t handshake_state; @@ -240,6 +244,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_attestation_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -335,6 +345,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->reason_string); this->components->destroy_function(this->components, (void *)free_func_comp); this->pts->destroy(this->pts); + this->contracts->destroy(this->contracts); free(this); } @@ -392,7 +403,8 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*, } else { - component = pts_components->create(pts_components, name, depth, pts_db); + component = imcv_pts_components->create(imcv_pts_components, + name, depth, pts_db); if (!component) { /* unsupported component */ @@ -513,6 +525,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -538,6 +551,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .handshake_state = IMV_ATTESTATION_STATE_INIT, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .contracts = seg_contract_manager_create(), .components = linked_list_create(), .pts = pts_create(FALSE), ); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h index b72857552..39a8eee9c 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h @@ -15,7 +15,7 @@ /** * @defgroup imv_attestation imv_attestation - * @ingroup libpts_plugins + * @ingroup libimcv_plugins * * @defgroup imv_attestation_state_t imv_attestation_state * @{ @ingroup imv_attestation @@ -49,8 +49,9 @@ enum imv_attestation_flag_t { IMV_ATTESTATION_ATTR_REQ = (1<<3), IMV_ATTESTATION_ALGO = (1<<4), IMV_ATTESTATION_DH_NONCE = (1<<5), - IMV_ATTESTATION_FILE_MEAS = (1<<6), - IMV_ATTESTATION_REC = (1<<7) + IMV_ATTESTATION_AIK = (1<<6), + IMV_ATTESTATION_FILE_MEAS = (1<<7), + IMV_ATTESTATION_REC = (1<<8) }; /** diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index cae6dbe84..36e708fc9 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c index ca8bac6ca..f0b1936ab 100644 --- a/src/libimcv/plugins/imv_os/imv_os_agent.c +++ b/src/libimcv/plugins/imv_os/imv_os_agent.c @@ -37,8 +37,9 @@ #include <ita/ita_attr.h> #include <ita/ita_attr_get_settings.h> #include <ita/ita_attr_settings.h> -#include <ita/ita_attr_angel.h> #include <ita/ita_attr_device_id.h> +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" #include <tncif_names.h> #include <tncif_pa_subtypes.h> @@ -46,6 +47,8 @@ #include <pen/pen.h> #include <utils/debug.h> +#define INSTALLED_PACKAGES_MAX_ATTR_SIZE 100000000 + typedef struct private_imv_os_agent_t private_imv_os_agent_t; typedef enum imv_os_attr_t imv_os_attr_t; @@ -166,20 +169,23 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state, chunk_t os_name = chunk_empty; chunk_t os_version = chunk_empty; bool fatal_error = FALSE, assessment = FALSE; + uint16_t missing; os_state = (imv_os_state_t*)state; session = state->get_session(state); os_info = session->get_os_info(session); + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg,out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imv_msg_create_as_reply(in_msg); - /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) @@ -323,6 +329,9 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state, TNC_IMV_EVALUATION_RESULT_ERROR); assessment = TRUE; } + missing = attr_cast->get_count(attr_cast); + os_state->set_missing(os_state, missing); + attr_cast->clear_packages(attr_cast); break; } default: @@ -369,12 +378,6 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state, session->set_device_id(session, value); break; } - case ITA_ATTR_START_ANGEL: - os_state->set_angel_count(os_state, TRUE); - break; - case ITA_ATTR_STOP_ANGEL: - os_state->set_angel_count(os_state, FALSE); - break; default: break; } @@ -394,20 +397,20 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state, { os_state->set_handshake_state(os_state, IMV_OS_STATE_END); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } - - /* send PA-TNC message with excl flag set */ - result = out_msg->send(out_msg, TRUE); + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } out_msg->destroy(out_msg); return result; - } +} METHOD(imv_agent_if_t, receive_message, TNC_Result, private_imv_os_agent_t *this, TNC_ConnectionID id, @@ -529,6 +532,30 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (handshake_state == IMV_OS_STATE_INIT) { + size_t max_attr_size = INSTALLED_PACKAGES_MAX_ATTR_SIZE; + size_t max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST) { /* create attribute request for missing mandatory attributes */ @@ -671,7 +698,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, int count, count_update, count_blacklist, count_ok; if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) || - os_state->get_angel_count(os_state) > 0) + os_state->get_missing(os_state) > 0) { continue; } diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index dc8474ac9..ac826a77c 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -76,6 +76,11 @@ struct private_imv_os_state_t { imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -136,9 +141,9 @@ struct private_imv_os_state_t { u_int os_settings; /** - * Angel count + * Number of installed packages still missing */ - int angel_count; + uint16_t missing; }; @@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_os_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, get_recommendation, void, private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec, TNC_IMV_Evaluation_Result *eval) @@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); this->update_packages->destroy_function(this->update_packages, free); this->remove_packages->destroy_function(this->remove_packages, free); free(this); @@ -523,16 +535,16 @@ METHOD(imv_os_state_t, get_os_settings, u_int, return this->os_settings; } -METHOD(imv_os_state_t, set_angel_count, void, - private_imv_os_state_t *this, bool start) +METHOD(imv_os_state_t, set_missing, void, + private_imv_os_state_t *this, uint16_t missing) { - this->angel_count += start ? 1 : -1; + this->missing = missing; } -METHOD(imv_os_state_t, get_angel_count, int, +METHOD(imv_os_state_t, get_missing, uint16_t, private_imv_os_state_t *this) { - return this->angel_count; + return this->missing; } METHOD(imv_os_state_t, add_bad_package, void, @@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -585,14 +598,15 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .get_count = _get_count, .set_os_settings = _set_os_settings, .get_os_settings = _get_os_settings, - .set_angel_count = _set_angel_count, - .get_angel_count = _get_angel_count, + .set_missing = _set_missing, + .get_missing = _get_missing, .add_bad_package = _add_bad_package, }, .state = TNC_CONNECTION_STATE_CREATE, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .update_packages = linked_list_create(), .remove_packages = linked_list_create(), ); diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h index 82ebb6cc9..aa9b64076 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.h +++ b/src/libimcv/plugins/imv_os/imv_os_state.h @@ -114,18 +114,18 @@ struct imv_os_state_t { u_int (*get_os_settings)(imv_os_state_t *this); /** - * Increase/Decrease the ITA Angel count + * Set number of installed packages still missing * - * @param start TRUE increases and FALSE decreases count by one + * @param missing Number of missing installed packages */ - void (*set_angel_count)(imv_os_state_t *this, bool start); + void (*set_missing)(imv_os_state_t *this, uint16_t missing); /** - * Get the ITA Angel count + * Get number of installed packages still missing * - * @return ITA Angel count + * @return Number of missing installed packages */ - int (*get_angel_count)(imv_os_state_t *this); + uint16_t (*get_missing)(imv_os_state_t *this); /** * Store a bad package that has to be updated or removed diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 18446e73a..2677b339a 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c index 85ef23b80..cbabc80bf 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this, ietf_attr_port_filter_t *port_filter_attr; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -121,17 +125,20 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this, state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - out_msg = imv_msg_create_as_reply(in_msg); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); - return TNC_RESULT_SUCCESS; + return result; } METHOD(imv_agent_if_t, receive_message, TNC_Result, diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 24a49a76c..8f9593f17 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -71,6 +71,11 @@ struct private_imv_scanner_state_t { imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_scanner_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->contracts->destroy(this->contracts); this->violating_ports->destroy_function(this->violating_ports, free); free(this); } @@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session= _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .violating_ports = linked_list_create(), ); diff --git a/src/libpts/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am index 77f33e6c6..3a63b67d2 100644 --- a/src/libpts/plugins/imv_swid/Makefile.am +++ b/src/libimcv/plugins/imv_swid/Makefile.am @@ -1,19 +1,17 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts + -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - $(PLUGIN_CFLAGS) + $(PLUGIN_CFLAGS) $(json_CFLAGS) imcv_LTLIBRARIES = imv-swid.la imv_swid_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -ljson + $(json_LIBS) imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index bd89a6f90..815722f9c 100644 --- a/src/libpts/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -78,7 +78,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/libpts/plugins/imv_swid +subdir = src/libimcv/plugins/imv_swid DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -127,9 +127,10 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(imcvdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) +am__DEPENDENCIES_1 = imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \ imv_swid_agent.lo imv_swid_rest.lo imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS) @@ -232,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -416,18 +425,16 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -I$(top_srcdir)/src/libpts + -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - $(PLUGIN_CFLAGS) + $(PLUGIN_CFLAGS) $(json_CFLAGS) imcv_LTLIBRARIES = imv-swid.la imv_swid_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libpts/libpts.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -ljson + $(json_LIBS) imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ @@ -448,9 +455,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile + $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/src/libpts/plugins/imv_swid/imv_swid.c b/src/libimcv/plugins/imv_swid/imv_swid.c index cab011580..cab011580 100644 --- a/src/libpts/plugins/imv_swid/imv_swid.c +++ b/src/libimcv/plugins/imv_swid/imv_swid.c diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c index 3053b2643..5bebf32c0 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_agent.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c @@ -20,19 +20,17 @@ #include "imv_swid_state.h" #include "imv_swid_rest.h" -#include "libpts.h" -#include "swid/swid_error.h" -#include "swid/swid_inventory.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" - #include <imcv.h> -#include <ietf/ietf_attr_pa_tnc_error.h> #include <imv/imv_agent.h> #include <imv/imv_msg.h> -#include <ita/ita_attr.h> -#include <ita/ita_attr_angel.h> +#include <ietf/ietf_attr_pa_tnc_error.h> +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "tcg/swid/tcg_swid_attr_req.h" +#include "tcg/swid/tcg_swid_attr_tag_inv.h" +#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" +#include "swid/swid_error.h" +#include "swid/swid_inventory.h" #include <tncif_names.h> #include <tncif_pa_subtypes.h> @@ -115,10 +113,14 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -179,20 +181,6 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, reader->destroy(reader); } } - else if (type.vendor_id == PEN_ITA) - { - switch (type.type) - { - case ITA_ATTR_START_ANGEL: - swid_state->set_angel_count(swid_state, TRUE); - continue; - case ITA_ATTR_STOP_ANGEL: - swid_state->set_angel_count(swid_state, FALSE); - continue; - default: - continue; - } - } else if (type.vendor_id != PEN_TCG) { continue; @@ -203,6 +191,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, case TCG_SWID_TAG_ID_INVENTORY: { tcg_swid_attr_tag_id_inv_t *attr_cast; + uint32_t missing; int tag_id_count; state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV); @@ -212,11 +201,14 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); inventory = attr_cast->get_inventory(attr_cast); tag_id_count = inventory->get_count(inventory); + missing = attr_cast->get_tag_id_count(attr_cast); + swid_state->set_missing(swid_state, missing); DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s " - "for request %d at eid %d of epoch 0x%08x", - tag_id_count, (tag_id_count == 1) ? "" : "s", - request_id, last_eid, eid_epoch); + "for request %d at eid %d of epoch 0x%08x, %d item%s to " + "follow", tag_id_count, (tag_id_count == 1) ? "" : "s", + request_id, last_eid, eid_epoch, missing, + (missing == 1) ? "" : "s"); if (request_id == swid_state->get_request_id(swid_state)) { @@ -228,6 +220,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory " "with request ID %d", request_id); } + attr_cast->clear_inventory(attr_cast); break; } case TCG_SWID_TAG_INVENTORY: @@ -237,6 +230,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, chunk_t tag_encoding; json_object *jobj, *jarray, *jstring; char *tag_str; + uint32_t missing; int tag_count; enumerator_t *e; @@ -247,12 +241,13 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); inventory = attr_cast->get_inventory(attr_cast); tag_count = inventory->get_count(inventory); + missing = attr_cast->get_tag_count(attr_cast); + swid_state->set_missing(swid_state, missing); DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for " - "request %d at eid %d of epoch 0x%08x", - tag_count, (tag_count == 1) ? "" : "s", - request_id, last_eid, eid_epoch); - + "request %d at eid %d of epoch 0x%08x, %d item%s to follow", + tag_count, (tag_count == 1) ? "" : "s", request_id, + last_eid, eid_epoch, missing, (missing == 1) ? "" : "s"); if (request_id == swid_state->get_request_id(swid_state)) { @@ -289,9 +284,11 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, DBG1(DBG_IMV, "no workitem found for SWID tag inventory " "with request ID %d", request_id); } + attr_cast->clear_inventory(attr_cast); + break; } default: - continue; + break; } } enumerator->destroy(enumerator); @@ -301,17 +298,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - out_msg = imv_msg_create_as_reply(in_msg); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); - return TNC_RESULT_SUCCESS; + return result; } METHOD(imv_agent_if_t, receive_message, TNC_Result, @@ -411,6 +411,12 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (handshake_state == IMV_SWID_STATE_INIT && session->get_policy_started(session)) { + size_t max_attr_size = SWID_MAX_ATTR_SIZE; + size_t max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + enumerator = session->create_workitem_enumerator(session); if (enumerator) { @@ -435,6 +441,27 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { flags |= TCG_SWID_ATTR_REQ_FLAG_C; } + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + + /* Issue a SWID request */ request_id = workitem->get_id(workitem); swid_state->set_request_id(swid_state, request_id); attr = tcg_swid_attr_req_create(flags, request_id, 0); @@ -442,7 +469,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, workitem->set_imv_id(workitem, imv_id); no_workitems = FALSE; DBG2(DBG_IMV, "IMV %d issues SWID request %d", - imv_id, request_id); + imv_id, request_id); break; } enumerator->destroy(enumerator); @@ -464,14 +491,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (handshake_state == IMV_SWID_STATE_WORKITEMS && (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) && - swid_state->get_angel_count(swid_state) <= 0) + swid_state->get_missing(swid_state) == 0) { TNC_IMV_Evaluation_Result eval; TNC_IMV_Action_Recommendation rec; char result_str[BUF_LEN], *error_str = "", *command; char *target, *separator; int tag_id_count, tag_count, i; - size_t max_attr_size, attr_size, entry_size; chunk_t tag_creator, unique_sw_id; json_object *jrequest, *jresponse, *jvalue; tcg_swid_attr_req_t *cast_attr; @@ -541,18 +567,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, break; } - /* Compute the maximum TCG SWID Request attribute size */ - max_attr_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE; - - /* Create the [first] TCG SWID Request attribute */ - attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_REQ_MIN_SIZE; + /* Create a TCG SWID Request attribute */ attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE, swid_state->get_request_id(swid_state), 0); - tag_id_count = json_object_array_length(jresponse); DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count, (tag_id_count == 1) ? "" : "s"); + swid_state->set_missing(swid_state, tag_id_count); for (i = 0; i < tag_id_count; i++) { @@ -581,18 +602,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, tag_creator.len - 1); tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty); - entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len; - - /* Have we reached the maximum attribute size? */ - if (attr_size + entry_size > max_attr_size) - { - out_msg->add_attribute(out_msg, attr); - attr_size = PA_TNC_ATTR_HEADER_SIZE + - TCG_SWID_REQ_MIN_SIZE; - attr = tcg_swid_attr_req_create( - TCG_SWID_ATTR_REQ_FLAG_NONE, - swid_state->get_request_id(swid_state), 0); - } cast_attr = (tcg_swid_attr_req_t*)attr; cast_attr->add_target(cast_attr, tag_id); } @@ -668,7 +677,6 @@ METHOD(imv_agent_if_t, destroy, void, DESTROY_IF(this->rest_api); this->agent->destroy(this->agent); free(this); - libpts_deinit(); } /** @@ -688,6 +696,8 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, { return NULL; } + agent->add_non_fatal_attr_type(agent, + pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); INIT(this, .public = { @@ -710,7 +720,6 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, { this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout); } - libpts_init(); return &this->public; } diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h index 4218040bc..4218040bc 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_agent.h +++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.h diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c index 143b0b239..143b0b239 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_rest.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.c diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.h b/src/libimcv/plugins/imv_swid/imv_swid_rest.h index 93e3d6ab9..32392cbe6 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_rest.h +++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.h @@ -26,7 +26,7 @@ #include <library.h> -#include <json/json.h> +#include <json.h> typedef struct imv_swid_rest_t imv_swid_rest_t; diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c index c68b57e4d..04364b030 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_state.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_state.c @@ -68,11 +68,16 @@ struct private_imv_swid_state_t { uint32_t action_flags; /** - * IMV database session associatied with TNCCS connection + * IMV database session associated with TNCCS connection */ imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -113,6 +118,11 @@ struct private_imv_swid_state_t { int tag_count; /** + * Number of missing SWID Tags or Tag IDs + */ + uint32_t missing; + + /** * Top level JSON object */ json_object *jobj; @@ -122,11 +132,6 @@ struct private_imv_swid_state_t { */ json_object *jarray; - /** - * Angel count - */ - int angel_count; - }; METHOD(imv_state_t, get_connection_id, TNC_ConnectionID, @@ -190,6 +195,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_swid_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_swid_state_t *this, TNC_ConnectionState new_state) { @@ -241,6 +252,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); free(this); } @@ -301,6 +313,18 @@ METHOD(imv_swid_state_t, get_swid_inventory, json_object*, return this->jobj; } +METHOD(imv_swid_state_t, set_missing, void, + private_imv_swid_state_t *this, uint32_t count) +{ + this->missing = count; +} + +METHOD(imv_swid_state_t, get_missing, uint32_t, + private_imv_swid_state_t *this) +{ + return this->missing; +} + METHOD(imv_swid_state_t, set_count, void, private_imv_swid_state_t *this, int tag_id_count, int tag_count) { @@ -321,18 +345,6 @@ METHOD(imv_swid_state_t, get_count, void, } } -METHOD(imv_swid_state_t, set_angel_count, void, - private_imv_swid_state_t *this, bool start) -{ - this->angel_count += start ? 1 : -1; -} - -METHOD(imv_swid_state_t, get_angel_count, int, - private_imv_swid_state_t *this) -{ - return this->angel_count; -} - /** * Described in header. */ @@ -353,6 +365,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session= _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -367,15 +380,16 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) .get_request_id = _get_request_id, .set_swid_inventory = _set_swid_inventory, .get_swid_inventory = _get_swid_inventory, + .set_missing = _set_missing, + .get_missing = _get_missing, .set_count = _set_count, .get_count = _get_count, - .set_angel_count = _set_angel_count, - .get_angel_count = _get_angel_count, }, .state = TNC_CONNECTION_STATE_CREATE, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .jobj = json_object_new_object(), .jarray = json_object_new_array(), ); diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h index 7ffabfd26..af5d95c9d 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_state.h +++ b/src/libimcv/plugins/imv_swid/imv_swid_state.h @@ -28,7 +28,7 @@ #include <swid/swid_inventory.h> #include <library.h> -#include <json/json.h> +#include <json.h> typedef struct imv_swid_state_t imv_swid_state_t; typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t; @@ -96,35 +96,34 @@ struct imv_swid_state_t { json_object* (*get_swid_inventory)(imv_swid_state_t *this); /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters + * Set the number of still missing SWID Tags or Tag IDs * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags + * @param count Number of missing SWID Tags or Tag IDs */ - void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count); + void (*set_missing)(imv_swid_state_t *this, uint32_t count); /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters + * Get the number of still missing SWID Tags or Tag IDs * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags + * @result Number of missing SWID Tags or Tag IDs */ - void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count); + uint32_t (*get_missing)(imv_swid_state_t *this); /** - * Increase/Decrease the ITA Angel count + * Set [or with multiple attributes increment] SWID Tag [ID] counters * - * @param start TRUE increases and FALSE decreases count by one + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags */ - void (*set_angel_count)(imv_swid_state_t *this, bool start); + void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count); /** - * Get the ITA Angel count + * Set [or with multiple attributes increment] SWID Tag [ID] counters * - * @return ITA Angel count + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags */ - int (*get_angel_count)(imv_swid_state_t *this); - + void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count); }; /** diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 5ac6a8f7b..66da75a1e 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c index 42630003b..5e4b4866a 100644 --- a/src/libimcv/plugins/imv_test/imv_test_agent.c +++ b/src/libimcv/plugins/imv_test/imv_test_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state int rounds; bool fatal_error = FALSE, received_command = FALSE, retry = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -172,14 +176,12 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - out_msg = imv_msg_create_as_reply(in_msg); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); + return result; } /* request a handshake retry ? */ @@ -195,7 +197,6 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state /* repeat the measurement ? */ if (test_state->another_round(test_state, in_msg->get_src_id(in_msg))) { - out_msg = imv_msg_create_as_reply(in_msg); attr = ita_attr_command_create("repeat"); out_msg->add_attribute(out_msg, attr); @@ -208,19 +209,20 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state if (received_command) { - out_msg = imv_msg_create_as_reply(in_msg); result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - if (result != TNC_RESULT_SUCCESS) + if (result == TNC_RESULT_SUCCESS) { - return result; + result = this->agent->provide_recommendation(this->agent, state); } - return this->agent->provide_recommendation(this->agent, state); } else { - return TNC_RESULT_SUCCESS; + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); } + out_msg->destroy(out_msg); + + return result; } METHOD(imv_agent_if_t, receive_message, TNC_Result, diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 3564456a8..c20d00bd1 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -66,6 +66,11 @@ struct private_imv_test_state_t { imv_session_t *session; /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -162,6 +167,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_test_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_test_state_t *this, TNC_ConnectionState new_state) { @@ -220,6 +231,7 @@ METHOD(imv_state_t, destroy, void, { DESTROY_IF(this->session); DESTROY_IF(this->reason_string); + this->contracts->destroy(this->contracts); this->imcs->destroy_function(this->imcs, free); free(this); } @@ -307,6 +319,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .get_max_msg_len = _get_max_msg_len, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -323,6 +336,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .imcs = linked_list_create(), ); diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.c b/src/libimcv/pts/components/ita/ita_comp_func_name.c index a593281ba..a593281ba 100644 --- a/src/libpts/pts/components/ita/ita_comp_func_name.c +++ b/src/libimcv/pts/components/ita/ita_comp_func_name.c diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.h b/src/libimcv/pts/components/ita/ita_comp_func_name.h index eb2f363f3..eb2f363f3 100644 --- a/src/libpts/pts/components/ita/ita_comp_func_name.h +++ b/src/libimcv/pts/components/ita/ita_comp_func_name.h diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libimcv/pts/components/ita/ita_comp_ima.c index be8aa40ad..3f92b04b1 100644 --- a/src/libpts/pts/components/ita/ita_comp_ima.c +++ b/src/libimcv/pts/components/ita/ita_comp_ima.c @@ -16,7 +16,7 @@ #include "ita_comp_ima.h" #include "ita_comp_func_name.h" -#include "libpts.h" +#include "imcv.h" #include "pts/pts_pcr.h" #include "pts/pts_ima_bios_list.h" #include "pts/pts_ima_event_list.h" diff --git a/src/libpts/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h index 546d0a4b2..546d0a4b2 100644 --- a/src/libpts/pts/components/ita/ita_comp_ima.h +++ b/src/libimcv/pts/components/ita/ita_comp_ima.h diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c index 67be1ca3a..273c18f31 100644 --- a/src/libpts/pts/components/ita/ita_comp_tboot.c +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c @@ -16,7 +16,7 @@ #include "ita_comp_tboot.h" #include "ita_comp_func_name.h" -#include "libpts.h" +#include "imcv.h" #include "pts/components/pts_component.h" #include <utils/debug.h> @@ -215,7 +215,7 @@ METHOD(pts_component_t, verify, status_t, } vid = this->name->get_vendor_id(this->name); name = this->name->get_name(this->name); - names = pts_components->get_comp_func_names(pts_components, vid); + names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid); if (this->count) { @@ -320,7 +320,8 @@ METHOD(pts_component_t, destroy, void, this->cid, this->aik_id); vid = this->name->get_vendor_id(this->name); name = this->name->get_name(this->name); - names = pts_components->get_comp_func_names(pts_components, vid); + names = imcv_pts_components->get_comp_func_names(imcv_pts_components, + vid); DBG1(DBG_PTS, "deleted %d registered %N '%N' functional component " "evidence measurements", count, pen_names, vid, names, name); } diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h index 1e1a14831..1e1a14831 100644 --- a/src/libpts/pts/components/ita/ita_comp_tboot.h +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c index 097e4c89c..097e4c89c 100644 --- a/src/libpts/pts/components/ita/ita_comp_tgrub.c +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h index 59913c82d..59913c82d 100644 --- a/src/libpts/pts/components/ita/ita_comp_tgrub.h +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h diff --git a/src/libpts/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c index 08c3d5e9a..08c3d5e9a 100644 --- a/src/libpts/pts/components/pts_comp_evidence.c +++ b/src/libimcv/pts/components/pts_comp_evidence.c diff --git a/src/libpts/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h index 55776ce8b..55776ce8b 100644 --- a/src/libpts/pts/components/pts_comp_evidence.h +++ b/src/libimcv/pts/components/pts_comp_evidence.h diff --git a/src/libpts/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c index 6c630f8fb..e12522ed1 100644 --- a/src/libpts/pts/components/pts_comp_func_name.c +++ b/src/libimcv/pts/components/pts_comp_func_name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * * HSR Hochschule fuer Technik Rapperswil * @@ -14,7 +14,7 @@ * for more details. */ -#include "libpts.h" +#include "imcv.h" #include "pts/components/pts_comp_func_name.h" #include <utils/debug.h> @@ -108,9 +108,12 @@ METHOD(pts_comp_func_name_t, log_, void, char flags[8]; int type; - names = pts_components->get_comp_func_names(pts_components, this->vid); - types = pts_components->get_qualifier_type_names(pts_components, this->vid); - type = pts_components->get_qualifier(pts_components, &this->public, flags); + names = imcv_pts_components->get_comp_func_names(imcv_pts_components, + this->vid); + types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components, + this->vid); + type = imcv_pts_components->get_qualifier(imcv_pts_components, + &this->public, flags); if (names && types) { diff --git a/src/libpts/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h index 90ad7083f..90ad7083f 100644 --- a/src/libpts/pts/components/pts_comp_func_name.h +++ b/src/libimcv/pts/components/pts_comp_func_name.h diff --git a/src/libpts/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h index 71b1ad59c..71b1ad59c 100644 --- a/src/libpts/pts/components/pts_component.h +++ b/src/libimcv/pts/components/pts_component.h diff --git a/src/libpts/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c index 9c1375b79..9c1375b79 100644 --- a/src/libpts/pts/components/pts_component_manager.c +++ b/src/libimcv/pts/components/pts_component_manager.c diff --git a/src/libpts/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h index 61055ec74..61055ec74 100644 --- a/src/libpts/pts/components/pts_component_manager.h +++ b/src/libimcv/pts/components/pts_component_manager.h diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.c b/src/libimcv/pts/components/tcg/tcg_comp_func_name.c index a70c84e48..a70c84e48 100644 --- a/src/libpts/pts/components/tcg/tcg_comp_func_name.c +++ b/src/libimcv/pts/components/tcg/tcg_comp_func_name.c diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.h b/src/libimcv/pts/components/tcg/tcg_comp_func_name.h index 9708ad09d..9708ad09d 100644 --- a/src/libpts/pts/components/tcg/tcg_comp_func_name.h +++ b/src/libimcv/pts/components/tcg/tcg_comp_func_name.h diff --git a/src/libpts/pts/pts.c b/src/libimcv/pts/pts.c index 2fff4c901..2fff4c901 100644 --- a/src/libpts/pts/pts.c +++ b/src/libimcv/pts/pts.c diff --git a/src/libpts/pts/pts.h b/src/libimcv/pts/pts.h index fead588ae..be32a3464 100644 --- a/src/libpts/pts/pts.h +++ b/src/libimcv/pts/pts.h @@ -16,7 +16,7 @@ /** * @defgroup pts pts - * @{ @ingroup libpts + * @{ @ingroup libimcv */ #ifndef PTS_H_ diff --git a/src/libpts/pts/pts_creds.c b/src/libimcv/pts/pts_creds.c index bc483eb84..bc483eb84 100644 --- a/src/libpts/pts/pts_creds.c +++ b/src/libimcv/pts/pts_creds.c diff --git a/src/libpts/pts/pts_creds.h b/src/libimcv/pts/pts_creds.h index eb9c39537..eb9c39537 100644 --- a/src/libpts/pts/pts_creds.h +++ b/src/libimcv/pts/pts_creds.h diff --git a/src/libpts/pts/pts_database.c b/src/libimcv/pts/pts_database.c index d7b85c138..d7b85c138 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libimcv/pts/pts_database.c diff --git a/src/libpts/pts/pts_database.h b/src/libimcv/pts/pts_database.h index a6c9fb3b6..a6c9fb3b6 100644 --- a/src/libpts/pts/pts_database.h +++ b/src/libimcv/pts/pts_database.h diff --git a/src/libpts/pts/pts_dh_group.c b/src/libimcv/pts/pts_dh_group.c index 305b4ec4f..305b4ec4f 100644 --- a/src/libpts/pts/pts_dh_group.c +++ b/src/libimcv/pts/pts_dh_group.c diff --git a/src/libpts/pts/pts_dh_group.h b/src/libimcv/pts/pts_dh_group.h index f5d951e9a..f5d951e9a 100644 --- a/src/libpts/pts/pts_dh_group.h +++ b/src/libimcv/pts/pts_dh_group.h diff --git a/src/libpts/pts/pts_error.c b/src/libimcv/pts/pts_error.c index 1e79689f9..1e79689f9 100644 --- a/src/libpts/pts/pts_error.c +++ b/src/libimcv/pts/pts_error.c diff --git a/src/libpts/pts/pts_error.h b/src/libimcv/pts/pts_error.h index 9a53abd98..9a53abd98 100644 --- a/src/libpts/pts/pts_error.h +++ b/src/libimcv/pts/pts_error.h diff --git a/src/libpts/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c index 478892aea..478892aea 100644 --- a/src/libpts/pts/pts_file_meas.c +++ b/src/libimcv/pts/pts_file_meas.c diff --git a/src/libpts/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h index 4bf28e280..4bf28e280 100644 --- a/src/libpts/pts/pts_file_meas.h +++ b/src/libimcv/pts/pts_file_meas.h diff --git a/src/libpts/pts/pts_file_meta.c b/src/libimcv/pts/pts_file_meta.c index 9cca0a5a5..9cca0a5a5 100644 --- a/src/libpts/pts/pts_file_meta.c +++ b/src/libimcv/pts/pts_file_meta.c diff --git a/src/libpts/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h index 3f1813306..3f1813306 100644 --- a/src/libpts/pts/pts_file_meta.h +++ b/src/libimcv/pts/pts_file_meta.h diff --git a/src/libpts/pts/pts_file_type.c b/src/libimcv/pts/pts_file_type.c index fe849dea4..fe849dea4 100644 --- a/src/libpts/pts/pts_file_type.c +++ b/src/libimcv/pts/pts_file_type.c diff --git a/src/libpts/pts/pts_file_type.h b/src/libimcv/pts/pts_file_type.h index c1d236888..c1d236888 100644 --- a/src/libpts/pts/pts_file_type.h +++ b/src/libimcv/pts/pts_file_type.h diff --git a/src/libpts/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c index 5051b6c2d..5051b6c2d 100644 --- a/src/libpts/pts/pts_ima_bios_list.c +++ b/src/libimcv/pts/pts_ima_bios_list.c diff --git a/src/libpts/pts/pts_ima_bios_list.h b/src/libimcv/pts/pts_ima_bios_list.h index ad162e15a..ad162e15a 100644 --- a/src/libpts/pts/pts_ima_bios_list.h +++ b/src/libimcv/pts/pts_ima_bios_list.h diff --git a/src/libpts/pts/pts_ima_event_list.c b/src/libimcv/pts/pts_ima_event_list.c index 9bff4654b..9bff4654b 100644 --- a/src/libpts/pts/pts_ima_event_list.c +++ b/src/libimcv/pts/pts_ima_event_list.c diff --git a/src/libpts/pts/pts_ima_event_list.h b/src/libimcv/pts/pts_ima_event_list.h index bf5478a51..bf5478a51 100644 --- a/src/libpts/pts/pts_ima_event_list.h +++ b/src/libimcv/pts/pts_ima_event_list.h diff --git a/src/libpts/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c index c06371123..c06371123 100644 --- a/src/libpts/pts/pts_meas_algo.c +++ b/src/libimcv/pts/pts_meas_algo.c diff --git a/src/libpts/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h index eec7e7981..eec7e7981 100644 --- a/src/libpts/pts/pts_meas_algo.h +++ b/src/libimcv/pts/pts_meas_algo.h diff --git a/src/libpts/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c index 0af93b608..0af93b608 100644 --- a/src/libpts/pts/pts_pcr.c +++ b/src/libimcv/pts/pts_pcr.c diff --git a/src/libpts/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h index f638b5ee4..f638b5ee4 100644 --- a/src/libpts/pts/pts_pcr.h +++ b/src/libimcv/pts/pts_pcr.h diff --git a/src/libpts/pts/pts_proto_caps.h b/src/libimcv/pts/pts_proto_caps.h index 4346d9b79..4346d9b79 100644 --- a/src/libpts/pts/pts_proto_caps.h +++ b/src/libimcv/pts/pts_proto_caps.h diff --git a/src/libpts/pts/pts_req_func_comp_evid.h b/src/libimcv/pts/pts_req_func_comp_evid.h index bbf5bbf5b..bbf5bbf5b 100644 --- a/src/libpts/pts/pts_req_func_comp_evid.h +++ b/src/libimcv/pts/pts_req_func_comp_evid.h diff --git a/src/libpts/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h index 0c8dea0cc..0c8dea0cc 100644 --- a/src/libpts/pts/pts_simple_evid_final.h +++ b/src/libimcv/pts/pts_simple_evid_final.h diff --git a/src/libimcv/seg/seg_contract.c b/src/libimcv/seg/seg_contract.c new file mode 100644 index 000000000..7db702a08 --- /dev/null +++ b/src/libimcv/seg/seg_contract.c @@ -0,0 +1,479 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "seg_contract.h" +#include "seg_env.h" +#include "ietf/ietf_attr_pa_tnc_error.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" + +#include <utils/debug.h> +#include <bio/bio_writer.h> + +#include <tncif_pa_subtypes.h> + +typedef struct private_seg_contract_t private_seg_contract_t; + +/** + * Private data of a seg_contract_t object. + */ +struct private_seg_contract_t { + + /** + * Public seg_contract_t interface. + */ + seg_contract_t public; + + /** + * PA-TNC message type + */ + pen_type_t msg_type; + + /** + * Maximum PA-TNC attribute size + */ + uint32_t max_attr_size; + + /** + * Maximum PA-TNC attribute segment size + */ + uint32_t max_seg_size; + + /** + * Maximum PA-TNC attribute segment size + */ + uint32_t last_base_attr_id; + + /** + * List of attribute segment envelopes + */ + + linked_list_t *seg_envs; + + /** + * Is this a null contract? + */ + bool is_null; + + /** + * Contract role + */ + bool is_issuer; + + /** + * Issuer ID (either IMV or IMC ID) + */ + TNC_UInt32 issuer_id; + + /** + * Responder ID (either IMC or IMV ID) + */ + TNC_UInt32 responder_id; + + /** + * IMC/IMV role + */ + bool is_imc; + +}; + +METHOD(seg_contract_t, get_msg_type, pen_type_t, + private_seg_contract_t *this) +{ + return this->msg_type; +} + +METHOD(seg_contract_t, set_max_size, void, + private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size) +{ + this->max_attr_size = max_attr_size; + this->max_seg_size = max_seg_size; + this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE && + max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE; +} + +METHOD(seg_contract_t, get_max_size, void, + private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size) +{ + if (max_attr_size) + { + *max_attr_size = this->max_attr_size; + } + if (max_seg_size) + { + *max_seg_size = this->max_seg_size; + } +} + +METHOD(seg_contract_t, check_size, bool, + private_seg_contract_t *this, pa_tnc_attr_t *attr, bool *oversize) +{ + chunk_t attr_value; + size_t attr_len; + + *oversize = FALSE; + + if (this->is_null) + { + /* null segmentation contract */ + return FALSE; + } + attr->build(attr); + attr_value = attr->get_value(attr); + attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len; + + if (attr_len > this->max_attr_size) + { + /* oversize attribute */ + *oversize = TRUE; + return FALSE; + } + if (this->max_seg_size == SEG_CONTRACT_NO_FRAGMENTATION) + { + /* no fragmentation wanted */ + return FALSE; + } + return attr_value.len > this->max_seg_size + TCG_SEG_ATTR_SEG_ENV_HEADER; +} + +METHOD(seg_contract_t, first_segment, pa_tnc_attr_t*, + private_seg_contract_t *this, pa_tnc_attr_t *attr) +{ + seg_env_t *seg_env; + + seg_env = seg_env_create(++this->last_base_attr_id, attr, + this->max_seg_size); + if (!seg_env) + { + return NULL; + } + this->seg_envs->insert_last(this->seg_envs, seg_env); + + return seg_env->first_segment(seg_env); +} + +METHOD(seg_contract_t, next_segment, pa_tnc_attr_t*, + private_seg_contract_t *this, uint32_t base_attr_id) +{ + pa_tnc_attr_t *seg_env_attr = NULL; + seg_env_t *seg_env; + bool last_segment = FALSE; + enumerator_t *enumerator; + + enumerator = this->seg_envs->create_enumerator(this->seg_envs); + while (enumerator->enumerate(enumerator, &seg_env)) + { + if (seg_env->get_base_attr_id(seg_env) == base_attr_id) + { + seg_env_attr = seg_env->next_segment(seg_env, &last_segment); + if (!seg_env_attr) + { + break; + } + if (last_segment) + { + this->seg_envs->remove_at(this->seg_envs, enumerator); + seg_env->destroy(seg_env); + } + break; + } + } + enumerator->destroy(enumerator); + + return seg_env_attr; +} + +METHOD(seg_contract_t, add_segment, pa_tnc_attr_t*, + private_seg_contract_t *this, pa_tnc_attr_t *attr, pa_tnc_attr_t **error, + bool *more) +{ + tcg_seg_attr_seg_env_t *seg_env_attr; + seg_env_t *current, *seg_env = NULL; + pa_tnc_attr_t *base_attr; + pen_type_t error_code; + uint32_t base_attr_id; + uint8_t flags; + chunk_t segment_data, msg_info; + enumerator_t *enumerator; + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + segment_data = seg_env_attr->get_segment(seg_env_attr, &flags); + *more = flags & SEG_ENV_FLAG_MORE; + *error = NULL; + + enumerator = this->seg_envs->create_enumerator(this->seg_envs); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->get_base_attr_id(current) == base_attr_id) + { + seg_env = current; + this->seg_envs->remove_at(this->seg_envs, enumerator); + break; + } + } + enumerator->destroy(enumerator); + + if (flags & SEG_ENV_FLAG_START) + { + if (seg_env) + { + DBG1(DBG_TNC, "base attribute ID %d is already in use", + base_attr_id); + this->seg_envs->insert_last(this->seg_envs, seg_env); + return NULL; + } + DBG2(DBG_TNC, "received first segment for base attribute ID %d " + "(%d bytes)", base_attr_id, segment_data.len); + seg_env = seg_env_create_from_data(base_attr_id, segment_data, + this->max_seg_size, error); + if (!seg_env) + { + return NULL; + } + } + else + { + if (!seg_env) + { + DBG1(DBG_TNC, "base attribute ID %d not found", base_attr_id); + return NULL; + } + DBG2(DBG_TNC, "received %s segment for base attribute ID %d " + "(%d bytes)", (*more) ? "next" : "last", base_attr_id, + segment_data.len); + if (!seg_env->add_segment(seg_env, segment_data, error)) + { + seg_env->destroy(seg_env); + return NULL; + } + } + base_attr = seg_env->get_base_attr(seg_env); + + if (*more) + { + /* reinsert into list since more segments are to come */ + this->seg_envs->insert_last(this->seg_envs, seg_env); + } + else + { + /* added the last segment */ + if (!base_attr) + { + /* base attribute waits for more data */ + DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value"); + msg_info = seg_env->get_base_attr_info(seg_env); + error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, PA_TNC_ATTR_INFO_SIZE); + } + seg_env->destroy(seg_env); + } + return base_attr; +} + +METHOD(seg_contract_t, is_issuer, bool, + private_seg_contract_t *this) +{ + return this->is_issuer; +} + +METHOD(seg_contract_t, is_null, bool, + private_seg_contract_t *this) +{ + return this->is_null; +} + +METHOD(seg_contract_t, set_responder, void, + private_seg_contract_t *this, TNC_UInt32 responder_id) +{ + this->responder_id = responder_id; +} + +METHOD(seg_contract_t, get_responder, TNC_UInt32, + private_seg_contract_t *this) +{ + return this->responder_id; +} + +METHOD(seg_contract_t, get_issuer, TNC_UInt32, + private_seg_contract_t *this) +{ + return this->issuer_id; +} + +METHOD(seg_contract_t, clone_, seg_contract_t*, + private_seg_contract_t *this) +{ + private_seg_contract_t *clone; + + clone = malloc_thing(private_seg_contract_t); + memcpy(clone, this, sizeof(private_seg_contract_t)); + clone->seg_envs = linked_list_create(); + + return &clone->public; +} + +METHOD(seg_contract_t, get_info_string, void, + private_seg_contract_t *this, char *buf, size_t len, bool request) +{ + enum_name_t *pa_subtype_names; + uint32_t msg_vid, msg_subtype; + char *pos = buf; + int written; + + /* nul-terminate the string buffer */ + buf[--len] = '\0'; + + if (this->is_issuer && request) + { + written = snprintf(pos, len, "%s %d requests", + this->is_imc ? "IMC" : "IMV", this->issuer_id); + } + else + { + written = snprintf(pos, len, "%s %d received", + this->is_imc ? "IMC" : "IMV", + this->is_issuer ? this->issuer_id : + this->responder_id); + } + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + written = snprintf(pos, len, " a %ssegmentation contract%s ", + this->is_null ? "null" : "", request ? + (this->is_issuer ? "" : " request") : " response"); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if ((!this->is_issuer && this->issuer_id != TNC_IMVID_ANY) || + ( this->is_issuer && this->responder_id != TNC_IMVID_ANY)) + { + written = snprintf(pos, len, "from %s %d ", + this->is_imc ? "IMV" : "IMC", + this->is_issuer ? this->responder_id : + this->issuer_id); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + } + + msg_vid = this->msg_type.vendor_id; + msg_subtype = this->msg_type.type; + pa_subtype_names = get_pa_subtype_names(msg_vid); + if (pa_subtype_names) + { + written = snprintf(pos, len, "for PA message type '%N/%N' " + "0x%06x/0x%08x", pen_names, msg_vid, + pa_subtype_names, msg_subtype, msg_vid, + msg_subtype); + } + else + { + written = snprintf(pos, len, "for PA message type '%N' " + "0x%06x/0x%08x", pen_names, msg_vid, + msg_vid, msg_subtype); + } + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if (!this->is_null) + { + written = snprintf(pos, len, "\n maximum attribute size of %u bytes " + "with ", this->max_attr_size); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE) + { + written = snprintf(pos, len, "no segmentation"); + } + else + { + written = snprintf(pos, len, "maximum segment size of %u bytes", + this->max_seg_size); + } + } +} + +METHOD(seg_contract_t, destroy, void, + private_seg_contract_t *this) +{ + this->seg_envs->destroy_offset(this->seg_envs, offsetof(seg_env_t, destroy)); + free(this); +} + +/** + * See header + */ +seg_contract_t *seg_contract_create(pen_type_t msg_type, + uint32_t max_attr_size, + uint32_t max_seg_size, + bool is_issuer, TNC_UInt32 issuer_id, + bool is_imc) +{ + private_seg_contract_t *this; + + INIT(this, + .public = { + .get_msg_type = _get_msg_type, + .set_max_size = _set_max_size, + .get_max_size = _get_max_size, + .check_size = _check_size, + .first_segment = _first_segment, + .next_segment = _next_segment, + .add_segment = _add_segment, + .is_issuer = _is_issuer, + .is_null = _is_null, + .set_responder = _set_responder, + .get_responder = _get_responder, + .get_issuer = _get_issuer, + .clone = _clone_, + .get_info_string = _get_info_string, + .destroy = _destroy, + }, + .msg_type = msg_type, + .max_attr_size = max_attr_size, + .max_seg_size = max_seg_size, + .seg_envs = linked_list_create(), + .is_issuer = is_issuer, + .issuer_id = issuer_id, + .responder_id = is_imc ? TNC_IMVID_ANY : TNC_IMCID_ANY, + .is_imc = is_imc, + .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE && + max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE, + ); + + return &this->public; +} + diff --git a/src/libimcv/seg/seg_contract.h b/src/libimcv/seg/seg_contract.h new file mode 100644 index 000000000..23676a9f4 --- /dev/null +++ b/src/libimcv/seg/seg_contract.h @@ -0,0 +1,180 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup seg_contract seg_contract + * @{ @ingroup libimcv_seg + */ + +#ifndef SEG_CONTRACT_H_ +#define SEG_CONTRACT_H_ + +typedef struct seg_contract_t seg_contract_t; + +#include "pa_tnc/pa_tnc_attr.h" + +#include <library.h> +#include <pen/pen.h> + +#include <tncif.h> + +#define SEG_CONTRACT_MAX_SIZE_VALUE 0xffffffff +#define SEG_CONTRACT_NO_FRAGMENTATION SEG_CONTRACT_MAX_SIZE_VALUE + +/** + * Interface for a PA-TNC attribute segmentation contract + * + */ +struct seg_contract_t { + + /** + * Get the PA-TNC message type. + * + * @return PA-TNC Message type + */ + pen_type_t (*get_msg_type)(seg_contract_t *this); + + /** + * Set maximum PA-TNC attribute and segment size in octets + * + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + */ + void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size, + uint32_t max_seg_size); + + /** + * Get maximum PA-TNC attribute and segment size in octets + * + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + */ + void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size, + uint32_t *max_seg_size); + + /** + * Check if a PA-TNC attribute must be segmented or is oversized + * + * @param attr PA-TNC attribute to be checked + * @param oversize PA-TNC attribute is larger than maximum size + * @return TRUE if PA-TNC attribute must be segmented + */ + bool (*check_size)(seg_contract_t *this, pa_tnc_attr_t *attr, + bool *oversize); + + /** + * Generate first segment of a PA-TNC attribute according to the contract + * + * @param attr PA-TNC attribute to be segmented + * @return First segment envelope attribute + */ + pa_tnc_attr_t* (*first_segment)(seg_contract_t *this, pa_tnc_attr_t *attr); + + /** + * Generate next segment of a PA-TNC attribute according to the contract + * + * @param base_attr_id Base Attribute ID + * @return Next segment envelope attribute + */ + pa_tnc_attr_t* (*next_segment)(seg_contract_t *this, uint32_t base_attr_id); + + /** + * Add an attribute segments until the PA-TNC attribute is reconstructed + * + * @param attr Segment envelope attribute + * @param error Error attribute if an error occurred or NULL + * @param more Need more segments + * @return Completed PA-TNC attribute or NULL + */ + pa_tnc_attr_t* (*add_segment)(seg_contract_t *this, + pa_tnc_attr_t *attr, pa_tnc_attr_t **error, + bool *more); + + /** + * Get contract role + * + * @return TRUE: contracting party (issuer), + * FALSE: contracted party + */ + bool (*is_issuer)(seg_contract_t *this); + + /** + * Is this a null contract ? + * + * @return TRUE if null contract + */ + bool (*is_null)(seg_contract_t *this); + + /** + * Set the responder ID + * + * @param responder IMC or IMV ID of responder + */ + void (*set_responder)(seg_contract_t *this, TNC_UInt32 responder); + + /** + * Get the responder ID + * + * @return IMC or IMV ID of responder + */ + TNC_UInt32 (*get_responder)(seg_contract_t *this); + + /** + * Get the issuer ID + * + * @return IMC or IMV ID of issuer + */ + TNC_UInt32 (*get_issuer)(seg_contract_t *this); + + /** + * Clone a contract + * + * @return Cloned contract + */ + seg_contract_t* (*clone)(seg_contract_t *this); + + /** + * Get an info string about the contract + * + * @param buf String buffer of at least size len + * @param len Size of string buffer + * @param request TRUE if contract request, FALSE if response + */ + void (*get_info_string)(seg_contract_t *this, char *buf, size_t len, + bool request); + + /** + * Destroys a seg_contract_t object. + */ + void (*destroy)(seg_contract_t *this); +}; + +/** + * Create a PA-TNC attribute segmentation contract + * + * @param msg_type PA-TNC message type + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + * @param is_issuer TRUE if issuer of the contract + * @param issuer_id IMC or IMV ID of issuer + * @param is_imc TRUE if IMC, FALSE if IMV + */ +seg_contract_t* seg_contract_create(pen_type_t msg_type, + uint32_t max_attr_size, + uint32_t max_seg_size, + bool is_issuer, TNC_UInt32 issuer_id, + bool is_imc); + +#endif /** SEG_CONTRACT_H_ @}*/ diff --git a/src/libimcv/seg/seg_contract_manager.c b/src/libimcv/seg/seg_contract_manager.c new file mode 100644 index 000000000..604c51134 --- /dev/null +++ b/src/libimcv/seg/seg_contract_manager.c @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "seg_contract_manager.h" + +typedef struct private_seg_contract_manager_t private_seg_contract_manager_t; + +/** + * Private data of a seg_contract_manager_t object. + * + */ +struct private_seg_contract_manager_t { + + /** + * Public seg_contract_manager_t interface. + */ + seg_contract_manager_t public; + + /** + * List of PA-TNC segmentation contracts + */ + linked_list_t *contracts; + +}; + +METHOD(seg_contract_manager_t, add_contract, void, + private_seg_contract_manager_t *this, seg_contract_t *contract) +{ + this->contracts->insert_last(this->contracts, contract); +} + +METHOD(seg_contract_manager_t, get_contract, seg_contract_t*, + private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer, + TNC_UInt32 id) +{ + enumerator_t *enumerator; + seg_contract_t *contract, *found = NULL; + + enumerator = this->contracts->create_enumerator(this->contracts); + while (enumerator->enumerate(enumerator, &contract)) + { + if (contract->is_issuer(contract) == is_issuer && + pen_type_equals(contract->get_msg_type(contract), msg_type) && + id == (is_issuer ? contract->get_responder(contract) : + contract->get_issuer(contract))) + { + found = contract; + break; + } + } + enumerator->destroy(enumerator); + + return found; +} + +METHOD(seg_contract_manager_t, destroy, void, + private_seg_contract_manager_t *this) +{ + this->contracts->destroy_offset(this->contracts, + offsetof(seg_contract_t, destroy)); + free(this); +} + +/** + * See header + */ +seg_contract_manager_t *seg_contract_manager_create(void) +{ + private_seg_contract_manager_t *this; + + INIT(this, + .public = { + .add_contract = _add_contract, + .get_contract = _get_contract, + .destroy = _destroy, + }, + .contracts = linked_list_create(), + ); + + return &this->public; +} + diff --git a/src/libimcv/seg/seg_contract_manager.h b/src/libimcv/seg/seg_contract_manager.h new file mode 100644 index 000000000..fa9d23c0f --- /dev/null +++ b/src/libimcv/seg/seg_contract_manager.h @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup seg_contract_manager seg_contract_manager + * @{ @ingroup libimcv_seg + */ + +#ifndef SEG_CONTRACT_MANAGER_H_ +#define SEG_CONTRACT_MANAGER_H_ + +typedef struct seg_contract_manager_t seg_contract_manager_t; + +#include "seg_contract.h" + +/** + * Interface for a PA-TNC attribute segmentation contract manager + * + */ +struct seg_contract_manager_t { + + /** + * Add segmentation contract + * + * @param contract Segmentation contract to be added + */ + void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract); + + /** + * Get segmentation contract + * + * @param msg_type PA-TNC message type governed by contract + * @param is_issuer If TRUE get only issuer contracts + * @param id Match either issuer or responder ID + */ + seg_contract_t* (*get_contract)(seg_contract_manager_t *this, + pen_type_t msg_type, bool is_issuer, + TNC_UInt32 id); + + /** + * Destroys a seg_contract_manager_t object. + */ + void (*destroy)(seg_contract_manager_t *this); +}; + +/** + * Create a PA-TNC attribute segmentation contract manager + */ +seg_contract_manager_t* seg_contract_manager_create(); + +#endif /** SEG_CONTRACT_MANAGER_H_ @}*/ diff --git a/src/libimcv/seg/seg_env.c b/src/libimcv/seg/seg_env.c new file mode 100644 index 000000000..c47ce2934 --- /dev/null +++ b/src/libimcv/seg/seg_env.c @@ -0,0 +1,306 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "seg_env.h" + +#include "imcv.h" +#include "pa_tnc/pa_tnc_msg.h" +#include "ietf/ietf_attr_pa_tnc_error.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" + +#include <utils/debug.h> +#include <bio/bio_reader.h> +#include <bio/bio_writer.h> + +#define BASE_ATTR_ID_PREFIX 0xFF + +typedef struct private_seg_env_t private_seg_env_t; + +/** + * Private data of a seg_env_t object. + */ +struct private_seg_env_t { + + /** + * Public seg_env_t interface. + */ + seg_env_t public; + + /** + * Base Attribute ID + */ + uint32_t base_attr_id; + + /** + * Base Attribute + */ + pa_tnc_attr_t *base_attr; + + /** + * Base Attribute Info to be used for PA-TNC error messages + */ + u_char base_attr_info[8]; + + /** + * Base Attribute needs more segment data + */ + bool need_more; + + /** + * Pointer to remaining attribute data to be sent + */ + chunk_t data; + + /** + * Maximum PA-TNC attribute segment size + */ + uint32_t max_seg_size; + +}; + +METHOD(seg_env_t, get_base_attr_id, uint32_t, + private_seg_env_t *this) +{ + return this->base_attr_id; +} + +METHOD(seg_env_t, get_base_attr, pa_tnc_attr_t*, + private_seg_env_t *this) +{ + return this->need_more ? NULL : this->base_attr->get_ref(this->base_attr); +} + +METHOD(seg_env_t, get_base_attr_info, chunk_t, + private_seg_env_t *this) +{ + return chunk_create(this->base_attr_info, 8); +} + +METHOD(seg_env_t, first_segment, pa_tnc_attr_t*, + private_seg_env_t *this) +{ + pa_tnc_attr_t *seg_env_attr; + bio_writer_t *writer; + pen_type_t type; + chunk_t segment_data, value; + uint8_t flags, seg_env_flags; + + /* get components of base attribute header and data */ + flags = this->base_attr->get_noskip_flag(this->base_attr) ? + PA_TNC_ATTR_FLAG_NOSKIP : PA_TNC_ATTR_FLAG_NONE; + type = this->base_attr->get_type(this->base_attr); + + /* attribute data going into the first segment */ + segment_data = this->data; + segment_data.len = this->max_seg_size - PA_TNC_ATTR_HEADER_SIZE; + + /* build encoding of the base attribute header and first segment data */ + writer = bio_writer_create(this->max_seg_size); + writer->write_uint8 (writer, flags); + writer->write_uint24(writer, type.vendor_id); + writer->write_uint32(writer, type.type); + writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + this->data.len); + writer->write_data (writer, segment_data); + value = writer->extract_buf(writer); + writer->destroy(writer); + this->data = chunk_skip(this->data, segment_data.len); + + DBG2(DBG_TNC, "creating first segment for base attribute ID %d (%d bytes)", + this->base_attr_id, this->max_seg_size); + + seg_env_flags = SEG_ENV_FLAG_START | SEG_ENV_FLAG_MORE; + seg_env_attr = tcg_seg_attr_seg_env_create(value, seg_env_flags, + this->base_attr_id); + chunk_free(&value); + + return seg_env_attr; +} + +METHOD(seg_env_t, next_segment, pa_tnc_attr_t*, + private_seg_env_t *this, bool *last) +{ + pa_tnc_attr_t *seg_env_attr; + chunk_t segment_data; + uint8_t seg_env_flags; + bool is_last_segment; + + if (this->data.len == 0) + { + /* no more attribute data to segment available */ + return NULL; + } + + /* attribute data going into the next segment */ + segment_data = this->data; + segment_data.len = min(this->max_seg_size, this->data.len); + this->data = chunk_skip(this->data, segment_data.len); + + is_last_segment = (this->data.len == 0); + if (last) + { + *last = is_last_segment; + } + DBG2(DBG_TNC, "creating %s segment for base attribute ID %d (%d bytes)", + is_last_segment ? "last" : "next", this->base_attr_id, + segment_data.len); + + seg_env_flags = is_last_segment ? SEG_ENV_FLAG_NONE : SEG_ENV_FLAG_MORE; + seg_env_attr = tcg_seg_attr_seg_env_create(segment_data, seg_env_flags, + this->base_attr_id); + + return seg_env_attr; +} + +METHOD(seg_env_t, add_segment, bool, + private_seg_env_t *this, chunk_t segment, pa_tnc_attr_t **error) +{ + pen_type_t type, error_code; + uint32_t attr_offset; + chunk_t msg_info; + status_t status; + + this->base_attr->add_segment(this->base_attr, segment); + status = this->base_attr->process(this->base_attr, &attr_offset); + + if (status != SUCCESS && status != NEED_MORE) + { + type = this->base_attr->get_type(this->base_attr); + if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR) + { + /* error while processing a PA-TNC error attribute - abort */ + return FALSE; + } + error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER); + msg_info = get_base_attr_info(this); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset); + return FALSE; + } + this->need_more = (status == NEED_MORE); + + return TRUE; +} + +METHOD(seg_env_t, destroy, void, + private_seg_env_t *this) +{ + DESTROY_IF(this->base_attr); + free(this); +} + +/** + * See header + */ +seg_env_t *seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr, + uint32_t max_seg_size) +{ + private_seg_env_t *this; + chunk_t value; + + base_attr->build(base_attr); + value = base_attr->get_value(base_attr); + + /** + * The PA-TNC attribute header must not be segmented and + * there must be at least a first and one next segment + */ + if (max_seg_size < PA_TNC_ATTR_HEADER_SIZE || + max_seg_size >= PA_TNC_ATTR_HEADER_SIZE + value.len) + { + return NULL; + } + + INIT(this, + .public = { + .get_base_attr_id = _get_base_attr_id, + .get_base_attr = _get_base_attr, + .get_base_attr_info = _get_base_attr_info, + .first_segment = _first_segment, + .next_segment = _next_segment, + .add_segment = _add_segment, + .destroy = _destroy, + }, + .base_attr_id = base_attr_id, + .base_attr = base_attr->get_ref(base_attr), + .max_seg_size = max_seg_size, + .data = base_attr->get_value(base_attr), + ); + + return &this->public; +} + +/** + * See header + */ +seg_env_t *seg_env_create_from_data(uint32_t base_attr_id, chunk_t data, + uint32_t max_seg_size, pa_tnc_attr_t** error) +{ + private_seg_env_t *this; + pen_type_t type, error_code; + bio_reader_t *reader; + chunk_t msg_info; + uint32_t offset = 0, attr_offset; + status_t status; + + INIT(this, + .public = { + .get_base_attr_id = _get_base_attr_id, + .get_base_attr = _get_base_attr, + .get_base_attr_info = _get_base_attr_info, + .first_segment = _first_segment, + .next_segment = _next_segment, + .add_segment = _add_segment, + .destroy = _destroy, + }, + .base_attr_id = base_attr_id, + .max_seg_size = max_seg_size, + ); + + /* create info field to be used by PA-TNC error messages */ + memset(this->base_attr_info, 0xff, 4); + htoun32(this->base_attr_info + 4, base_attr_id); + msg_info = get_base_attr_info(this); + + /* extract from base attribute segment from data */ + reader = bio_reader_create(data); + this->base_attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes, + reader, TRUE, &offset, msg_info, error); + reader->destroy(reader); + + if (!this->base_attr) + { + destroy(this); + return NULL; + } + status = this->base_attr->process(this->base_attr, &attr_offset); + + if (status != SUCCESS && status != NEED_MORE) + { + type = this->base_attr->get_type(this->base_attr); + if (!(type.vendor_id == PEN_IETF && + type.type == IETF_ATTR_PA_TNC_ERROR)) + { + error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER); + *error = ietf_attr_pa_tnc_error_create_with_offset(error_code, + msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset); + } + destroy(this); + return NULL; + } + this->need_more = (status == NEED_MORE); + + return &this->public; +} + diff --git a/src/libimcv/seg/seg_env.h b/src/libimcv/seg/seg_env.h new file mode 100644 index 000000000..08d33d752 --- /dev/null +++ b/src/libimcv/seg/seg_env.h @@ -0,0 +1,119 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup seg_env seg_env + * @{ @ingroup libimcv_seg + */ + +#ifndef SEG_ENV_H_ +#define SEG_ENV_H_ + +typedef struct seg_env_t seg_env_t; +typedef enum seg_env_flags_t seg_env_flags_t; + +#include <library.h> + +#include <pa_tnc/pa_tnc_attr.h> + +/** + * Segment Envelope flags + */ +enum seg_env_flags_t { + SEG_ENV_FLAG_NONE = 0, + SEG_ENV_FLAG_MORE = (1<<7), + SEG_ENV_FLAG_START = (1<<6) +}; + +/** + * Interface for a PA-TNC attribute segment envelope object + */ +struct seg_env_t { + + /** + * Get Base Attribute ID + * + * @return Base Attribute ID + */ + uint32_t (*get_base_attr_id)(seg_env_t *this); + + /** + * Get Base Attribute if it contains processed [incremental] data + * + * @return Base Attribute (must be destroyed) or NULL + */ + pa_tnc_attr_t* (*get_base_attr)(seg_env_t *this); + + /** + * Base Attribute Info to be used by PA-TNC error messages + * + * @return Message info string + */ + chunk_t (*get_base_attr_info)(seg_env_t *this); + + /** + * Generate the first segment envelope of the base attribute + * + * @return First attribute segment envelope + */ + pa_tnc_attr_t* (*first_segment)(seg_env_t *this); + + /** + * Generate the next segment envelope of the base attribute + * + * @param last TRUE if last segment + * @return Next attribute segment envelope + */ + pa_tnc_attr_t* (*next_segment)(seg_env_t *this, bool *last); + + /** + * Generate the first segment envelope of the base attribute + * + * @param segment Attribute segment to be added + * @param error Error attribute if a parsing error occurred + * return TRUE if segment was successfully added + */ + bool (*add_segment)(seg_env_t *this, chunk_t segment, + pa_tnc_attr_t** error); + + /** + * Destroys a seg_env_t object. + */ + void (*destroy)(seg_env_t *this); +}; + +/** + * Create a PA-TNC attribute segment envelope object + * + * @param base_attr_id Base Attribute ID + * @param base_attr Base Attribute to be segmented + * @param max_seg_size Maximum segment size + */ +seg_env_t* seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr, + uint32_t max_seg_size); + +/** + * Create a PA-TNC attribute segment envelope object + * + * @param base_attr_id Base Attribute ID + * @param data First attribute segment + * @param max_seg_size Maximum segment size + * @param error Error attribute if a parsing error occurred + */ +seg_env_t* seg_env_create_from_data(uint32_t base_attr_id, chunk_t data, + uint32_t max_seg_size, + pa_tnc_attr_t** error); + +#endif /** SEG_ENV_H_ @}*/ diff --git a/src/libimcv/suites/test_imcv_seg.c b/src/libimcv/suites/test_imcv_seg.c new file mode 100644 index 000000000..469b1110d --- /dev/null +++ b/src/libimcv/suites/test_imcv_seg.c @@ -0,0 +1,738 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <imcv.h> +#include <pa_tnc/pa_tnc_attr.h> +#include <seg/seg_env.h> +#include <seg/seg_contract.h> +#include <seg/seg_contract_manager.h> +#include <ietf/ietf_attr_pa_tnc_error.h> +#include <ita/ita_attr.h> +#include <ita/ita_attr_command.h> +#include <ita/ita_attr_dummy.h> +#include <tcg/seg/tcg_seg_attr_seg_env.h> + +#include <tncif_pa_subtypes.h> + +static struct { + uint32_t max_seg_size, next_segs, last_seg_size; +} seg_env_tests[] = { + { 0, 0, 0 }, + { 11, 0, 0 }, + { 12, 3, 12 }, + { 13, 3, 9 }, + { 15, 3, 3 }, + { 16, 2, 16 }, + { 17, 2, 14 }, + { 23, 2, 2 }, + { 24, 1, 24 }, + { 25, 1, 23 }, + { 47, 1, 1 }, + { 48, 0, 0 }, +}; + +static char command[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +static uint32_t id = 0x123456; + +START_TEST(test_imcv_seg_env) +{ + pa_tnc_attr_t *attr, *attr1, *base_attr, *base_attr1, *error; + tcg_seg_attr_seg_env_t *seg_env_attr; + ita_attr_command_t *ita_attr; + seg_env_t *seg_env, *seg_env1; + pen_type_t type; + uint32_t base_attr_id, max_seg_size, last_seg_size, seg_size, offset; + uint8_t flags; + bool last, last_seg; + chunk_t value, segment, seg; + int n; + + libimcv_init(FALSE); + max_seg_size = seg_env_tests[_i].max_seg_size; + last_seg_size = seg_env_tests[_i].last_seg_size; + base_attr = ita_attr_command_create(command); + base_attr->build(base_attr); + + seg_env = seg_env_create(id, base_attr, max_seg_size); + if (seg_env_tests[_i].next_segs == 0) + { + ck_assert(seg_env == NULL); + } + else + { + ck_assert(seg_env->get_base_attr_id(seg_env) == id); + base_attr1 = seg_env->get_base_attr(seg_env); + ck_assert(base_attr == base_attr1); + base_attr1->destroy(base_attr1); + + for (n = 0; n <= seg_env_tests[_i].next_segs; n++) + { + last_seg = (n == seg_env_tests[_i].next_segs); + seg_size = (last_seg) ? last_seg_size : max_seg_size; + if (n == 0) + { + /* create first segment */ + attr = seg_env->first_segment(seg_env); + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + segment = seg_env_attr->get_segment(seg_env_attr, &flags); + if (max_seg_size > 12) + { + seg = chunk_create(command, seg_size - 12); + ck_assert(chunk_equals(seg, chunk_skip(segment, 12))); + } + ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START)); + } + else + { + /* create next segments */ + attr = seg_env->next_segment(seg_env, &last); + ck_assert(last == last_seg); + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + segment = seg_env_attr->get_segment(seg_env_attr, &flags); + seg = chunk_create(command + n * max_seg_size - 12, seg_size); + ck_assert(chunk_equals(seg, segment)); + ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE : + SEG_ENV_FLAG_MORE); + } + + /* check built segment envelope attribute */ + value = attr->get_value(attr); + ck_assert(value.len == 4 + seg_size); + ck_assert(segment.len == seg_size); + ck_assert(seg_env_attr->get_base_attr_id(seg_env_attr) == id); + + /* create parse segment envelope attribute from data */ + attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value); + ck_assert(attr1->process(attr1, &offset) == SUCCESS); + attr->destroy(attr); + + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr1; + segment = seg_env_attr->get_segment(seg_env_attr, &flags); + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + ck_assert(base_attr_id == id); + + /* create and update seg_env object on the receiving side */ + if (n == 0) + { + ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START)); + seg_env1 = seg_env_create_from_data(base_attr_id, segment, + max_seg_size, &error); + } + else + { + ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE : + SEG_ENV_FLAG_MORE); + seg_env1->add_segment(seg_env1, segment, &error); + } + attr1->destroy(attr1); + } + + /* check reconstructed base attribute */ + base_attr1 = seg_env1->get_base_attr(seg_env1); + ck_assert(base_attr1); + type = base_attr1->get_type(base_attr1); + ck_assert(type.vendor_id == PEN_ITA); + ck_assert(type.type == ITA_ATTR_COMMAND); + ita_attr = (ita_attr_command_t*)base_attr1; + ck_assert(streq(ita_attr->get_command(ita_attr), command)); + + seg_env->destroy(seg_env); + seg_env1->destroy(seg_env1); + base_attr1->destroy(base_attr1); + } + base_attr->destroy(base_attr); + libimcv_deinit(); +} +END_TEST + +START_TEST(test_imcv_seg_env_special) +{ + pa_tnc_attr_t *attr, *attr1, *base_attr; + tcg_seg_attr_seg_env_t *seg_env_attr; + pen_type_t type; + seg_env_t *seg_env; + chunk_t segment, value; + uint32_t max_seg_size = 47; + uint32_t last_seg_size = 1; + uint32_t offset = 12; + + base_attr = ita_attr_command_create(command); + base_attr->build(base_attr); + + /* set noskip flag in base attribute */ + base_attr->set_noskip_flag(base_attr, TRUE); + + seg_env = seg_env_create(id, base_attr, max_seg_size); + attr = seg_env->first_segment(seg_env); + attr->destroy(attr); + + /* don't return last segment indicator */ + attr = seg_env->next_segment(seg_env, NULL); + + /* build attribute */ + attr->build(attr); + + /* don't return flags */ + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + segment = seg_env_attr->get_segment(seg_env_attr, NULL); + ck_assert(segment.len == last_seg_size); + + /* get segment envelope attribute reference and destroy it */ + attr1 = attr->get_ref(attr); + attr1->destroy(attr1); + + /* check some standard methods */ + type = attr->get_type(attr); + ck_assert(type.vendor_id == PEN_TCG); + ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV); + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + /* request next segment which does not exist */ + ck_assert(seg_env->next_segment(seg_env, NULL) == NULL); + + /* create and parse a too short segment envelope attribute */ + attr1 = tcg_seg_attr_seg_env_create_from_data(0, chunk_empty); + ck_assert(attr1->process(attr1, &offset) == FAILED); + ck_assert(offset == 0); + attr1->destroy(attr1); + + /* create and parse correct segment envelope attribute */ + value = attr->get_value(attr); + attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value); + ck_assert(attr1->process(attr1, &offset) == SUCCESS); + type = attr1->get_type(attr1); + ck_assert(type.vendor_id == PEN_TCG); + ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV); + attr1->destroy(attr1); + + /* cleanup */ + attr->destroy(attr); + seg_env->destroy(seg_env); + base_attr->destroy(base_attr); +} +END_TEST + +static struct { + pa_tnc_error_code_t error_code; + chunk_t segment; +} env_invalid_tests[] = { + { PA_ERROR_INVALID_PARAMETER, { NULL, 0 } }, + { PA_ERROR_INVALID_PARAMETER, chunk_from_chars( + 0x00, 0xff, 0xff, 0xf0, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x0a) + }, + { PA_ERROR_INVALID_PARAMETER, chunk_from_chars( + 0x00, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0c) + }, + { PA_ERROR_INVALID_PARAMETER, chunk_from_chars( + 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x0c) + }, + { PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, chunk_from_chars( + 0x80, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c) + }, + { PA_ERROR_RESERVED, chunk_from_chars( + 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c) + }, + { PA_ERROR_RESERVED, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x0c) + }, + { PA_ERROR_INVALID_PARAMETER, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0c) + } +}; + +START_TEST(test_imcv_seg_env_invalid) +{ + seg_env_t *seg_env; + pen_type_t error_code; + pa_tnc_attr_t*error; + ietf_attr_pa_tnc_error_t *error_attr; + + libimcv_init(FALSE); + seg_env = seg_env_create_from_data(id, env_invalid_tests[_i].segment, 20, + &error); + ck_assert(seg_env == NULL); + if (env_invalid_tests[_i].error_code == PA_ERROR_RESERVED) + { + ck_assert(error == NULL); + } + else + { + ck_assert(error); + error->build(error); + error_attr = (ietf_attr_pa_tnc_error_t*)error; + error_code = error_attr->get_error_code(error_attr); + ck_assert(error_code.vendor_id == PEN_IETF); + ck_assert(error_code.type == env_invalid_tests[_i].error_code); + error->destroy(error); + } + libimcv_deinit(); +} +END_TEST + +START_TEST(test_imcv_seg_contract) +{ + seg_contract_t *contract_i, *contract_r; + tcg_seg_attr_seg_env_t *seg_env_attr; + ita_attr_command_t *ita_attr; + pa_tnc_attr_t *attr, *base_attr_i, *base_attr_r, *error; + pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST }; + uint32_t max_seg_size, max_attr_size = 1000, issuer_id = 1; + uint32_t base_attr_id; + bool more; + + libimcv_init(FALSE); + max_seg_size = seg_env_tests[_i].max_seg_size; + base_attr_r = ita_attr_command_create(command); + base_attr_r->build(base_attr_r); + contract_i = seg_contract_create(msg_type, max_attr_size, max_seg_size, + TRUE, issuer_id, FALSE); + contract_r = seg_contract_create(msg_type, max_attr_size, max_seg_size, + FALSE, issuer_id, TRUE); + attr = contract_r->first_segment(contract_r, base_attr_r); + + if (seg_env_tests[_i].next_segs == 0) + { + ck_assert(attr == NULL); + } + else + { + ck_assert(attr); + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + ck_assert(base_attr_id == 1); + base_attr_i = contract_i->add_segment(contract_i, attr, &error, &more); + ck_assert(base_attr_i == NULL); + attr->destroy(attr); + ck_assert(more); + while (more) + { + attr = contract_r->next_segment(contract_r, base_attr_id); + ck_assert(attr); + seg_env_attr = (tcg_seg_attr_seg_env_t*)attr; + base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr); + ck_assert(base_attr_id == 1); + base_attr_i = contract_i->add_segment(contract_i, attr, &error, + &more); + attr->destroy(attr); + } + ck_assert(base_attr_i); + ck_assert(error == NULL); + type = base_attr_i->get_type(base_attr_i); + ck_assert(pen_type_equals(type, base_attr_r->get_type(base_attr_r))); + ita_attr = (ita_attr_command_t*)base_attr_i; + ck_assert(streq(ita_attr->get_command(ita_attr), command)); + base_attr_i->destroy(base_attr_i); + } + contract_i->destroy(contract_i); + contract_r->destroy(contract_r); + base_attr_r->destroy(base_attr_r); + libimcv_deinit(); +} +END_TEST + +START_TEST(test_imcv_seg_contract_special) +{ + seg_contract_t *contract_i, *contract_r; + tcg_seg_attr_seg_env_t *seg_env_attr1, *seg_env_attr2; + ita_attr_command_t *ita_attr; + pa_tnc_attr_t *base_attr1_i, *base_attr2_i, *base_attr1_r, *base_attr2_r; + pa_tnc_attr_t *attr1_f, *attr2_f, *attr1_n, *attr2_n, *attr3, *error; + pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST }; + uint32_t max_seg_size, max_attr_size, issuer_id = 1; + uint32_t base_attr1_id, base_attr2_id; + char info[512]; + bool oversize, more; + + libimcv_init(FALSE); + + /* create two base attributes to be segmented */ + base_attr1_r = ita_attr_command_create(command); + base_attr2_r = ita_attr_dummy_create(129); + base_attr1_r->build(base_attr1_r); + base_attr2_r->build(base_attr2_r); + + /* create an issuer contract*/ + contract_i = seg_contract_create(msg_type, 1000, 47, + TRUE, issuer_id, FALSE); + ck_assert(pen_type_equals(contract_i->get_msg_type(contract_i), msg_type)); + ck_assert(contract_i->is_issuer(contract_i)); + ck_assert(!contract_i->is_null(contract_i)); + + /* set null contract */ + contract_i->set_max_size(contract_i, SEG_CONTRACT_MAX_SIZE_VALUE, + SEG_CONTRACT_MAX_SIZE_VALUE); + ck_assert(contract_i->is_null(contract_i)); + + /* set and get maximum attribute and segment sizes */ + contract_i->set_max_size(contract_i, 1000, 47); + contract_i->get_max_size(contract_i, NULL, NULL); + contract_i->get_max_size(contract_i, &max_attr_size, &max_seg_size); + contract_i->get_info_string(contract_i, info, sizeof(info), TRUE); + ck_assert(max_attr_size == 1000 && max_seg_size == 47); + ck_assert(!contract_i->is_null(contract_i)); + + /* create a null responder contract*/ + contract_r = seg_contract_create(msg_type, SEG_CONTRACT_MAX_SIZE_VALUE, + SEG_CONTRACT_MAX_SIZE_VALUE, + FALSE, issuer_id, TRUE); + ck_assert(!contract_r->is_issuer(contract_r)); + ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize)); + ck_assert(!oversize); + + /* allow no fragmentation */ + contract_r->set_max_size(contract_r, 1000, SEG_CONTRACT_MAX_SIZE_VALUE); + ck_assert(!contract_r->is_null(contract_r)); + ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize)); + ck_assert(!oversize); + + /* no maximum size limit and no fragmentation needed */ + contract_r->set_max_size(contract_r, SEG_CONTRACT_MAX_SIZE_VALUE, 141); + ck_assert(!contract_r->is_null(contract_r)); + ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize)); + ck_assert(!oversize); + + /* oversize base attribute */ + contract_r->set_max_size(contract_r, 140, 47); + ck_assert(!contract_r->is_null(contract_r)); + ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize)); + ck_assert(oversize); + + /* set final maximum attribute and segment sizes */ + contract_r->set_max_size(contract_r, 141, 47); + contract_r->get_info_string(contract_r, info, sizeof(info), TRUE); + ck_assert(contract_r->check_size(contract_r, base_attr2_r, &oversize)); + ck_assert(!oversize); + + /* get first segment of each base attribute */ + attr1_f = contract_r->first_segment(contract_r, base_attr1_r); + attr2_f = contract_r->first_segment(contract_r, base_attr2_r); + ck_assert(attr1_f); + ck_assert(attr2_f); + seg_env_attr1 = (tcg_seg_attr_seg_env_t*)attr1_f; + seg_env_attr2 = (tcg_seg_attr_seg_env_t*)attr2_f; + base_attr1_id = seg_env_attr1->get_base_attr_id(seg_env_attr1); + base_attr2_id = seg_env_attr2->get_base_attr_id(seg_env_attr2); + ck_assert(base_attr1_id == 1); + ck_assert(base_attr2_id == 2); + + /* get second segment of each base attribute */ + attr1_n = contract_r->next_segment(contract_r, 1); + attr2_n = contract_r->next_segment(contract_r, 2); + ck_assert(attr1_n); + ck_assert(attr2_n); + + /* process first segment of first base attribute */ + base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more); + ck_assert(base_attr1_i == NULL); + ck_assert(error == NULL); + ck_assert(more); + + /* reapply first segment of first base attribute */ + base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more); + ck_assert(base_attr1_i == NULL); + ck_assert(error == NULL); + ck_assert(more); + + /* process stray second segment of second attribute */ + base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more); + ck_assert(base_attr2_i == NULL); + ck_assert(error == NULL); + ck_assert(more); + + /* process first segment of second base attribute */ + base_attr2_i = contract_i->add_segment(contract_i, attr2_f, &error, &more); + ck_assert(base_attr2_i == NULL); + ck_assert(error == NULL); + ck_assert(more); + + /* try to get a segment of a non-existing base-attribute */ + attr3 = contract_r->next_segment(contract_r, 3); + ck_assert(attr3 == NULL); + + /* process second segment of first base attribute */ + base_attr1_i = contract_i->add_segment(contract_i, attr1_n, &error, &more); + ck_assert(base_attr1_i); + ck_assert(error == NULL); + ck_assert(!more); + + /* process second segment of second base attribute */ + base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more); + ck_assert(base_attr2_i == NULL); + ck_assert(error == NULL); + ck_assert(more); + + /* destroy first and second segments */ + attr1_f->destroy(attr1_f); + attr2_f->destroy(attr2_f); + attr1_n->destroy(attr1_n); + attr2_n->destroy(attr2_n); + + /* request surplus segment of first base attribute */ + attr1_n = contract_r->next_segment(contract_r, 1); + ck_assert(attr1_n == NULL); + + /* get last segment of second base attribute */ + attr2_n = contract_r->next_segment(contract_r, 2); + ck_assert(attr2_n); + + /* process last segment of second base attribute */ + base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more); + attr2_n->destroy(attr2_n); + ck_assert(base_attr2_i); + ck_assert(error == NULL); + ck_assert(!more); + + /* request surplus segment of second base attribute */ + attr2_n = contract_r->next_segment(contract_r, 2); + ck_assert(attr2_n == NULL); + + /* compare original with reconstructed base attributes */ + type = base_attr1_i->get_type(base_attr1_i); + ck_assert(pen_type_equals(type, base_attr1_r->get_type(base_attr1_r))); + ita_attr = (ita_attr_command_t*)base_attr1_i; + ck_assert(streq(ita_attr->get_command(ita_attr), command)); + + type = base_attr2_i->get_type(base_attr2_i); + ck_assert(pen_type_equals(type, base_attr2_r->get_type(base_attr2_r))); + ck_assert(chunk_equals(base_attr2_i->get_value(base_attr2_i), + base_attr2_r->get_value(base_attr2_r))); + + /* cleanup */ + base_attr1_r->destroy(base_attr1_r); + base_attr2_r->destroy(base_attr2_r); + base_attr1_i->destroy(base_attr1_i); + base_attr2_i->destroy(base_attr2_i); + contract_i->destroy(contract_i); + contract_r->destroy(contract_r); + libimcv_deinit(); +} +END_TEST + +static struct { + bool err_f; + chunk_t frag_f; + bool err_n; + bool base_attr; + chunk_t frag_n; +} contract_invalid_tests[] = { + { FALSE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x01, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x0d), + FALSE, TRUE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0x01 ) + }, + { FALSE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x02, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x0e), + TRUE, FALSE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x02, 0x01 ) + }, + { TRUE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x03, 0x00, 0x00, 0x55, 0x97, 0x00, 0x00, 0x00, 0x23, + 0x00, 0x00, 0x00, 0x0d), + FALSE, FALSE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x03, 0x01 ) + }, + { FALSE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x00, 0x00, 0x00, 0x14), + FALSE, FALSE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ) + }, + { FALSE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x0f), + TRUE, FALSE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x01 ) + }, + { FALSE, chunk_from_chars( + 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x11), + TRUE, FALSE, chunk_from_chars( + 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0xff ) + } +}; + +START_TEST(test_imcv_seg_contract_invalid) +{ + uint32_t max_seg_size = 12, max_attr_size = 100, issuer_id = 1; + pen_type_t msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST }; + pa_tnc_attr_t *attr_f, *attr_n, *base_attr, *error; + chunk_t value_f, value_n; + seg_contract_t *contract; + uint32_t offset; + bool more; + + libimcv_init(FALSE); + value_f = contract_invalid_tests[_i].frag_f; + value_n = contract_invalid_tests[_i].frag_n; + attr_f = tcg_seg_attr_seg_env_create_from_data(value_f.len, value_f); + attr_n = tcg_seg_attr_seg_env_create_from_data(value_n.len, value_n); + ck_assert(attr_f->process(attr_f, &offset) == SUCCESS); + ck_assert(attr_n->process(attr_n, &offset) == SUCCESS); + + contract = seg_contract_create(msg_type, max_attr_size, max_seg_size, + TRUE, issuer_id, FALSE); + base_attr = contract->add_segment(contract, attr_f, &error, &more); + ck_assert(base_attr == NULL); + + if (contract_invalid_tests[_i].err_f) + { + ck_assert(error); + error->destroy(error); + } + else + { + ck_assert(error == NULL); + ck_assert(more); + base_attr = contract->add_segment(contract, attr_n, &error, &more); + if (contract_invalid_tests[_i].err_n) + { + ck_assert(error); + error->destroy(error); + } + else + { + ck_assert(error == NULL); + } + if (contract_invalid_tests[_i].base_attr) + { + ck_assert(base_attr); + base_attr->destroy(base_attr); + } + } + + /* cleanup */ + attr_f->destroy(attr_f); + attr_n->destroy(attr_n); + contract->destroy(contract); + libimcv_deinit(); +} +END_TEST + +START_TEST(test_imcv_seg_contract_mgr) +{ + char buf[BUF_LEN]; + uint32_t max_seg_size = 12, max_attr_size = 100; + pen_type_t msg_type1 = { PEN_ITA, PA_SUBTYPE_ITA_TEST }; + pen_type_t msg_type2 = { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM }; + seg_contract_manager_t *contracts; + seg_contract_t *cx, *c1, *c2, *c3, *c4; + + contracts = seg_contract_manager_create(); + + /* add contract template as issuer */ + c1 = seg_contract_create(msg_type1, max_attr_size, max_seg_size, + TRUE, 1, FALSE); + c1->get_info_string(c1, buf, BUF_LEN, TRUE); + + contracts->add_contract(contracts, c1); + + /* received contract request for msg_type1 as responder */ + cx = contracts->get_contract(contracts, msg_type1, FALSE, 2); + ck_assert(cx == NULL); + + /* add directed contract as responder */ + c2 = seg_contract_create(msg_type1, max_attr_size, max_seg_size, + FALSE, 2, FALSE); + c2->set_responder(c2, 1); + c2->get_info_string(c2, buf, BUF_LEN, TRUE); + contracts->add_contract(contracts, c2); + + /* retrieve this contract */ + cx = contracts->get_contract(contracts, msg_type1, FALSE, 2); + ck_assert(cx == c2); + + /* received directed contract response as issuer */ + cx = contracts->get_contract(contracts, msg_type1, TRUE, 3); + ck_assert(cx == NULL); + + /* get contract template */ + cx = contracts->get_contract(contracts, msg_type1, TRUE, TNC_IMCID_ANY); + ck_assert(cx == c1); + + /* clone the contract template and as it as a directed contract */ + c3 = cx->clone(cx); + c3->set_responder(c3, 3); + c3->get_info_string(c3, buf, BUF_LEN, FALSE); + contracts->add_contract(contracts, c3); + + /* retrieve this contract */ + cx = contracts->get_contract(contracts, msg_type1, TRUE, 3); + ck_assert(cx == c3); + + /* received contract request for msg_type2 as responder */ + cx = contracts->get_contract(contracts, msg_type2, FALSE, 2); + ck_assert(cx == NULL); + + /* add directed contract as responder */ + c4 = seg_contract_create(msg_type2, max_attr_size, max_seg_size, + FALSE, 2, FALSE); + c4->set_responder(c4, 1); + contracts->add_contract(contracts, c4); + + /* retrieve this contract */ + cx = contracts->get_contract(contracts, msg_type2, FALSE, 2); + ck_assert(cx == c4); + + contracts->destroy(contracts); +} +END_TEST + +Suite *imcv_seg_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("imcv_seg"); + + tc = tcase_create("env"); + tcase_add_loop_test(tc, test_imcv_seg_env, 0, countof(seg_env_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("env_special"); + tcase_add_test(tc, test_imcv_seg_env_special); + suite_add_tcase(s, tc); + + tc = tcase_create("env_invalid"); + tcase_add_loop_test(tc, test_imcv_seg_env_invalid, 0, + countof(env_invalid_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("contract"); + tcase_add_loop_test(tc, test_imcv_seg_contract, 0, countof(seg_env_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("contract_special"); + tcase_add_test(tc, test_imcv_seg_contract_special); + suite_add_tcase(s, tc); + + tc = tcase_create("contract_invalid"); + tcase_add_loop_test(tc, test_imcv_seg_contract_invalid, 0, + countof(contract_invalid_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("contract_mgr"); + tcase_add_test(tc, test_imcv_seg_contract_mgr); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libpts/swid/swid_error.c b/src/libimcv/swid/swid_error.c index 7f3c34476..7f3c34476 100644 --- a/src/libpts/swid/swid_error.c +++ b/src/libimcv/swid/swid_error.c diff --git a/src/libpts/swid/swid_error.h b/src/libimcv/swid/swid_error.h index 1da6148ff..b459ba686 100644 --- a/src/libpts/swid/swid_error.h +++ b/src/libimcv/swid/swid_error.h @@ -15,7 +15,7 @@ /** * @defgroup swid_error swid_error - * @{ @ingroup swid + * @{ @ingroup libimcv_swid */ #ifndef SWID_ERROR_H_ diff --git a/src/libpts/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c index a9f081efa..a49286954 100644 --- a/src/libpts/swid/swid_inventory.c +++ b/src/libimcv/swid/swid_inventory.c @@ -60,28 +60,25 @@ static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file) swid_tag_t *tag; bio_writer_t *writer; chunk_t tag_encoding, tag_file_path = chunk_empty; - bool more_tags = TRUE, last_newline, end_of_tag; + bool more_tags = TRUE, last_newline; char line[8192]; size_t len; while (more_tags) { last_newline = TRUE; - end_of_tag = FALSE; writer = bio_writer_create(512); - do + while (TRUE) { if (!fgets(line, sizeof(line), file)) { more_tags = FALSE; - end_of_tag = TRUE; break; } len = strlen(line); if (last_newline && line[0] == '\n') { - end_of_tag = TRUE; break; } else @@ -90,7 +87,6 @@ static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file) writer->write_data(writer, chunk_create(line, len)); } } - while (!end_of_tag); tag_encoding = writer->get_buf(writer); diff --git a/src/libpts/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h index 7de8bb221..04029070e 100644 --- a/src/libpts/swid/swid_inventory.h +++ b/src/libimcv/swid/swid_inventory.h @@ -15,7 +15,7 @@ /** * @defgroup swid_inventory swid_inventory - * @{ @ingroup pts + * @{ @ingroup libimcv_swid */ #ifndef SWID_INVENTORY_H_ @@ -23,6 +23,9 @@ #include <library.h> +/* Maximum size of a SWID Tag Inventory: 100 MB */ +#define SWID_MAX_ATTR_SIZE 100000000 + typedef struct swid_inventory_t swid_inventory_t; /** diff --git a/src/libpts/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c index c71d5d2bd..c77c75700 100644 --- a/src/libpts/swid/swid_tag.c +++ b/src/libimcv/swid/swid_tag.c @@ -34,9 +34,9 @@ struct private_swid_tag_t { chunk_t encoding; /** - * Optional Tag File Path + * Optional Tag Identifier Instance ID */ - chunk_t tag_file_path; + chunk_t instance_id; /** * Reference count @@ -50,10 +50,10 @@ METHOD(swid_tag_t, get_encoding, chunk_t, return this->encoding; } -METHOD(swid_tag_t, get_tag_file_path, chunk_t, +METHOD(swid_tag_t, get_instance_id, chunk_t, private_swid_tag_t *this) { - return this->tag_file_path; + return this->instance_id; } METHOD(swid_tag_t, get_ref, swid_tag_t*, @@ -69,7 +69,7 @@ METHOD(swid_tag_t, destroy, void, if (ref_put(&this->ref)) { free(this->encoding.ptr); - free(this->tag_file_path.ptr); + free(this->instance_id.ptr); free(this); } } @@ -77,14 +77,14 @@ METHOD(swid_tag_t, destroy, void, /** * See header */ -swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path) +swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id) { private_swid_tag_t *this; INIT(this, .public = { .get_encoding = _get_encoding, - .get_tag_file_path = _get_tag_file_path, + .get_instance_id = _get_instance_id, .get_ref = _get_ref, .destroy = _destroy, }, @@ -92,9 +92,9 @@ swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path) .ref = 1, ); - if (tag_file_path.len > 0) + if (instance_id.len > 0) { - this->tag_file_path = chunk_clone(tag_file_path); + this->instance_id = chunk_clone(instance_id); } return &this->public; diff --git a/src/libpts/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h index e20c538ea..22c14b1aa 100644 --- a/src/libpts/swid/swid_tag.h +++ b/src/libimcv/swid/swid_tag.h @@ -15,7 +15,7 @@ /** * @defgroup swid_tag swid_tag - * @{ @ingroup swid + * @{ @ingroup libimcv_swid */ #ifndef SWID_TAG_H_ @@ -39,11 +39,11 @@ struct swid_tag_t { chunk_t (*get_encoding)(swid_tag_t *this); /** - * Get th Optional Tag File Path + * Get the optional Tag Identifier Instance ID * - * @return Optional Tag File Path + * @return Optional Tag Identifier Instance ID */ - chunk_t (*get_tag_file_path)(swid_tag_t *this); + chunk_t (*get_instance_id)(swid_tag_t *this); /** * Get a new reference to the swid_tag object @@ -63,8 +63,8 @@ struct swid_tag_t { * Creates a swid_tag_t object * * @param encoding XML encoding of SWID tag - * @param tag_file_path Tag File Path or empty chunk + * @param instance_id Tag Identifier Instance ID or empty chunk */ -swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path); +swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id); #endif /** SWID_TAG_H_ @}*/ diff --git a/src/libpts/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c index 8bede28a0..2dc6e3141 100644 --- a/src/libpts/swid/swid_tag_id.c +++ b/src/libimcv/swid/swid_tag_id.c @@ -39,9 +39,9 @@ struct private_swid_tag_id_t { chunk_t unique_sw_id; /** - * Tag File Path + * Optional Tag Identifier Instance ID */ - chunk_t tag_file_path; + chunk_t instance_id; /** * Reference count @@ -56,11 +56,11 @@ METHOD(swid_tag_id_t, get_tag_creator, chunk_t, } METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t, - private_swid_tag_id_t *this, chunk_t *tag_file_path) + private_swid_tag_id_t *this, chunk_t *instance_id) { - if (tag_file_path) + if (instance_id) { - *tag_file_path = this->tag_file_path; + *instance_id = this->instance_id; } return this->unique_sw_id; } @@ -79,7 +79,7 @@ METHOD(swid_tag_id_t, destroy, void, { free(this->tag_creator.ptr); free(this->unique_sw_id.ptr); - free(this->tag_file_path.ptr); + free(this->instance_id.ptr); free(this); } } @@ -88,7 +88,7 @@ METHOD(swid_tag_id_t, destroy, void, * See header */ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t tag_file_path) + chunk_t instance_id) { private_swid_tag_id_t *this; @@ -104,9 +104,9 @@ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, .ref = 1, ); - if (tag_file_path.len > 0) + if (instance_id.len > 0) { - this->tag_file_path = chunk_clone(tag_file_path); + this->instance_id = chunk_clone(instance_id); } return &this->public; diff --git a/src/libpts/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h index d2a783b35..a2be290ae 100644 --- a/src/libpts/swid/swid_tag_id.h +++ b/src/libimcv/swid/swid_tag_id.h @@ -15,7 +15,7 @@ /** * @defgroup swid_tag_id swid_tag_id - * @{ @ingroup swid + * @{ @ingroup libimcv_swid */ #ifndef SWID_TAG_ID_H_ @@ -41,10 +41,10 @@ struct swid_tag_id_t { /** * Get the Unique Software ID and optional Tag File Path * - * @param Optional Tag File Path + * @param instance_id Optional Tag Identifier Instance ID * @return Unique Software ID */ - chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path); + chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id); /** * Get a new reference to the swid_tag_id object @@ -65,9 +65,9 @@ struct swid_tag_id_t { * * @param tag_creator Tag Creator * @param unique_sw_id Unique Software ID - * @param tag_file_path Tag File Path or empty chunk + * @param instance_id Tag Identifier Instance ID or empty chunk */ swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t tag_file_path); + chunk_t instance_id); #endif /** SWID_TAG_ID_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c index 17a8db5d6..194cf1b68 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -54,7 +55,12 @@ struct private_tcg_pts_attr_aik_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -124,6 +130,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint8(writer, flags); writer->write_data (writer, aik_blob); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); free(aik_blob.ptr); } @@ -136,10 +143,15 @@ METHOD(pa_tnc_attr_t, process, status_t, certificate_type_t type; chunk_t aik_blob; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_AIK_SIZE) { DBG1(DBG_TNC, "insufficient data for Attestation Identity Key"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -161,6 +173,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_aik_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_aik_t *this) { @@ -201,6 +219,7 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -218,7 +237,7 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(size_t length, chunk_t data) { private_tcg_pts_attr_aik_t *this; @@ -231,12 +250,14 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_aik = _get_aik, }, .type = { PEN_TCG, TCG_PTS_AIK }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h index 0962432e9..b524ff321 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_aik.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -58,8 +59,9 @@ pa_tnc_attr_t* tcg_pts_attr_aik_create(certificate_t *aik); /** * Creates an tcg_pts_attr_aik_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(size_t length, chunk_t value); #endif /** TCG_PTS_ATTR_AIK_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c index 6119b4973..2a1506898 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -58,7 +59,12 @@ struct private_tcg_pts_attr_dh_nonce_finish_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -129,6 +135,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, this->initiator_nonce); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -139,10 +146,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int8_t reserved, nonce_len; u_int16_t hash_algo; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_DH_NONCE_FINISH_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Finish"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -160,6 +172,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_dh_nonce_finish_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_dh_nonce_finish_t *this) { @@ -216,6 +234,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create( .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -236,7 +255,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create( /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value) +pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length, + chunk_t value) { private_tcg_pts_attr_dh_nonce_finish_t *this; @@ -249,6 +269,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -257,6 +278,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value) .get_initiator_value = _get_initiator_value, }, .type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH }, + .length = length, .value = chunk_clone(value), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h index efe6fd153..78b5025bc 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -82,8 +83,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create( /** * Creates an tcg_pts_attr_dh_nonce_finish_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_DH_NONCE_FINISH_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c index 7761b977d..0349ce53e 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -54,7 +55,12 @@ struct private_tcg_pts_attr_dh_nonce_params_req_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -118,6 +124,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, this->dh_groups); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -128,10 +135,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int8_t reserved; u_int16_t dh_groups; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_DH_NONCE_PARAMS_REQ_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Request"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -144,6 +156,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_dh_nonce_params_req_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_dh_nonce_params_req_t *this) { @@ -190,6 +208,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -208,7 +227,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value) +pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length, + chunk_t value) { private_tcg_pts_attr_dh_nonce_params_req_t *this; @@ -221,6 +241,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -228,6 +249,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value) .get_dh_groups = _get_dh_groups, }, .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ }, + .length = length, .value = chunk_clone(value), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h index 024648abb..4396bf687 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -65,8 +66,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, /** * Creates an tcg_pts_attr_dh_nonce_params_req_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c index eb0d0e533..fa1dbdd3a 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,7 +61,12 @@ struct private_tcg_pts_attr_dh_nonce_params_resp_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -137,6 +143,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, this->responder_value); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -148,10 +155,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int8_t nonce_len; u_int16_t dh_group, hash_algo_set; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Response"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -170,6 +182,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_dh_nonce_params_resp_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_dh_nonce_params_resp_t *this) { @@ -232,6 +250,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -254,7 +273,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value) +pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length, + chunk_t value) { private_tcg_pts_attr_dh_nonce_params_resp_t *this; @@ -267,6 +287,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -276,6 +297,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value) .get_responder_value = _get_responder_value, }, .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP }, + .length = length, .value = chunk_clone(value), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h index 72046d2ed..b548a81f0 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -86,8 +87,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group, /** * Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c index b9095f5be..5b4cc273b 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -69,16 +70,46 @@ struct private_tcg_pts_attr_file_meas_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer */ chunk_t value; /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** * Noskip flag */ bool noskip_flag; /** + * Request ID + */ + uint16_t request_id; + + /** + * Measurement Length + */ + uint16_t meas_len; + + /** + * Number of Files in attribute + */ + uint64_t count; + + /** * PTS File Measurements */ pts_file_meas_t *measurements; @@ -118,7 +149,7 @@ METHOD(pa_tnc_attr_t, build, void, { bio_writer_t *writer; enumerator_t *enumerator; - u_int64_t number_of_files; + u_int64_t count; u_int16_t request_id; char *filename; chunk_t measurement; @@ -128,11 +159,11 @@ METHOD(pa_tnc_attr_t, build, void, { return; } - number_of_files = this->measurements->get_file_count(this->measurements); + count = this->measurements->get_file_count(this->measurements); request_id = this->measurements->get_request_id(this->measurements); writer = bio_writer_create(PTS_FILE_MEAS_SIZE); - writer->write_uint64(writer, number_of_files); + writer->write_uint64(writer, count); writer->write_uint16(writer, request_id); enumerator = this->measurements->create_enumerator(this->measurements); @@ -155,6 +186,8 @@ METHOD(pa_tnc_attr_t, build, void, } this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; writer->destroy(writer); } @@ -162,48 +195,59 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset) { bio_reader_t *reader; - u_int64_t number_of_files; - u_int16_t request_id, meas_len; chunk_t measurement, filename; - size_t len; + status_t status = NEED_MORE; char buf[BUF_LEN]; - status_t status = FAILED; + size_t len; - if (this->value.len < PTS_FILE_MEAS_SIZE) + if (this->offset == 0) { - DBG1(DBG_TNC, "insufficient data for PTS file measurement header"); - *offset = 0; - return FAILED; + if (this->length < PTS_FILE_MEAS_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < PTS_FILE_MEAS_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint64(reader, &this->count); + reader->read_uint16(reader, &this->request_id); + reader->read_uint16(reader, &this->meas_len); + this->offset = PTS_FILE_MEAS_SIZE; + this->value = reader->peek(reader); + reader->destroy(reader); } + this->measurements = pts_file_meas_create(this->request_id); reader = bio_reader_create(this->value); - reader->read_uint64(reader, &number_of_files); - reader->read_uint16(reader, &request_id); - reader->read_uint16(reader, &meas_len); - *offset = PTS_FILE_MEAS_SIZE; - - this->measurements = pts_file_meas_create(request_id); - while (number_of_files--) + while (this->count) { - if (!reader->read_data(reader, meas_len, &measurement)) - { - DBG1(DBG_TNC, "insufficient data for PTS file measurement"); - goto end; - } - *offset += meas_len; - - if (!reader->read_data16(reader, &filename)) + if (!reader->read_data(reader, this->meas_len, &measurement) || + !reader->read_data16(reader, &filename)) { - DBG1(DBG_TNC, "insufficient data for filename"); goto end; } - *offset += 2 + filename.len; + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); len = min(filename.len, BUF_LEN-1); memcpy(buf, filename.ptr, len); buf[len] = '\0'; this->measurements->add(this->measurements, buf, measurement); + this->count--; + } + + if (this->length != this->offset) + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; } status = SUCCESS; @@ -212,6 +256,14 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_file_meas_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_file_meas_t *this) { @@ -224,7 +276,7 @@ METHOD(pa_tnc_attr_t, destroy, void, if (ref_put(&this->ref)) { DESTROY_IF(this->measurements); - free(this->value.ptr); + free(this->segment.ptr); free(this); } } @@ -251,12 +303,15 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_measurements = _get_measurements, }, .type = { PEN_TCG, TCG_PTS_FILE_MEAS }, + .request_id = measurements->get_request_id(measurements), + .count = measurements->get_file_count(measurements), .measurements = measurements, .ref = 1, ); @@ -268,7 +323,8 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_file_meas_t *this; @@ -281,15 +337,20 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_measurements = _get_measurements, }, .type = { PEN_TCG, TCG_PTS_FILE_MEAS }, - .value = chunk_clone(data), + .length = length, + .segment = chunk_clone(data), .ref = 1, ); + /* received either complete attribute value or first segment */ + this->value = this->segment; + return &this->public.pa_tnc_attribute; } diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h index 4f155f05b..d399fecbb 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -58,8 +59,10 @@ pa_tnc_attr_t* tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements); /** * Creates an tcg_pts_attr_file_meas_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_FILE_MEAS_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c index f263747a3..b7b4d7e3f 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -55,7 +56,12 @@ struct private_tcg_pts_attr_gen_attest_evid_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -107,6 +113,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32 (writer, PTS_GEN_ATTEST_EVID_RESERVED); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -116,10 +123,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; u_int32_t reserved; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_GEN_ATTEST_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Generate Attestation Evidence"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -129,6 +141,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_gen_attest_evid_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_gen_attest_evid_t *this) { @@ -162,6 +180,7 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create() .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -177,7 +196,8 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create() /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_gen_attest_evid_t *this; @@ -190,11 +210,13 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, }, .type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h index 38909b025..971abd2a3 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -46,8 +47,10 @@ pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create(); /** * Creates an tcg_pts_attr_gen_attest_evid_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_GEN_ATTEST_EVID_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c index cf944d2a9..8fda2b1f5 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -52,7 +53,12 @@ struct private_tcg_pts_attr_get_aik_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -104,19 +110,31 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32 (writer, PTS_GET_AIK_RESERVED); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_get_aik_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, process, status_t, private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset) { bio_reader_t *reader; u_int32_t reserved; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_GET_AIK_SIZE) { DBG1(DBG_TNC, "insufficient data for Get AIK"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -159,6 +177,7 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create() .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -174,7 +193,8 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create() /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_get_aik_t *this; @@ -187,11 +207,13 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, }, .type = { PEN_TCG, TCG_PTS_GET_AIK }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h index 120100e59..923fd039f 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -46,8 +47,10 @@ pa_tnc_attr_t* tcg_pts_attr_get_aik_create(); /** * Creates an tcg_pts_attr_get_aik_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_GET_AIK_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c index 647c426ed..a4c9dba87 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -55,7 +56,12 @@ struct private_tcg_pts_attr_get_tpm_version_info_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -107,6 +113,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32 (writer, PTS_GET_TPM_VER_INFO_RESERVED); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -116,10 +123,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; u_int32_t reserved; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_GET_TPM_VER_INFO_SIZE) { DBG1(DBG_TNC, "insufficient data for Get TPM Version Information"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -129,6 +141,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_get_tpm_version_info_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_get_tpm_version_info_t *this) { @@ -162,6 +180,7 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create() .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -177,7 +196,8 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create() /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_get_tpm_version_info_t *this; @@ -190,11 +210,13 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, }, .type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h index 711a1d50c..19fb5a4e8 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -47,8 +48,10 @@ pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create(); /** * Creates an tcg_pts_attr_get_tpm_version_info_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c index a4dac9070..8b0502a91 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -53,7 +54,12 @@ struct private_tcg_pts_attr_meas_algo_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -110,6 +116,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, PTS_MEAS_ALGO_RESERVED); writer->write_uint16(writer, this->algorithms); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -119,10 +126,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; u_int16_t reserved, algorithms; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_MEAS_ALGO_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS Measurement Algorithm"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -134,14 +146,10 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_pts_attr_meas_algo_t *this) +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_meas_algo_t *this, chunk_t segment) { - if (ref_put(&this->ref)) - { - free(this->value.ptr); - free(this); - } + this->value = chunk_cat("mc", this->value, segment); } METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, @@ -151,6 +159,16 @@ METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, return &this->public.pa_tnc_attribute; } +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_pts_attr_meas_algo_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + METHOD(tcg_pts_attr_meas_algo_t, get_algorithms, pts_meas_algorithms_t, private_tcg_pts_attr_meas_algo_t *this) { @@ -174,6 +192,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -192,7 +211,8 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data, +pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(size_t length, + chunk_t data, bool selection) { private_tcg_pts_attr_meas_algo_t *this; @@ -206,6 +226,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -213,6 +234,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data, }, .type = { PEN_TCG, selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h index 88d1be0aa..bc15a9bb4 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -59,10 +60,12 @@ pa_tnc_attr_t* tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms, /** * Creates an tcg_pts_attr_meas_algo_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) * @param selection TRUE if a selection */ -pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(chunk_t value, +pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(size_t length, + chunk_t value, bool selection); #endif /** TCG_PTS_ATTR_MEAS_ALGO_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c index 6473ea808..0a562c0bc 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -52,8 +53,14 @@ struct private_tcg_pts_attr_proto_caps_t { */ pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + /** - * Attribute value + * Attribute value or segment */ chunk_t value; @@ -111,6 +118,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint16(writer, this->flags); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -120,10 +128,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bio_reader_t *reader; u_int16_t reserved, flags; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_PROTO_CAPS_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS Protocol Capabilities"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -135,14 +148,10 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_pts_attr_proto_caps_t *this) +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_proto_caps_t *this, chunk_t segment) { - if (ref_put(&this->ref)) - { - free(this->value.ptr); - free(this); - } + this->value = chunk_cat("mc", this->value, segment); } METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, @@ -152,6 +161,16 @@ METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, return &this->public.pa_tnc_attribute; } +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_pts_attr_proto_caps_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + METHOD(tcg_pts_attr_proto_caps_t, get_flags, pts_proto_caps_flag_t, private_tcg_pts_attr_proto_caps_t *this) { @@ -175,6 +194,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -192,7 +212,8 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data, +pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(size_t length, + chunk_t data, bool request) { private_tcg_pts_attr_proto_caps_t *this; @@ -206,6 +227,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -213,6 +235,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data, }, .type = { PEN_TCG, request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h index c2478da0b..11ed22810 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -58,10 +59,12 @@ pa_tnc_attr_t* tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags, /** * Creates an tcg_pts_attr_proto_caps_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) * @param request TRUE for a PTS protocol capabilities request */ -pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(chunk_t value, +pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(size_t length, + chunk_t value, bool request); #endif /** TCG_PTS_ATTR_PROTO_CAPS_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c index c5a2f4b8a..a3c3ce56e 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -62,7 +63,12 @@ struct private_tcg_pts_attr_req_file_meas_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -145,6 +151,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint32(writer, this->delimiter); writer->write_data (writer, pathname); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -156,10 +163,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int8_t reserved; chunk_t pathname; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_REQ_FILE_MEAS_SIZE) { DBG1(DBG_TNC, "insufficient data for Request File Measurement"); - *offset = 0; return FAILED; } @@ -178,6 +190,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_req_file_meas_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_req_file_meas_t *this) { @@ -239,6 +257,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -262,7 +281,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_req_file_meas_t *this; @@ -275,6 +295,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -284,6 +305,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data) .get_pathname = _get_pathname, }, .type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h index 135c088bf..20a54dfaf 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -83,8 +84,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag, /** * Creates an tcg_pts_attr_req_file_meas_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_REQ_FILE_MEAS_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c index 8d703af65..f6befa8b9 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,7 +61,12 @@ struct private_tcg_pts_attr_req_file_meta_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -138,6 +144,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data (writer, pathname); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -149,11 +156,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int16_t reserved; chunk_t pathname; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_REQ_FILE_META_SIZE) { DBG1(DBG_TNC, "insufficient data for Request File Metadata"); - *offset = 0; - return FAILED; } reader = bio_reader_create(this->value); @@ -171,6 +182,19 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_req_file_meta_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_tcg_pts_attr_req_file_meta_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + METHOD(pa_tnc_attr_t, destroy, void, private_tcg_pts_attr_req_file_meta_t *this) { @@ -182,13 +206,6 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_pts_attr_req_file_meta_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool, private_tcg_pts_attr_req_file_meta_t *this) { @@ -225,6 +242,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -246,7 +264,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_req_file_meta_t *this; @@ -259,6 +278,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -267,6 +287,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data) .get_pathname = _get_pathname, }, .type = { PEN_TCG, TCG_PTS_REQ_FILE_META }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h index 9aa1b93d6..c2f1cca74 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -74,8 +75,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag, /** * Creates an tcg_pts_attr_req_file_meta_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_REQ_FILE_META_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c index e10845bbb..03891104c 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -78,7 +79,12 @@ struct private_tcg_pts_attr_req_func_comp_evid_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -184,6 +190,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -196,11 +203,16 @@ METHOD(pa_tnc_attr_t, process, status_t, status_t status = FAILED; entry_t *entry = NULL; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_REQ_FUNC_COMP_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Request Functional " "Component Evidence"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -259,6 +271,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_req_func_comp_evid_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_req_func_comp_evid_t *this) { @@ -319,6 +337,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -337,7 +356,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_req_func_comp_evid_t *this; @@ -350,6 +370,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -358,6 +379,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data) .create_enumerator = _create_enumerator, }, .type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID }, + .length = length, .list = linked_list_create(), .value = chunk_clone(data), .ref = 1, diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h index 2c0b8a974..2f8657ed2 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -73,8 +74,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create(void); /** * Creates a tcg_pts_attr_req_func_comp_evid_t object from received data * - * @param value Unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index 40f380ab4..d94ee89a5 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -105,7 +106,12 @@ struct private_tcg_pts_attr_simple_comp_evid_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -243,6 +249,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data(writer, measurement); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -307,11 +314,15 @@ METHOD(pa_tnc_attr_t, process, status_t, bool has_pcr_info = FALSE, has_validation = FALSE; status_t status = FAILED; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Simple Component Evidence"); - *offset = 0; - return FAILED; } reader = bio_reader_create(this->value); @@ -427,6 +438,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_simple_comp_evid_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_simple_comp_evid_t *this) { @@ -467,6 +484,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -484,7 +502,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_simple_comp_evid_t *this; @@ -497,12 +516,14 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_comp_evidence = _get_comp_evidence, }, .type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h index 628fad621..c08adb8c9 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -57,8 +58,10 @@ pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid); /** * Creates an tcg_pts_attr_simple_comp_evid_t object from received data * - * @param value Unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c index baadd943f..cfeaec6e9 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -63,7 +64,12 @@ struct private_tcg_pts_attr_simple_evid_final_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -126,6 +132,12 @@ METHOD(pa_tnc_attr_t, get_noskip_flag, bool, return this->noskip_flag; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_simple_evid_final_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, set_noskip_flag,void, private_tcg_pts_attr_simple_evid_final_t *this, bool noskip) { @@ -195,6 +207,7 @@ METHOD(pa_tnc_attr_t, build, void, } this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -207,10 +220,15 @@ METHOD(pa_tnc_attr_t, process, status_t, u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len; status_t status = FAILED; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE) { DBG1(DBG_TNC, "insufficient data for Simple Evidence Final"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -332,6 +350,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -354,7 +373,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_simple_evid_final_t *this; @@ -367,6 +387,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -375,6 +396,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data) .set_evid_sig = _set_evid_sig, }, .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h index 1fac2e1ce..8343b5b30 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -86,8 +87,10 @@ pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create( /** * Creates an tcg_pts_attr_simple_evid_final_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c index b776cb662..db877e9c5 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -54,7 +55,12 @@ struct private_tcg_pts_attr_tpm_version_info_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -111,6 +117,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data(writer, this->tpm_version_info); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -119,10 +126,15 @@ METHOD(pa_tnc_attr_t, process, status_t, { bio_reader_t *reader; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_TPM_VER_INFO_SIZE) { DBG1(DBG_TNC, "insufficient data for TPM Version Information"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -133,6 +145,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_tpm_version_info_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_tpm_version_info_t *this) { @@ -180,6 +198,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -198,7 +217,8 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_tpm_version_info_t *this; @@ -211,6 +231,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -218,6 +239,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data) .set_tpm_version_info = _set_tpm_version_info, }, .type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h index e03b57f79..d87d72b22 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -63,8 +64,10 @@ pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info); /** * Creates an tcg_pts_attr_tpm_version_info_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_TPM_VERSION_INFO_H_ @}*/ diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c index eff64c229..7c176fdf6 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -88,7 +89,12 @@ struct private_tcg_pts_attr_file_meta_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment */ chunk_t value; @@ -168,6 +174,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -183,10 +190,15 @@ METHOD(pa_tnc_attr_t, process, status_t, chunk_t filename; status_t status = FAILED; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < PTS_FILE_META_SIZE) { DBG1(DBG_TNC, "insufficient data for PTS Unix-Style file metadata header"); - *offset = 0; return FAILED; } reader = bio_reader_create(this->value); @@ -266,6 +278,12 @@ end: return status; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_pts_attr_file_meta_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_pts_attr_file_meta_t *this) { @@ -306,6 +324,7 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -323,7 +342,8 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata) /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(size_t length, + chunk_t data) { private_tcg_pts_attr_file_meta_t *this; @@ -336,12 +356,14 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .get_metadata = _get_metadata, }, .type = { PEN_TCG, TCG_PTS_UNIX_FILE_META }, + .length = length, .value = chunk_clone(data), .ref = 1, ); diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h index 2118d3920..d08261cc9 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h @@ -1,5 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu + * Copyright (C) 2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -58,8 +59,10 @@ pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata); /** * Creates an tcg_pts_attr_file_meta_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(size_t length, + chunk_t value); #endif /** TCG_PTS_ATTR_UNIX_FILE_META_H_ @}*/ diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c new file mode 100644 index 000000000..010eaf83d --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c @@ -0,0 +1,254 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tcg_seg_attr_max_size.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> + +typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t; + +/** + * Maximum Attribute Size Request/Response + * see TCG IF-M Segmentation Specification + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Max Attribute Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Max Segment Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an tcg_seg_attr_max_size_t object. + */ +struct private_tcg_seg_attr_max_size_t { + + /** + * Public members of tcg_seg_attr_max_size_t + */ + tcg_seg_attr_max_size_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Maximum IF-M attribute size in octets + */ + uint32_t max_attr_size; + + /** + * Maximum IF-M attribute segment size in octets + */ + uint32_t max_seg_size; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_tcg_seg_attr_max_size_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_tcg_seg_attr_max_size_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_tcg_seg_attr_max_size_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_tcg_seg_attr_max_size_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_tcg_seg_attr_max_size_t *this) +{ + bio_writer_t *writer; + + if (this->value.ptr) + { + return; + } + writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE); + writer->write_uint32(writer, this->max_attr_size); + writer->write_uint32(writer, this->max_seg_size); + + this->value = writer->extract_buf(writer); + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_tcg_seg_attr_max_size_t *this, u_int32_t *offset) +{ + bio_reader_t *reader; + + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } + if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names, + this->type.type); + return FAILED; + } + reader = bio_reader_create(this->value); + reader->read_uint32(reader, &this->max_attr_size); + reader->read_uint32(reader, &this->max_seg_size); + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_seg_attr_max_size_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_tcg_seg_attr_max_size_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_seg_attr_max_size_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + +METHOD(tcg_seg_attr_max_size_t, get_attr_size, void, + private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size, + uint32_t *max_seg_size) +{ + if (max_attr_size) + { + *max_attr_size = this->max_attr_size; + } + if (max_seg_size) + { + *max_seg_size = this->max_seg_size; + } +} + +/** + * Described in header. + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size, + uint32_t max_seg_size, + bool request) +{ + private_tcg_seg_attr_max_size_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_attr_size = _get_attr_size, + }, + .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ : + TCG_SEG_MAX_ATTR_SIZE_RESP }, + .max_attr_size = max_attr_size, + .max_seg_size = max_seg_size, + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(size_t length, + chunk_t data, + bool request) +{ + private_tcg_seg_attr_max_size_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_attr_size = _get_attr_size, + }, + .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ : + TCG_SEG_MAX_ATTR_SIZE_RESP }, + .length = length, + .value = chunk_clone(data), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h new file mode 100644 index 000000000..72660acd5 --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size + * @{ @ingroup tcg_attr + */ + +#ifndef TCG_SEG_ATTR_MAX_SIZE_H_ +#define TCG_SEG_ATTR_MAX_SIZE_H_ + +typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t; + +#include "tcg/tcg_attr.h" + +#define TCG_SEG_ATTR_MAX_SIZE_SIZE 8 + +/** + * Class implementing the TCG Segmentation Maximum Attribute Size Attribute + */ +struct tcg_seg_attr_max_size_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get maximum IF-M attribute and segment size in octets + * + * @param max_attr_size Maximum IF-M attribute size in octets + * @param max_seg_size Maximum IF-M attribute segment size in octets + */ + void (*get_attr_size)(tcg_seg_attr_max_size_t *this, + uint32_t *max_attr_size, uint32_t *max_seg_size); + +}; + +/** + * Creates an tcg_seg_attr_max_size_t object + * + * @param max_attr_size Maximum IF-M attribute size in octets + * @param max_seg_size Maximum IF-M attribute segment size in octets + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size, + uint32_t max_seg_size, + bool request); + +/** + * Creates an tcg_seg_attr_max_size_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(size_t length, + chunk_t value, + bool request); + +#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/ diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c new file mode 100644 index 000000000..995f64cad --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c @@ -0,0 +1,258 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tcg_seg_attr_next_seg.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> + +typedef struct private_tcg_seg_attr_next_seg_t private_tcg_seg_attr_next_seg_t; + +typedef enum { + NEXT_SEG_FLAG_NONE = 0, + NEXT_SEG_FLAG_CANCEL = 1 +} next_seg_flags_t; + +/** + * Next Segment + * see TCG IF-M Segmentation Specification + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |C| Reserved | Base Attribute ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an tcg_seg_attr_next_seg_t object. + */ +struct private_tcg_seg_attr_next_seg_t { + + /** + * Public members of tcg_seg_attr_next_seg_t + */ + tcg_seg_attr_next_seg_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Cancel flag + */ + bool cancel_flag; + + /** + * Base Attribute ID + */ + uint32_t base_attr_id; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_tcg_seg_attr_next_seg_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_tcg_seg_attr_next_seg_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_tcg_seg_attr_next_seg_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_tcg_seg_attr_next_seg_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_tcg_seg_attr_next_seg_t *this) +{ + bio_writer_t *writer; + + if (this->value.ptr) + { + return; + } + writer = bio_writer_create(TCG_SEG_ATTR_NEXT_SEG_SIZE); + writer->write_uint8 (writer, this->cancel_flag ? NEXT_SEG_FLAG_CANCEL : + NEXT_SEG_FLAG_NONE); + writer->write_uint24(writer, this->base_attr_id); + + this->value = writer->extract_buf(writer); + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset) +{ + bio_reader_t *reader; + uint8_t flags; + + *offset = 0; + + if (this->value.len < this->length) + { + DBG1(DBG_TNC, "segmentation not allowed for %N", tcg_attr_names, + this->type.type); + return FAILED; + } + if (this->value.len < TCG_SEG_ATTR_NEXT_SEG_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names, + this->type.type); + return FAILED; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &flags); + reader->read_uint24(reader, &this->base_attr_id); + reader->destroy(reader); + + this->cancel_flag = (flags & NEXT_SEG_FLAG_CANCEL); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_seg_attr_next_seg_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_tcg_seg_attr_next_seg_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_seg_attr_next_seg_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + +METHOD(tcg_seg_attr_next_seg_t, get_base_attr_id, uint32_t, + private_tcg_seg_attr_next_seg_t *this) +{ + return this->base_attr_id; +} + +METHOD(tcg_seg_attr_next_seg_t, get_cancel_flag, bool, + private_tcg_seg_attr_next_seg_t *this) +{ + return this->cancel_flag; +} + +/** + * Described in header. + */ +pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel) +{ + private_tcg_seg_attr_next_seg_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_base_attr_id = _get_base_attr_id, + .get_cancel_flag = _get_cancel_flag, + }, + .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ }, + .base_attr_id = base_attr_id, + .cancel_flag = cancel, + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *tcg_seg_attr_next_seg_create_from_data(size_t length, + chunk_t data) +{ + private_tcg_seg_attr_next_seg_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_base_attr_id = _get_base_attr_id, + .get_cancel_flag = _get_cancel_flag, + }, + .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ }, + .length = length, + .value = chunk_clone(data), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h new file mode 100644 index 000000000..49a4d3666 --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tcg_seg_attr_next_seg tcg_seg_attr_next_seg + * @{ @ingroup tcg_attr + */ + +#ifndef TCG_SEG_ATTR_NEXT_SEG_H_ +#define TCG_SEG_ATTR_NEXT_SEG_H_ + +typedef struct tcg_seg_attr_next_seg_t tcg_seg_attr_next_seg_t; + +#include "tcg/tcg_attr.h" + +#define TCG_SEG_ATTR_NEXT_SEG_SIZE 4 + +/** + * Class implementing the TCG Segmentation Next Segment Attribute + */ +struct tcg_seg_attr_next_seg_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get Base Attribute ID + * + * @return Base Attribute ID + */ + uint32_t (*get_base_attr_id)(tcg_seg_attr_next_seg_t *this); + + /** + * Get the Cancel flag + * + * @return Cancel flag + */ + bool (*get_cancel_flag)(tcg_seg_attr_next_seg_t *this); + +}; + +/** + * Creates an tcg_seg_attr_next_seg_t object + * + * @param base_attr_id Base Attribute ID + * @param cancel If TRUE set Cancel flag + */ +pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel); + +/** + * Creates an tcg_seg_attr_next_seg_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + */ +pa_tnc_attr_t* tcg_seg_attr_next_seg_create_from_data(size_t length, + chunk_t value); + +#endif /** TCG_SEG_ATTR_NEXT_SEG_H_ @}*/ diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c new file mode 100644 index 000000000..4f767539c --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c @@ -0,0 +1,257 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tcg_seg_attr_seg_env.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> + +typedef struct private_tcg_seg_attr_seg_env_t private_tcg_seg_attr_seg_env_t; + +/** + * Attribute Segment Envelope + * see TCG IF-M Segmentation Specification + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |M|S| Reserved | Base Attribute ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Segment Value (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an tcg_seg_attr_seg_env_t object. + */ +struct private_tcg_seg_attr_seg_env_t { + + /** + * Public members of tcg_seg_attr_seg_env_t + */ + tcg_seg_attr_seg_env_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * PA-TNC segmentation flags + */ + uint8_t flags; + + /** + * Base Attribute ID + */ + uint32_t base_attr_id; + + /** + * Attribute value + */ + chunk_t segment; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_tcg_seg_attr_seg_env_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_tcg_seg_attr_seg_env_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_tcg_seg_attr_seg_env_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_tcg_seg_attr_seg_env_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_tcg_seg_attr_seg_env_t *this) +{ + /* constructor already allocated and built value */ + this->length = this->value.len; + return; +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset) +{ + bio_reader_t *reader; + + *offset = 0; + + if (this->value.len < this->length) + { + DBG1(DBG_TNC, "segmentation not allowed for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + return FAILED; + } + if (this->value.len < TCG_SEG_ATTR_SEG_ENV_HEADER) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + return FAILED; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &this->base_attr_id); + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_seg_attr_seg_env_t *this, chunk_t segment) +{ + /* no segments are expected */ +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_tcg_seg_attr_seg_env_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_seg_attr_seg_env_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + +METHOD(tcg_seg_attr_seg_env_t, get_segment, chunk_t, + private_tcg_seg_attr_seg_env_t *this, uint8_t *flags) +{ + if (flags) + { + *flags = this->flags; + } + return chunk_skip(this->value, TCG_SEG_ATTR_SEG_ENV_HEADER); +} + +METHOD(tcg_seg_attr_seg_env_t, get_base_attr_id, uint32_t, + private_tcg_seg_attr_seg_env_t *this) +{ + return this->base_attr_id; +} + +/** + * Described in header. + */ +pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags, + uint32_t base_attr_id) +{ + private_tcg_seg_attr_seg_env_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_base_attr_id = _get_base_attr_id, + .get_segment = _get_segment, + }, + .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV }, + .flags = flags, + .base_attr_id = base_attr_id, + .value = chunk_alloc(TCG_SEG_ATTR_SEG_ENV_HEADER + segment.len), + .ref = 1, + ); + + htoun32(this->value.ptr, base_attr_id); + *this->value.ptr = flags; + memcpy(this->value.ptr + TCG_SEG_ATTR_SEG_ENV_HEADER, + segment.ptr, segment.len); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *tcg_seg_attr_seg_env_create_from_data(size_t length, + chunk_t data) +{ + private_tcg_seg_attr_seg_env_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_base_attr_id = _get_base_attr_id, + .get_segment = _get_segment, + }, + .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV }, + .length = length, + .value = chunk_clone(data), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h new file mode 100644 index 000000000..a8b3d7c34 --- /dev/null +++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env + * @{ @ingroup tcg_attr + */ + +#ifndef TCG_SEG_ATTR_SEG_ENV_H_ +#define TCG_SEG_ATTR_SEG_ENV_H_ + +typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t; + +#include "tcg/tcg_attr.h" + +#define TCG_SEG_ATTR_SEG_ENV_HEADER 4 + +/** + * Class implementing the TCG Segmentation Envelope Attribute + */ +struct tcg_seg_attr_seg_env_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get enveloped attribute segment + * + * @param flags Segmentation flags + * @return Segment + */ + chunk_t (*get_segment)(tcg_seg_attr_seg_env_t *this, uint8_t *flags); + + /** + * Get Base Attribute ID + * + * @return Base Attribute ID + */ + uint32_t (*get_base_attr_id)(tcg_seg_attr_seg_env_t *this); + +}; + +/** + * Creates an tcg_seg_attr_seg_env_t object + * + * @param segment Attribute segment + * @param flags Segmentation flags + * @param base_attr_id Base Attribute ID + */ +pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags, + uint32_t base_attr_id); + +/** + * Creates an tcg_seg_attr_seg_env_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + */ +pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(size_t length, + chunk_t value); + +#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/ diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c index c403d06f9..561242758 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_req.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * |Reserved |C|S|R| Tag ID Count | + * |R|S|C| Reserved| Tag ID Count | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Request ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -44,7 +44,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -#define SWID_REQ_RESERVED_MASK 0x03 +#define SWID_REQ_RESERVED_MASK 0xE0 /** * Private data of an tcg_swid_attr_req_t object. @@ -62,7 +62,13 @@ struct private_tcg_swid_attr_req_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + + /** + * Attribute value or segment */ chunk_t value; @@ -151,6 +157,7 @@ METHOD(pa_tnc_attr_t, build, void, enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->length = this->value.len; writer->destroy(writer); } @@ -162,10 +169,15 @@ METHOD(pa_tnc_attr_t, process, status_t, chunk_t tag_creator, unique_sw_id; swid_tag_id_t *tag_id; + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } if (this->value.len < TCG_SWID_REQ_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for SWID Request"); - *offset = 0; return FAILED; } @@ -208,6 +220,12 @@ METHOD(pa_tnc_attr_t, process, status_t, return SUCCESS; } +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_swid_attr_req_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, private_tcg_swid_attr_req_t *this) { @@ -273,6 +291,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -296,7 +315,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, /** * Described in header. */ -pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data) { private_tcg_swid_attr_req_t *this; @@ -309,6 +328,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, @@ -319,6 +339,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data) .get_targets = _get_targets, }, .type = { PEN_TCG, TCG_SWID_REQUEST }, + .length = length, .value = chunk_clone(data), .targets = swid_inventory_create(FALSE), .ref = 1, diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h index 59b597d84..fd2ccdc4f 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_req.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h @@ -28,9 +28,9 @@ typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t; enum tcg_swid_attr_req_flag_t { TCG_SWID_ATTR_REQ_FLAG_NONE = 0, - TCG_SWID_ATTR_REQ_FLAG_R = (1 << 0), - TCG_SWID_ATTR_REQ_FLAG_S = (1 << 1), - TCG_SWID_ATTR_REQ_FLAG_C = (1 << 2) + TCG_SWID_ATTR_REQ_FLAG_R = (1 << 7), + TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6), + TCG_SWID_ATTR_REQ_FLAG_C = (1 << 5) }; #include "tcg/tcg_attr.h" @@ -98,8 +98,9 @@ pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, /** * Creates an tcg_swid_attr_req_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value); #endif /** TCG_SWID_ATTR_REQ_H_ @}*/ diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c index 33aa16d53..560d5878f 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c @@ -42,7 +42,7 @@ typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_i * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Unique Software ID Length |Unique Software ID (var length)| * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag File Path Length | Tag File Path (var. length) | + * | Instance ID Length | Instance ID (variable length) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -64,11 +64,26 @@ struct private_tcg_swid_attr_tag_id_inv_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer */ chunk_t value; /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** * Noskip flag */ bool noskip_flag; @@ -89,6 +104,11 @@ struct private_tcg_swid_attr_tag_id_inv_t { uint32_t last_eid; /** + * Number of SWID Tag IDs in attribute + */ + uint32_t tag_id_count; + + /** * SWID Tag ID Inventory */ swid_inventory_t *inventory; @@ -128,7 +148,7 @@ METHOD(pa_tnc_attr_t, build, void, { bio_writer_t *writer; swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, tag_file_path; + chunk_t tag_creator, unique_sw_id, instance_id; enumerator_t *enumerator; if (this->value.ptr) @@ -147,14 +167,16 @@ METHOD(pa_tnc_attr_t, build, void, while (enumerator->enumerate(enumerator, &tag_id)) { tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path); + unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id); writer->write_data16(writer, tag_creator); writer->write_data16(writer, unique_sw_id); - writer->write_data16(writer, tag_file_path); + writer->write_data16(writer, instance_id); } enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; writer->destroy(writer); } @@ -162,55 +184,74 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t tag_id_count; uint8_t reserved; - chunk_t tag_creator, unique_sw_id, tag_file_path; + chunk_t tag_creator, unique_sw_id, instance_id; swid_tag_id_t *tag_id; + status_t status = NEED_MORE; - if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE) + if (this->offset == 0) { - DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory"); - *offset = 0; - return FAILED; - } - - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &tag_id_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - *offset = TCG_SWID_TAG_ID_INV_MIN_SIZE; - - while (tag_id_count--) - { - if (!reader->read_data16(reader, &tag_creator)) + if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE) { - DBG1(DBG_TNC, "insufficient data for Tag Creator field"); + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; return FAILED; } - *offset += 2 + tag_creator.len; - - if (!reader->read_data16(reader, &unique_sw_id)) + if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE) { - DBG1(DBG_TNC, "insufficient data for Unique Software ID"); - return FAILED; + return NEED_MORE; } - *offset += 2 + unique_sw_id.len; - - if (!reader->read_data16(reader, &tag_file_path)) + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &this->tag_id_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &this->eid_epoch); + reader->read_uint32(reader, &this->last_eid); + this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE; + this->value = reader->peek(reader); + reader->destroy(reader); + } + + reader = bio_reader_create(this->value); + + while (this->tag_id_count) + { + if (!reader->read_data16(reader, &tag_creator) || + !reader->read_data16(reader, &unique_sw_id) || + !reader->read_data16(reader, &instance_id)) { - DBG1(DBG_TNC, "insufficient data for Tag File Path"); - return FAILED; + goto end; } - *offset += 2 + tag_file_path.len; - - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path); + tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id); this->inventory->add(this->inventory, tag_id); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); + + /* at least one tag ID was processed */ + status = SUCCESS; + this->tag_id_count--; } + + if (this->length != this->offset) + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; + } + +end: reader->destroy(reader); + return status; +} - return SUCCESS; +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; } METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, @@ -226,7 +267,7 @@ METHOD(pa_tnc_attr_t, destroy, void, if (ref_put(&this->ref)) { this->inventory->destroy(this->inventory); - free(this->value.ptr); + free(this->segment.ptr); free(this); } } @@ -253,12 +294,25 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t, return this->last_eid; } +METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t, + private_tcg_swid_attr_tag_id_inv_t *this) +{ + return this->tag_id_count; +} + METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*, private_tcg_swid_attr_tag_id_inv_t *this) { return this->inventory; } +METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void, + private_tcg_swid_attr_tag_id_inv_t *this) +{ + this->inventory->destroy(this->inventory); + this->inventory = swid_inventory_create(FALSE); +} + /** * Described in header. */ @@ -277,13 +331,16 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .get_request_id = _get_request_id, .get_last_eid = _get_last_eid, + .get_tag_id_count = _get_tag_id_count, .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, }, .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, .request_id = request_id, @@ -300,7 +357,8 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id, /** * Described in header. */ -pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length, + chunk_t data) { private_tcg_swid_attr_tag_id_inv_t *this; @@ -313,19 +371,26 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .get_request_id = _get_request_id, .get_last_eid = _get_last_eid, + .get_tag_id_count = _get_tag_id_count, .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, }, .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, - .value = chunk_clone(data), + .length = length, + .segment = chunk_clone(data), .inventory = swid_inventory_create(FALSE), .ref = 1, ); + /* received either complete attribute value or first segment */ + this->value = this->segment; + return &this->public.pa_tnc_attribute; } diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h index c4ade904e..e9db9b3c6 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h @@ -66,12 +66,24 @@ struct tcg_swid_attr_tag_id_inv_t { uint32_t *eid_epoch); /** + * Get count of remaining SWID tag IDs + * + * @return SWID Tag ID count + */ + uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this); + + /** * Get Inventory of SWID tag IDs * * @result SWID Tag ID Inventory */ swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this); + /** + * Remove all SWID Tag IDs from the Inventory + */ + void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this); + }; /** @@ -88,8 +100,10 @@ pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id, /** * Creates an tcg_swid_attr_tag_id_inv_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length, + chunk_t value); #endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/ diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c index fbb94c6c2..013482441 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c @@ -38,7 +38,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t; * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Last EID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag File Path Length | Tag File Path (var length) | + * | Instance ID Length | Instance ID (var. length) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Tag Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -64,11 +64,26 @@ struct private_tcg_swid_attr_tag_inv_t { pen_type_t type; /** - * Attribute value + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer */ chunk_t value; /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** * Noskip flag */ bool noskip_flag; @@ -89,6 +104,11 @@ struct private_tcg_swid_attr_tag_inv_t { uint32_t last_eid; /** + * Number of SWID Tags in attribute + */ + uint32_t tag_count; + + /** * SWID Tag Inventory */ swid_inventory_t *inventory; @@ -145,12 +165,14 @@ METHOD(pa_tnc_attr_t, build, void, enumerator = this->inventory->create_enumerator(this->inventory); while (enumerator->enumerate(enumerator, &tag)) { - writer->write_data16(writer, tag->get_tag_file_path(tag)); + writer->write_data16(writer, tag->get_instance_id(tag)); writer->write_data32(writer, tag->get_encoding(tag)); } enumerator->destroy(enumerator); this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; writer->destroy(writer); } @@ -158,48 +180,73 @@ METHOD(pa_tnc_attr_t, process, status_t, private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t tag_count; uint8_t reserved; - chunk_t tag_encoding, tag_file_path; + chunk_t tag_encoding, instance_id; swid_tag_t *tag; + status_t status = NEED_MORE; - if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE) + if (this->offset == 0) { - DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory"); - *offset = 0; - return FAILED; + if (this->length < TCG_SWID_TAG_INV_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &this->tag_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &this->eid_epoch); + reader->read_uint32(reader, &this->last_eid); + this->offset = TCG_SWID_TAG_INV_MIN_SIZE; + this->value = reader->peek(reader); + reader->destroy(reader); } reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &tag_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - *offset = TCG_SWID_TAG_INV_MIN_SIZE; - - while (tag_count--) + + while (this->tag_count) { - if (!reader->read_data16(reader, &tag_file_path)) + if (!reader->read_data16(reader, &instance_id) || + !reader->read_data32(reader, &tag_encoding)) { - DBG1(DBG_TNC, "insufficient data for Tag File Path"); - return FAILED; + goto end; } - *offset += 2 + tag_file_path.len; + tag = swid_tag_create(tag_encoding, instance_id); + this->inventory->add(this->inventory, tag); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); - if (!reader->read_data32(reader, &tag_encoding)) - { - DBG1(DBG_TNC, "insufficient data for Tag"); - return FAILED; - } - *offset += 4 + tag_encoding.len; + /* at least one tag was processed */ + status = SUCCESS; + this->tag_count--; + } - tag = swid_tag_create(tag_encoding, tag_file_path); - this->inventory->add(this->inventory, tag); + if (this->length != this->offset) + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, + tcg_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; } + +end: reader->destroy(reader); + return status; +} - return SUCCESS; +METHOD(pa_tnc_attr_t, add_segment, void, + private_tcg_swid_attr_tag_inv_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; } METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, @@ -215,7 +262,7 @@ METHOD(pa_tnc_attr_t, destroy, void, if (ref_put(&this->ref)) { this->inventory->destroy(this->inventory); - free(this->value.ptr); + free(this->segment.ptr); free(this); } } @@ -242,12 +289,25 @@ METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t, return this->last_eid; } +METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t, + private_tcg_swid_attr_tag_inv_t *this) +{ + return this->tag_count; +} + METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*, private_tcg_swid_attr_tag_inv_t *this) { return this->inventory; } +METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void, + private_tcg_swid_attr_tag_inv_t *this) +{ + this->inventory->destroy(this->inventory); + this->inventory = swid_inventory_create(TRUE); +} + /** * Described in header. */ @@ -265,13 +325,16 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id, .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .get_request_id = _get_request_id, .get_last_eid = _get_last_eid, + .get_tag_count = _get_tag_count, .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, }, .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, .request_id = request_id, @@ -284,11 +347,11 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id, return &this->public.pa_tnc_attribute; } - /** * Described in header. */ -pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data) +pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length, + chunk_t data) { private_tcg_swid_attr_tag_inv_t *this; @@ -301,19 +364,26 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data) .set_noskip_flag = _set_noskip_flag, .build = _build, .process = _process, + .add_segment = _add_segment, .get_ref = _get_ref, .destroy = _destroy, }, .add = _add, .get_request_id = _get_request_id, .get_last_eid = _get_last_eid, + .get_tag_count = _get_tag_count, .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, }, .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, - .value = chunk_clone(data), + .length = length, + .segment = chunk_clone(data), .inventory = swid_inventory_create(TRUE), .ref = 1, ); + /* received either complete attribute value or first segment */ + this->value = this->segment; + return &this->public.pa_tnc_attribute; } diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h index 69966c7d6..43ebd9e2a 100644 --- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h @@ -65,12 +65,24 @@ struct tcg_swid_attr_tag_inv_t { uint32_t *eid_epoch); /** + * Get count of remaining SWID tags + * + * @return SWID Tag count + */ + uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this); + + /** * Get Inventory of SWID tags * * @result SWID Tag Inventory */ swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this); + /** + * Remove all SWID Tags from the Inventory + */ + void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this); + }; /** @@ -87,8 +99,10 @@ pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id, /** * Creates an tcg_swid_attr_tag_inv_t object from received data * - * @param value unparsed attribute value + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) */ -pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(chunk_t value); +pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length, + chunk_t value); #endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/ diff --git a/src/libpts/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c index f9c6c46cf..79492913b 100644 --- a/src/libpts/tcg/tcg_attr.c +++ b/src/libimcv/tcg/tcg_attr.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -33,6 +34,9 @@ #include "tcg/swid/tcg_swid_attr_req.h" #include "tcg/swid/tcg_swid_attr_tag_id_inv.h" #include "tcg/swid/tcg_swid_attr_tag_inv.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "tcg/seg/tcg_seg_attr_next_seg.h" ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES, TCG_SCAP_SUMMARY_RESULTS, @@ -50,9 +54,17 @@ ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST, "SWID Tag Identifier Events", "SWID Tag Inventory", "SWID Tag Events"); +ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ, + TCG_SEG_CANCEL_SEG_EXCH, + TCG_SWID_TAG_EVENTS, + "Max Attribute Size Request", + "Max Attribute Size Response", + "Attribute Segment Envelope", + "Next Segment Request", + "Cancel Segment Exchange"); ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID, TCG_PTS_REQ_FUNC_COMP_EVID, - TCG_SWID_TAG_EVENTS, + TCG_SEG_CANCEL_SEG_EXCH, "Request Functional Component Evidence"); ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID, TCG_PTS_GEN_ATTEST_EVID, @@ -171,54 +183,73 @@ ENUM_END(tcg_attr_names, TCG_PTS_AIK); /** * See header */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value) +pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value) { switch (type) { case TCG_SWID_REQUEST: - return tcg_swid_attr_req_create_from_data(value); + return tcg_swid_attr_req_create_from_data(length, value); case TCG_SWID_TAG_ID_INVENTORY: - return tcg_swid_attr_tag_id_inv_create_from_data(value); + return tcg_swid_attr_tag_id_inv_create_from_data(length, value); case TCG_SWID_TAG_INVENTORY: - return tcg_swid_attr_tag_inv_create_from_data(value); + return tcg_swid_attr_tag_inv_create_from_data(length, value); + case TCG_SEG_MAX_ATTR_SIZE_REQ: + return tcg_seg_attr_max_size_create_from_data(length, value, TRUE); + case TCG_SEG_MAX_ATTR_SIZE_RESP: + return tcg_seg_attr_max_size_create_from_data(length, value, FALSE); + case TCG_SEG_ATTR_SEG_ENV: + return tcg_seg_attr_seg_env_create_from_data(length, value); + case TCG_SEG_NEXT_SEG_REQ: + return tcg_seg_attr_next_seg_create_from_data(length, value); case TCG_PTS_REQ_PROTO_CAPS: - return tcg_pts_attr_proto_caps_create_from_data(value, TRUE); + return tcg_pts_attr_proto_caps_create_from_data(length, value, + TRUE); case TCG_PTS_PROTO_CAPS: - return tcg_pts_attr_proto_caps_create_from_data(value, FALSE); + return tcg_pts_attr_proto_caps_create_from_data(length, value, + FALSE); case TCG_PTS_DH_NONCE_PARAMS_REQ: - return tcg_pts_attr_dh_nonce_params_req_create_from_data(value); + return tcg_pts_attr_dh_nonce_params_req_create_from_data(length, + value); case TCG_PTS_DH_NONCE_PARAMS_RESP: - return tcg_pts_attr_dh_nonce_params_resp_create_from_data(value); + return tcg_pts_attr_dh_nonce_params_resp_create_from_data(length, + value); case TCG_PTS_DH_NONCE_FINISH: - return tcg_pts_attr_dh_nonce_finish_create_from_data(value); + return tcg_pts_attr_dh_nonce_finish_create_from_data(length, value); case TCG_PTS_MEAS_ALGO: - return tcg_pts_attr_meas_algo_create_from_data(value, FALSE); + return tcg_pts_attr_meas_algo_create_from_data(length, value, + FALSE); case TCG_PTS_MEAS_ALGO_SELECTION: - return tcg_pts_attr_meas_algo_create_from_data(value, TRUE); + return tcg_pts_attr_meas_algo_create_from_data(length, value, + TRUE); case TCG_PTS_GET_TPM_VERSION_INFO: - return tcg_pts_attr_get_tpm_version_info_create_from_data(value); + return tcg_pts_attr_get_tpm_version_info_create_from_data(length, + value); case TCG_PTS_TPM_VERSION_INFO: - return tcg_pts_attr_tpm_version_info_create_from_data(value); + return tcg_pts_attr_tpm_version_info_create_from_data(length, + value); case TCG_PTS_GET_AIK: - return tcg_pts_attr_get_aik_create_from_data(value); + return tcg_pts_attr_get_aik_create_from_data(length, value); case TCG_PTS_AIK: - return tcg_pts_attr_aik_create_from_data(value); + return tcg_pts_attr_aik_create_from_data(length, value); case TCG_PTS_REQ_FUNC_COMP_EVID: - return tcg_pts_attr_req_func_comp_evid_create_from_data(value); + return tcg_pts_attr_req_func_comp_evid_create_from_data(length, + value); case TCG_PTS_GEN_ATTEST_EVID: - return tcg_pts_attr_gen_attest_evid_create_from_data(value); + return tcg_pts_attr_gen_attest_evid_create_from_data(length, value); case TCG_PTS_SIMPLE_COMP_EVID: - return tcg_pts_attr_simple_comp_evid_create_from_data(value); + return tcg_pts_attr_simple_comp_evid_create_from_data(length, + value); case TCG_PTS_SIMPLE_EVID_FINAL: - return tcg_pts_attr_simple_evid_final_create_from_data(value); + return tcg_pts_attr_simple_evid_final_create_from_data(length, + value); case TCG_PTS_REQ_FILE_MEAS: - return tcg_pts_attr_req_file_meas_create_from_data(value); + return tcg_pts_attr_req_file_meas_create_from_data(length, value); case TCG_PTS_FILE_MEAS: - return tcg_pts_attr_file_meas_create_from_data(value); + return tcg_pts_attr_file_meas_create_from_data(length, value); case TCG_PTS_REQ_FILE_META: - return tcg_pts_attr_req_file_meta_create_from_data(value); + return tcg_pts_attr_req_file_meta_create_from_data(length, value); case TCG_PTS_UNIX_FILE_META: - return tcg_pts_attr_unix_file_meta_create_from_data(value); + return tcg_pts_attr_unix_file_meta_create_from_data(length, value); /* unsupported TCG/SWID attributes */ case TCG_SWID_TAG_ID_EVENTS: case TCG_SWID_TAG_EVENTS: diff --git a/src/libpts/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h index 085dae650..9523f8e18 100644 --- a/src/libpts/tcg/tcg_attr.h +++ b/src/libimcv/tcg/tcg_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,7 @@ /** * @defgroup tcg_attr tcg_attr - * @{ @ingroup libpts + * @{ @ingroup libimcv */ #ifndef TCG_ATTR_H_ @@ -46,6 +46,13 @@ enum tcg_attr_t { TCG_SWID_TAG_INVENTORY = 0x00000014, TCG_SWID_TAG_EVENTS = 0x00000015, + /* IF-M Attribute Segmentation */ + TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021, + TCG_SEG_MAX_ATTR_SIZE_RESP = 0x00000022, + TCG_SEG_ATTR_SEG_ENV = 0x00000023, + TCG_SEG_NEXT_SEG_REQ = 0x00000024, + TCG_SEG_CANCEL_SEG_EXCH = 0x00000025, + /* PTS Protocol Negotiations */ TCG_PTS_REQ_PROTO_CAPS = 0x01000000, TCG_PTS_PROTO_CAPS = 0x02000000, @@ -89,8 +96,10 @@ extern enum_name_t *tcg_attr_names; * Create a TCG PA-TNC attribute from data * * @param type attribute type - * @param value attribute value + * @param length attribute length + * @param value attribute value or segment */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value); +pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, + chunk_t value); #endif /** TCG_ATTR_H_ @}*/ diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 31494edaf..3663cf825 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -272,6 +272,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -332,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -397,6 +399,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -444,6 +448,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 181cb88db..0998efa9d 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2014 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,6 +26,33 @@ #include <netinet/ip6.h> #endif +/** + * TCP header, defined here because platforms disagree regarding member names + * and unfortunately Android does not define a variant with BSD names. + */ +struct tcphdr { + u_int16_t source; + u_int16_t dest; + u_int32_t seq; + u_int32_t ack_seq; + u_int16_t flags; + u_int16_t window; + u_int16_t check; + u_int16_t urg_ptr; +} __attribute__((packed)); + +/** + * UDP header, similar to the TCP header the system headers disagree on member + * names. Linux uses a union and on Android we could define __FAVOR_BSD to get + * the BSD member names, but this is simpler and more consistent with the above. + */ +struct udphdr { + u_int16_t source; + u_int16_t dest; + u_int16_t len; + u_int16_t check; +} __attribute__((packed)); + typedef struct private_ip_packet_t private_ip_packet_t; /** @@ -54,6 +81,11 @@ struct private_ip_packet_t { chunk_t packet; /** + * IP payload (points into packet) + */ + chunk_t payload; + + /** * IP version */ u_int8_t version; @@ -89,6 +121,12 @@ METHOD(ip_packet_t, get_encoding, chunk_t, return this->packet; } +METHOD(ip_packet_t, get_payload, chunk_t, + private_ip_packet_t *this) +{ + return this->payload; +} + METHOD(ip_packet_t, get_next_header, u_int8_t, private_ip_packet_t *this) { @@ -111,13 +149,57 @@ METHOD(ip_packet_t, destroy, void, } /** + * Parse transport protocol header + */ +static bool parse_transport_header(chunk_t packet, u_int8_t proto, + u_int16_t *sport, u_int16_t *dport) +{ + switch (proto) + { + case IPPROTO_UDP: + { + struct udphdr *udp; + + if (packet.len < sizeof(*udp)) + { + DBG1(DBG_ESP, "UDP packet too short"); + return FALSE; + } + udp = (struct udphdr*)packet.ptr; + *sport = ntohs(udp->source); + *dport = ntohs(udp->dest); + break; + } + case IPPROTO_TCP: + { + struct tcphdr *tcp; + + if (packet.len < sizeof(*tcp)) + { + DBG1(DBG_ESP, "TCP packet too short"); + return FALSE; + } + tcp = (struct tcphdr*)packet.ptr; + *sport = ntohs(tcp->source); + *dport = ntohs(tcp->dest); + break; + } + default: + break; + } + return TRUE; +} + +/** * Described in header. */ ip_packet_t *ip_packet_create(chunk_t packet) { private_ip_packet_t *this; u_int8_t version, next_header; + u_int16_t sport = 0, dport = 0; host_t *src, *dst; + chunk_t payload; if (packet.len < 1) { @@ -141,11 +223,15 @@ ip_packet_t *ip_packet_create(chunk_t packet) ip = (struct ip*)packet.ptr; /* remove any RFC 4303 TFC extra padding */ packet.len = min(packet.len, untoh16(&ip->ip_len)); - + payload = chunk_skip(packet, ip->ip_hl * 4); + if (!parse_transport_header(payload, ip->ip_p, &sport, &dport)) + { + goto failed; + } src = host_create_from_chunk(AF_INET, - chunk_from_thing(ip->ip_src), 0); + chunk_from_thing(ip->ip_src), sport); dst = host_create_from_chunk(AF_INET, - chunk_from_thing(ip->ip_dst), 0); + chunk_from_thing(ip->ip_dst), dport); next_header = ip->ip_p; break; } @@ -154,19 +240,25 @@ ip_packet_t *ip_packet_create(chunk_t packet) { struct ip6_hdr *ip; - if (packet.len < sizeof(struct ip6_hdr)) + if (packet.len < sizeof(*ip)) { DBG1(DBG_ESP, "IPv6 packet too short"); goto failed; } ip = (struct ip6_hdr*)packet.ptr; /* remove any RFC 4303 TFC extra padding */ - packet.len = min(packet.len, untoh16(&ip->ip6_plen)); - + packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen)); + /* we only handle packets without extension headers, just skip the + * basic IPv6 header */ + payload = chunk_skip(packet, 40); + if (!parse_transport_header(payload, ip->ip6_nxt, &sport, &dport)) + { + goto failed; + } src = host_create_from_chunk(AF_INET6, - chunk_from_thing(ip->ip6_src), 0); + chunk_from_thing(ip->ip6_src), sport); dst = host_create_from_chunk(AF_INET6, - chunk_from_thing(ip->ip6_dst), 0); + chunk_from_thing(ip->ip6_dst), dport); next_header = ip->ip6_nxt; break; } @@ -183,12 +275,14 @@ ip_packet_t *ip_packet_create(chunk_t packet) .get_destination = _get_destination, .get_next_header = _get_next_header, .get_encoding = _get_encoding, + .get_payload = _get_payload, .clone = _clone_, .destroy = _destroy, }, .src = src, .dst = dst, .packet = packet, + .payload = payload, .version = version, .next_header = next_header, ); @@ -198,3 +292,189 @@ failed: chunk_free(&packet); return NULL; } + +/** + * Calculate the checksum for the pseudo IP header + */ +static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, + u_int8_t proto, chunk_t payload) +{ + switch (src->get_family(src)) + { + case AF_INET: + { + struct __attribute__((packed)) { + u_int32_t src; + u_int32_t dst; + u_char zero; + u_char proto; + u_int16_t len; + } pseudo = { + .proto = proto, + .len = htons(payload.len), + }; + memcpy(&pseudo.src, src->get_address(src).ptr, + sizeof(pseudo.src)); + memcpy(&pseudo.dst, dst->get_address(dst).ptr, + sizeof(pseudo.dst)); + return chunk_internet_checksum(chunk_from_thing(pseudo)); + } + case AF_INET6: + { + struct __attribute__((packed)) { + u_char src[16]; + u_char dst[16]; + u_int32_t len; + u_char zero[3]; + u_char next_header; + } pseudo = { + .next_header = proto, + .len = htons(payload.len), + }; + memcpy(&pseudo.src, src->get_address(src).ptr, + sizeof(pseudo.src)); + memcpy(&pseudo.dst, dst->get_address(dst).ptr, + sizeof(pseudo.dst)); + return chunk_internet_checksum(chunk_from_thing(pseudo)); + } + } + return 0xffff; +} + +/** + * Apply transport ports and calculate header checksums + */ +static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto, + chunk_t payload) +{ + u_int16_t sum = 0, sport, dport; + + sport = src->get_port(src); + dport = dst->get_port(dst); + + switch (proto) + { + case IPPROTO_UDP: + { + struct udphdr *udp; + + if (payload.len < sizeof(*udp)) + { + return; + } + udp = (struct udphdr*)payload.ptr; + if (sport != 0) + { + udp->source = htons(sport); + } + if (dport != 0) + { + udp->dest = htons(dport); + } + udp->check = 0; + sum = pseudo_header_checksum(src, dst, proto, payload); + udp->check = chunk_internet_checksum_inc(payload, sum); + break; + } + case IPPROTO_TCP: + { + struct tcphdr *tcp; + + if (payload.len < sizeof(*tcp)) + { + return; + } + tcp = (struct tcphdr*)payload.ptr; + if (sport != 0) + { + tcp->source = htons(sport); + } + if (dport != 0) + { + tcp->dest = htons(dport); + } + tcp->check = 0; + sum = pseudo_header_checksum(src, dst, proto, payload); + tcp->check = chunk_internet_checksum_inc(payload, sum); + break; + } + default: + break; + } +} + +/** + * Described in header. + */ +ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, + u_int8_t next_header, chunk_t data) +{ + chunk_t packet; + int family; + + family = src->get_family(src); + if (family != dst->get_family(dst)) + { + DBG1(DBG_ESP, "address family does not match"); + return NULL; + } + + switch (family) + { + case AF_INET: + { + struct ip ip = { + .ip_v = 4, + .ip_hl = 5, + .ip_len = htons(20 + data.len), + .ip_ttl = 0x80, + .ip_p = next_header, + }; + memcpy(&ip.ip_src, src->get_address(src).ptr, sizeof(ip.ip_src)); + memcpy(&ip.ip_dst, dst->get_address(dst).ptr, sizeof(ip.ip_dst)); + ip.ip_sum = chunk_internet_checksum(chunk_from_thing(ip)); + + packet = chunk_cat("cc", chunk_from_thing(ip), data); + fix_transport_header(src, dst, next_header, chunk_skip(packet, 20)); + return ip_packet_create(packet); + } +#ifdef HAVE_NETINET_IP6_H + case AF_INET6: + { + struct ip6_hdr ip = { + .ip6_flow = htonl(6), + .ip6_plen = htons(40 + data.len), + .ip6_nxt = next_header, + .ip6_hlim = 0x80, + }; + memcpy(&ip.ip6_src, src->get_address(src).ptr, sizeof(ip.ip6_src)); + memcpy(&ip.ip6_dst, dst->get_address(dst).ptr, sizeof(ip.ip6_dst)); + + packet = chunk_cat("cc", chunk_from_thing(ip), data); + fix_transport_header(src, dst, next_header, chunk_skip(packet, 40)); + return ip_packet_create(packet); + } +#endif /* HAVE_NETINET_IP6_H */ + default: + DBG1(DBG_ESP, "unsupported address family"); + return NULL; + } +} + +/** + * Described in header. + */ +ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst, + chunk_t data) +{ + struct udphdr udp = { + .len = htons(8 + data.len), + .check = 0, + }; + ip_packet_t *packet; + + data = chunk_cat("cc", chunk_from_thing(udp), data); + packet = ip_packet_create_from_data(src, dst, IPPROTO_UDP, data); + chunk_free(&data); + return packet; +} diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h index de817e23e..fa38eac2c 100644 --- a/src/libipsec/ip_packet.h +++ b/src/libipsec/ip_packet.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2014 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -68,6 +68,13 @@ struct ip_packet_t { chunk_t (*get_encoding)(ip_packet_t *this); /** + * Get only the payload + * + * @return IP payload (internal data) + */ + chunk_t (*get_payload)(ip_packet_t *this); + + /** * Clone the IP packet * * @return clone of the packet @@ -93,4 +100,30 @@ struct ip_packet_t { */ ip_packet_t *ip_packet_create(chunk_t packet); +/** + * Encode an IP packet from the given data. + * + * If src and/or dst have ports set they are applied to UDP/TCP headers found + * in the packet. + * + * @param src source address and optional port (cloned) + * @param dst destination address and optional port (cloned) + * @param next_header the protocol (IPv4) or next header (IPv6) + * @param data complete data after basic IP header (cloned) + * @return ip_packet_t instance, or NULL if invalid + */ +ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, + u_int8_t next_header, chunk_t data); + +/** + * Encode a UDP packet from the given data. + * + * @param src source address and port (cloned) + * @param dst destination address and port (cloned) + * @param data UDP data (cloned) + * @return ip_packet_t instance, or NULL if invalid + */ +ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst, + chunk_t data); + #endif /** IP_PACKET_H_ @}*/ diff --git a/src/libpts/Android.mk b/src/libpts/Android.mk deleted file mode 100644 index ce328c52c..000000000 --- a/src/libpts/Android.mk +++ /dev/null @@ -1,78 +0,0 @@ -LOCAL_PATH := $(call my-dir) -include $(CLEAR_VARS) - -# copy-n-paste from Makefile.am -libpts_la_SOURCES := \ - libpts.h libpts.c \ - pts/pts.h pts/pts.c \ - pts/pts_error.h pts/pts_error.c \ - pts/pts_pcr.h pts/pts_pcr.c \ - pts/pts_proto_caps.h \ - pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ - pts/pts_creds.h pts/pts_creds.c \ - pts/pts_database.h pts/pts_database.c \ - pts/pts_dh_group.h pts/pts_dh_group.c \ - pts/pts_file_meas.h pts/pts_file_meas.c \ - pts/pts_file_meta.h pts/pts_file_meta.c \ - pts/pts_file_type.h pts/pts_file_type.c \ - pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ - pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ - pts/pts_meas_algo.h pts/pts_meas_algo.c \ - pts/components/pts_component.h \ - pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ - pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ - pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ - pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ - pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ - pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ - pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ - pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ - tcg/tcg_attr.h tcg/tcg_attr.c \ - tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ - tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ - tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ - tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ - tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ - tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ - tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ - tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ - tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ - tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ - tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ - tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ - tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c - -LOCAL_SRC_FILES := $(filter %.c,$(libpts_la_SOURCES)) - -# build libpts ----------------------------------------------------------------- - -LOCAL_C_INCLUDES += \ - $(strongswan_PATH)/src/libtncif \ - $(strongswan_PATH)/src/libimcv \ - $(strongswan_PATH)/src/libstrongswan - -LOCAL_CFLAGS := $(strongswan_CFLAGS) - -LOCAL_MODULE := libpts - -LOCAL_MODULE_TAGS := optional - -LOCAL_ARM_MODE := arm - -LOCAL_PRELINK_MODULE := false - -LOCAL_SHARED_LIBRARIES += libstrongswan libimcv - -include $(BUILD_SHARED_LIBRARY) diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am deleted file mode 100644 index ea685d837..000000000 --- a/src/libpts/Makefile.am +++ /dev/null @@ -1,94 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv - -AM_LDFLAGS = \ - -no-undefined - -ipseclib_LTLIBRARIES = libpts.la - -libpts_la_LIBADD = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libimcv/libimcv.la - -if USE_WINDOWS - libpts_la_LIBADD += -lws2_32 -endif - -if USE_TROUSERS - libpts_la_LIBADD += -ltspi -endif - -libpts_la_SOURCES = \ - libpts.h libpts.c \ - pts/pts.h pts/pts.c \ - pts/pts_error.h pts/pts_error.c \ - pts/pts_pcr.h pts/pts_pcr.c \ - pts/pts_proto_caps.h \ - pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ - pts/pts_creds.h pts/pts_creds.c \ - pts/pts_database.h pts/pts_database.c \ - pts/pts_dh_group.h pts/pts_dh_group.c \ - pts/pts_file_meas.h pts/pts_file_meas.c \ - pts/pts_file_meta.h pts/pts_file_meta.c \ - pts/pts_file_type.h pts/pts_file_type.c \ - pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ - pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ - pts/pts_meas_algo.h pts/pts_meas_algo.c \ - pts/components/pts_component.h \ - pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ - pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ - pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ - pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ - pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ - pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ - pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ - pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ - tcg/tcg_attr.h tcg/tcg_attr.c \ - tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ - tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ - tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ - tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ - tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ - tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ - tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ - tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ - tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ - tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ - tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ - tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ - tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c - -EXTRA_DIST = Android.mk - -SUBDIRS = . - -if USE_IMC_ATTESTATION - SUBDIRS += plugins/imc_attestation -endif - -if USE_IMV_ATTESTATION - SUBDIRS += plugins/imv_attestation -endif - -if USE_IMC_SWID - SUBDIRS += plugins/imc_swid -endif - -if USE_IMV_SWID - SUBDIRS += plugins/imv_swid -endif diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in deleted file mode 100644 index 405b5f7ce..000000000 --- a/src/libpts/Makefile.in +++ /dev/null @@ -1,1181 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@USE_WINDOWS_TRUE@am__append_1 = -lws2_32 -@USE_TROUSERS_TRUE@am__append_2 = -ltspi -@USE_IMC_ATTESTATION_TRUE@am__append_3 = plugins/imc_attestation -@USE_IMV_ATTESTATION_TRUE@am__append_4 = plugins/imv_attestation -@USE_IMC_SWID_TRUE@am__append_5 = plugins/imc_swid -@USE_IMV_SWID_TRUE@am__append_6 = plugins/imv_swid -subdir = src/libpts -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(ipseclibdir)" -LTLIBRARIES = $(ipseclib_LTLIBRARIES) -am__DEPENDENCIES_1 = -libpts_la_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libimcv/libimcv.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -am__dirstamp = $(am__leading_dot)dirstamp -am_libpts_la_OBJECTS = libpts.lo pts/pts.lo pts/pts_error.lo \ - pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \ - pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \ - pts/pts_file_type.lo pts/pts_ima_bios_list.lo \ - pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \ - pts/components/pts_component_manager.lo \ - pts/components/pts_comp_evidence.lo \ - pts/components/pts_comp_func_name.lo \ - pts/components/ita/ita_comp_func_name.lo \ - pts/components/ita/ita_comp_ima.lo \ - pts/components/ita/ita_comp_tboot.lo \ - pts/components/ita/ita_comp_tgrub.lo \ - pts/components/tcg/tcg_comp_func_name.lo swid/swid_error.lo \ - swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \ - tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \ - tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ - tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ - tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \ - tcg/pts/tcg_pts_attr_meas_algo.lo \ - tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \ - tcg/pts/tcg_pts_attr_tpm_version_info.lo \ - tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \ - tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \ - tcg/pts/tcg_pts_attr_gen_attest_evid.lo \ - tcg/pts/tcg_pts_attr_simple_comp_evid.lo \ - tcg/pts/tcg_pts_attr_simple_evid_final.lo \ - tcg/pts/tcg_pts_attr_req_file_meas.lo \ - tcg/pts/tcg_pts_attr_file_meas.lo \ - tcg/pts/tcg_pts_attr_req_file_meta.lo \ - tcg/pts/tcg_pts_attr_unix_file_meta.lo \ - tcg/swid/tcg_swid_attr_req.lo \ - tcg/swid/tcg_swid_attr_tag_id_inv.lo \ - tcg/swid/tcg_swid_attr_tag_inv.lo -libpts_la_OBJECTS = $(am_libpts_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libpts_la_SOURCES) -DIST_SOURCES = $(libpts_la_SOURCES) -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = . plugins/imc_attestation plugins/imv_attestation \ - plugins/imc_swid plugins/imv_swid -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -h_plugins = @h_plugins@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -libdir = @libdir@ -libexecdir = @libexecdir@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv - -AM_LDFLAGS = \ - -no-undefined - -ipseclib_LTLIBRARIES = libpts.la -libpts_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libimcv/libimcv.la $(am__append_1) \ - $(am__append_2) -libpts_la_SOURCES = \ - libpts.h libpts.c \ - pts/pts.h pts/pts.c \ - pts/pts_error.h pts/pts_error.c \ - pts/pts_pcr.h pts/pts_pcr.c \ - pts/pts_proto_caps.h \ - pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ - pts/pts_creds.h pts/pts_creds.c \ - pts/pts_database.h pts/pts_database.c \ - pts/pts_dh_group.h pts/pts_dh_group.c \ - pts/pts_file_meas.h pts/pts_file_meas.c \ - pts/pts_file_meta.h pts/pts_file_meta.c \ - pts/pts_file_type.h pts/pts_file_type.c \ - pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \ - pts/pts_ima_event_list.h pts/pts_ima_event_list.c \ - pts/pts_meas_algo.h pts/pts_meas_algo.c \ - pts/components/pts_component.h \ - pts/components/pts_component_manager.h pts/components/pts_component_manager.c \ - pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \ - pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \ - pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \ - pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \ - pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \ - pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \ - pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ - tcg/tcg_attr.h tcg/tcg_attr.c \ - tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ - tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \ - tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \ - tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \ - tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \ - tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \ - tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \ - tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \ - tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \ - tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \ - tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \ - tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \ - tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ - tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ - tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c - -EXTRA_DIST = Android.mk -SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) -all: all-recursive - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libpts/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ - } - -uninstall-ipseclibLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ - done - -clean-ipseclibLTLIBRARIES: - -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) - @list='$(ipseclib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } -pts/$(am__dirstamp): - @$(MKDIR_P) pts - @: > pts/$(am__dirstamp) -pts/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) pts/$(DEPDIR) - @: > pts/$(DEPDIR)/$(am__dirstamp) -pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_file_meas.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_file_meta.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_file_type.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/pts_meas_algo.lo: pts/$(am__dirstamp) \ - pts/$(DEPDIR)/$(am__dirstamp) -pts/components/$(am__dirstamp): - @$(MKDIR_P) pts/components - @: > pts/components/$(am__dirstamp) -pts/components/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) pts/components/$(DEPDIR) - @: > pts/components/$(DEPDIR)/$(am__dirstamp) -pts/components/pts_component_manager.lo: \ - pts/components/$(am__dirstamp) \ - pts/components/$(DEPDIR)/$(am__dirstamp) -pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \ - pts/components/$(DEPDIR)/$(am__dirstamp) -pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \ - pts/components/$(DEPDIR)/$(am__dirstamp) -pts/components/ita/$(am__dirstamp): - @$(MKDIR_P) pts/components/ita - @: > pts/components/ita/$(am__dirstamp) -pts/components/ita/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) pts/components/ita/$(DEPDIR) - @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp) -pts/components/ita/ita_comp_func_name.lo: \ - pts/components/ita/$(am__dirstamp) \ - pts/components/ita/$(DEPDIR)/$(am__dirstamp) -pts/components/ita/ita_comp_ima.lo: \ - pts/components/ita/$(am__dirstamp) \ - pts/components/ita/$(DEPDIR)/$(am__dirstamp) -pts/components/ita/ita_comp_tboot.lo: \ - pts/components/ita/$(am__dirstamp) \ - pts/components/ita/$(DEPDIR)/$(am__dirstamp) -pts/components/ita/ita_comp_tgrub.lo: \ - pts/components/ita/$(am__dirstamp) \ - pts/components/ita/$(DEPDIR)/$(am__dirstamp) -pts/components/tcg/$(am__dirstamp): - @$(MKDIR_P) pts/components/tcg - @: > pts/components/tcg/$(am__dirstamp) -pts/components/tcg/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) pts/components/tcg/$(DEPDIR) - @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp) -pts/components/tcg/tcg_comp_func_name.lo: \ - pts/components/tcg/$(am__dirstamp) \ - pts/components/tcg/$(DEPDIR)/$(am__dirstamp) -swid/$(am__dirstamp): - @$(MKDIR_P) swid - @: > swid/$(am__dirstamp) -swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) swid/$(DEPDIR) - @: > swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_error.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_inventory.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag_id.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -tcg/$(am__dirstamp): - @$(MKDIR_P) tcg - @: > tcg/$(am__dirstamp) -tcg/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) tcg/$(DEPDIR) - @: > tcg/$(DEPDIR)/$(am__dirstamp) -tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp) -tcg/pts/$(am__dirstamp): - @$(MKDIR_P) tcg/pts - @: > tcg/pts/$(am__dirstamp) -tcg/pts/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) tcg/pts/$(DEPDIR) - @: > tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \ - tcg/pts/$(DEPDIR)/$(am__dirstamp) -tcg/swid/$(am__dirstamp): - @$(MKDIR_P) tcg/swid - @: > tcg/swid/$(am__dirstamp) -tcg/swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) tcg/swid/$(DEPDIR) - @: > tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) - -libpts.la: $(libpts_la_OBJECTS) $(libpts_la_DEPENDENCIES) $(EXTRA_libpts_la_DEPENDENCIES) - $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libpts_la_OBJECTS) $(libpts_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -rm -f pts/*.$(OBJEXT) - -rm -f pts/*.lo - -rm -f pts/components/*.$(OBJEXT) - -rm -f pts/components/*.lo - -rm -f pts/components/ita/*.$(OBJEXT) - -rm -f pts/components/ita/*.lo - -rm -f pts/components/tcg/*.$(OBJEXT) - -rm -f pts/components/tcg/*.lo - -rm -f swid/*.$(OBJEXT) - -rm -f swid/*.lo - -rm -f tcg/*.$(OBJEXT) - -rm -f tcg/*.lo - -rm -f tcg/pts/*.$(OBJEXT) - -rm -f tcg/pts/*.lo - -rm -f tcg/swid/*.$(OBJEXT) - -rm -f tcg/swid/*.lo - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpts.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_creds.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_database.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_dh_group.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_error.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meas.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meta.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_type.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_bios_list.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_event_list.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_meas_algo.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_pcr.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_evidence.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_func_name.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_component_manager.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -rm -rf pts/.libs pts/_libs - -rm -rf pts/components/.libs pts/components/_libs - -rm -rf pts/components/ita/.libs pts/components/ita/_libs - -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs - -rm -rf swid/.libs swid/_libs - -rm -rf tcg/.libs tcg/_libs - -rm -rf tcg/pts/.libs tcg/pts/_libs - -rm -rf tcg/swid/.libs tcg/swid/_libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-recursive - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile $(LTLIBRARIES) -installdirs: installdirs-recursive -installdirs-am: - for dir in "$(DESTDIR)$(ipseclibdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -rm -f pts/$(DEPDIR)/$(am__dirstamp) - -rm -f pts/$(am__dirstamp) - -rm -f pts/components/$(DEPDIR)/$(am__dirstamp) - -rm -f pts/components/$(am__dirstamp) - -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp) - -rm -f pts/components/ita/$(am__dirstamp) - -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp) - -rm -f pts/components/tcg/$(am__dirstamp) - -rm -f swid/$(DEPDIR)/$(am__dirstamp) - -rm -f swid/$(am__dirstamp) - -rm -f tcg/$(DEPDIR)/$(am__dirstamp) - -rm -f tcg/$(am__dirstamp) - -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp) - -rm -f tcg/pts/$(am__dirstamp) - -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp) - -rm -f tcg/swid/$(am__dirstamp) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-recursive - -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: install-ipseclibLTLIBRARIES - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: uninstall-ipseclibLTLIBRARIES - -.MAKE: $(am__recursive_targets) install-am install-strip - -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-ipseclibLTLIBRARIES \ - clean-libtool cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-ipseclibLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-ipseclibLTLIBRARIES - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/libpts/libpts.c b/src/libpts/libpts.c deleted file mode 100644 index 95110823c..000000000 --- a/src/libpts/libpts.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "libpts.h" -#include "tcg/tcg_attr.h" -#include "pts/components/pts_component.h" -#include "pts/components/pts_component_manager.h" -#include "pts/components/tcg/tcg_comp_func_name.h" -#include "pts/components/ita/ita_comp_func_name.h" -#include "pts/components/ita/ita_comp_ima.h" -#include "pts/components/ita/ita_comp_tboot.h" -#include "pts/components/ita/ita_comp_tgrub.h" - -#include <imcv.h> -#include <utils/debug.h> - -/** - * PTS Functional Component manager - */ -pts_component_manager_t *pts_components; - -/** - * Reference count for IMC/IMV instances - */ -static refcount_t libpts_ref = 0; - -/** - * Described in header. - */ -bool libpts_init(void) -{ - if (libpts_ref == 0) - { - if (!imcv_pa_tnc_attributes) - { - return FALSE; - } - imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG, - tcg_attr_create_from_data, tcg_attr_names); - - pts_components = pts_component_manager_create(); - pts_components->add_vendor(pts_components, PEN_TCG, - pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE, - pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names); - pts_components->add_vendor(pts_components, PEN_ITA, - pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE, - pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names); - - pts_components->add_component(pts_components, PEN_ITA, - PTS_ITA_COMP_FUNC_NAME_TGRUB, - pts_ita_comp_tgrub_create); - pts_components->add_component(pts_components, PEN_ITA, - PTS_ITA_COMP_FUNC_NAME_TBOOT, - pts_ita_comp_tboot_create); - pts_components->add_component(pts_components, PEN_ITA, - PTS_ITA_COMP_FUNC_NAME_IMA, - pts_ita_comp_ima_create); - - DBG1(DBG_LIB, "libpts initialized"); - } - ref_get(&libpts_ref); - - return TRUE; -} - -/** - * Described in header. - */ -void libpts_deinit(void) -{ - if (ref_put(&libpts_ref)) - { - pts_components->remove_vendor(pts_components, PEN_TCG); - pts_components->remove_vendor(pts_components, PEN_ITA); - pts_components->destroy(pts_components); - - if (!imcv_pa_tnc_attributes) - { - return; - } - imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG); - DBG1(DBG_LIB, "libpts terminated"); - } -} - diff --git a/src/libpts/libpts.h b/src/libpts/libpts.h deleted file mode 100644 index e3814e97d..000000000 --- a/src/libpts/libpts.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup libpts libpts - * - * @defgroup libpts_plugins plugins - * @ingroup libpts - * - * @defgroup swid swid - * @ingroup libpts - * - * @addtogroup libpts - * @{ - */ - -#ifndef LIBPTS_H_ -#define LIBPTS_H_ - -#include "pts/components/pts_component_manager.h" - -#include <library.h> - -/** - * Initialize libpts. - * - * @return FALSE if initialization failed - */ -bool libpts_init(void); - -/** - * Deinitialize libpts. - */ -void libpts_deinit(void); - -/** - * PTS Functional Component manager - */ -extern pts_component_manager_t* pts_components; - -#endif /** LIBPTS_H_ @}*/ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index ff380ced1..74cd8084a 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 76c9f964f..faaae70fe 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index cbfb8c06b..a16991927 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 3ddd42f11..9b775f9b3 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -37,7 +37,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \ settings/settings_parser.c settings/settings_lexer.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ -utils/parser_helper.c utils/test.c utils/utils/strerror.c +utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c libstrongswan_la_SOURCES += \ threading/thread.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 3fb57de5a..0083ffe6b 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -35,7 +35,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \ settings/settings_parser.y settings/settings_lexer.l \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ -utils/parser_helper.c utils/test.c utils/utils/strerror.c +utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c if !USE_WINDOWS libstrongswan_la_SOURCES += \ @@ -102,7 +102,7 @@ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ utils/leak_detective.h utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \ -utils/utils/strerror.h +utils/process.h utils/utils/strerror.h endif library.lo : $(top_builddir)/config.status diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 9e8cd3e03..40678cbde 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -334,9 +334,9 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \ utils/identification.c utils/lexparser.c utils/optionsfrom.c \ utils/capabilities.c utils/backtrace.c utils/parser_helper.c \ - utils/test.c utils/utils/strerror.c threading/thread.c \ - threading/thread_value.c threading/mutex.c threading/rwlock.c \ - threading/spinlock.c threading/semaphore.c \ + utils/test.c utils/process.c utils/utils/strerror.c \ + threading/thread.c threading/thread_value.c threading/mutex.c \ + threading/rwlock.c threading/spinlock.c threading/semaphore.c \ networking/streams/stream_unix.c \ networking/streams/stream_service_unix.c \ threading/windows/thread.c threading/windows/thread_value.c \ @@ -412,10 +412,10 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \ utils/utils.lo utils/chunk.lo utils/debug.lo utils/enum.lo \ utils/identification.lo utils/lexparser.lo \ utils/optionsfrom.lo utils/capabilities.lo utils/backtrace.lo \ - utils/parser_helper.lo utils/test.lo utils/utils/strerror.lo \ - $(am__objects_1) $(am__objects_2) $(am__objects_3) \ - $(am__objects_4) $(am__objects_5) $(am__objects_6) \ - $(am__objects_7) + utils/parser_helper.lo utils/test.lo utils/process.lo \ + utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \ + $(am__objects_3) $(am__objects_4) $(am__objects_5) \ + $(am__objects_6) $(am__objects_7) libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -549,7 +549,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ utils/printf_hook/printf_hook_vstr.h \ utils/printf_hook/printf_hook_builtin.h utils/parser_helper.h \ utils/test.h utils/integrity_checker.h utils/windows.h \ - utils/utils/strerror.h + utils/process.h utils/utils/strerror.h HEADERS = $(nobase_strongswan_include_HEADERS) $(noinst_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive @@ -648,6 +648,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -708,6 +709,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -773,6 +775,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -820,6 +824,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -875,9 +883,10 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \ utils/identification.c utils/lexparser.c utils/optionsfrom.c \ utils/capabilities.c utils/backtrace.c utils/parser_helper.c \ - utils/test.c utils/utils/strerror.c $(am__append_1) \ - $(am__append_3) $(am__append_8) $(am__append_11) \ - $(am__append_12) $(am__append_14) $(am__append_16) + utils/test.c utils/process.c utils/utils/strerror.c \ + $(am__append_1) $(am__append_3) $(am__append_8) \ + $(am__append_11) $(am__append_12) $(am__append_14) \ + $(am__append_16) # private header files noinst_HEADERS = \ @@ -931,7 +940,7 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@utils/leak_detective.h utils/printf_hook/printf_hook.h \ @USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ @USE_DEV_HEADERS_TRUE@utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \ -@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h +@USE_DEV_HEADERS_TRUE@utils/process.h utils/utils/strerror.h libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \ $(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \ @@ -1457,6 +1466,8 @@ utils/backtrace.lo: utils/$(am__dirstamp) \ utils/parser_helper.lo: utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/process.lo: utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) utils/utils/$(am__dirstamp): @$(MKDIR_P) utils/utils @: > utils/utils/$(am__dirstamp) @@ -1707,6 +1718,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/lexparser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/optionsfrom.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/parser_helper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/process.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/test.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/windows.Plo@am__quote@ diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 05be574de..dca12bd54 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -123,6 +123,24 @@ chunk_t asn1_build_known_oid(int n) return oid; } +/** + * Returns the number of bytes required to encode the given OID node + */ +static int bytes_required(u_int val) +{ + int shift, required = 1; + + /* sufficient to handle 32 bit node numbers */ + for (shift = 28; shift; shift -= 7) + { + if (val >> shift) + { /* do not encode leading zeroes */ + required++; + } + } + return required; +} + /* * Defined in header. */ @@ -132,14 +150,15 @@ chunk_t asn1_oid_from_string(char *str) size_t buf_len = 64; u_char buf[buf_len]; char *end; - int i = 0, pos = 0, shift; - u_int val, shifted_val, first = 0; + int i = 0, pos = 0, req, shift; + u_int val, first = 0; enumerator = enumerator_create_token(str, ".", ""); while (enumerator->enumerate(enumerator, &str)) { val = strtoul(str, &end, 10); - if (end == str || pos > buf_len-4) + req = bytes_required(val); + if (end == str || pos + req > buf_len) { pos = 0; break; @@ -153,15 +172,9 @@ chunk_t asn1_oid_from_string(char *str) buf[pos++] = first * 40 + val; break; default: - shift = 28; /* sufficient to handle 32 bit node numbers */ - while (shift) + for (shift = (req - 1) * 7; shift; shift -= 7) { - shifted_val = val >> shift; - shift -= 7; - if (shifted_val) /* do not encode leading zeroes */ - { - buf[pos++] = 0x80 | (shifted_val & 0x7F); - } + buf[pos++] = 0x80 | ((val >> shift) & 0x7F); } buf[pos++] = val & 0x7F; } diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index 8d619116a..61c696bc1 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -361,16 +361,16 @@ bool array_remove(array_t *array, int idx, void *data) { return FALSE; } + if (idx < 0) + { + idx = array_count(array) - 1; + } if (idx > array_count(array) / 2) { remove_tail(array, idx); } else { - if (idx < 0) - { - idx = array_count(array) - 1; - } remove_head(array, idx); } if (array->head + array->tail > ARRAY_MAX_UNUSED) diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index ce702ebfa..0659c70bd 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -100,6 +100,11 @@ enumerator_t* array_create_enumerator(array_t *array); /** * Remove an element at enumerator position. * + * @warning For **value based** arrays don't use the pointer returned by + * enumerate() anymore after calling this function. For performance reasons + * that pointer will point to internal data structures that get modified when + * this function is called. + * * @param array array to remove element in * @param enumerator enumerator position, from array_create_enumerator() */ diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index aeeb4198f..db08c6b96 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -998,8 +998,8 @@ METHOD(auth_cfg_t, purge, void, { if (!keep_ca || entry->type != AUTH_RULE_CA_CERT) { - array_remove_at(this->entries, enumerator); destroy_entry_value(entry); + array_remove_at(this->entries, enumerator); } } enumerator->destroy(enumerator); diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 3ec0714b6..b0c8e48ba 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -1279,7 +1279,7 @@ METHOD(credential_manager_t, add_validator, void, private_credential_manager_t *this, cert_validator_t *vdtr) { this->lock->write_lock(this->lock); - this->sets->insert_last(this->validators, vdtr); + this->validators->insert_last(this->validators, vdtr); this->lock->unlock(this->lock); } diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 5c1d08de2..87c9b21f8 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -66,6 +66,7 @@ static struct { } dh_params[] = { { .group = MODP_768_BIT, .opt_exp = 32, .public = { + .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -74,10 +75,10 @@ static struct { 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_1024_BIT, .opt_exp = 32, .public = { + .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -88,10 +89,10 @@ static struct { 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_1536_BIT, .opt_exp = 32, .public = { + .exp_len = 32, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -106,10 +107,10 @@ static struct { 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_2048_BIT, .opt_exp = 48, .public = { + .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -128,10 +129,10 @@ static struct { 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_3072_BIT, .opt_exp = 48, .public = { + .exp_len = 48, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -158,10 +159,10 @@ static struct { 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_4096_BIT, .opt_exp = 64, .public = { + .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -196,10 +197,10 @@ static struct { 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_6144_BIT, .opt_exp = 64, .public = { + .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -250,10 +251,10 @@ static struct { 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_8192_BIT, .opt_exp = 64, .public = { + .exp_len = 64, .generator = chunk_from_chars(0x02), .prime = chunk_from_chars( 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, @@ -320,10 +321,10 @@ static struct { 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), - .exp_len = 0, }, },{ .group = MODP_1024_160, .opt_exp = 20, .public = { + .exp_len = 20, .subgroup = chunk_from_chars( 0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D, 0x49,0x46,0x23,0x53), @@ -348,6 +349,7 @@ static struct { }, }, { .group = MODP_2048_224, .opt_exp = 28, .public = { + .exp_len = 28, .subgroup = chunk_from_chars( 0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A, 0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB), @@ -388,6 +390,7 @@ static struct { }, },{ .group = MODP_2048_256, .opt_exp = 32, .public = { + .exp_len = 32, .subgroup = chunk_from_chars( 0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2, 0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3), @@ -430,6 +433,23 @@ static struct { }; /** + * See header. + */ +void diffie_hellman_init() +{ + int i; + + if (lib->settings->get_int(lib->settings, + "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) + { + for (i = 0; i < countof(dh_params); i++) + { + dh_params[i].public.exp_len = dh_params[i].public.prime.len; + } + } +} + +/** * Described in header. */ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 00d700314..105db22f1 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -149,8 +149,16 @@ struct diffie_hellman_params_t { }; /** + * Initialize diffie hellman parameters during startup. + */ +void diffie_hellman_init(); + +/** * Get the parameters associated with the specified diffie hellman group. * + * Before calling this method, use diffie_hellman_init() to initialize the + * DH group table. This is usually done by library_init(). + * * @param group DH group * @return The parameters or NULL, if the group is not supported */ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index e3ad16411..dc73ccc68 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -29,6 +29,10 @@ #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so" +#ifndef STRONGSWAN_CONF +#define STRONGSWAN_CONF NULL +#endif + typedef struct private_library_t private_library_t; /** @@ -149,6 +153,7 @@ void library_deinit() utils_deinit(); threads_deinit(); + free(this->public.conf); free((void*)this->public.ns); free(this); lib = NULL; @@ -258,6 +263,7 @@ bool library_init(char *settings, const char *namespace) .get = _get, .set = _set, .ns = strdup(namespace ?: "libstrongswan"), + .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)), }, .ref = 1, ); @@ -304,13 +310,7 @@ bool library_init(char *settings, const char *namespace) this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); -#ifdef STRONGSWAN_CONF - if (!settings) - { - settings = STRONGSWAN_CONF; - } -#endif - this->public.settings = settings_create(settings); + this->public.settings = settings_create(this->public.conf); /* all namespace settings may fall back to libstrongswan */ lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan"); @@ -351,5 +351,7 @@ bool library_init(char *settings, const char *namespace) #endif /* INTEGRITY_TEST */ } + diffie_hellman_init(); + return !this->integrity_failed; } diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 37a83fa2f..2bd5e3523 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -147,6 +147,11 @@ struct library_t { const char *ns; /** + * Main configuration file passed to library_init(), the default, or NULL + */ + char *conf; + + /** * Printf hook registering facility */ printf_hook_t *printf_hook; diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h index a96a4b84f..1492dd0b9 100644 --- a/src/libstrongswan/networking/packet.h +++ b/src/libstrongswan/networking/packet.h @@ -29,6 +29,11 @@ typedef struct packet_t packet_t; #include <networking/host.h> /** + * Maximum packet size we handle by default + */ +#define PACKET_MAX_DEFAULT 10000 + +/** * Abstraction of an IP/UDP-Packet, contains data, sender and receiver. */ struct packet_t { diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c index 7358c580e..09138c76a 100644 --- a/src/libstrongswan/networking/streams/stream_service.c +++ b/src/libstrongswan/networking/streams/stream_service.c @@ -68,6 +68,11 @@ struct private_stream_service_t { u_int active; /** + * Currently running jobs + */ + u_int running; + + /** * mutex to lock active counter */ mutex_t *mutex; @@ -76,8 +81,29 @@ struct private_stream_service_t { * Condvar to wait for callback termination */ condvar_t *condvar; + + /** + * TRUE when the service is terminated + */ + bool terminated; + + /** + * Reference counter + */ + refcount_t ref; }; +static void destroy_service(private_stream_service_t *this) +{ + if (ref_put(&this->ref)) + { + close(this->fd); + this->mutex->destroy(this->mutex); + this->condvar->destroy(this->condvar); + free(this); + } +} + /** * Data to pass to async accept job */ @@ -93,6 +119,11 @@ typedef struct { } async_data_t; /** + * Forward declaration + */ +static bool watch(private_stream_service_t *this, int fd, watcher_event_t event); + +/** * Clean up accept data */ static void destroy_async_data(async_data_t *data) @@ -100,14 +131,15 @@ static void destroy_async_data(async_data_t *data) private_stream_service_t *this = data->this; this->mutex->lock(this->mutex); - if (this->active-- == this->cncrncy) + if (this->active-- == this->cncrncy && !this->terminated) { /* leaving concurrency limit, restart accept()ing. */ - this->public.on_accept(&this->public, this->cb, this->data, - this->prio, this->cncrncy); + lib->watcher->add(lib->watcher, this->fd, + WATCHER_READ, (watcher_cb_t)watch, this); } this->condvar->signal(this->condvar); this->mutex->unlock(this->mutex); + destroy_service(this); if (data->fd != -1) { @@ -117,19 +149,45 @@ static void destroy_async_data(async_data_t *data) } /** + * Reduce running counter + */ +CALLBACK(reduce_running, void, + async_data_t *data) +{ + private_stream_service_t *this = data->this; + + this->mutex->lock(this->mutex); + this->running--; + this->condvar->signal(this->condvar); + this->mutex->unlock(this->mutex); +} + +/** * Async processing of accepted connection */ static job_requeue_t accept_async(async_data_t *data) { + private_stream_service_t *this = data->this; stream_t *stream; + this->mutex->lock(this->mutex); + if (this->terminated) + { + this->mutex->unlock(this->mutex); + return JOB_REQUEUE_NONE; + } + this->running++; + this->mutex->unlock(this->mutex); + stream = stream_create_from_fd(data->fd); if (stream) { /* FD is now owned by stream, don't close it during cleanup */ data->fd = -1; + thread_cleanup_push(reduce_running, data); thread_cleanup_push((void*)stream->destroy, stream); thread_cleanup_pop(!data->cb(data->data, stream)); + thread_cleanup_pop(TRUE); } return JOB_REQUEUE_NONE; } @@ -149,7 +207,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event) .this = this, ); - if (data->fd != -1) + if (data->fd != -1 && !this->terminated) { this->mutex->lock(this->mutex); if (++this->active == this->cncrncy) @@ -158,6 +216,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event) keep = FALSE; } this->mutex->unlock(this->mutex); + ref_get(&this->ref); lib->processor->queue_job(lib->processor, (job_t*)callback_job_create_with_prio((void*)accept_async, data, @@ -177,6 +236,12 @@ METHOD(stream_service_t, on_accept, void, { this->mutex->lock(this->mutex); + if (this->terminated) + { + this->mutex->unlock(this->mutex); + return; + } + /* wait for all callbacks to return */ while (this->active) { @@ -208,11 +273,15 @@ METHOD(stream_service_t, on_accept, void, METHOD(stream_service_t, destroy, void, private_stream_service_t *this) { - on_accept(this, NULL, NULL, this->prio, this->cncrncy); - close(this->fd); - this->mutex->destroy(this->mutex); - this->condvar->destroy(this->condvar); - free(this); + this->mutex->lock(this->mutex); + lib->watcher->remove(lib->watcher, this->fd); + this->terminated = TRUE; + while (this->running) + { + this->condvar->wait(this->condvar, this->mutex); + } + this->mutex->unlock(this->mutex); + destroy_service(this); } /** @@ -231,6 +300,7 @@ stream_service_t *stream_service_create_from_fd(int fd) .prio = JOB_PRIO_MEDIUM, .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .ref = 1, ); return &this->public; diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index eb148e7af..425e8f1a9 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index dfe411745..11dcf2907 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index c338356e3..279000d88 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index d009bafd2..c8e8112c5 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 396f3a0d8..33e5958ed 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index a1489318e..43bdf1fc5 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index cb7965aca..7c5674045 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 34cc2aae5..39469368c 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 85829370e..4b397e85d 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index c34d34903..2e221c8b4 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 620cf74f3..7653c1986 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -86,6 +86,7 @@ METHOD(fetcher_t, fetch, status_t, private_curl_fetcher_t *this, char *uri, void *userdata) { char error[CURL_ERROR_SIZE], *enc_uri; + CURLcode curl_status; status_t status; long result = 0; cb_data_t data = { @@ -123,7 +124,8 @@ METHOD(fetcher_t, fetch, status_t, } DBG2(DBG_LIB, " sending http request to '%s'...", uri); - switch (curl_easy_perform(this->curl)) + curl_status = curl_easy_perform(this->curl); + switch (curl_status) { case CURLE_UNSUPPORTED_PROTOCOL: status = NOT_SUPPORTED; @@ -138,7 +140,8 @@ METHOD(fetcher_t, fetch, status_t, status = (result >= 200 && result < 300) ? SUCCESS : FAILED; break; default: - DBG1(DBG_LIB, "libcurl http request failed: %s", error); + DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status, + error); status = FAILED; break; } diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 062fe129f..89296677e 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -32,8 +32,107 @@ struct private_curl_plugin_t { * public functions */ curl_plugin_t public; + + /** + * Supported features, CURL protocols + 1 + */ + plugin_feature_t *features; + + /** + * Number of supported features + */ + int count; }; +/** + * Append a feature to supported feature list + */ +static void add_feature(private_curl_plugin_t *this, plugin_feature_t f) +{ + this->features = realloc(this->features, ++this->count * sizeof(f)); + this->features[this->count - 1] = f; +} + +/** + * Try to add a feature, and the appropriate SSL dependencies + */ +static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl, + char *proto, plugin_feature_t f) +{ + /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */ + if (strpfx(ssl, "OpenSSL")) + { + add_feature(this, f); + add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading")); + } + else if (strpfx(ssl, "GnuTLS")) + { + add_feature(this, f); + add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading")); + } + else if (strpfx(ssl, "NSS")) + { + add_feature(this, f); + } + else + { + DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled", + ssl, proto); + } +} + +/** + * Get supported protocols, build plugin feature set + */ +static bool query_protocols(private_curl_plugin_t *this) +{ + + struct { + /* protocol we are interested in, suffixed with "://" */ + char *name; + /* require SSL library initialization? */ + bool ssl; + } protos[] = { + { "file://", FALSE, }, + { "http://", FALSE, }, + { "https://", TRUE, }, + { "ftp://", FALSE, }, + }; + curl_version_info_data *info; + char *name; + int i, j; + + add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create)); + + info = curl_version_info(CURLVERSION_NOW); + + for (i = 0; info->protocols[i]; i++) + { + for (j = 0; j < countof(protos); j++) + { + name = protos[j].name; + if (strlen(info->protocols[i]) == strlen(name) - strlen("://")) + { + if (strneq(info->protocols[i], name, + strlen(name) - strlen("://"))) + { + if (protos[j].ssl) + { + add_feature_with_ssl(this, info->ssl_version, name, + PLUGIN_PROVIDE(FETCHER, name)); + } + else + { + add_feature(this, PLUGIN_PROVIDE(FETCHER, name)); + } + } + } + } + } + + return this->count > 1; +} + METHOD(plugin_t, get_name, char*, private_curl_plugin_t *this) { @@ -43,21 +142,15 @@ METHOD(plugin_t, get_name, char*, METHOD(plugin_t, get_features, int, private_curl_plugin_t *this, plugin_feature_t *features[]) { - static plugin_feature_t f[] = { - PLUGIN_REGISTER(FETCHER, curl_fetcher_create), - PLUGIN_PROVIDE(FETCHER, "file://"), - PLUGIN_PROVIDE(FETCHER, "http://"), - PLUGIN_PROVIDE(FETCHER, "https://"), - PLUGIN_PROVIDE(FETCHER, "ftp://"), - }; - *features = f; - return countof(f); + *features = this->features; + return this->count; } METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) { curl_global_cleanup(); + free(this->features); free(this); } @@ -79,7 +172,12 @@ plugin_t *curl_plugin_create() }, ); - res = curl_global_init(CURL_GLOBAL_NOTHING); + res = curl_global_init(CURL_GLOBAL_SSL); + if (res != CURLE_OK) + { + /* no SSL support? Try without */ + res = curl_global_init(CURL_GLOBAL_NOTHING); + } if (res != CURLE_OK) { DBG1(DBG_LIB, "global libcurl initializing failed: %s", @@ -87,6 +185,13 @@ plugin_t *curl_plugin_create() destroy(this); return NULL; } + + if (!query_protocols(this)) + { + DBG1(DBG_LIB, "no usable CURL protocols found, curl disabled"); + destroy(this); + return NULL; + } + return &this->public.plugin; } - diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 2f8eb857d..0025a2b20 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index bd6e64bc5..0b30923a5 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index cc146d8da..64ae66559 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 4e0e86c9c..511bfc365 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 90990cf23..0c7d22d71 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index f4254bb93..480c083c0 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -58,6 +58,8 @@ METHOD(plugin_t, get_features, int, private_gcrypt_plugin_t *this, plugin_feature_t *features[]) { static plugin_feature_t f[] = { + /* we provide threading-safe initialization of libgcrypt */ + PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"), /* crypters */ PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create), PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index c13f4e55c..eab4a0047 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index cdfa94c27..bf34e4c9f 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index 2a968b81a..17faa569d 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index b8e1b4902..332a587c9 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 3de733c87..91fe8c45f 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 1636b9660..ba6cb0cf6 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index ebd0d90d8..bca4562d6 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index f75fbe21e..0d15d7c2e 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index fa10c8371..e57a3673e 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 6f0a3bfaf..ac0db0150 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 12f264267..bc7884c99 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -181,17 +181,7 @@ METHOD(private_key_t, decrypt, bool, METHOD(private_key_t, get_keysize, int, private_openssl_ec_private_key_t *this) { - switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) - { - case NID_X9_62_prime256v1: - return 256; - case NID_secp384r1: - return 384; - case NID_secp521r1: - return 521; - default: - return 0; - } + return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec)); } METHOD(private_key_t, get_type, key_type_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 382c55418..21dcb0120 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -179,17 +179,7 @@ METHOD(public_key_t, encrypt, bool, METHOD(public_key_t, get_keysize, int, private_openssl_ec_public_key_t *this) { - switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) - { - case NID_X9_62_prime256v1: - return 256; - case NID_secp384r1: - return 384; - case NID_secp521r1: - return 521; - default: - return 0; - } + return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec)); } /** diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index a426cdcb3..e48efe3e9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int, private_openssl_plugin_t *this, plugin_feature_t *features[]) { static plugin_feature_t f[] = { + /* we provide OpenSSL threading callbacks */ + PLUGIN_PROVIDE(CUSTOM, "openssl-threading"), /* crypters */ PLUGIN_REGISTER(CRYPTER, openssl_crypter_create), #ifndef OPENSSL_NO_AES diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 39ee77314..4bd958784 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 28d0f84ab..f9c5b9b52 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 29387a3f4..8e351c273 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index edaa8c3eb..445bc2d24 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 55df26922..34e8d0caa 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index f4d399c66..d90cd3532 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 4b60cad46..f6534f087 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index bf0a0ccbc..0756db856 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index c23f2f03f..1fec1b3ea 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -218,6 +218,16 @@ typedef struct { char *name; /** + * Optional reload function for features + */ + bool (*reload)(void *data); + + /** + * User data to pass to reload function + */ + void *reload_data; + + /** * Static plugin features */ plugin_feature_t *features; @@ -242,6 +252,16 @@ METHOD(plugin_t, get_static_features, int, return this->count; } +METHOD(plugin_t, static_reload, bool, + static_features_t *this) +{ + if (this->reload) + { + return this->reload(this->reload_data); + } + return FALSE; +} + METHOD(plugin_t, static_destroy, void, static_features_t *this) { @@ -254,7 +274,8 @@ METHOD(plugin_t, static_destroy, void, * Create a wrapper around static plugin features. */ static plugin_t *static_features_create(const char *name, - plugin_feature_t features[], int count) + plugin_feature_t features[], int count, + bool (*reload)(void*), void *reload_data) { static_features_t *this; @@ -262,9 +283,12 @@ static plugin_t *static_features_create(const char *name, .public = { .get_name = _get_static_name, .get_features = _get_static_features, + .reload = _static_reload, .destroy = _static_destroy, }, .name = strdup(name), + .reload = reload, + .reload_data = reload_data, .features = calloc(count, sizeof(plugin_feature_t)), .count = count, ); @@ -904,12 +928,13 @@ static void purge_plugins(private_plugin_loader_t *this) METHOD(plugin_loader_t, add_static_features, void, private_plugin_loader_t *this, const char *name, - plugin_feature_t features[], int count, bool critical) + plugin_feature_t features[], int count, bool critical, + bool (*reload)(void*), void *reload_data) { plugin_entry_t *entry; plugin_t *plugin; - plugin = static_features_create(name, features, count); + plugin = static_features_create(name, features, count, reload, reload_data); INIT(entry, .plugin = plugin, diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index fec57ce98..6be6a909c 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -44,6 +44,9 @@ struct plugin_loader_t { * If critical is TRUE load() will fail if any of the added features could * not be loaded. * + * If a reload callback function is given, it gets invoked for the + * registered feature set when reload() is invoked on the plugin_loader. + * * @note The name should be unique otherwise a plugin with the same name is * not loaded. * @@ -51,10 +54,13 @@ struct plugin_loader_t { * @param features array of plugin features * @param count number of features in the array * @param critical TRUE if the features are critical + * @param reload feature reload callback, or NULL + * @param reload_data user data to pass to reload callback */ void (*add_static_features) (plugin_loader_t *this, const char *name, struct plugin_feature_t *features, int count, - bool critical); + bool critical, bool (*reload)(void*), + void *reload_data); /** * Load a list of plugins. diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 2dc355ba2..fcdbe9450 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index e90c3213b..fb6c9ae43 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index dd49ea65f..d84b1ba17 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 44dce24c5..967e8625d 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index cb185e72c..127482635 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index f07b768ce..70a98b006 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index ab95f8aa4..f7d11beb1 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index ef85abd73..ee96f08c2 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index f7be0e43c..b9f949bcf 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index ed86fcaba..b66302e1a 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index f517eb433..8d7c667d8 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 166891784..02f4ccd8a 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index 4e4fd5725..fb87917a2 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 02f2b2b52..23a6b3ba3 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 3c3fa0766..ffcee547c 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c index 3518dfdae..d4de2a907 100644 --- a/src/libstrongswan/processing/watcher.c +++ b/src/libstrongswan/processing/watcher.c @@ -52,9 +52,9 @@ struct private_watcher_t { bool pending; /** - * Is watcher running? + * Running state of watcher */ - bool running; + watcher_state_t state; /** * Lock to access FD list @@ -239,7 +239,7 @@ static void activate_all(private_watcher_t *this) entry->in_callback = 0; } enumerator->destroy(enumerator); - this->running = FALSE; + this->state = WATCHER_STOPPED; this->condvar->broadcast(this->condvar); this->mutex->unlock(this->mutex); } @@ -263,10 +263,14 @@ static job_requeue_t watch(private_watcher_t *this) if (this->fds->get_count(this->fds) == 0) { - this->running = FALSE; + this->state = WATCHER_STOPPED; this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } + if (this->state == WATCHER_QUEUED) + { + this->state = WATCHER_RUNNING; + } if (this->notify[0] != -1) { @@ -407,9 +411,9 @@ METHOD(watcher_t, add, void, this->mutex->lock(this->mutex); this->fds->insert_last(this->fds, entry); - if (!this->running) + if (this->state == WATCHER_STOPPED) { - this->running = TRUE; + this->state = WATCHER_QUEUED; lib->processor->queue_job(lib->processor, (job_t*)callback_job_create_with_prio((void*)watch, this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); @@ -437,7 +441,7 @@ METHOD(watcher_t, remove_, void, { if (entry->fd == fd) { - if (this->running && entry->in_callback) + if (this->state != WATCHER_STOPPED && entry->in_callback) { is_in_callback = TRUE; break; @@ -458,6 +462,18 @@ METHOD(watcher_t, remove_, void, this->mutex->unlock(this->mutex); } +METHOD(watcher_t, get_state, watcher_state_t, + private_watcher_t *this) +{ + watcher_state_t state; + + this->mutex->lock(this->mutex); + state = this->state; + this->mutex->unlock(this->mutex); + + return state; +} + METHOD(watcher_t, destroy, void, private_watcher_t *this) { @@ -535,6 +551,7 @@ watcher_t *watcher_create() .public = { .add = _add, .remove = _remove_, + .get_state = _get_state, .destroy = _destroy, }, .fds = linked_list_create(), @@ -542,6 +559,7 @@ watcher_t *watcher_create() .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), .jobs = linked_list_create(), .notify = {-1, -1}, + .state = WATCHER_STOPPED, ); if (!create_notify(this)) diff --git a/src/libstrongswan/processing/watcher.h b/src/libstrongswan/processing/watcher.h index 6e158cec2..f07cabf1a 100644 --- a/src/libstrongswan/processing/watcher.h +++ b/src/libstrongswan/processing/watcher.h @@ -23,6 +23,7 @@ typedef struct watcher_t watcher_t; typedef enum watcher_event_t watcher_event_t; +typedef enum watcher_state_t watcher_state_t; #include <library.h> @@ -57,6 +58,18 @@ enum watcher_event_t { }; /** + * State the watcher currently is in + */ +enum watcher_state_t { + /** no watcher thread running or queued */ + WATCHER_STOPPED = 0, + /** a job has been queued for watching, but not yet started */ + WATCHER_QUEUED, + /** a watcher thread is active, dispatching socket events */ + WATCHER_RUNNING, +}; + +/** * Watch multiple file descriptors using select(). */ struct watcher_t { @@ -86,6 +99,13 @@ struct watcher_t { void (*remove)(watcher_t *this, int fd); /** + * Get the current watcher state + * + * @return currently active watcher state + */ + watcher_state_t (*get_state)(watcher_t *this); + + /** * Destroy a watcher_t. */ void (*destroy)(watcher_t *this); diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index e235e3c51..acf9160d2 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -856,7 +856,7 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, if (pattern == NULL || !pattern[0]) { /* TODO: Clear parent if merge is FALSE? */ - return FALSE; + return TRUE; } section = settings_section_create(NULL); diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 23e552d8c..be805efc9 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -1716,13 +1716,11 @@ bool settings_parser_parse_file(section_t *root, char *name) helper->file_include(helper, name); if (!settings_parser_open_next_file(helper)) { -#ifdef STRONGSWAN_CONF - if (streq(name, STRONGSWAN_CONF)) + if (lib->conf && streq(name, lib->conf)) { DBG2(DBG_CFG, "failed to open config file '%s'", name); } else -#endif { DBG1(DBG_CFG, "failed to open config file '%s'", name); } diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y index b79faf6b7..d95a24b2a 100644 --- a/src/libstrongswan/settings/settings_parser.y +++ b/src/libstrongswan/settings/settings_parser.y @@ -259,13 +259,11 @@ bool settings_parser_parse_file(section_t *root, char *name) helper->file_include(helper, name); if (!settings_parser_open_next_file(helper)) { -#ifdef STRONGSWAN_CONF - if (streq(name, STRONGSWAN_CONF)) + if (lib->conf && streq(name, lib->conf)) { DBG2(DBG_CFG, "failed to open config file '%s'", name); } else -#endif { DBG1(DBG_CFG, "failed to open config file '%s'", name); } diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index e8e8090f3..7ecba19da 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -30,6 +30,7 @@ tests_SOURCES = tests.h tests.c \ suites/test_hashtable.c \ suites/test_identification.c \ suites/test_threading.c \ + suites/test_process.c \ suites/test_watcher.c \ suites/test_stream.c \ suites/test_fetch_http.c \ diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 1d2d5ebd1..3268b5488 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -126,6 +126,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \ suites/tests-test_hashtable.$(OBJEXT) \ suites/tests-test_identification.$(OBJEXT) \ suites/tests-test_threading.$(OBJEXT) \ + suites/tests-test_process.$(OBJEXT) \ suites/tests-test_watcher.$(OBJEXT) \ suites/tests-test_stream.$(OBJEXT) \ suites/tests-test_fetch_http.$(OBJEXT) \ @@ -265,6 +266,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -325,6 +327,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -390,6 +393,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -437,6 +442,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -472,6 +481,7 @@ tests_SOURCES = tests.h tests.c \ suites/test_hashtable.c \ suites/test_identification.c \ suites/test_threading.c \ + suites/test_process.c \ suites/test_watcher.c \ suites/test_stream.c \ suites/test_fetch_http.c \ @@ -595,6 +605,8 @@ suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_process.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \ @@ -671,6 +683,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ntru.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_pen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_printf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_process.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_rsa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_settings.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_stream.Po@am__quote@ @@ -880,6 +893,20 @@ suites/tests-test_threading.obj: suites/test_threading.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi` +suites/tests-test_process.o: suites/test_process.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.o -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c + +suites/tests-test_process.obj: suites/test_process.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi` + suites/tests-test_watcher.o: suites/test_watcher.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index b33d70ec7..d71e010a2 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -784,6 +784,51 @@ START_TEST(test_chunk_hash_static) END_TEST /******************************************************************************* + * test for chunk_internet_checksum[_inc]() + */ + +START_TEST(test_chunk_internet_checksum) +{ + chunk_t chunk; + u_int16_t sum; + + chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06, + 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b); + + sum = chunk_internet_checksum(chunk); + ck_assert_int_eq(0x442e, ntohs(sum)); + + sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10)); + sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 10), sum); + ck_assert_int_eq(0x442e, ntohs(sum)); + + /* need to compensate for even/odd alignment */ + sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9)); + sum = ntohs(sum); + sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 11), sum); + sum = ntohs(sum); + ck_assert_int_eq(0x442e, ntohs(sum)); + + chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06, + 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e); + + sum = chunk_internet_checksum(chunk); + ck_assert_int_eq(0x4459, ntohs(sum)); + + sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10)); + sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 9), sum); + ck_assert_int_eq(0x4459, ntohs(sum)); + + /* need to compensate for even/odd alignment */ + sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9)); + sum = ntohs(sum); + sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 10), sum); + sum = ntohs(sum); + ck_assert_int_eq(0x4459, ntohs(sum)); +} +END_TEST + +/******************************************************************************* * test for chunk_map and friends */ @@ -1018,6 +1063,10 @@ Suite *chunk_suite_create() tcase_add_test(tc, test_chunk_hash_static); suite_add_tcase(s, tc); + tc = tcase_create("chunk_internet_checksum"); + tcase_add_test(tc, test_chunk_internet_checksum); + suite_add_tcase(s, tc); + tc = tcase_create("chunk_map"); tcase_add_test(tc, test_chunk_map); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_process.c b/src/libstrongswan/tests/suites/test_process.c new file mode 100644 index 000000000..9b1c57539 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_process.c @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <unistd.h> + +#include <utils/process.h> + +START_TEST(test_retval_true) +{ + process_t *process; + char *argv[] = { +#ifdef WIN32 + "C:\\Windows\\system32\\cmd.exe", + "/C", + "exit 0", +#else + "/bin/sh", + "-c", + "true", +#endif + NULL + }; + int retval; + + process = process_start(argv, NULL, NULL, NULL, NULL, TRUE); + ck_assert(process != NULL); + ck_assert(process->wait(process, &retval)); + ck_assert_int_eq(retval, 0); +} +END_TEST + +START_TEST(test_retval_false) +{ + process_t *process; + char *argv[] = { +#ifdef WIN32 + "C:\\Windows\\system32\\cmd.exe", + "/C", + "exit 1", +#else + "/bin/sh", + "-c", + "false", +#endif + NULL + }; + int retval; + + process = process_start(argv, NULL, NULL, NULL, NULL, TRUE); + ck_assert(process != NULL); + ck_assert(process->wait(process, &retval)); + ck_assert(retval != 0); +} +END_TEST + +START_TEST(test_not_found) +{ + process_t *process; + char *argv[] = { + "/bin/does-not-exist", + NULL + }; + + process = process_start(argv, NULL, NULL, NULL, NULL, TRUE); + /* both is acceptable behavior */ + ck_assert(process == NULL || !process->wait(process, NULL)); +} +END_TEST + +START_TEST(test_echo) +{ + process_t *process; + char *argv[] = { +#ifdef WIN32 + "C:\\Windows\\system32\\more.com", +#else + "/bin/sh", + "-c", + "cat", +#endif + NULL + }; + int retval, in, out; + char *msg = "test"; + char buf[strlen(msg) + 1]; + + memset(buf, 0, strlen(msg) + 1); + + process = process_start(argv, NULL, &in, &out, NULL, TRUE); + ck_assert(process != NULL); + ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg)); + ck_assert(close(in) == 0); + ck_assert_int_eq(read(out, buf, strlen(msg) + 1), strlen(msg)); + ck_assert_str_eq(buf, msg); + ck_assert(close(out) == 0); + ck_assert(process->wait(process, &retval)); + ck_assert_int_eq(retval, 0); +} +END_TEST + +START_TEST(test_echo_err) +{ + process_t *process; + char *argv[] = { +#ifdef WIN32 + "C:\\Windows\\system32\\cmd.exe", + "/C", + "1>&2 C:\\Windows\\system32\\more.com", +#else + "/bin/sh", + "-c", + "1>&2 cat", +#endif + NULL + }; + int retval, in, err; + char *msg = "a longer test message"; + char buf[strlen(msg) + 1]; + + memset(buf, 0, strlen(msg) + 1); + + process = process_start(argv, NULL, &in, NULL, &err, TRUE); + ck_assert(process != NULL); + ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg)); + ck_assert(close(in) == 0); + ck_assert_int_eq(read(err, buf, strlen(msg) + 1), strlen(msg)); + ck_assert_str_eq(buf, msg); + ck_assert(close(err) == 0); + ck_assert(process->wait(process, &retval)); + ck_assert_int_eq(retval, 0); +} +END_TEST + +START_TEST(test_env) +{ + process_t *process; + char *argv[] = { +#ifdef WIN32 + "C:\\Windows\\system32\\cmd.exe", + "/C", + "echo %A% %B%", +#else + "/bin/sh", + "-c", + "/bin/echo -n $A $B", +#endif + NULL + }; + char *envp[] = { + "A=atest", + "B=bstring", + NULL + }; + int retval, out; + char buf[64] = {}; + + process = process_start(argv, envp, NULL, &out, NULL, TRUE); + ck_assert(process != NULL); + ck_assert(read(out, buf, sizeof(buf)) > 0); +#ifdef WIN32 + ck_assert_str_eq(buf, "atest bstring\r\n"); +#else + ck_assert_str_eq(buf, "atest bstring"); +#endif + ck_assert(close(out) == 0); + ck_assert(process->wait(process, &retval)); + ck_assert_int_eq(retval, 0); +} +END_TEST + +START_TEST(test_shell) +{ + process_t *process; + int retval; + + process = process_start_shell(NULL, NULL, NULL, NULL, "exit %d", 3); + ck_assert(process != NULL); + ck_assert(process->wait(process, &retval)); + ck_assert_int_eq(retval, 3); +} +END_TEST + +Suite *process_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("process"); + + tc = tcase_create("return values"); + tcase_add_test(tc, test_retval_true); + tcase_add_test(tc, test_retval_false); + suite_add_tcase(s, tc); + + tc = tcase_create("not found"); + tcase_add_test(tc, test_not_found); + suite_add_tcase(s, tc); + + tc = tcase_create("echo"); + tcase_add_test(tc, test_echo); + tcase_add_test(tc, test_echo_err); + suite_add_tcase(s, tc); + + tc = tcase_create("env"); + tcase_add_test(tc, test_env); + suite_add_tcase(s, tc); + + tc = tcase_create("shell"); + tcase_add_test(tc, test_shell); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c index 0526d9d6e..47e448484 100644 --- a/src/libstrongswan/tests/suites/test_threading.c +++ b/src/libstrongswan/tests/suites/test_threading.c @@ -980,7 +980,8 @@ START_TEST(test_detach) sched_yield(); } /* no checks done here, but we check that thread state gets cleaned - * up with leak detective. */ + * up with leak detective. give the threads time to clean up. */ + usleep(10000); } END_TEST @@ -1015,7 +1016,8 @@ START_TEST(test_detach_exit) sched_yield(); } /* no checks done here, but we check that thread state gets cleaned - * up with leak detective. */ + * up with leak detective. give the threads time to clean up. */ + usleep(10000); } END_TEST diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 8f2e9855e..b77302820 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -58,41 +58,58 @@ static void destroy_suite(test_suite_t *suite) } /** - * Removes and destroys test suites that are not selected. + * Filter loaded test suites, either remove suites listed (exclude=TRUE), or all + * that are not listed (exclude=FALSE). */ -static void filter_suites(array_t *loaded) +static void apply_filter(array_t *loaded, char *filter, bool exclude) { enumerator_t *enumerator, *names; - hashtable_t *selected; + hashtable_t *listed; test_suite_t *suite; - char *suites, *name; + char *name; - suites = getenv("TESTS_SUITES"); - if (!suites) - { - return; - } - selected = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8); - names = enumerator_create_token(suites, ",", " "); + listed = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8); + names = enumerator_create_token(filter, ",", " "); while (names->enumerate(names, &name)) { - selected->put(selected, name, name); + listed->put(listed, name, name); } enumerator = array_create_enumerator(loaded); while (enumerator->enumerate(enumerator, &suite)) { - if (!selected->get(selected, suite->name)) + if ((exclude && listed->get(listed, suite->name)) || + (!exclude && !listed->get(listed, suite->name))) { array_remove_at(loaded, enumerator); destroy_suite(suite); } } enumerator->destroy(enumerator); - selected->destroy(selected); + listed->destroy(listed); names->destroy(names); } /** + * Removes and destroys test suites that are not selected or + * explicitly excluded. + */ +static void filter_suites(array_t *loaded) +{ + char *filter; + + filter = getenv("TESTS_SUITES"); + if (filter) + { + apply_filter(loaded, filter, FALSE); + } + filter = getenv("TESTS_SUITES_EXCLUDE"); + if (filter) + { + apply_filter(loaded, filter, TRUE); + } +} + +/** * Load all available test suites, or optionally only selected ones. */ static array_t *load_suites(test_configuration_t configs[], diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h index de87a1f0f..7250f8a00 100644 --- a/src/libstrongswan/tests/test_runner.h +++ b/src/libstrongswan/tests/test_runner.h @@ -70,6 +70,7 @@ struct test_configuration_t { * - TESTS_VERBOSITY: Numerical loglevel for debug log * - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf * - TESTS_SUITES: Run specific test suites only + * - TESTS_SUITES_EXCLUDE: Don't run specific test suites * - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only * * @param name name of test runner diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index ab0f642e4..586227800 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -24,6 +24,7 @@ TEST_SUITE(hashtable_suite_create) TEST_SUITE(array_suite_create) TEST_SUITE(identification_suite_create) TEST_SUITE(threading_suite_create) +TEST_SUITE(process_suite_create) TEST_SUITE(watcher_suite_create) TEST_SUITE(stream_suite_create) TEST_SUITE(utils_suite_create) diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c index f86e781c5..10cf04542 100644 --- a/src/libstrongswan/threading/mutex.c +++ b/src/libstrongswan/threading/mutex.c @@ -23,6 +23,7 @@ #include <library.h> #include <utils/debug.h> +#include "thread.h" #include "condvar.h" #include "mutex.h" #include "lock_profiler.h" @@ -70,7 +71,7 @@ struct private_r_mutex_t { /** * thread which currently owns mutex */ - pthread_t thread; + thread_t *thread; /** * times the current thread locked the mutex @@ -125,16 +126,16 @@ METHOD(mutex_t, unlock, void, METHOD(mutex_t, lock_r, void, private_r_mutex_t *this) { - pthread_t self = pthread_self(); + thread_t *self = thread_current(); - if (pthread_equal(this->thread, self)) + if (cas_ptr(&this->thread, self, self)) { this->times++; } else { lock(&this->generic); - this->thread = self; + cas_ptr(&this->thread, NULL, self); this->times = 1; } } @@ -144,7 +145,7 @@ METHOD(mutex_t, unlock_r, void, { if (--this->times == 0) { - memset(&this->thread, 0, sizeof(this->thread)); + cas_ptr(&this->thread, thread_current(), NULL); unlock(&this->generic); } } @@ -220,14 +221,15 @@ METHOD(condvar_t, wait_, void, if (mutex->recursive) { private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; + thread_t *self = thread_current(); u_int times; /* keep track of the number of times this thread locked the mutex */ times = recursive->times; /* mutex owner gets cleared during condvar wait */ - memset(&recursive->thread, 0, sizeof(recursive->thread)); + cas_ptr(&recursive->thread, self, NULL); pthread_cond_wait(&this->condvar, &mutex->mutex); - recursive->thread = pthread_self(); + cas_ptr(&recursive->thread, NULL, self); recursive->times = times; } else @@ -253,13 +255,14 @@ METHOD(condvar_t, timed_wait_abs, bool, if (mutex->recursive) { private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; + thread_t *self = thread_current(); u_int times; times = recursive->times; - memset(&recursive->thread, 0, sizeof(recursive->thread)); + cas_ptr(&recursive->thread, self, NULL); timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex, &ts) == ETIMEDOUT; - recursive->thread = pthread_self(); + cas_ptr(&recursive->thread, NULL, self); recursive->times = times; } else diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h index 8d3c30e9b..6abb83411 100644 --- a/src/libstrongswan/threading/thread.h +++ b/src/libstrongswan/threading/thread.h @@ -189,4 +189,32 @@ void threads_init(); */ void threads_deinit(); + +#ifdef __APPLE__ + +/* + * While select() is a cancellation point, it seems that OS X does not honor + * pending cancellation points when entering the function. We manually test for + * and honor pending cancellation requests, but this obviously can't prevent + * some race conditions where the the cancellation happens after the check, + * but before the select. + */ +static inline int precancellable_select(int nfds, fd_set *restrict readfds, + fd_set *restrict writefds, fd_set *restrict errorfds, + struct timeval *restrict timeout) +{ + if (thread_cancelability(TRUE)) + { + thread_cancellation_point(); + } + else + { + thread_cancelability(FALSE); + } + return select(nfds, readfds, writefds, errorfds, timeout); +} +#define select precancellable_select + +#endif /* __APPLE__ */ + #endif /** THREADING_THREAD_H_ @} */ diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index e694caec7..6dd68d60e 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -319,6 +319,7 @@ static bfd_entry_t *get_bfd_entry(char *filename) if (size == 0) { size = bfd_get_dynamic_symtab_upper_bound(entry->abfd); + dynamic = TRUE; } if (size >= 0) { diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 1a9674f4d..4b24b37c2 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -990,6 +990,37 @@ u_int32_t chunk_hash_static(chunk_t chunk) /** * Described in header. */ +u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) +{ + u_int32_t sum = ntohs(~checksum); + + while (data.len > 1) + { + sum += untoh16(data.ptr); + data = chunk_skip(data, 2); + } + if (data.len) + { + sum += (u_int16_t)*data.ptr << 8; + } + while (sum >> 16) + { + sum = (sum & 0xffff) + (sum >> 16); + } + return htons(~sum); +} + +/** + * Described in header. + */ +u_int16_t chunk_internet_checksum(chunk_t data) +{ + return chunk_internet_checksum_inc(data, 0xffff); +} + +/** + * Described in header. + */ int chunk_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, const void *const *args) { diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 9951ff31f..48405b77e 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -412,6 +412,31 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash); u_int64_t chunk_mac(chunk_t chunk, u_char *key); /** + * Calculate the Internet Checksum according to RFC 1071 for the given chunk. + * + * If the result is used with chunk_internet_checksum_inc() and the data length + * is not a multiple of 16 bit the checksum bytes have to be swapped to + * compensate the even/odd alignment. + * + * @param data data to process + * @return checksum (one's complement, network order) + */ +u_int16_t chunk_internet_checksum(chunk_t data); + +/** + * Extend the given Internet Checksum (one's complement, in network byte order) + * with the given data. + * + * If data is not a multiple of 16 bits the checksum may have to be swapped to + * compensate even/odd alignment (see chunk_internet_checksum()). + * + * @param data data to process + * @param checksum previous checksum (one's complement, network order) + * @return checksum (one's complement, network order) + */ +u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum); + +/** * printf hook function for chunk_t. * * Arguments are: diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index a2bca193d..bc8432aea 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -561,6 +561,8 @@ char *whitelist[] = { "ECDSA_do_sign_ex", "ECDSA_verify", "RSA_new_method", + /* OpenSSL libssl */ + "SSL_COMP_get_compression_methods", /* NSPR */ "PR_CallOnce", /* libapr */ diff --git a/src/libstrongswan/utils/process.c b/src/libstrongswan/utils/process.c new file mode 100644 index 000000000..c863bdd10 --- /dev/null +++ b/src/libstrongswan/utils/process.c @@ -0,0 +1,592 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/* vasprintf() */ +#define _GNU_SOURCE +#include "process.h" + +#include <library.h> +#include <utils/debug.h> + +#include <fcntl.h> +#include <stdio.h> +#include <stdarg.h> + +typedef struct private_process_t private_process_t; + +/** + * Ends of a pipe() + */ +enum { + PIPE_READ = 0, + PIPE_WRITE = 1, + PIPE_ENDS, +}; + +#ifndef WIN32 + +#include <unistd.h> +#include <errno.h> +#include <sys/wait.h> +#include <signal.h> + +/** + * Private data of an process_t object. + */ +struct private_process_t { + + /** + * Public process_t interface. + */ + process_t public; + + /** + * child stdin pipe + */ + int in[PIPE_ENDS]; + + /** + * child stdout pipe + */ + int out[PIPE_ENDS]; + + /** + * child stderr pipe + */ + int err[PIPE_ENDS]; + + /** + * child process + */ + int pid; +}; + +/** + * Close a file descriptor if it is not -1 + */ +static void close_if(int *fd) +{ + if (*fd != -1) + { + close(*fd); + *fd = -1; + } +} + +/** + * Destroy a process structure, close all pipes + */ +static void process_destroy(private_process_t *this) +{ + close_if(&this->in[PIPE_READ]); + close_if(&this->in[PIPE_WRITE]); + close_if(&this->out[PIPE_READ]); + close_if(&this->out[PIPE_WRITE]); + close_if(&this->err[PIPE_READ]); + close_if(&this->err[PIPE_WRITE]); + free(this); +} + +METHOD(process_t, wait_, bool, + private_process_t *this, int *code) +{ + int status, ret; + + ret = waitpid(this->pid, &status, 0); + process_destroy(this); + if (ret == -1) + { + return FALSE; + } + if (!WIFEXITED(status)) + { + return FALSE; + } + if (code) + { + *code = WEXITSTATUS(status); + } + return TRUE; +} + +/** + * See header + */ +process_t* process_start(char *const argv[], char *const envp[], + int *in, int *out, int *err, bool close_all) +{ + private_process_t *this; + char *empty[] = { NULL }; + + INIT(this, + .public = { + .wait = _wait_, + }, + .in = { -1, -1 }, + .out = { -1, -1 }, + .err = { -1, -1 }, + ); + + if (in && pipe(this->in) != 0) + { + DBG1(DBG_LIB, "creating stdin pipe failed: %s", strerror(errno)); + process_destroy(this); + return NULL; + } + if (out && pipe(this->out) != 0) + { + DBG1(DBG_LIB, "creating stdout pipe failed: %s", strerror(errno)); + process_destroy(this); + return NULL; + } + if (err && pipe(this->err) != 0) + { + DBG1(DBG_LIB, "creating stderr pipe failed: %s", strerror(errno)); + process_destroy(this); + return NULL; + } + + this->pid = fork(); + switch (this->pid) + { + case -1: + DBG1(DBG_LIB, "forking process failed: %s", strerror(errno)); + process_destroy(this); + return NULL; + case 0: + /* child */ + close_if(&this->in[PIPE_WRITE]); + close_if(&this->out[PIPE_READ]); + close_if(&this->err[PIPE_READ]); + if (this->in[PIPE_READ] != -1) + { + if (dup2(this->in[PIPE_READ], 0) == -1) + { + raise(SIGKILL); + } + } + if (this->out[PIPE_WRITE] != -1) + { + if (dup2(this->out[PIPE_WRITE], 1) == -1) + { + raise(SIGKILL); + } + } + if (this->err[PIPE_WRITE] != -1) + { + if (dup2(this->err[PIPE_WRITE], 2) == -1) + { + raise(SIGKILL); + } + } + if (close_all) + { + closefrom(3); + } + if (execve(argv[0], argv, envp ?: empty) == -1) + { + raise(SIGKILL); + } + /* not reached */ + default: + /* parent */ + close_if(&this->in[PIPE_READ]); + close_if(&this->out[PIPE_WRITE]); + close_if(&this->err[PIPE_WRITE]); + if (in) + { + *in = this->in[PIPE_WRITE]; + this->in[PIPE_WRITE] = -1; + } + if (out) + { + *out = this->out[PIPE_READ]; + this->out[PIPE_READ] = -1; + } + if (err) + { + *err = this->err[PIPE_READ]; + this->err[PIPE_READ] = -1; + } + return &this->public; + } +} + +/** + * See header + */ +process_t* process_start_shell(char *const envp[], int *in, int *out, int *err, + char *fmt, ...) +{ + char *argv[] = { + "/bin/sh", + "-c", + NULL, + NULL + }; + process_t *process; + va_list args; + int len; + + va_start(args, fmt); + len = vasprintf(&argv[2], fmt, args); + va_end(args); + if (len < 0) + { + return NULL; + } + + process = process_start(argv, envp, in, out, err, TRUE); + free(argv[2]); + return process; +} + +#else /* WIN32 */ + +/** + * Private data of an process_t object. + */ +struct private_process_t { + + /** + * Public process_t interface. + */ + process_t public; + + /** + * child stdin pipe + */ + HANDLE in[PIPE_ENDS]; + + /** + * child stdout pipe + */ + HANDLE out[PIPE_ENDS]; + + /** + * child stderr pipe + */ + HANDLE err[PIPE_ENDS]; + + /** + * child process information + */ + PROCESS_INFORMATION pi; +}; + +/** + * Clean up state associated to child process + */ +static void process_destroy(private_process_t *this) +{ + if (this->in[PIPE_READ]) + { + CloseHandle(this->in[PIPE_READ]); + } + if (this->in[PIPE_WRITE]) + { + CloseHandle(this->in[PIPE_WRITE]); + } + if (this->out[PIPE_READ]) + { + CloseHandle(this->out[PIPE_READ]); + } + if (this->out[PIPE_WRITE]) + { + CloseHandle(this->out[PIPE_WRITE]); + } + if (this->err[PIPE_READ]) + { + CloseHandle(this->err[PIPE_READ]); + } + if (this->err[PIPE_WRITE]) + { + CloseHandle(this->err[PIPE_WRITE]); + } + if (this->pi.hProcess) + { + CloseHandle(this->pi.hProcess); + CloseHandle(this->pi.hThread); + } + free(this); +} + +METHOD(process_t, wait_, bool, + private_process_t *this, int *code) +{ + DWORD ec; + + if (WaitForSingleObject(this->pi.hProcess, INFINITE) != WAIT_OBJECT_0) + { + DBG1(DBG_LIB, "waiting for child process failed: 0x%08x", + GetLastError()); + process_destroy(this); + return FALSE; + } + if (code) + { + if (!GetExitCodeProcess(this->pi.hProcess, &ec)) + { + DBG1(DBG_LIB, "getting child process exit code failed: 0x%08x", + GetLastError()); + process_destroy(this); + return FALSE; + } + *code = ec; + } + process_destroy(this); + return TRUE; +} + +/** + * Append a command line argument to buf, optionally quoted + */ +static void append_arg(char *buf, u_int len, char *arg, char *quote) +{ + char *space = ""; + int current; + + current = strlen(buf); + if (current) + { + space = " "; + } + snprintf(buf + current, len - current, "%s%s%s%s", space, quote, arg, quote); +} + +/** + * Append a null-terminate env string to buf + */ +static void append_env(char *buf, u_int len, char *env) +{ + char *pos = buf; + int current; + + while (TRUE) + { + pos += strlen(pos); + if (!pos[1]) + { + if (pos == buf) + { + current = 0; + } + else + { + current = pos - buf + 1; + } + snprintf(buf + current, len - current, "%s", env); + break; + } + pos++; + } +} + +/** + * See header + */ +process_t* process_start(char *const argv[], char *const envp[], + int *in, int *out, int *err, bool close_all) +{ + private_process_t *this; + char arg[32768], env[32768]; + SECURITY_ATTRIBUTES sa = { + .nLength = sizeof(SECURITY_ATTRIBUTES), + .bInheritHandle = TRUE, + }; + STARTUPINFO sui = { + .cb = sizeof(STARTUPINFO), + }; + int i; + + memset(arg, 0, sizeof(arg)); + memset(env, 0, sizeof(env)); + + for (i = 0; argv[i]; i++) + { + if (!strchr(argv[i], ' ')) + { /* no spaces, fine for appending */ + append_arg(arg, sizeof(arg) - 1, argv[i], ""); + } + else if (argv[i][0] == '"' && + argv[i][strlen(argv[i]) - 1] == '"' && + strchr(argv[i] + 1, '"') == argv[i] + strlen(argv[i]) - 1) + { /* already properly quoted */ + append_arg(arg, sizeof(arg) - 1, argv[i], ""); + } + else if (strchr(argv[i], ' ') && !strchr(argv[i], '"')) + { /* spaces, but no quotes; append quoted */ + append_arg(arg, sizeof(arg) - 1, argv[i], "\""); + } + else + { + DBG1(DBG_LIB, "invalid command line argument: %s", argv[i]); + return NULL; + } + } + if (envp) + { + for (i = 0; envp[i]; i++) + { + append_env(env, sizeof(env) - 1, envp[i]); + } + } + + INIT(this, + .public = { + .wait = _wait_, + }, + ); + + if (in) + { + sui.dwFlags = STARTF_USESTDHANDLES; + if (!CreatePipe(&this->in[PIPE_READ], &this->in[PIPE_WRITE], &sa, 0)) + { + process_destroy(this); + return NULL; + } + if (!SetHandleInformation(this->in[PIPE_WRITE], HANDLE_FLAG_INHERIT, 0)) + { + process_destroy(this); + return NULL; + } + sui.hStdInput = this->in[PIPE_READ]; + *in = _open_osfhandle((uintptr_t)this->in[PIPE_WRITE], 0); + if (*in == -1) + { + process_destroy(this); + return NULL; + } + } + if (out) + { + sui.dwFlags = STARTF_USESTDHANDLES; + if (!CreatePipe(&this->out[PIPE_READ], &this->out[PIPE_WRITE], &sa, 0)) + { + process_destroy(this); + return NULL; + } + if (!SetHandleInformation(this->out[PIPE_READ], HANDLE_FLAG_INHERIT, 0)) + { + process_destroy(this); + return NULL; + } + sui.hStdOutput = this->out[PIPE_WRITE]; + *out = _open_osfhandle((uintptr_t)this->out[PIPE_READ], 0); + if (*out == -1) + { + process_destroy(this); + return NULL; + } + } + if (err) + { + sui.dwFlags = STARTF_USESTDHANDLES; + if (!CreatePipe(&this->err[PIPE_READ], &this->err[PIPE_WRITE], &sa, 0)) + { + process_destroy(this); + return NULL; + } + if (!SetHandleInformation(this->err[PIPE_READ], HANDLE_FLAG_INHERIT, 0)) + { + process_destroy(this); + return NULL; + } + sui.hStdError = this->err[PIPE_WRITE]; + *err = _open_osfhandle((uintptr_t)this->err[PIPE_READ], 0); + if (*err == -1) + { + process_destroy(this); + return NULL; + } + } + + if (!CreateProcess(argv[0], arg, NULL, NULL, TRUE, + NORMAL_PRIORITY_CLASS, env, NULL, &sui, &this->pi)) + { + DBG1(DBG_LIB, "creating process '%s' failed: 0x%08x", + argv[0], GetLastError()); + process_destroy(this); + return NULL; + } + + /* close child process end of pipes */ + if (this->in[PIPE_READ]) + { + CloseHandle(this->in[PIPE_READ]); + this->in[PIPE_READ] = NULL; + } + if (this->out[PIPE_WRITE]) + { + CloseHandle(this->out[PIPE_WRITE]); + this->out[PIPE_WRITE] = NULL; + } + if (this->err[PIPE_WRITE]) + { + CloseHandle(this->err[PIPE_WRITE]); + this->err[PIPE_WRITE] = NULL; + } + /* our side gets closed over the osf_handle closed by caller */ + this->in[PIPE_WRITE] = NULL; + this->out[PIPE_READ] = NULL; + this->err[PIPE_READ] = NULL; + return &this->public; +} + +/** + * See header + */ +process_t* process_start_shell(char *const envp[], int *in, int *out, int *err, + char *fmt, ...) +{ + char path[MAX_PATH], *exe = "system32\\cmd.exe"; + char *argv[] = { + path, + "/C", + NULL, + NULL + }; + process_t *process; + va_list args; + int len; + + len = GetSystemWindowsDirectory(path, sizeof(path)); + if (len == 0 || len >= sizeof(path) - strlen(exe)) + { + DBG1(DBG_LIB, "resolving Windows directory failed: 0x%08x", + GetLastError()); + return NULL; + } + if (path[len + 1] != '\\') + { + strncat(path, "\\", sizeof(path) - len++); + } + strncat(path, exe, sizeof(path) - len); + + va_start(args, fmt); + len = vasprintf(&argv[2], fmt, args); + va_end(args); + if (len < 0) + { + return NULL; + } + + process = process_start(argv, envp, in, out, err, TRUE); + free(argv[2]); + return process; +} + +#endif /* WIN32 */ diff --git a/src/libstrongswan/utils/process.h b/src/libstrongswan/utils/process.h new file mode 100644 index 000000000..81719201c --- /dev/null +++ b/src/libstrongswan/utils/process.h @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup process process + * @{ @ingroup utils + */ + +#ifndef PROCESS_H_ +#define PROCESS_H_ + +#include <utils/utils.h> + +typedef struct process_t process_t; + +/** + * Child process spawning abstraction + */ +struct process_t { + + /** + * Wait for a started process to terminate. + * + * The process object gets destroyed by this call, regardless of the + * return value. + * + * The returned code is the exit code, not the status returned by waitpid(). + * If the program could not be executed or has terminated abnormally + * (by signals etc.), FALSE is returned. + * + * @param code process exit code, set only if TRUE returned + * @return TRUE if program exited normally through exit() + */ + bool (*wait)(process_t *this, int *code); +}; + +/** + * Spawn a child process with redirected I/O. + * + * Forks the current process, optionally redirects stdin/out/err to the current + * process, and executes the provided program with arguments. + * + * The process to execute is specified as argv[0], followed by the process + * arguments, followed by NULL. envp[] has a NULL terminated list of arguments + * to invoke the process with. + * + * If any of in/out/err is given, stdin/out/err from the child process get + * connected over pipe()s to the caller. If close_all is TRUE, all other + * open file descriptors get closed, regardless of any CLOEXEC setting. + * + * A caller must close all of the returned file descriptors to avoid file + * descriptor leaks. + * + * A non-NULL return value does not guarantee that the process has been + * invoked successfully. + * + * @param argv NULL terminated process arguments, with argv[0] as program + * @param envp NULL terminated list of environment variables + * @param in pipe fd returned for redirecting data to child stdin + * @param out pipe fd returned to redirect child stdout data to + * @param err pipe fd returned to redirect child stderr data to + * @param close_all close all open file descriptors above 2 before execve() + * @return process, NULL on failure + */ +process_t* process_start(char *const argv[], char *const envp[], + int *in, int *out, int *err, bool close_all); + +/** + * Spawn a command in a shell child process. + * + * Same as process_start(), but passes a single command to a shell, such as + * "sh -c". See process_start() for I/O redirection notes. + * + * @param envp NULL terminated list of environment variables + * @param in pipe fd returned for redirecting data to child stdin + * @param out pipe fd returned to redirect child stdout data to + * @param err pipe fd returned to redirect child stderr data to + * @param fmt printf format string for command + * @param ... arguments for fmt + * @return process, NULL on failure + */ +process_t* process_start_shell(char *const envp[], int *in, int *out, int *err, + char *fmt, ...); + +#endif /** PROCESS_H_ @}*/ diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 1b822dd61..da253cc35 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -60,6 +60,20 @@ #define BUF_LEN 512 /** + * Build assertion macro for integer expressions, evaluates to 0 + */ +#define BUILD_ASSERT(x) (sizeof(char[(x) ? 0 : -1])) + +/** + * Build time check to assert a is an array, evaluates to 0 + * + * The address of an array element has a pointer type, which is not compatible + * to the array type. + */ +#define BUILD_ASSERT_ARRAY(a) \ + BUILD_ASSERT(!__builtin_types_compatible_p(typeof(a), typeof(&(a)[0]))) + +/** * General purpose boolean type. */ #ifdef HAVE_STDBOOL_H @@ -342,7 +356,8 @@ static inline void *memset_noop(void *s, int c, size_t n) /** * Get the number of elements in an array */ -#define countof(array) (sizeof(array)/sizeof(array[0])) +#define countof(array) (sizeof(array)/sizeof((array)[0]) \ + + BUILD_ASSERT_ARRAY(array)) /** * Ignore result of functions tagged with warn_unused_result attributes diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 85f13d0c8..426d8bcb3 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -284,6 +284,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -344,6 +345,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -409,6 +411,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -456,6 +460,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index bbc364970..2e44fb4a5 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c index 1d0779dc0..67cfd3a75 100644 --- a/src/libtls/tls_aead.c +++ b/src/libtls/tls_aead.c @@ -82,6 +82,7 @@ METHOD(tls_aead_t, encrypt, bool, assoc = chunk_from_thing(hdr); if (!this->aead->encrypt(this->aead, plain, assoc, iv, NULL)) { + chunk_free(&encrypted); return FALSE; } chunk_free(data); diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c index 5e4d33e14..80b0db38c 100644 --- a/src/libtls/tls_aead_expl.c +++ b/src/libtls/tls_aead_expl.c @@ -91,7 +91,6 @@ METHOD(tls_aead_t, encrypt, bool, /* encrypt inline */ if (!this->crypter->encrypt(this->crypter, *data, iv, NULL)) { - free(data->ptr); return FALSE; } /* prepend IV */ @@ -106,6 +105,7 @@ METHOD(tls_aead_t, decrypt, bool, chunk_t assoc, mac, iv; u_int8_t bs, padlen; sigheader_t hdr; + size_t i; iv.len = this->crypter->get_iv_size(this->crypter); if (data->len < iv.len) @@ -126,6 +126,13 @@ METHOD(tls_aead_t, decrypt, bool, padlen = data->ptr[data->len - 1]; if (padlen < data->len) { /* If padding looks valid, remove it */ + for (i = data->len - padlen - 1; i < data->len - 1; i++) + { + if (data->ptr[i] != padlen) + { + return FALSE; + } + } data->len -= padlen + 1; } diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c index fb14026e0..d529ceba7 100644 --- a/src/libtls/tls_aead_impl.c +++ b/src/libtls/tls_aead_impl.c @@ -100,6 +100,7 @@ METHOD(tls_aead_t, decrypt, bool, chunk_t assoc, mac, iv; u_int8_t bs, padlen; sigheader_t hdr; + size_t i; bs = this->crypter->get_block_size(this->crypter); if (data->len < bs || data->len < this->iv.len || data->len % bs) @@ -116,6 +117,13 @@ METHOD(tls_aead_t, decrypt, bool, padlen = data->ptr[data->len - 1]; if (padlen < data->len) { /* If padding looks valid, remove it */ + for (i = data->len - padlen - 1; i < data->len - 1; i++) + { + if (data->ptr[i] != padlen) + { + return FALSE; + } + } data->len -= padlen + 1; } diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index d3c0196d9..b0bfdf20d 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -289,6 +289,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -349,6 +350,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -414,6 +416,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -461,6 +465,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 3ba06f965..2b76aabe6 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index 97c05c127..06e7b0480 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index adbbf6cf0..8910fe761 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index 92f3b087a..ea6ac5546 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 230440b87..90c804710 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -248,6 +248,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -308,6 +309,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -373,6 +375,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -420,6 +424,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index ee3f72d1e..6a03df994 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index ee54a68b7..efa06b927 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -199,6 +199,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -259,6 +260,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -324,6 +326,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -371,6 +375,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 00575262c..79ee9c7b8 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -251,6 +251,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -311,6 +312,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -376,6 +378,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -423,6 +427,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index a895b0256..3de9153cf 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 8349a77f8..5f7a1bc26 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index 4c0efd5a7..c288015de 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -187,6 +187,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -247,6 +248,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -312,6 +314,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -359,6 +363,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 54a1a8491..4f753a0bb 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index efbba98d2..7ee25c007 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 8b41ae25e..a8d45b54f 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -227,7 +227,7 @@ static void init() options = options_create(); lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features, - countof(features), TRUE); + countof(features), TRUE, NULL, NULL); if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS))) { diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 27a6b8220..6a947efa6 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 8beb47c30..88d362f6c 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -277,6 +277,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -337,6 +338,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -402,6 +404,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -449,6 +453,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/starter/confread.c b/src/starter/confread.c index 17dca66a1..de9099a1b 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -658,6 +658,7 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg, static void confread_free_ca(starter_ca_t *ca) { free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca); + free(ca); } /* @@ -668,6 +669,7 @@ static void confread_free_conn(starter_conn_t *conn) free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left); free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right); free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn); + free(conn); } /* @@ -686,7 +688,6 @@ void confread_free(starter_config_t *cfg) conn = conn->next; confread_free_conn(conn_aux); - free(conn_aux); } while (ca != NULL) @@ -695,7 +696,6 @@ void confread_free(starter_config_t *cfg) ca = ca->next; confread_free_ca(ca_aux); - free(ca_aux); } free(cfg); @@ -746,6 +746,9 @@ starter_config_t* confread_load(const char *file) if (cfg->err > previous_err) { + total_err = cfg->err - previous_err; + DBG1(DBG_APP, "# ignored ca '%s' due to %d parsing error%s", name, + total_err, (total_err > 1) ? "s" : ""); confread_free_ca(ca); cfg->non_fatal_err += cfg->err - previous_err; cfg->err = previous_err; @@ -784,6 +787,9 @@ starter_config_t* confread_load(const char *file) if (cfg->err > previous_err) { + total_err = cfg->err - previous_err; + DBG1(DBG_APP, "# ignored conn '%s' due to %d parsing error%s", name, + total_err, (total_err > 1) ? "s" : ""); confread_free_conn(conn); cfg->non_fatal_err += cfg->err - previous_err; cfg->err = previous_err; diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index d981f6c17..5d95305cb 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -201,6 +201,15 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) default: /* father */ _charon_pid = pid; + while (attach_gdb) + { + /* wait indefinitely if gdb is attached */ + usleep(10000); + if (stat(pid_file, &stb) == 0) + { + return 0; + } + } for (i = 0; i < 500 && _charon_pid; i++) { /* wait for charon for a maximum of 500 x 20 ms = 10 s */ diff --git a/src/starter/starter.c b/src/starter/starter.c index ef5780843..74b5b5286 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -261,10 +261,14 @@ static void fatal_signal_handler(int signal) #ifdef GENERATE_SELFCERT static void generate_selfcert() { + const char *secrets_file; struct stat stb; + secrets_file = lib->settings->get_str(lib->settings, + "charon.plugins.stroke.secrets_file", SECRETS_FILE); + /* if ipsec.secrets file is missing then generate RSA default key pair */ - if (stat(SECRETS_FILE, &stb) != 0) + if (stat(secrets_file, &stb) != 0) { mode_t oldmask; FILE *f; @@ -302,7 +306,7 @@ static void generate_selfcert() /* ipsec.secrets is root readable only */ oldmask = umask(0066); - f = fopen(SECRETS_FILE, "w"); + f = fopen(secrets_file, "w"); if (f) { fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); @@ -310,7 +314,7 @@ static void generate_selfcert() fprintf(f, ": RSA myKey.der\n"); fclose(f); } - ignore_result(chown(SECRETS_FILE, uid, gid)); + ignore_result(chown(secrets_file, uid, gid)); umask(oldmask); } } @@ -485,7 +489,8 @@ int main (int argc, char **argv) } if (!config_file) { - config_file = CONFIG_FILE; + config_file = lib->settings->get_str(lib->settings, + "starter.config_file", CONFIG_FILE); } init_log("ipsec_starter"); @@ -612,7 +617,6 @@ int main (int argc, char **argv) int fnull; close_log(); - closefrom(3); fnull = open("/dev/null", O_RDWR); if (fnull >= 0) diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index c72f23e34..d42a0d286 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 1741b6403..9c041dfbf 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 385737ad4..b84d70587 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -10,12 +10,14 @@ swanctl_SOURCES = \ commands/list_conns.c \ commands/list_certs.c \ commands/list_pools.c \ - commands/load_conns.c \ - commands/load_creds.c \ - commands/load_pools.c \ + commands/load_all.c \ + commands/load_conns.c commands/load_conns.h \ + commands/load_creds.c commands/load_creds.h \ + commands/load_pools.c commands/load_pools.h \ commands/log.c \ commands/version.c \ commands/stats.c \ + commands/reload_settings.c \ swanctl.c swanctl.h swanctl_LDADD = \ @@ -44,7 +46,7 @@ CLEANFILES = $(man_MANS) swanctl.conf.5.main: swanctl.opt $(AM_V_GEN) \ - $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@ + $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@ swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail $(AM_V_GEN) \ @@ -54,7 +56,7 @@ maintainer-clean-local: cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main install-data-local: swanctl.conf - test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" + test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index 149159770..649e6d8ae 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -108,10 +108,11 @@ am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \ commands/terminate.$(OBJEXT) commands/install.$(OBJEXT) \ commands/list_sas.$(OBJEXT) commands/list_pols.$(OBJEXT) \ commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \ - commands/list_pools.$(OBJEXT) commands/load_conns.$(OBJEXT) \ - commands/load_creds.$(OBJEXT) commands/load_pools.$(OBJEXT) \ - commands/log.$(OBJEXT) commands/version.$(OBJEXT) \ - commands/stats.$(OBJEXT) swanctl.$(OBJEXT) + commands/list_pools.$(OBJEXT) commands/load_all.$(OBJEXT) \ + commands/load_conns.$(OBJEXT) commands/load_creds.$(OBJEXT) \ + commands/load_pools.$(OBJEXT) commands/log.$(OBJEXT) \ + commands/version.$(OBJEXT) commands/stats.$(OBJEXT) \ + commands/reload_settings.$(OBJEXT) swanctl.$(OBJEXT) swanctl_OBJECTS = $(am_swanctl_OBJECTS) swanctl_DEPENDENCIES = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ @@ -243,6 +244,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ @@ -303,6 +305,7 @@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ RUBYINCLUDE = @RUBYINCLUDE@ RUBYLIB = @RUBYLIB@ SED = @SED@ @@ -368,6 +371,8 @@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -415,6 +420,10 @@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ target_alias = @target_alias@ @@ -434,12 +443,14 @@ swanctl_SOURCES = \ commands/list_conns.c \ commands/list_certs.c \ commands/list_pools.c \ - commands/load_conns.c \ - commands/load_creds.c \ - commands/load_pools.c \ + commands/load_all.c \ + commands/load_conns.c commands/load_conns.h \ + commands/load_creds.c commands/load_creds.h \ + commands/load_pools.c commands/load_pools.h \ commands/log.c \ commands/version.c \ commands/stats.c \ + commands/reload_settings.c \ swanctl.c swanctl.h swanctl_LDADD = \ @@ -571,6 +582,8 @@ commands/list_certs.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/list_pools.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) +commands/load_all.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) commands/load_conns.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/load_creds.$(OBJEXT): commands/$(am__dirstamp) \ @@ -583,6 +596,8 @@ commands/version.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/stats.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) +commands/reload_settings.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) swanctl$(EXEEXT): $(swanctl_OBJECTS) $(swanctl_DEPENDENCIES) $(EXTRA_swanctl_DEPENDENCIES) @rm -f swanctl$(EXEEXT) @@ -604,10 +619,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_pols.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_pools.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_sas.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_all.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_conns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_creds.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_pools.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/reload_settings.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/stats.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/terminate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/version.Po@am__quote@ @@ -955,7 +972,7 @@ swanctl.o : $(top_builddir)/config.status swanctl.conf.5.main: swanctl.opt $(AM_V_GEN) \ - $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@ + $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@ swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail $(AM_V_GEN) \ @@ -965,7 +982,7 @@ maintainer-clean-local: cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main install-data-local: swanctl.conf - test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" + test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/command.c b/src/swanctl/command.c index e488273bf..1c079ec3a 100644 --- a/src/swanctl/command.c +++ b/src/swanctl/command.c @@ -220,7 +220,7 @@ int command_usage(char *error, ...) { for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++) { - fprintf(out, " swanctl --%-10s (-%c) %s\n", + fprintf(out, " swanctl --%-15s (-%c) %s\n", cmds[i].cmd, cmds[i].op, cmds[i].description); } } @@ -267,9 +267,10 @@ static int call_command(command_t *cmd) conn = vici_connect(uri); if (!conn) { + ret = errno; command_usage("connecting to '%s' URI failed: %s", uri ?: "default", strerror(errno)); - return errno; + return ret; } ret = cmd->call(conn); vici_disconnect(conn); diff --git a/src/swanctl/command.h b/src/swanctl/command.h index 8510fa44d..2d78a24da 100644 --- a/src/swanctl/command.h +++ b/src/swanctl/command.h @@ -27,7 +27,7 @@ /** * Maximum number of commands (+1). */ -#define MAX_COMMANDS 16 +#define MAX_COMMANDS 18 /** * Maximum number of options in a command (+3) diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c index 080dc4131..eb7b6adbd 100644 --- a/src/swanctl/commands/initiate.c +++ b/src/swanctl/commands/initiate.c @@ -71,8 +71,9 @@ static int initiate(vici_conn_t *conn) if (vici_register(conn, "control-log", log_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("initiate"); if (child) @@ -87,8 +88,9 @@ static int initiate(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "initiate request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/install.c b/src/swanctl/commands/install.c index e8727d573..59c5c24ab 100644 --- a/src/swanctl/commands/install.c +++ b/src/swanctl/commands/install.c @@ -55,8 +55,9 @@ static int manage_policy(vici_conn_t *conn, char *label) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "%s request failed: %s\n", label, strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/list_certs.c b/src/swanctl/commands/list_certs.c index bee5fda27..ecb65289a 100644 --- a/src/swanctl/commands/list_certs.c +++ b/src/swanctl/commands/list_certs.c @@ -590,6 +590,7 @@ static int list_certs(vici_conn_t *conn) vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *subject = NULL, *type = NULL; + int ret; while (TRUE) { @@ -621,9 +622,10 @@ static int list_certs(vici_conn_t *conn) } if (vici_register(conn, "list-cert", list_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for certificates failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("list-certs"); if (type) @@ -637,8 +639,9 @@ static int list_certs(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "list-certs request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c index ec5da4bef..31ab9c40a 100644 --- a/src/swanctl/commands/list_conns.c +++ b/src/swanctl/commands/list_conns.c @@ -183,6 +183,7 @@ static int list_conns(vici_conn_t *conn) vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg; + int ret; while (TRUE) { @@ -205,16 +206,18 @@ static int list_conns(vici_conn_t *conn) } if (vici_register(conn, "list-conn", list_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for connections failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("list-conns"); res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "list-conns request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/list_pols.c b/src/swanctl/commands/list_pols.c index 2317b2542..f2ae22172 100644 --- a/src/swanctl/commands/list_pols.c +++ b/src/swanctl/commands/list_pols.c @@ -116,6 +116,7 @@ static int list_pols(vici_conn_t *conn) bool trap = FALSE, drop = FALSE, pass = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL; + int ret; while (TRUE) { @@ -154,9 +155,10 @@ static int list_pols(vici_conn_t *conn) } if (vici_register(conn, "list-policy", list_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for policies failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("list-policies"); if (child) @@ -178,8 +180,9 @@ static int list_pols(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "list-policies request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/list_pools.c b/src/swanctl/commands/list_pools.c index 17ea539a9..155771657 100644 --- a/src/swanctl/commands/list_pools.c +++ b/src/swanctl/commands/list_pools.c @@ -68,8 +68,9 @@ static int list_pools(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "get-pools request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c index 80c279ce8..35e7469a9 100644 --- a/src/swanctl/commands/list_sas.c +++ b/src/swanctl/commands/list_sas.c @@ -283,7 +283,7 @@ static int list_sas(vici_conn_t *conn) bool noblock = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *ike = NULL; - int ike_id = 0; + int ike_id = 0, ret; while (TRUE) { @@ -315,8 +315,9 @@ static int list_sas(vici_conn_t *conn) } if (vici_register(conn, "list-sa", list_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for SAs failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("list-sas"); if (ike) @@ -334,8 +335,9 @@ static int list_sas(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "list-sas request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c new file mode 100644 index 000000000..f47fee5b4 --- /dev/null +++ b/src/swanctl/commands/load_all.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <errno.h> +#include <unistd.h> +#include <sys/stat.h> + +#include "command.h" +#include "swanctl.h" +#include "load_creds.h" +#include "load_pools.h" +#include "load_conns.h" + +static int load_all(vici_conn_t *conn) +{ + bool clear = FALSE, noprompt = FALSE; + command_format_options_t format = COMMAND_FORMAT_NONE; + settings_t *cfg; + int ret = 0; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'c': + clear = TRUE; + continue; + case 'n': + noprompt = TRUE; + continue; + case 'P': + format |= COMMAND_FORMAT_PRETTY; + /* fall through to raw */ + case 'r': + format |= COMMAND_FORMAT_RAW; + continue; + case EOF: + break; + default: + return command_usage("invalid --load-all option"); + } + break; + } + + cfg = settings_create(SWANCTL_CONF); + if (!cfg) + { + fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + return EINVAL; + } + + if (ret == 0) + { + ret = load_creds_cfg(conn, format, cfg, clear, noprompt); + } + if (ret == 0) + { + ret = load_pools_cfg(conn, format, cfg); + } + if (ret == 0) + { + ret = load_conns_cfg(conn, format, cfg); + } + + cfg->destroy(cfg); + + return ret; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + load_all, 'q', "load-all", "load credentials, pools and connections", + {"[--raw|--pretty] [--clear] [--noprompt]"}, + { + {"help", 'h', 0, "show usage information"}, + {"clear", 'c', 0, "clear previously loaded credentials"}, + {"noprompt", 'n', 0, "do not prompt for passwords"}, + {"raw", 'r', 0, "dump raw response message"}, + {"pretty", 'P', 0, "dump raw response message in pretty print"}, + } + }); +} diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index 7383f7a1e..de30d8eb4 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -20,6 +20,7 @@ #include "command.h" #include "swanctl.h" +#include "load_conns.h" /** * Check if we should handle a key as a list of comma separated values @@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name, return ret; } -static int load_conns(vici_conn_t *conn) +/** + * See header. + */ +int load_conns_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg) { u_int found = 0, loaded = 0, unloaded = 0; - command_format_options_t format = COMMAND_FORMAT_NONE; - char *arg, *section; + char *section; enumerator_t *enumerator; linked_list_t *conns; - settings_t *cfg; - - while (TRUE) - { - switch (command_getopt(&arg)) - { - case 'h': - return command_usage(NULL); - case 'P': - format |= COMMAND_FORMAT_PRETTY; - /* fall through to raw */ - case 'r': - format |= COMMAND_FORMAT_RAW; - continue; - case EOF: - break; - default: - return command_usage("invalid --load-conns option"); - } - break; - } - - cfg = settings_create(SWANCTL_CONF); - if (!cfg) - { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); - return EINVAL; - } conns = list_conns(conn, format); @@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn) } enumerator->destroy(enumerator); - cfg->destroy(cfg); - /* unload all connection in daemon, but not in file */ while (conns->remove_first(conns, (void**)§ion) == SUCCESS) { @@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn) return EINVAL; } +static int load_conns(vici_conn_t *conn) +{ + command_format_options_t format = COMMAND_FORMAT_NONE; + settings_t *cfg; + char *arg; + int ret; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'P': + format |= COMMAND_FORMAT_PRETTY; + /* fall through to raw */ + case 'r': + format |= COMMAND_FORMAT_RAW; + continue; + case EOF: + break; + default: + return command_usage("invalid --load-conns option"); + } + break; + } + + cfg = settings_create(SWANCTL_CONF); + if (!cfg) + { + fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + return EINVAL; + } + + ret = load_conns_cfg(conn, format, cfg); + + cfg->destroy(cfg); + + return ret; +} + /** * Register the command. */ diff --git a/src/swanctl/commands/load_conns.h b/src/swanctl/commands/load_conns.h new file mode 100644 index 000000000..1e7abdea4 --- /dev/null +++ b/src/swanctl/commands/load_conns.h @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" + +/** + * Load all connections from configuration file + * + * @param conn vici connection to load to + * @param format output format + * @param cfg configuration to load from + */ +int load_conns_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg); diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index f77084c60..86ee3c179 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -21,6 +21,7 @@ #include "command.h" #include "swanctl.h" +#include "load_creds.h" #include <credentials/sets/mem_cred.h> #include <credentials/sets/callback_cred.h> @@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format) return TRUE; } +/** + * See header. + */ +int load_creds_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg, bool clear, bool noprompt) +{ + enumerator_t *enumerator; + char *section; + + if (clear) + { + if (!clear_creds(conn, format)) + { + return ECONNREFUSED; + } + } + + load_certs(conn, format, "x509", SWANCTL_X509DIR); + load_certs(conn, format, "x509ca", SWANCTL_X509CADIR); + load_certs(conn, format, "x509aa", SWANCTL_X509AADIR); + load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR); + load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR); + + load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); + load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); + load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR); + + enumerator = cfg->create_section_enumerator(cfg, "secrets"); + while (enumerator->enumerate(enumerator, §ion)) + { + load_secret(conn, cfg, section, format); + } + enumerator->destroy(enumerator); + + return 0; +} + static int load_creds(vici_conn_t *conn) { bool clear = FALSE, noprompt = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; - enumerator_t *enumerator; settings_t *cfg; - char *arg, *section; + char *arg; + int ret; while (TRUE) { @@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn) break; } - if (clear) - { - if (!clear_creds(conn, format)) - { - return ECONNREFUSED; - } - } - cfg = settings_create(SWANCTL_CONF); if (!cfg) { @@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn) return EINVAL; } - load_certs(conn, format, "x509", SWANCTL_X509DIR); - load_certs(conn, format, "x509ca", SWANCTL_X509CADIR); - load_certs(conn, format, "x509aa", SWANCTL_X509AADIR); - load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR); - load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR); - - load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); - load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); - load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR); - - enumerator = cfg->create_section_enumerator(cfg, "secrets"); - while (enumerator->enumerate(enumerator, §ion)) - { - load_secret(conn, cfg, section, format); - } - enumerator->destroy(enumerator); + ret = load_creds_cfg(conn, format, cfg, clear, noprompt); cfg->destroy(cfg); - return 0; + return ret; } /** @@ -562,7 +577,7 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { load_creds, 's', "load-creds", "(re-)load credentials", - {"[--raw|--pretty]"}, + {"[--raw|--pretty] [--clear] [--noprompt]"}, { {"help", 'h', 0, "show usage information"}, {"clear", 'c', 0, "clear previously loaded credentials"}, diff --git a/src/swanctl/commands/load_creds.h b/src/swanctl/commands/load_creds.h new file mode 100644 index 000000000..7f689ad71 --- /dev/null +++ b/src/swanctl/commands/load_creds.h @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" + +/** + * Load all credentials from configuration file + * + * @param conn vici connection to load to + * @param format output format + * @param cfg configuration to load from + * @param clear TRUE to clear existing credentials + * @param noprompt TRUE to skip any password prompt + */ +int load_creds_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg, bool clear, bool noprompt); diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index 0ec56cc43..d7fbd1341 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -20,6 +20,7 @@ #include "command.h" #include "swanctl.h" +#include "load_pools.h" /** * Add a vici list from a comma separated string value @@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name, return ret; } -static int load_pools(vici_conn_t *conn) +/** + * See header. + */ +int load_pools_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg) { - command_format_options_t format = COMMAND_FORMAT_NONE; u_int found = 0, loaded = 0, unloaded = 0; - char *arg, *section; + char *section; enumerator_t *enumerator; linked_list_t *pools; - settings_t *cfg; - - while (TRUE) - { - switch (command_getopt(&arg)) - { - case 'h': - return command_usage(NULL); - case 'P': - format |= COMMAND_FORMAT_PRETTY; - /* fall through to raw */ - case 'r': - format |= COMMAND_FORMAT_RAW; - continue; - case EOF: - break; - default: - return command_usage("invalid --load-pools option"); - } - break; - } - - cfg = settings_create(SWANCTL_CONF); - if (!cfg) - { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); - return EINVAL; - } pools = list_pools(conn, format); @@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn) } enumerator->destroy(enumerator); - cfg->destroy(cfg); - /* unload all pools in daemon, but not in file */ while (pools->remove_first(pools, (void**)§ion) == SUCCESS) { @@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn) return EINVAL; } +static int load_pools(vici_conn_t *conn) +{ + command_format_options_t format = COMMAND_FORMAT_NONE; + settings_t *cfg; + char *arg; + int ret; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'P': + format |= COMMAND_FORMAT_PRETTY; + /* fall through to raw */ + case 'r': + format |= COMMAND_FORMAT_RAW; + continue; + case EOF: + break; + default: + return command_usage("invalid --load-pools option"); + } + break; + } + + cfg = settings_create(SWANCTL_CONF); + if (!cfg) + { + fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + return EINVAL; + } + + ret = load_pools_cfg(conn, format, cfg); + + cfg->destroy(cfg); + + return ret; +} + /** * Register the command. */ @@ -282,7 +297,7 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { load_pools, 'a', "load-pools", "(re-)load pool configuration", - {"[--raw|--pretty"}, + {"[--raw|--pretty]"}, { {"help", 'h', 0, "show usage information"}, {"raw", 'r', 0, "dump raw response message"}, diff --git a/src/swanctl/commands/load_pools.h b/src/swanctl/commands/load_pools.h new file mode 100644 index 000000000..f424db9f1 --- /dev/null +++ b/src/swanctl/commands/load_pools.h @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" + +/** + * Load all pool definitions from configuration file + * + * @param conn vici connection to load to + * @param format output format + * @param cfg configuration to load from + */ +int load_pools_cfg(vici_conn_t *conn, command_format_options_t format, + settings_t *cfg); diff --git a/src/swanctl/commands/log.c b/src/swanctl/commands/log.c index 99ba328a7..d7082bfca 100644 --- a/src/swanctl/commands/log.c +++ b/src/swanctl/commands/log.c @@ -50,6 +50,7 @@ static int logcmd(vici_conn_t *conn) { command_format_options_t format = COMMAND_FORMAT_NONE; char *arg; + int ret; while (TRUE) { @@ -73,8 +74,9 @@ static int logcmd(vici_conn_t *conn) if (vici_register(conn, "log", log_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); - return errno; + return ret; } wait_sigint(); diff --git a/src/swanctl/commands/reload_settings.c b/src/swanctl/commands/reload_settings.c new file mode 100644 index 000000000..efad1300f --- /dev/null +++ b/src/swanctl/commands/reload_settings.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" + +#include <errno.h> + +static int reload_settings(vici_conn_t *conn) +{ + vici_req_t *req; + vici_res_t *res; + char *arg; + int ret = 0; + command_format_options_t format = COMMAND_FORMAT_NONE; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'P': + format |= COMMAND_FORMAT_PRETTY; + /* fall through to raw */ + case 'r': + format |= COMMAND_FORMAT_RAW; + continue; + case EOF: + break; + default: + return command_usage("invalid --reload-settings option"); + } + break; + } + + req = vici_begin("reload-settings"); + res = vici_submit(req, conn); + if (!res) + { + ret = errno; + fprintf(stderr, "reload-settings request failed: %s\n", strerror(errno)); + return ret; + } + if (format & COMMAND_FORMAT_RAW) + { + vici_dump(res, "reload-settings reply", + format & COMMAND_FORMAT_PRETTY, stdout); + } + else + { + if (!streq(vici_find_str(res, "no", "success"), "yes")) + { + fprintf(stderr, "reload-settings failed: %s\n", + vici_find_str(res, "", "errmsg")); + ret = 1; + } + } + vici_free_res(res); + return ret; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + reload_settings, 'r', "reload-settings", "reload daemon strongswan.conf", + {"[--raw|--pretty]"}, + { + {"help", 'h', 0, "show usage information"}, + {"raw", 'r', 0, "dump raw response message"}, + {"pretty", 'P', 0, "dump raw response message in pretty print"}, + } + }); +} diff --git a/src/swanctl/commands/stats.c b/src/swanctl/commands/stats.c index b5425f504..a28ca83ba 100644 --- a/src/swanctl/commands/stats.c +++ b/src/swanctl/commands/stats.c @@ -23,6 +23,7 @@ static int stats(vici_conn_t *conn) vici_res_t *res; char *arg; command_format_options_t format = COMMAND_FORMAT_NONE; + int ret; while (TRUE) { @@ -48,8 +49,9 @@ static int stats(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "stats request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c index 689ba4d50..8b3233c89 100644 --- a/src/swanctl/commands/terminate.c +++ b/src/swanctl/commands/terminate.c @@ -80,8 +80,9 @@ static int terminate(vici_conn_t *conn) if (vici_register(conn, "control-log", log_cb, &format) != 0) { + ret = errno; fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); - return errno; + return ret; } req = vici_begin("terminate"); if (child) @@ -108,8 +109,9 @@ static int terminate(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "terminate request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/commands/version.c b/src/swanctl/commands/version.c index 4f24a0fc2..0c499e4cc 100644 --- a/src/swanctl/commands/version.c +++ b/src/swanctl/commands/version.c @@ -24,6 +24,7 @@ static int version(vici_conn_t *conn) char *arg; bool daemon = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; + int ret; while (TRUE) { @@ -58,8 +59,9 @@ static int version(vici_conn_t *conn) res = vici_submit(req, conn); if (!res) { + ret = errno; fprintf(stderr, "version request failed: %s\n", strerror(errno)); - return errno; + return ret; } if (format & COMMAND_FORMAT_RAW) { diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in index d7abae67a..543c10a67 100644 --- a/src/swanctl/swanctl.8.in +++ b/src/swanctl/swanctl.8.in @@ -62,6 +62,9 @@ list stored certificates .B "\-A, \-\-list\-pools" list loaded pool configurations .TP +.B "\-q, \-\-load\-all" +(re\-)load credentials, pools and connections +.TP .B "\-c, \-\-load\-conns" (re\-)load connection configuration .TP @@ -74,6 +77,12 @@ list loaded pool configurations .B "\-T, \-\-log" trace logging output .TP +.B "\-S, \-\-stats" +show daemon infos and statistics +.TP +.B "\-r, \-\-reload-settings" +reload strongswan.conf(5) configuration +.TP .B "\-v, \-\-version" show daemon version information .TP diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 8cff81feb..0808cf58b 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -49,7 +49,7 @@ # Send certificate requests payloads (yes or no). # send_certreq = yes - # Send certificate payloads (yes, no or ifasked). + # Send certificate payloads (always, never or ifasked). # send_cert = ifasked # Number of retransmission sequences to perform during initial connect. @@ -113,7 +113,7 @@ # Comma separated list of CA certificates to accept for # authentication. - # cacert = + # cacerts = # Certificate revocation policy, (strict, ifuri or relaxed). # revocation = relaxed diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 3d0b0e827..8943b62db 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -181,11 +181,12 @@ default of .RI "" "ifasked" "" the daemon sends certificate payloads only if certificate requests have been received. -.RI "" "no" "" -disables sending of certificate payloads, -.RI "" "yes" "" -always sends certificate payloads whenever certificate authentication is -used. +.RI "" "never" "" +disables sending of certificate payloads +altogether, +.RI "" "always" "" +causes certificate payloads to be sent unconditionally +whenever certificate authentication is used. .TP .BR connections.<conn>.keyingtries " [1]" @@ -221,6 +222,14 @@ To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP\-Identity or XAuth username is used to enforce the uniqueness policy instead. +On initiators this setting specifies whether an INITIAL_CONTACT notify is sent +during IKE_AUTH if no existing connection is found with the remote peer +(determined by the identities of the first authentication round). Only if set to +.RI "" "keep" "" +or +.RI "" "replace" "" +will the client send a notify. + .TP .BR connections.<conn>.reauth_time " [0s]" Time to schedule IKE reauthentication. IKE reauthentication recreates the @@ -409,7 +418,7 @@ directory, or an absolute path. .TP -.BR connections.<conn>.remote<suffix>.cacert " []" +.BR connections.<conn>.remote<suffix>.cacerts " []" Comma separated list of CA certificates to accept for authentication. The certificates may use a relative path from the .RB "" "swanctl" "" diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index e136ffb5b..f1e47a9e4 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes of the initial IKE packets. connections.<conn>.send_cert = ifasked - Send certificate payloads (_yes_, _no_ or _ifasked_). + Send certificate payloads (_always_, _never_ or _ifasked_). Send certificate payloads when using certificate authentication. With the default of _ifasked_ the daemon sends certificate payloads only if - certificate requests have been received. _no_ disables sending of - certificate payloads, _yes_ always sends certificate payloads whenever - certificate authentication is used. + certificate requests have been received. _never_ disables sending of + certificate payloads altogether, _always_ causes certificate payloads to be + sent unconditionally whenever certificate authentication is used. connections.<conn>.keyingtries = 1 Number of retransmission sequences to perform during initial connect. @@ -194,6 +194,11 @@ connections.<conn>.unique = no EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead. + On initiators this setting specifies whether an INITIAL_CONTACT notify is + sent during IKE_AUTH if no existing connection is found with the remote + peer (determined by the identities of the first authentication round). + Only if set to _keep_ or _replace_ will the client send a notify. + connections.<conn>.reauth_time = 0s Time to schedule IKE reauthentication. @@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs = The certificates may use a relative path from the **swanctl** _x509_ directory, or an absolute path. -connections.<conn>.remote<suffix>.cacert = +connections.<conn>.remote<suffix>.cacerts = Comma separated list of CA certificates to accept for authentication. Comma separated list of CA certificates to accept for authentication. |