summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRomain Francoise <rfrancoise@debian.org>2014-10-21 19:28:38 +0200
committerRomain Francoise <rfrancoise@debian.org>2014-10-21 19:28:38 +0200
commit2b8de74ff4c334c25e89988c4a401b24b5bcf03d (patch)
tree10fb49ca94bfd0c8b8a583412281abfc0186836e /src
parent81c63b0eed39432878f78727f60a1e7499645199 (diff)
downloadvyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.tar.gz
vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.zip
Import upstream release 5.2.1
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am8
-rw-r--r--src/Makefile.in28
-rw-r--r--src/_copyright/Makefile.in8
-rw-r--r--src/_updown/Makefile.in8
-rw-r--r--src/_updown_espmark/Makefile.in8
-rw-r--r--src/aikgen/Makefile.in8
-rw-r--r--src/charon-cmd/Makefile.in8
-rw-r--r--src/charon-cmd/charon-cmd.c5
-rw-r--r--src/charon-nm/Makefile.in8
-rw-r--r--src/charon-nm/nm/nm_backend.c2
-rw-r--r--src/charon-svc/Makefile.in8
-rw-r--r--src/charon-systemd/Makefile.am19
-rw-r--r--src/charon-systemd/Makefile.in765
-rw-r--r--src/charon-systemd/charon-systemd.c403
-rw-r--r--src/charon-tkm/Makefile.in8
-rw-r--r--src/charon-tkm/src/charon-tkm.c2
-rw-r--r--src/charon-tkm/src/tkm/tkm_diffie_hellman.c3
-rw-r--r--src/charon-tkm/tests/tests.c2
-rw-r--r--src/charon/Makefile.in8
-rw-r--r--src/charon/charon.c6
-rw-r--r--src/checksum/Makefile.am5
-rw-r--r--src/checksum/Makefile.in43
-rw-r--r--src/conftest/Makefile.in8
-rw-r--r--src/conftest/hooks/ike_auth_fill.c2
-rw-r--r--src/conftest/hooks/reset_seq.c2
-rw-r--r--src/dumm/Makefile.in8
-rw-r--r--src/include/Makefile.in8
-rw-r--r--src/ipsec/Makefile.in8
-rw-r--r--src/ipsec/_ipsec.814
-rw-r--r--src/ipsec/_ipsec.8.in12
-rw-r--r--src/ipsec/_ipsec.in51
-rw-r--r--src/libcharon/Android.mk3
-rw-r--r--src/libcharon/Makefile.am10
-rw-r--r--src/libcharon/Makefile.in296
-rw-r--r--src/libcharon/bus/bus.c37
-rw-r--r--src/libcharon/bus/bus.h23
-rw-r--r--src/libcharon/bus/listeners/listener.h18
-rw-r--r--src/libcharon/config/child_cfg.c11
-rw-r--r--src/libcharon/config/proposal.c10
-rw-r--r--src/libcharon/daemon.c2
-rw-r--r--src/libcharon/encoding/message.c997
-rw-r--r--src/libcharon/encoding/message.h72
-rw-r--r--src/libcharon/encoding/parser.c2
-rw-r--r--src/libcharon/encoding/payloads/encrypted_fragment_payload.h85
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.c1022
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.h (renamed from src/libcharon/encoding/payloads/encryption_payload.h)57
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c634
-rw-r--r--src/libcharon/encoding/payloads/ike_header.c16
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c18
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h4
-rw-r--r--src/libcharon/encoding/payloads/payload.c41
-rw-r--r--src/libcharon/encoding/payloads/payload.h24
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.c17
-rw-r--r--src/libcharon/network/receiver.c4
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in8
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in8
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in8
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in8
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in8
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in8
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in8
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c50
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.c10
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in8
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in8
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in8
-rw-r--r--src/libcharon/plugins/ext_auth/Makefile.am18
-rw-r--r--src/libcharon/plugins/ext_auth/Makefile.in774
-rw-r--r--src/libcharon/plugins/ext_auth/ext_auth_listener.c203
-rw-r--r--src/libcharon/plugins/ext_auth/ext_auth_listener.h59
-rw-r--r--src/libcharon/plugins/ext_auth/ext_auth_plugin.c156
-rw-r--r--src/libcharon/plugins/ext_auth/ext_auth_plugin.h49
-rw-r--r--src/libcharon/plugins/farp/Makefile.in8
-rw-r--r--src/libcharon/plugins/ha/Makefile.in8
-rw-r--r--src/libcharon/plugins/ha/ha_dispatcher.c2
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in8
-rw-r--r--src/libcharon/plugins/kernel_iph/Makefile.in8
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in8
-rw-r--r--src/libcharon/plugins/kernel_wfp/Makefile.in8
-rw-r--r--src/libcharon/plugins/led/Makefile.in8
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in8
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in8
-rw-r--r--src/libcharon/plugins/maemo/Makefile.in8
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in8
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in8
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in8
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in8
-rw-r--r--src/libcharon/plugins/smp/Makefile.in8
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in8
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c5
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in8
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c5
-rw-r--r--src/libcharon/plugins/socket_win/Makefile.in8
-rw-r--r--src/libcharon/plugins/socket_win/socket_win_socket.c5
-rw-r--r--src/libcharon/plugins/sql/Makefile.in8
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in8
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c12
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in8
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in8
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in8
-rw-r--r--src/libcharon/plugins/uci/Makefile.in8
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.in8
-rw-r--r--src/libcharon/plugins/unity/Makefile.in8
-rw-r--r--src/libcharon/plugins/unity/unity_narrow.c69
-rw-r--r--src/libcharon/plugins/updown/Makefile.in8
-rw-r--r--src/libcharon/plugins/updown/updown_listener.c461
-rw-r--r--src/libcharon/plugins/vici/Makefile.am7
-rw-r--r--src/libcharon/plugins/vici/Makefile.in210
-rw-r--r--src/libcharon/plugins/vici/README.md698
-rw-r--r--src/libcharon/plugins/vici/libvici.c5
-rw-r--r--src/libcharon/plugins/vici/libvici.h4
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.am22
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in556
-rw-r--r--src/libcharon/plugins/vici/ruby/lib/vici.rb569
-rw-r--r--src/libcharon/plugins/vici/ruby/vici.gemspec.in16
-rw-r--r--src/libcharon/plugins/vici/suites/test_message.c2
-rw-r--r--src/libcharon/plugins/vici/vici_control.c12
-rw-r--r--src/libcharon/plugins/vici/vici_cred.c5
-rw-r--r--src/libcharon/plugins/vici/vici_message.c4
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in8
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in8
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in8
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in8
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in8
-rw-r--r--src/libcharon/processing/jobs/adopt_children_job.c40
-rw-r--r--src/libcharon/processing/jobs/adopt_children_job.h8
-rw-r--r--src/libcharon/processing/jobs/update_sa_job.c7
-rw-r--r--src/libcharon/sa/ike_sa.c138
-rw-r--r--src/libcharon/sa/ike_sa.h34
-rw-r--r--src/libcharon/sa/ike_sa_manager.c48
-rw-r--r--src/libcharon/sa/ikev1/phase1.c12
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c445
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c32
-rw-r--r--src/libcharon/sa/ikev1/tasks/informational.c6
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_vendor.c39
-rw-r--r--src/libcharon/sa/ikev1/tasks/main_mode.c31
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c26
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c23
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.h5
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c307
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_init.c23
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c95
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.h8
-rw-r--r--src/libfast/Makefile.in8
-rw-r--r--src/libhydra/Makefile.am3
-rw-r--r--src/libhydra/Makefile.in11
-rw-r--r--src/libhydra/plugins/attr/Makefile.in8
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in8
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.in8
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c86
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c90
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c79
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h10
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.in8
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c4
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.in8
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c53
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in8
-rw-r--r--src/libimcv/Android.mk57
-rw-r--r--src/libimcv/Makefile.am106
-rw-r--r--src/libimcv/Makefile.in777
-rw-r--r--src/libimcv/ietf/ietf_attr.c29
-rw-r--r--src/libimcv/ietf/ietf_attr.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_assess_result.c29
-rw-r--r--src/libimcv/ietf/ietf_attr_assess_result.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_attr_request.c30
-rw-r--r--src/libimcv/ietf/ietf_attr_attr_request.h10
-rw-r--r--src/libimcv/ietf/ietf_attr_default_pwd_enabled.c26
-rw-r--r--src/libimcv/ietf/ietf_attr_default_pwd_enabled.h6
-rw-r--r--src/libimcv/ietf/ietf_attr_fwd_enabled.c26
-rw-r--r--src/libimcv/ietf/ietf_attr_fwd_enabled.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_installed_packages.c138
-rw-r--r--src/libimcv/ietf/ietf_attr_installed_packages.h18
-rw-r--r--src/libimcv/ietf/ietf_attr_numeric_version.c29
-rw-r--r--src/libimcv/ietf/ietf_attr_numeric_version.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_op_status.c24
-rw-r--r--src/libimcv/ietf/ietf_attr_op_status.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c82
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.h28
-rw-r--r--src/libimcv/ietf/ietf_attr_port_filter.c30
-rw-r--r--src/libimcv/ietf/ietf_attr_port_filter.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_product_info.c30
-rw-r--r--src/libimcv/ietf/ietf_attr_product_info.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_remediation_instr.c26
-rw-r--r--src/libimcv/ietf/ietf_attr_remediation_instr.h8
-rw-r--r--src/libimcv/ietf/ietf_attr_string_version.c26
-rw-r--r--src/libimcv/ietf/ietf_attr_string_version.h8
-rw-r--r--src/libimcv/imc/imc_agent.c28
-rw-r--r--src/libimcv/imc/imc_agent.h12
-rw-r--r--src/libimcv/imc/imc_msg.c239
-rw-r--r--src/libimcv/imc/imc_msg.h6
-rw-r--r--src/libimcv/imc/imc_os_info.h2
-rw-r--r--src/libimcv/imc/imc_state.h11
-rw-r--r--src/libimcv/imcv.c45
-rw-r--r--src/libimcv/imcv.h12
-rw-r--r--src/libimcv/imcv_tests.c45
-rw-r--r--src/libimcv/imcv_tests.h17
-rw-r--r--src/libimcv/imv/data.sql35
-rw-r--r--src/libimcv/imv/imv_agent.c26
-rw-r--r--src/libimcv/imv/imv_agent.h10
-rw-r--r--src/libimcv/imv/imv_msg.c238
-rw-r--r--src/libimcv/imv/imv_msg.h6
-rw-r--r--src/libimcv/imv/imv_os_info.h2
-rw-r--r--src/libimcv/imv/imv_state.h8
-rw-r--r--src/libimcv/ita/ita_attr.c19
-rw-r--r--src/libimcv/ita/ita_attr.h8
-rw-r--r--src/libimcv/ita/ita_attr_angel.c12
-rw-r--r--src/libimcv/ita/ita_attr_angel.h5
-rw-r--r--src/libimcv/ita/ita_attr_command.c30
-rw-r--r--src/libimcv/ita/ita_attr_command.h7
-rw-r--r--src/libimcv/ita/ita_attr_device_id.c27
-rw-r--r--src/libimcv/ita/ita_attr_device_id.h7
-rw-r--r--src/libimcv/ita/ita_attr_dummy.c34
-rw-r--r--src/libimcv/ita/ita_attr_dummy.h9
-rw-r--r--src/libimcv/ita/ita_attr_get_settings.c29
-rw-r--r--src/libimcv/ita/ita_attr_get_settings.h8
-rw-r--r--src/libimcv/ita/ita_attr_settings.c28
-rw-r--r--src/libimcv/ita/ita_attr_settings.h5
-rw-r--r--src/libimcv/os_info/os_info.h1
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_attr.h13
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_attr_manager.c161
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_attr_manager.h26
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_msg.c221
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_msg.h6
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.am (renamed from src/libpts/plugins/imc_attestation/Makefile.am)6
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.in (renamed from src/libpts/plugins/imc_attestation/Makefile.in)23
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation.c (renamed from src/libpts/plugins/imc_attestation/imc_attestation.c)24
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_process.c (renamed from src/libpts/plugins/imc_attestation/imc_attestation_process.c)8
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_process.h (renamed from src/libpts/plugins/imc_attestation/imc_attestation_process.h)0
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_state.c (renamed from src/libpts/plugins/imc_attestation/imc_attestation_state.c)22
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_state.h (renamed from src/libpts/plugins/imc_attestation/imc_attestation_state.h)2
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in8
-rw-r--r--src/libimcv/plugins/imc_os/imc_os.c70
-rw-r--r--src/libimcv/plugins/imc_os/imc_os_state.c16
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in8
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner.c10
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner_state.c16
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.am (renamed from src/libpts/plugins/imc_swid/Makefile.am)2
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.in (renamed from src/libpts/plugins/imc_swid/Makefile.in)17
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid.c (renamed from src/libpts/plugins/imc_swid/imc_swid.c)155
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.c (renamed from src/libpts/plugins/imc_swid/imc_swid_state.c)16
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.h (renamed from src/libpts/plugins/imc_swid/imc_swid_state.h)0
-rw-r--r--src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in (renamed from src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in)0
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in8
-rw-r--r--src/libimcv/plugins/imc_test/imc_test.c36
-rw-r--r--src/libimcv/plugins/imc_test/imc_test_state.c16
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.am (renamed from src/libpts/plugins/imv_attestation/Makefile.am)5
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.in (renamed from src/libpts/plugins/imv_attestation/Makefile.in)23
-rw-r--r--src/libimcv/plugins/imv_attestation/attest.c (renamed from src/libpts/plugins/imv_attestation/attest.c)3
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_db.c (renamed from src/libpts/plugins/imv_attestation/attest_db.c)9
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_db.h (renamed from src/libpts/plugins/imv_attestation/attest_db.h)2
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_usage.c (renamed from src/libpts/plugins/imv_attestation/attest_usage.c)0
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_usage.h (renamed from src/libpts/plugins/imv_attestation/attest_usage.h)0
-rwxr-xr-xsrc/libimcv/plugins/imv_attestation/build-database.sh (renamed from src/libpts/plugins/imv_attestation/build-database.sh)2
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation.c (renamed from src/libpts/plugins/imv_attestation/imv_attestation.c)0
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_agent.c (renamed from src/libpts/plugins/imv_attestation/imv_attestation_agent.c)66
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_agent.h (renamed from src/libpts/plugins/imv_attestation/imv_attestation_agent.h)0
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_build.c (renamed from src/libpts/plugins/imv_attestation/imv_attestation_build.c)5
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_build.h (renamed from src/libpts/plugins/imv_attestation/imv_attestation_build.h)0
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_process.c (renamed from src/libpts/plugins/imv_attestation/imv_attestation_process.c)8
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_process.h (renamed from src/libpts/plugins/imv_attestation/imv_attestation_process.h)0
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_state.c (renamed from src/libpts/plugins/imv_attestation/imv_attestation_state.c)20
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_state.h (renamed from src/libpts/plugins/imv_attestation/imv_attestation_state.h)7
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in8
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_agent.c65
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c32
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.h12
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in8
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_agent.c23
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c14
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.am (renamed from src/libpts/plugins/imv_swid/Makefile.am)8
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.in (renamed from src/libpts/plugins/imv_swid/Makefile.in)27
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid.c (renamed from src/libpts/plugins/imv_swid/imv_swid.c)0
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.c (renamed from src/libpts/plugins/imv_swid/imv_swid_agent.c)135
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.h (renamed from src/libpts/plugins/imv_swid/imv_swid_agent.h)0
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_rest.c (renamed from src/libpts/plugins/imv_swid/imv_swid_rest.c)0
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_rest.h (renamed from src/libpts/plugins/imv_swid/imv_swid_rest.h)2
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.c (renamed from src/libpts/plugins/imv_swid/imv_swid_state.c)54
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.h (renamed from src/libpts/plugins/imv_swid/imv_swid_state.h)31
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in8
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_agent.c30
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c16
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_func_name.c (renamed from src/libpts/pts/components/ita/ita_comp_func_name.c)0
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_func_name.h (renamed from src/libpts/pts/components/ita/ita_comp_func_name.h)0
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_ima.c (renamed from src/libpts/pts/components/ita/ita_comp_ima.c)2
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_ima.h (renamed from src/libpts/pts/components/ita/ita_comp_ima.h)0
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_tboot.c (renamed from src/libpts/pts/components/ita/ita_comp_tboot.c)7
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_tboot.h (renamed from src/libpts/pts/components/ita/ita_comp_tboot.h)0
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_tgrub.c (renamed from src/libpts/pts/components/ita/ita_comp_tgrub.c)0
-rw-r--r--src/libimcv/pts/components/ita/ita_comp_tgrub.h (renamed from src/libpts/pts/components/ita/ita_comp_tgrub.h)0
-rw-r--r--src/libimcv/pts/components/pts_comp_evidence.c (renamed from src/libpts/pts/components/pts_comp_evidence.c)0
-rw-r--r--src/libimcv/pts/components/pts_comp_evidence.h (renamed from src/libpts/pts/components/pts_comp_evidence.h)0
-rw-r--r--src/libimcv/pts/components/pts_comp_func_name.c (renamed from src/libpts/pts/components/pts_comp_func_name.c)13
-rw-r--r--src/libimcv/pts/components/pts_comp_func_name.h (renamed from src/libpts/pts/components/pts_comp_func_name.h)0
-rw-r--r--src/libimcv/pts/components/pts_component.h (renamed from src/libpts/pts/components/pts_component.h)0
-rw-r--r--src/libimcv/pts/components/pts_component_manager.c (renamed from src/libpts/pts/components/pts_component_manager.c)0
-rw-r--r--src/libimcv/pts/components/pts_component_manager.h (renamed from src/libpts/pts/components/pts_component_manager.h)0
-rw-r--r--src/libimcv/pts/components/tcg/tcg_comp_func_name.c (renamed from src/libpts/pts/components/tcg/tcg_comp_func_name.c)0
-rw-r--r--src/libimcv/pts/components/tcg/tcg_comp_func_name.h (renamed from src/libpts/pts/components/tcg/tcg_comp_func_name.h)0
-rw-r--r--src/libimcv/pts/pts.c (renamed from src/libpts/pts/pts.c)0
-rw-r--r--src/libimcv/pts/pts.h (renamed from src/libpts/pts/pts.h)2
-rw-r--r--src/libimcv/pts/pts_creds.c (renamed from src/libpts/pts/pts_creds.c)0
-rw-r--r--src/libimcv/pts/pts_creds.h (renamed from src/libpts/pts/pts_creds.h)0
-rw-r--r--src/libimcv/pts/pts_database.c (renamed from src/libpts/pts/pts_database.c)0
-rw-r--r--src/libimcv/pts/pts_database.h (renamed from src/libpts/pts/pts_database.h)0
-rw-r--r--src/libimcv/pts/pts_dh_group.c (renamed from src/libpts/pts/pts_dh_group.c)0
-rw-r--r--src/libimcv/pts/pts_dh_group.h (renamed from src/libpts/pts/pts_dh_group.h)0
-rw-r--r--src/libimcv/pts/pts_error.c (renamed from src/libpts/pts/pts_error.c)0
-rw-r--r--src/libimcv/pts/pts_error.h (renamed from src/libpts/pts/pts_error.h)0
-rw-r--r--src/libimcv/pts/pts_file_meas.c (renamed from src/libpts/pts/pts_file_meas.c)0
-rw-r--r--src/libimcv/pts/pts_file_meas.h (renamed from src/libpts/pts/pts_file_meas.h)0
-rw-r--r--src/libimcv/pts/pts_file_meta.c (renamed from src/libpts/pts/pts_file_meta.c)0
-rw-r--r--src/libimcv/pts/pts_file_meta.h (renamed from src/libpts/pts/pts_file_meta.h)0
-rw-r--r--src/libimcv/pts/pts_file_type.c (renamed from src/libpts/pts/pts_file_type.c)0
-rw-r--r--src/libimcv/pts/pts_file_type.h (renamed from src/libpts/pts/pts_file_type.h)0
-rw-r--r--src/libimcv/pts/pts_ima_bios_list.c (renamed from src/libpts/pts/pts_ima_bios_list.c)0
-rw-r--r--src/libimcv/pts/pts_ima_bios_list.h (renamed from src/libpts/pts/pts_ima_bios_list.h)0
-rw-r--r--src/libimcv/pts/pts_ima_event_list.c (renamed from src/libpts/pts/pts_ima_event_list.c)0
-rw-r--r--src/libimcv/pts/pts_ima_event_list.h (renamed from src/libpts/pts/pts_ima_event_list.h)0
-rw-r--r--src/libimcv/pts/pts_meas_algo.c (renamed from src/libpts/pts/pts_meas_algo.c)0
-rw-r--r--src/libimcv/pts/pts_meas_algo.h (renamed from src/libpts/pts/pts_meas_algo.h)0
-rw-r--r--src/libimcv/pts/pts_pcr.c (renamed from src/libpts/pts/pts_pcr.c)0
-rw-r--r--src/libimcv/pts/pts_pcr.h (renamed from src/libpts/pts/pts_pcr.h)0
-rw-r--r--src/libimcv/pts/pts_proto_caps.h (renamed from src/libpts/pts/pts_proto_caps.h)0
-rw-r--r--src/libimcv/pts/pts_req_func_comp_evid.h (renamed from src/libpts/pts/pts_req_func_comp_evid.h)0
-rw-r--r--src/libimcv/pts/pts_simple_evid_final.h (renamed from src/libpts/pts/pts_simple_evid_final.h)0
-rw-r--r--src/libimcv/seg/seg_contract.c479
-rw-r--r--src/libimcv/seg/seg_contract.h180
-rw-r--r--src/libimcv/seg/seg_contract_manager.c94
-rw-r--r--src/libimcv/seg/seg_contract_manager.h63
-rw-r--r--src/libimcv/seg/seg_env.c306
-rw-r--r--src/libimcv/seg/seg_env.h119
-rw-r--r--src/libimcv/suites/test_imcv_seg.c738
-rw-r--r--src/libimcv/swid/swid_error.c (renamed from src/libpts/swid/swid_error.c)0
-rw-r--r--src/libimcv/swid/swid_error.h (renamed from src/libpts/swid/swid_error.h)2
-rw-r--r--src/libimcv/swid/swid_inventory.c (renamed from src/libpts/swid/swid_inventory.c)8
-rw-r--r--src/libimcv/swid/swid_inventory.h (renamed from src/libpts/swid/swid_inventory.h)5
-rw-r--r--src/libimcv/swid/swid_tag.c (renamed from src/libpts/swid/swid_tag.c)18
-rw-r--r--src/libimcv/swid/swid_tag.h (renamed from src/libpts/swid/swid_tag.h)12
-rw-r--r--src/libimcv/swid/swid_tag_id.c (renamed from src/libpts/swid/swid_tag_id.c)18
-rw-r--r--src/libimcv/swid/swid_tag_id.h (renamed from src/libpts/swid/swid_tag_id.h)10
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_aik.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_aik.c)29
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_aik.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_aik.h)6
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_file_meas.c)127
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_file_meas.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_get_aik.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_get_aik.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c)44
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c)45
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c)45
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c)31
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h)7
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c (renamed from src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c)30
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h (renamed from src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h)7
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_max_size.c254
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_max_size.h73
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c258
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h73
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c257
-rw-r--r--src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h76
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.c (renamed from src/libpts/tcg/swid/tcg_swid_attr_req.c)33
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.h (renamed from src/libpts/tcg/swid/tcg_swid_attr_req.h)11
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c (renamed from src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c)149
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h (renamed from src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h)18
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c (renamed from src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c)138
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h (renamed from src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h)18
-rw-r--r--src/libimcv/tcg/tcg_attr.c (renamed from src/libpts/tcg/tcg_attr.c)81
-rw-r--r--src/libimcv/tcg/tcg_attr.h (renamed from src/libpts/tcg/tcg_attr.h)17
-rw-r--r--src/libipsec/Makefile.in8
-rw-r--r--src/libipsec/ip_packet.c298
-rw-r--r--src/libipsec/ip_packet.h35
-rw-r--r--src/libpts/Android.mk78
-rw-r--r--src/libpts/Makefile.am94
-rw-r--r--src/libpts/Makefile.in1181
-rw-r--r--src/libpts/libpts.c96
-rw-r--r--src/libpts/libpts.h52
-rw-r--r--src/libpttls/Makefile.in8
-rw-r--r--src/libradius/Makefile.in8
-rw-r--r--src/libsimaka/Makefile.in8
-rw-r--r--src/libstrongswan/Android.mk2
-rw-r--r--src/libstrongswan/Makefile.am4
-rw-r--r--src/libstrongswan/Makefile.in36
-rw-r--r--src/libstrongswan/asn1/asn1.c35
-rw-r--r--src/libstrongswan/collections/array.c8
-rw-r--r--src/libstrongswan/collections/array.h5
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c2
-rw-r--r--src/libstrongswan/credentials/credential_manager.c2
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c36
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h8
-rw-r--r--src/libstrongswan/library.c16
-rw-r--r--src/libstrongswan/library.h5
-rw-r--r--src/libstrongswan/networking/packet.h5
-rw-r--r--src/libstrongswan/networking/streams/stream_service.c88
-rw-r--r--src/libstrongswan/plugins/acert/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c7
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.c127
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c2
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c12
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c12
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c2
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c31
-rw-r--r--src/libstrongswan/plugins/plugin_loader.h8
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/winhttp/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in8
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in8
-rw-r--r--src/libstrongswan/processing/watcher.c32
-rw-r--r--src/libstrongswan/processing/watcher.h20
-rw-r--r--src/libstrongswan/settings/settings.c2
-rw-r--r--src/libstrongswan/settings/settings_parser.c4
-rw-r--r--src/libstrongswan/settings/settings_parser.y4
-rw-r--r--src/libstrongswan/tests/Makefile.am1
-rw-r--r--src/libstrongswan/tests/Makefile.in27
-rw-r--r--src/libstrongswan/tests/suites/test_chunk.c49
-rw-r--r--src/libstrongswan/tests/suites/test_process.c227
-rw-r--r--src/libstrongswan/tests/suites/test_threading.c6
-rw-r--r--src/libstrongswan/tests/test_runner.c45
-rw-r--r--src/libstrongswan/tests/test_runner.h1
-rw-r--r--src/libstrongswan/tests/tests.h1
-rw-r--r--src/libstrongswan/threading/mutex.c21
-rw-r--r--src/libstrongswan/threading/thread.h28
-rw-r--r--src/libstrongswan/utils/backtrace.c1
-rw-r--r--src/libstrongswan/utils/chunk.c31
-rw-r--r--src/libstrongswan/utils/chunk.h25
-rw-r--r--src/libstrongswan/utils/leak_detective.c2
-rw-r--r--src/libstrongswan/utils/process.c592
-rw-r--r--src/libstrongswan/utils/process.h97
-rw-r--r--src/libstrongswan/utils/utils.h17
-rw-r--r--src/libtls/Makefile.in8
-rw-r--r--src/libtls/tests/Makefile.in8
-rw-r--r--src/libtls/tls_aead.c1
-rw-r--r--src/libtls/tls_aead_expl.c9
-rw-r--r--src/libtls/tls_aead_impl.c8
-rw-r--r--src/libtnccs/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnc_imc/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnc_imv/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnc_tnccs/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnccs_11/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnccs_dynamic/Makefile.in8
-rw-r--r--src/libtncif/Makefile.in8
-rw-r--r--src/manager/Makefile.in8
-rw-r--r--src/medsrv/Makefile.in8
-rw-r--r--src/pki/Makefile.in8
-rw-r--r--src/pki/man/Makefile.in8
-rw-r--r--src/pool/Makefile.in8
-rw-r--r--src/pt-tls-client/Makefile.in8
-rw-r--r--src/pt-tls-client/pt-tls-client.c2
-rw-r--r--src/scepclient/Makefile.in8
-rw-r--r--src/starter/Makefile.in8
-rw-r--r--src/starter/confread.c10
-rw-r--r--src/starter/invokecharon.c9
-rw-r--r--src/starter/starter.c14
-rw-r--r--src/starter/tests/Makefile.in8
-rw-r--r--src/stroke/Makefile.in8
-rw-r--r--src/swanctl/Makefile.am12
-rw-r--r--src/swanctl/Makefile.in35
-rw-r--r--src/swanctl/command.c5
-rw-r--r--src/swanctl/command.h2
-rw-r--r--src/swanctl/commands/initiate.c6
-rw-r--r--src/swanctl/commands/install.c3
-rw-r--r--src/swanctl/commands/list_certs.c7
-rw-r--r--src/swanctl/commands/list_conns.c7
-rw-r--r--src/swanctl/commands/list_pols.c7
-rw-r--r--src/swanctl/commands/list_pools.c3
-rw-r--r--src/swanctl/commands/list_sas.c8
-rw-r--r--src/swanctl/commands/load_all.c103
-rw-r--r--src/swanctl/commands/load_conns.c81
-rw-r--r--src/swanctl/commands/load_conns.h26
-rw-r--r--src/swanctl/commands/load_creds.c71
-rw-r--r--src/swanctl/commands/load_creds.h28
-rw-r--r--src/swanctl/commands/load_pools.c83
-rw-r--r--src/swanctl/commands/load_pools.h26
-rw-r--r--src/swanctl/commands/log.c4
-rw-r--r--src/swanctl/commands/reload_settings.c88
-rw-r--r--src/swanctl/commands/stats.c4
-rw-r--r--src/swanctl/commands/terminate.c6
-rw-r--r--src/swanctl/commands/version.c4
-rw-r--r--src/swanctl/swanctl.8.in9
-rw-r--r--src/swanctl/swanctl.conf4
-rw-r--r--src/swanctl/swanctl.conf.5.main21
-rw-r--r--src/swanctl/swanctl.opt15
563 files changed, 19220 insertions, 5039 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 95c68d0c8..38363d4f7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -40,10 +40,6 @@ if USE_IMCV
SUBDIRS += libimcv
endif
-if USE_PTS
- SUBDIRS += libpts
-endif
-
if USE_LIBCHARON
SUBDIRS += libcharon
endif
@@ -60,6 +56,10 @@ if USE_CHARON
SUBDIRS += charon
endif
+if USE_SYSTEMD
+ SUBDIRS += charon-systemd
+endif
+
if USE_NM
SUBDIRS += charon-nm
endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 141ca3e61..2dd046042 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -87,11 +87,11 @@ host_triplet = @host@
@USE_LIBTNCCS_TRUE@am__append_8 = libtnccs
@USE_LIBPTTLS_TRUE@am__append_9 = libpttls
@USE_IMCV_TRUE@am__append_10 = libimcv
-@USE_PTS_TRUE@am__append_11 = libpts
-@USE_LIBCHARON_TRUE@am__append_12 = libcharon
-@USE_FILE_CONFIG_TRUE@am__append_13 = starter
-@USE_IPSEC_SCRIPT_TRUE@am__append_14 = ipsec _copyright
-@USE_CHARON_TRUE@am__append_15 = charon
+@USE_LIBCHARON_TRUE@am__append_11 = libcharon
+@USE_FILE_CONFIG_TRUE@am__append_12 = starter
+@USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright
+@USE_CHARON_TRUE@am__append_14 = charon
+@USE_SYSTEMD_TRUE@am__append_15 = charon-systemd
@USE_NM_TRUE@am__append_16 = charon-nm
@USE_STROKE_TRUE@am__append_17 = stroke
@USE_UPDOWN_TRUE@am__append_18 = _updown _updown_espmark
@@ -185,11 +185,11 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \
- libtls libradius libtncif libtnccs libpttls libimcv libpts \
- libcharon starter ipsec _copyright charon charon-nm stroke \
- _updown _updown_espmark scepclient pki swanctl conftest dumm \
- libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
- pt-tls-client checksum aikgen
+ libtls libradius libtncif libtnccs libpttls libimcv libcharon \
+ starter ipsec _copyright charon charon-systemd charon-nm \
+ stroke _updown _updown_espmark scepclient pki swanctl conftest \
+ dumm libfast manager medsrv pool charon-tkm charon-cmd \
+ charon-svc pt-tls-client checksum aikgen
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 8591e6abd..a17bbcc1a 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -201,6 +201,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -261,6 +262,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -326,6 +328,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -373,6 +377,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index ec23208ef..a215a2548 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index 49cdc9076..51a0d9a13 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 77d825f26..2bd5be64b 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index c74c5b698..9f67eec1f 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index b41cf467c..6f2b6f178 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -126,15 +126,12 @@ static int run()
{
DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
"configuration");
-#ifdef STRONGSWAN_CONF
- if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF,
- FALSE))
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
{
charon->load_loggers(charon, levels, TRUE);
lib->plugins->reload(lib->plugins, NULL);
}
else
-#endif
{
DBG1(DBG_DMN, "reloading config failed, keeping old");
}
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 5fad214d6..69cbfe07e 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -209,6 +209,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -269,6 +270,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -334,6 +336,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -381,6 +385,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index ebebde2c0..613c2f6b5 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -174,5 +174,5 @@ void nm_backend_register()
PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
};
lib->plugins->add_static_features(lib->plugins, "nm-backend", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
}
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 39483628a..3783ac9f0 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am
new file mode 100644
index 000000000..1b9ac150f
--- /dev/null
+++ b/src/charon-systemd/Makefile.am
@@ -0,0 +1,19 @@
+sbin_PROGRAMS = charon-systemd
+
+charon_systemd_SOURCES = \
+charon-systemd.c
+
+charon-systemd.o : $(top_builddir)/config.status
+
+charon_systemd_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \
+ -DPLUGINS=\""${charon_plugins}\""
+
+charon_systemd_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
new file mode 100644
index 000000000..790c8ef8f
--- /dev/null
+++ b/src/charon-systemd/Makefile.in
@@ -0,0 +1,765 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = charon-systemd$(EXEEXT)
+subdir = src/charon-systemd
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_charon_systemd_OBJECTS = charon_systemd-charon-systemd.$(OBJEXT)
+charon_systemd_OBJECTS = $(am_charon_systemd_OBJECTS)
+am__DEPENDENCIES_1 =
+charon_systemd_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(charon_systemd_SOURCES)
+DIST_SOURCES = $(charon_systemd_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+charon_systemd_SOURCES = \
+charon-systemd.c
+
+charon_systemd_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \
+ -DPLUGINS=\""${charon_plugins}\""
+
+charon_systemd_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/charon-systemd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+charon-systemd$(EXEEXT): $(charon_systemd_OBJECTS) $(charon_systemd_DEPENDENCIES) $(EXTRA_charon_systemd_DEPENDENCIES)
+ @rm -f charon-systemd$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(charon_systemd_OBJECTS) $(charon_systemd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/charon_systemd-charon-systemd.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+charon_systemd-charon-systemd.o: charon-systemd.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.o -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c
+
+charon_systemd-charon-systemd.obj: charon-systemd.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.obj -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-sbinPROGRAMS install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS
+
+
+charon-systemd.o : $(top_builddir)/config.status
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
new file mode 100644
index 000000000..4a2136fc9
--- /dev/null
+++ b/src/charon-systemd/charon-systemd.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2005-2014 Martin Willi
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <signal.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+#include <errno.h>
+
+/* won't make sense from our logging hook */
+#define SD_JOURNAL_SUPPRESS_LOCATION
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-journal.h>
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include <library.h>
+#include <utils/backtrace.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+
+/**
+ * hook in library for debugging messages
+ */
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
+{
+ va_list args;
+
+ if (level <= 1)
+ {
+ va_start(args, fmt);
+ fprintf(stderr, "00[%N] ", debug_names, group);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+}
+
+typedef struct journal_logger_t journal_logger_t;
+
+/**
+ * Logger implementation using systemd-journal
+ */
+struct journal_logger_t {
+
+ /**
+ * Implements logger_t
+ */
+ logger_t logger;
+
+ /**
+ * Configured loglevels
+ */
+ level_t levels[DBG_MAX];
+
+ /**
+ * Lock for levels
+ */
+ rwlock_t *lock;
+};
+
+METHOD(logger_t, vlog, void,
+ journal_logger_t *this, debug_t group, level_t level, int thread,
+ ike_sa_t *ike_sa, const char *fmt, va_list args)
+{
+ char buf[4096], *msg = buf;
+ ssize_t len;
+ va_list copy;
+
+ va_copy(copy, args);
+ len = vsnprintf(msg, sizeof(buf), fmt, copy);
+ va_end(copy);
+
+ if (len >= sizeof(buf))
+ {
+ len++;
+ msg = malloc(len);
+ va_copy(copy, args);
+ len = vsnprintf(msg, len, fmt, copy);
+ va_end(copy);
+ }
+ if (len > 0)
+ {
+ char unique[64] = "", name[256] = "";
+ int priority;
+
+ if (ike_sa)
+ {
+ snprintf(unique, sizeof(unique), "IKE_SA_UNIQUE_ID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ if (ike_sa->get_peer_cfg(ike_sa))
+ {
+ snprintf(name, sizeof(name), "IKE_SA_NAME=%s",
+ ike_sa->get_name(ike_sa));
+ }
+ }
+ switch (level)
+ {
+ case LEVEL_AUDIT:
+ priority = LOG_NOTICE;
+ break;
+ case LEVEL_CTRL:
+ priority = LOG_INFO;
+ break;
+ default:
+ priority = LOG_DEBUG;
+ break;
+ }
+ sd_journal_send(
+ "MESSAGE=%s", msg,
+ "MESSAGE_ID=57d2708c-d607-43bd-8c39-66bf%.8x",
+ chunk_hash_static(chunk_from_str((char*)fmt)),
+ "PRIORITY=%d", priority,
+ "GROUP=%N", debug_names, group,
+ "LEVEL=%d", level,
+ "THREAD=%d", thread,
+ unique[0] ? unique : NULL,
+ name[0] ? name : NULL,
+ NULL);
+ }
+ if (msg != buf)
+ {
+ free(msg);
+ }
+}
+
+METHOD(logger_t, get_level, level_t,
+ journal_logger_t *this, debug_t group)
+{
+ level_t level;
+
+ this->lock->read_lock(this->lock);
+ level = this->levels[group];
+ this->lock->unlock(this->lock);
+
+ return level;
+}
+
+/**
+ * Reload journal logger configuration
+ */
+CALLBACK(journal_reload, bool,
+ journal_logger_t **journal)
+{
+ journal_logger_t *this = *journal;
+ debug_t group;
+ level_t def;
+
+ def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns);
+
+ this->lock->write_lock(this->lock);
+ for (group = 0; group < DBG_MAX; group++)
+ {
+ this->levels[group] =
+ lib->settings->get_int(lib->settings,
+ "%s.journal.%N", def, lib->ns, debug_lower_names, group);
+ }
+ this->lock->unlock(this->lock);
+
+ charon->bus->add_logger(charon->bus, &this->logger);
+
+ return TRUE;
+}
+
+/**
+ * Initialize/deinitialize journal logger
+ */
+static bool journal_register(void *plugin, plugin_feature_t *feature,
+ bool reg, journal_logger_t **logger)
+{
+ journal_logger_t *this;
+
+ if (reg)
+ {
+ INIT(this,
+ .logger = {
+ .vlog = _vlog,
+ .get_level = _get_level,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ journal_reload(&this);
+
+ *logger = this;
+ return TRUE;
+ }
+ else
+ {
+ this = *logger;
+
+ charon->bus->remove_logger(charon->bus, &this->logger);
+
+ this->lock->destroy(this->lock);
+ free(this);
+
+ return TRUE;
+ }
+}
+
+/**
+ * Run the daemon and handle unix signals
+ */
+static int run()
+{
+ sigset_t set;
+
+ sigemptyset(&set);
+ sigaddset(&set, SIGTERM);
+ sigprocmask(SIG_BLOCK, &set, NULL);
+
+ sd_notify(0, "READY=1\n");
+
+ while (TRUE)
+ {
+ int sig, error;
+
+ error = sigwait(&set, &sig);
+ if (error)
+ {
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(error));
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ switch (sig)
+ {
+ case SIGTERM:
+ {
+ DBG1(DBG_DMN, "SIGTERM received, shutting down");
+ charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+ return 0;
+ }
+ default:
+ {
+ DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
+ break;
+ }
+ }
+ }
+}
+
+/**
+ * lookup UID and GID
+ */
+static bool lookup_uid_gid()
+{
+#ifdef IPSEC_USER
+ if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
+ {
+ return FALSE;
+ }
+#endif /* IPSEC_USER */
+#ifdef IPSEC_GROUP
+ if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
+ {
+ return FALSE;
+ }
+#endif /* IPSEC_GROUP */
+ return TRUE;
+}
+
+/**
+ * Handle SIGSEGV/SIGILL signals raised by threads
+ */
+static void segv_handler(int signal)
+{
+ backtrace_t *backtrace;
+
+ DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, NULL, TRUE);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
+
+ DBG1(DBG_DMN, "killing ourself, received critical signal");
+ abort();
+}
+
+/**
+ * The journal logger instance
+ */
+static journal_logger_t *journal;
+
+/**
+ * Journal static features
+ */
+static plugin_feature_t features[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal),
+ PLUGIN_PROVIDE(CUSTOM, "systemd-journal"),
+};
+
+/**
+ * Main function, starts the daemon.
+ */
+int main(int argc, char *argv[])
+{
+ struct sigaction action;
+ struct utsname utsname;
+
+ dbg = dbg_stderr;
+
+ if (uname(&utsname) != 0)
+ {
+ memset(&utsname, 0, sizeof(utsname));
+ }
+
+ sd_notifyf(0, "STATUS=Starting charon-systemd, strongSwan %s, %s %s, %s",
+ VERSION, utsname.sysname, utsname.release, utsname.machine);
+
+ atexit(library_deinit);
+ if (!library_init(NULL, "charon-systemd"))
+ {
+ sd_notifyf(0, "STATUS=libstrongswan initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "charon-systemd", argv[0]))
+ {
+ sd_notifyf(0, "STATUS=integrity check of charon-systemd failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ atexit(libhydra_deinit);
+ if (!libhydra_init())
+ {
+ sd_notifyf(0, "STATUS=libhydra initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ atexit(libcharon_deinit);
+ if (!libcharon_init())
+ {
+ sd_notifyf(0, "STATUS=libcharon initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ if (!lookup_uid_gid())
+ {
+ sd_notifyf(0, "STATUS=unknown uid/gid");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ charon->load_loggers(charon, NULL, FALSE);
+
+ lib->plugins->add_static_features(lib->plugins, lib->ns, features,
+ countof(features), TRUE, journal_reload, &journal);
+
+ if (!charon->initialize(charon, PLUGINS))
+ {
+ sd_notifyf(0, "STATUS=charon initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ lib->plugins->status(lib->plugins, LEVEL_CTRL);
+
+ if (!lib->caps->drop(lib->caps))
+ {
+ sd_notifyf(0, "STATUS=dropping capabilities failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+
+ /* add handler for SEGV and ILL,
+ * INT, TERM and HUP are handled by sigwait() in run() */
+ action.sa_handler = segv_handler;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaddset(&action.sa_mask, SIGINT);
+ sigaddset(&action.sa_mask, SIGTERM);
+ sigaddset(&action.sa_mask, SIGHUP);
+ sigaction(SIGSEGV, &action, NULL);
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+
+ pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
+
+ charon->start(charon);
+
+ sd_notifyf(0, "STATUS=charon-systemd running, strongSwan %s, %s %s, %s",
+ VERSION, utsname.sysname, utsname.release, utsname.machine);
+
+ return run();
+}
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index ca4cdbf76..fe6606bc5 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 9a22f9ad9..a6770fc50 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -296,7 +296,7 @@ int main(int argc, char *argv[])
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
if (!register_dh_mapping())
{
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index a34d0b1d4..67db5e6d8 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -159,7 +159,8 @@ int register_dh_mapping()
}
enumerator->destroy(enumerator);
- lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
+ lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f),
+ TRUE, NULL, NULL);
if (count > 0)
{
diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
index 18754c717..80894a133 100644
--- a/src/charon-tkm/tests/tests.c
+++ b/src/charon-tkm/tests/tests.c
@@ -64,7 +64,7 @@ static bool test_runner_init(bool init)
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
lib->ns, MODP_3072_BIT);
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 0e8a49e15..f4dcf4fb0 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -205,6 +205,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -265,6 +266,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -330,6 +332,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -377,6 +381,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 8afac3fff..081e49490 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -124,15 +124,12 @@ static void run()
{
DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
"configuration");
-#ifdef STRONGSWAN_CONF
- if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF,
- FALSE))
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
{
charon->load_loggers(charon, levels, !use_syslog);
lib->plugins->reload(lib->plugins, NULL);
}
else
-#endif
{
DBG1(DBG_DMN, "reloading config failed, keeping old");
}
@@ -468,4 +465,3 @@ deinit:
library_deinit();
return status;
}
-
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 821c51747..b358699d0 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -81,11 +81,6 @@ if USE_IMCV
libs += $(DESTDIR)$(ipseclibdir)/libimcv.so
endif
-if USE_PTS
- deps += $(top_builddir)/src/libpts/libpts.la
- libs += $(DESTDIR)$(ipseclibdir)/libpts.so
-endif
-
if USE_CHARON
deps += $(top_builddir)/src/libcharon/libcharon.la
libs += $(DESTDIR)$(ipseclibdir)/libcharon.so
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 697899ed7..86e7ca6dd 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -98,18 +98,16 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@USE_SIMAKA_TRUE@am__append_17 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
@USE_IMCV_TRUE@am__append_18 = $(top_builddir)/src/libimcv/libimcv.la
@USE_IMCV_TRUE@am__append_19 = $(DESTDIR)$(ipseclibdir)/libimcv.so
-@USE_PTS_TRUE@am__append_20 = $(top_builddir)/src/libpts/libpts.la
-@USE_PTS_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so
-@USE_CHARON_TRUE@am__append_22 = $(top_builddir)/src/libcharon/libcharon.la
-@USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so
-@USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon
-@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_25 = -DC_PLUGINS=\""${c_plugins}\""
-@USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd
-@USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient
-@USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki
-@USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl
-@USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool
-@USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest
+@USE_CHARON_TRUE@am__append_20 = $(top_builddir)/src/libcharon/libcharon.la
+@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libcharon.so
+@USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/charon
+@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_23 = -DC_PLUGINS=\""${c_plugins}\""
+@USE_CMD_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/charon-cmd
+@USE_SCEPCLIENT_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/scepclient
+@USE_PKI_TRUE@am__append_26 = $(DESTDIR)$(bindir)/pki
+@USE_SWANCTL_TRUE@am__append_27 = $(DESTDIR)$(sbindir)/swanctl
+@USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool
+@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -274,6 +272,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -334,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -399,6 +399,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -446,6 +448,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -473,7 +479,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
- $(am__append_4) $(am__append_15) $(am__append_25)
+ $(am__append_4) $(am__append_15) $(am__append_23)
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -484,15 +490,14 @@ AM_CFLAGS = \
deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__append_2) $(am__append_5) $(am__append_7) \
$(am__append_9) $(am__append_11) $(am__append_13) \
- $(am__append_16) $(am__append_18) $(am__append_20) \
- $(am__append_22)
+ $(am__append_16) $(am__append_18) $(am__append_20)
libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
$(am__append_6) $(am__append_8) $(am__append_10) \
$(am__append_12) $(am__append_14) $(am__append_17) \
- $(am__append_19) $(am__append_21) $(am__append_23)
-exes = $(am__append_24) $(am__append_26) $(am__append_27) \
- $(am__append_28) $(am__append_29) $(am__append_30) \
- $(am__append_31)
+ $(am__append_19) $(am__append_21)
+exes = $(am__append_22) $(am__append_24) $(am__append_25) \
+ $(am__append_26) $(am__append_27) $(am__append_28) \
+ $(am__append_29)
all: all-am
.SUFFIXES:
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index edd07b8b5..e3c2e4335 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -219,6 +219,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -279,6 +280,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -344,6 +346,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -391,6 +395,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c
index 5cdd5be38..e3eabe2f2 100644
--- a/src/conftest/hooks/ike_auth_fill.c
+++ b/src/conftest/hooks/ike_auth_fill.c
@@ -19,7 +19,7 @@
#include <netinet/udp.h>
#include <encoding/payloads/cert_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
typedef struct private_ike_auth_fill_t private_ike_auth_fill_t;
diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c
index a77b10eee..717bcdbb9 100644
--- a/src/conftest/hooks/reset_seq.c
+++ b/src/conftest/hooks/reset_seq.c
@@ -108,7 +108,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data)
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_REPLACE;
hdr->nlmsg_seq = 201;
hdr->nlmsg_pid = getpid();
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index fd4a5db82..56ac3447f 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index ed755cbde..042c46cab 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index baa45326d..526c7c46e 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 3dcb03af6..9ba9bd842 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.2.0" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.2.1" "strongSwan"
.
.SH NAME
.
@@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP.
terminates all IKE SA instances of connection \fIname\fP.
.
.TP
+.BI "down-srcip <" start "> [<" end ">]"
+terminates all IKE SA instances with clients having virtual IPs in the range
+.IR start - end .
+.
+.TP
.BI "route " name
tells the IKE daemon to insert an IPsec policy in the kernel
for connection \fIname\fP. The first payload packet matching the IPsec policy
@@ -118,6 +123,11 @@ returns detailed status information either on connection
.SS LIST COMMANDS
.
.TP
+.BI "leases [<" poolname "> [<" address ">]]"
+returns the status of all or the selected IP address pool (or even a single
+virtual IP address).
+.
+.TP
.B "listalgs"
returns a list supported cryptographic algorithms usable for IKE, and their
corresponding plugin.
@@ -242,7 +252,7 @@ resets global or connection specific counters.
purges all cached certificates.
.
.TP
-.B "purgecrl"
+.B "purgecrls"
purges all cached CRLs.
.
.TP
diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in
index 250cf807a..210d74ef8 100644
--- a/src/ipsec/_ipsec.8.in
+++ b/src/ipsec/_ipsec.8.in
@@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP.
terminates all IKE SA instances of connection \fIname\fP.
.
.TP
+.BI "down-srcip <" start "> [<" end ">]"
+terminates all IKE SA instances with clients having virtual IPs in the range
+.IR start - end .
+.
+.TP
.BI "route " name
tells the IKE daemon to insert an IPsec policy in the kernel
for connection \fIname\fP. The first payload packet matching the IPsec policy
@@ -118,6 +123,11 @@ returns detailed status information either on connection
.SS LIST COMMANDS
.
.TP
+.BI "leases [<" poolname "> [<" address ">]]"
+returns the status of all or the selected IP address pool (or even a single
+virtual IP address).
+.
+.TP
.B "listalgs"
returns a list supported cryptographic algorithms usable for IKE, and their
corresponding plugin.
@@ -242,7 +252,7 @@ resets global or connection specific counters.
purges all cached certificates.
.
.TP
-.B "purgecrl"
+.B "purgecrls"
purges all cached CRLs.
.
.TP
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index e6725d0ca..0798830cf 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -15,7 +15,7 @@
# for more details.
# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
+PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
export PATH
# set daemon name
@@ -46,37 +46,36 @@ IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity o
case "$1" in
'')
- echo "Usage: $IPSEC_SCRIPT command argument ..."
- echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
- echo "page or the $IPSEC_NAME documentation for names of the common "
- echo "ones."
- echo "See <http://www.strongswan.org> for more general info."
+ echo "$IPSEC_SCRIPT command [arguments]"
+ echo
+ echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
+ echo "See <http://www.strongswan.org> for more general information."
exit 0
;;
--help)
- echo "Usage: $IPSEC_SCRIPT command argument ..."
- echo "where command is one of:"
- echo " start|restart arguments..."
+ echo "$IPSEC_SCRIPT command [arguments]"
+ echo
+ echo "Commands:"
+ echo " start|restart [arguments]"
echo " update|reload|stop"
echo " up|down|route|unroute <connectionname>"
+ echo " down-srcip <start> [<end>]"
echo " status|statusall [<connectionname>]"
echo " listalgs|listpubkeys|listcerts [--utc]"
echo " listcacerts|listaacerts|listocspcerts [--utc]"
echo " listacerts|listgroups|listcainfos [--utc]"
- echo " listcrls|listocsp|listcards|listplugins|listall [--utc]"
+ echo " listcrls|listocsp|listplugins|listall [--utc]"
echo " listcounters|resetcounters [name]"
echo " leases [<poolname> [<address>]]"
- echo " rereadsecrets|rereadgroups"
- echo " rereadcacerts|rereadaacerts|rereadocspcerts"
- echo " rereadacerts|rereadcrls|rereadall"
- echo " purgeocsp|purgecrls|purgecerts|purgeike"
- echo " scepclient"
- echo " secrets"
- echo " starter"
+ echo " rereadsecrets|rereadcacerts|rereadaacerts"
+ echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall"
+ echo " purgecerts|purgecrls|purgeike|purgeocsp"
+ echo " scepclient|pki"
+ echo " starter|stroke"
echo " version"
- echo " stroke"
echo
- echo "Some of these functions have their own manual pages, e.g. scepclient(8)."
+ echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
+ echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
exit 0
;;
--versioncode)
@@ -129,16 +128,6 @@ down-srcip)
fi
exit "$rc"
;;
-listcards|rereadgroups)
- op="$1"
- shift
- if [ -e $IPSEC_CHARON_PID ]
- then
- exit 3
- else
- exit 7
- fi
- ;;
leases)
op="$1"
rc=7
@@ -340,12 +329,8 @@ path="$IPSEC_DIR/$cmd"
if [ ! -x "$path" ]
then
- path="$IPSEC_DIR/$cmd"
- if [ ! -x "$path" ]
- then
echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
exit 2
- fi
fi
exec $path "$@"
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index a28b459de..4212ee87a 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -25,7 +25,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \
+encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index e81c42405..e98f5e137 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -23,7 +23,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \
+encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -258,6 +259,13 @@ if MONOLITHIC
endif
endif
+if USE_EXT_AUTH
+ SUBDIRS += plugins/ext_auth
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/ext_auth/libstrongswan-ext-auth.la
+endif
+endif
+
if USE_EAP_IDENTITY
SUBDIRS += plugins/eap_identity
if MONOLITHIC
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 002da511d..4d89794b5 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -162,106 +162,108 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_27 = plugins/ipseckey/libstrongswan-ipseckey.la
@USE_UPDOWN_TRUE@am__append_28 = plugins/updown
@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_29 = plugins/updown/libstrongswan-updown.la
-@USE_EAP_IDENTITY_TRUE@am__append_30 = plugins/eap_identity
-@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_31 = plugins/eap_identity/libstrongswan-eap-identity.la
-@USE_EAP_SIM_TRUE@am__append_32 = plugins/eap_sim
-@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_33 = plugins/eap_sim/libstrongswan-eap-sim.la
-@USE_EAP_SIM_FILE_TRUE@am__append_34 = plugins/eap_sim_file
-@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_35 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
-@USE_EAP_SIM_PCSC_TRUE@am__append_36 = plugins/eap_sim_pcsc
-@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_37 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
-@USE_EAP_SIMAKA_SQL_TRUE@am__append_38 = plugins/eap_simaka_sql
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_39 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_40 = plugins/eap_simaka_pseudonym
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_41 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_42 = plugins/eap_simaka_reauth
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_43 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
-@USE_EAP_AKA_TRUE@am__append_44 = plugins/eap_aka
-@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_45 = plugins/eap_aka/libstrongswan-eap-aka.la
-@USE_EAP_AKA_3GPP2_TRUE@am__append_46 = plugins/eap_aka_3gpp2
-@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_47 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
-@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_48 = $(top_builddir)/src/libsimaka/libsimaka.la
-@USE_EAP_MD5_TRUE@am__append_49 = plugins/eap_md5
-@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_50 = plugins/eap_md5/libstrongswan-eap-md5.la
-@USE_EAP_GTC_TRUE@am__append_51 = plugins/eap_gtc
-@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_52 = plugins/eap_gtc/libstrongswan-eap-gtc.la
-@USE_EAP_MSCHAPV2_TRUE@am__append_53 = plugins/eap_mschapv2
-@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_54 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
-@USE_EAP_DYNAMIC_TRUE@am__append_55 = plugins/eap_dynamic
-@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_56 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
-@USE_EAP_RADIUS_TRUE@am__append_57 = plugins/eap_radius
-@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_58 = plugins/eap_radius/libstrongswan-eap-radius.la
-@USE_EAP_TLS_TRUE@am__append_59 = plugins/eap_tls
-@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_60 = plugins/eap_tls/libstrongswan-eap-tls.la
-@USE_EAP_TTLS_TRUE@am__append_61 = plugins/eap_ttls
-@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_62 = plugins/eap_ttls/libstrongswan-eap-ttls.la
-@USE_EAP_PEAP_TRUE@am__append_63 = plugins/eap_peap
-@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_64 = plugins/eap_peap/libstrongswan-eap-peap.la
-@USE_EAP_TNC_TRUE@am__append_65 = plugins/eap_tnc
-@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_66 = plugins/eap_tnc/libstrongswan-eap-tnc.la
-@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_67 = $(top_builddir)/src/libtls/libtls.la
-@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_68 = $(top_builddir)/src/libradius/libradius.la
-@USE_TNC_IFMAP_TRUE@am__append_69 = plugins/tnc_ifmap
-@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_70 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
-@USE_TNC_PDP_TRUE@am__append_71 = plugins/tnc_pdp
-@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_72 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
-@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_73 = $(top_builddir)/src/libtnccs/libtnccs.la
-@USE_MEDSRV_TRUE@am__append_74 = plugins/medsrv
-@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_75 = plugins/medsrv/libstrongswan-medsrv.la
-@USE_MEDCLI_TRUE@am__append_76 = plugins/medcli
-@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_77 = plugins/medcli/libstrongswan-medcli.la
-@USE_DHCP_TRUE@am__append_78 = plugins/dhcp
-@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_79 = plugins/dhcp/libstrongswan-dhcp.la
-@USE_OSX_ATTR_TRUE@am__append_80 = plugins/osx_attr
-@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_81 = plugins/osx_attr/libstrongswan-osx-attr.la
-@USE_ANDROID_DNS_TRUE@am__append_82 = plugins/android_dns
-@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_83 = plugins/android_dns/libstrongswan-android-dns.la
-@USE_ANDROID_LOG_TRUE@am__append_84 = plugins/android_log
-@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_85 = plugins/android_log/libstrongswan-android-log.la
-@USE_MAEMO_TRUE@am__append_86 = plugins/maemo
-@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_87 = plugins/maemo/libstrongswan-maemo.la
-@USE_HA_TRUE@am__append_88 = plugins/ha
-@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_89 = plugins/ha/libstrongswan-ha.la
-@USE_KERNEL_LIBIPSEC_TRUE@am__append_90 = plugins/kernel_libipsec
-@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_91 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
-@USE_KERNEL_WFP_TRUE@am__append_92 = plugins/kernel_wfp
-@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_93 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
-@USE_KERNEL_IPH_TRUE@am__append_94 = plugins/kernel_iph
-@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_95 = plugins/kernel_iph/libstrongswan-kernel-iph.la
-@USE_WHITELIST_TRUE@am__append_96 = plugins/whitelist
-@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_97 = plugins/whitelist/libstrongswan-whitelist.la
-@USE_LOOKIP_TRUE@am__append_98 = plugins/lookip
-@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_99 = plugins/lookip/libstrongswan-lookip.la
-@USE_ERROR_NOTIFY_TRUE@am__append_100 = plugins/error_notify
-@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_101 = plugins/error_notify/libstrongswan-error-notify.la
-@USE_CERTEXPIRE_TRUE@am__append_102 = plugins/certexpire
-@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_103 = plugins/certexpire/libstrongswan-certexpire.la
-@USE_SYSTIME_FIX_TRUE@am__append_104 = plugins/systime_fix
-@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_105 = plugins/systime_fix/libstrongswan-systime-fix.la
-@USE_LED_TRUE@am__append_106 = plugins/led
-@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_107 = plugins/led/libstrongswan-led.la
-@USE_DUPLICHECK_TRUE@am__append_108 = plugins/duplicheck
-@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_109 = plugins/duplicheck/libstrongswan-duplicheck.la
-@USE_COUPLING_TRUE@am__append_110 = plugins/coupling
-@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_111 = plugins/coupling/libstrongswan-coupling.la
-@USE_RADATTR_TRUE@am__append_112 = plugins/radattr
-@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_113 = plugins/radattr/libstrongswan-radattr.la
-@USE_UCI_TRUE@am__append_114 = plugins/uci
-@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_115 = plugins/uci/libstrongswan-uci.la
-@USE_ADDRBLOCK_TRUE@am__append_116 = plugins/addrblock
-@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_117 = plugins/addrblock/libstrongswan-addrblock.la
-@USE_UNITY_TRUE@am__append_118 = plugins/unity
-@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_119 = plugins/unity/libstrongswan-unity.la
-@USE_UNIT_TESTS_TRUE@am__append_120 = plugins/unit_tester
-@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_121 = plugins/unit_tester/libstrongswan-unit-tester.la
-@USE_XAUTH_GENERIC_TRUE@am__append_122 = plugins/xauth_generic
-@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_123 = plugins/xauth_generic/libstrongswan-xauth-generic.la
-@USE_XAUTH_EAP_TRUE@am__append_124 = plugins/xauth_eap
-@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_125 = plugins/xauth_eap/libstrongswan-xauth-eap.la
-@USE_XAUTH_PAM_TRUE@am__append_126 = plugins/xauth_pam
-@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_127 = plugins/xauth_pam/libstrongswan-xauth-pam.la
-@USE_XAUTH_NOAUTH_TRUE@am__append_128 = plugins/xauth_noauth
-@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_129 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+@USE_EXT_AUTH_TRUE@am__append_30 = plugins/ext_auth
+@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_31 = plugins/ext_auth/libstrongswan-ext-auth.la
+@USE_EAP_IDENTITY_TRUE@am__append_32 = plugins/eap_identity
+@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_33 = plugins/eap_identity/libstrongswan-eap-identity.la
+@USE_EAP_SIM_TRUE@am__append_34 = plugins/eap_sim
+@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_35 = plugins/eap_sim/libstrongswan-eap-sim.la
+@USE_EAP_SIM_FILE_TRUE@am__append_36 = plugins/eap_sim_file
+@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_37 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+@USE_EAP_SIM_PCSC_TRUE@am__append_38 = plugins/eap_sim_pcsc
+@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_39 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
+@USE_EAP_SIMAKA_SQL_TRUE@am__append_40 = plugins/eap_simaka_sql
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_41 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_42 = plugins/eap_simaka_pseudonym
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_43 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_44 = plugins/eap_simaka_reauth
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_45 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+@USE_EAP_AKA_TRUE@am__append_46 = plugins/eap_aka
+@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_47 = plugins/eap_aka/libstrongswan-eap-aka.la
+@USE_EAP_AKA_3GPP2_TRUE@am__append_48 = plugins/eap_aka_3gpp2
+@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_49 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_50 = $(top_builddir)/src/libsimaka/libsimaka.la
+@USE_EAP_MD5_TRUE@am__append_51 = plugins/eap_md5
+@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_52 = plugins/eap_md5/libstrongswan-eap-md5.la
+@USE_EAP_GTC_TRUE@am__append_53 = plugins/eap_gtc
+@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_54 = plugins/eap_gtc/libstrongswan-eap-gtc.la
+@USE_EAP_MSCHAPV2_TRUE@am__append_55 = plugins/eap_mschapv2
+@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_56 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+@USE_EAP_DYNAMIC_TRUE@am__append_57 = plugins/eap_dynamic
+@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_58 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
+@USE_EAP_RADIUS_TRUE@am__append_59 = plugins/eap_radius
+@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_60 = plugins/eap_radius/libstrongswan-eap-radius.la
+@USE_EAP_TLS_TRUE@am__append_61 = plugins/eap_tls
+@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_62 = plugins/eap_tls/libstrongswan-eap-tls.la
+@USE_EAP_TTLS_TRUE@am__append_63 = plugins/eap_ttls
+@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_64 = plugins/eap_ttls/libstrongswan-eap-ttls.la
+@USE_EAP_PEAP_TRUE@am__append_65 = plugins/eap_peap
+@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_66 = plugins/eap_peap/libstrongswan-eap-peap.la
+@USE_EAP_TNC_TRUE@am__append_67 = plugins/eap_tnc
+@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_68 = plugins/eap_tnc/libstrongswan-eap-tnc.la
+@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_69 = $(top_builddir)/src/libtls/libtls.la
+@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_70 = $(top_builddir)/src/libradius/libradius.la
+@USE_TNC_IFMAP_TRUE@am__append_71 = plugins/tnc_ifmap
+@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_72 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
+@USE_TNC_PDP_TRUE@am__append_73 = plugins/tnc_pdp
+@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_74 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
+@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_75 = $(top_builddir)/src/libtnccs/libtnccs.la
+@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv
+@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_77 = plugins/medsrv/libstrongswan-medsrv.la
+@USE_MEDCLI_TRUE@am__append_78 = plugins/medcli
+@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli/libstrongswan-medcli.la
+@USE_DHCP_TRUE@am__append_80 = plugins/dhcp
+@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_81 = plugins/dhcp/libstrongswan-dhcp.la
+@USE_OSX_ATTR_TRUE@am__append_82 = plugins/osx_attr
+@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_83 = plugins/osx_attr/libstrongswan-osx-attr.la
+@USE_ANDROID_DNS_TRUE@am__append_84 = plugins/android_dns
+@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_85 = plugins/android_dns/libstrongswan-android-dns.la
+@USE_ANDROID_LOG_TRUE@am__append_86 = plugins/android_log
+@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_87 = plugins/android_log/libstrongswan-android-log.la
+@USE_MAEMO_TRUE@am__append_88 = plugins/maemo
+@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_89 = plugins/maemo/libstrongswan-maemo.la
+@USE_HA_TRUE@am__append_90 = plugins/ha
+@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_91 = plugins/ha/libstrongswan-ha.la
+@USE_KERNEL_LIBIPSEC_TRUE@am__append_92 = plugins/kernel_libipsec
+@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_93 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
+@USE_KERNEL_WFP_TRUE@am__append_94 = plugins/kernel_wfp
+@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_95 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
+@USE_KERNEL_IPH_TRUE@am__append_96 = plugins/kernel_iph
+@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_97 = plugins/kernel_iph/libstrongswan-kernel-iph.la
+@USE_WHITELIST_TRUE@am__append_98 = plugins/whitelist
+@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_99 = plugins/whitelist/libstrongswan-whitelist.la
+@USE_LOOKIP_TRUE@am__append_100 = plugins/lookip
+@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_101 = plugins/lookip/libstrongswan-lookip.la
+@USE_ERROR_NOTIFY_TRUE@am__append_102 = plugins/error_notify
+@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_103 = plugins/error_notify/libstrongswan-error-notify.la
+@USE_CERTEXPIRE_TRUE@am__append_104 = plugins/certexpire
+@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_105 = plugins/certexpire/libstrongswan-certexpire.la
+@USE_SYSTIME_FIX_TRUE@am__append_106 = plugins/systime_fix
+@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_107 = plugins/systime_fix/libstrongswan-systime-fix.la
+@USE_LED_TRUE@am__append_108 = plugins/led
+@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_109 = plugins/led/libstrongswan-led.la
+@USE_DUPLICHECK_TRUE@am__append_110 = plugins/duplicheck
+@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_111 = plugins/duplicheck/libstrongswan-duplicheck.la
+@USE_COUPLING_TRUE@am__append_112 = plugins/coupling
+@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_113 = plugins/coupling/libstrongswan-coupling.la
+@USE_RADATTR_TRUE@am__append_114 = plugins/radattr
+@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_115 = plugins/radattr/libstrongswan-radattr.la
+@USE_UCI_TRUE@am__append_116 = plugins/uci
+@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_117 = plugins/uci/libstrongswan-uci.la
+@USE_ADDRBLOCK_TRUE@am__append_118 = plugins/addrblock
+@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_119 = plugins/addrblock/libstrongswan-addrblock.la
+@USE_UNITY_TRUE@am__append_120 = plugins/unity
+@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_121 = plugins/unity/libstrongswan-unity.la
+@USE_UNIT_TESTS_TRUE@am__append_122 = plugins/unit_tester
+@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_123 = plugins/unit_tester/libstrongswan-unit-tester.la
+@USE_XAUTH_GENERIC_TRUE@am__append_124 = plugins/xauth_generic
+@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_125 = plugins/xauth_generic/libstrongswan-xauth-generic.la
+@USE_XAUTH_EAP_TRUE@am__append_126 = plugins/xauth_eap
+@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_127 = plugins/xauth_eap/libstrongswan-xauth-eap.la
+@USE_XAUTH_PAM_TRUE@am__append_128 = plugins/xauth_pam
+@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_129 = plugins/xauth_pam/libstrongswan-xauth-pam.la
+@USE_XAUTH_NOAUTH_TRUE@am__append_130 = plugins/xauth_noauth
+@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_131 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
subdir = src/libcharon
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -323,12 +325,12 @@ libcharon_la_DEPENDENCIES = \
$(am__append_29) $(am__append_31) $(am__append_33) \
$(am__append_35) $(am__append_37) $(am__append_39) \
$(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_48) $(am__append_50) \
+ $(am__append_47) $(am__append_49) $(am__append_50) \
$(am__append_52) $(am__append_54) $(am__append_56) \
$(am__append_58) $(am__append_60) $(am__append_62) \
- $(am__append_64) $(am__append_66) $(am__append_67) \
- $(am__append_68) $(am__append_70) $(am__append_72) \
- $(am__append_73) $(am__append_75) $(am__append_77) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_69) $(am__append_70) $(am__append_72) \
+ $(am__append_74) $(am__append_75) $(am__append_77) \
$(am__append_79) $(am__append_81) $(am__append_83) \
$(am__append_85) $(am__append_87) $(am__append_89) \
$(am__append_91) $(am__append_93) $(am__append_95) \
@@ -337,7 +339,7 @@ libcharon_la_DEPENDENCIES = \
$(am__append_109) $(am__append_111) $(am__append_113) \
$(am__append_115) $(am__append_117) $(am__append_119) \
$(am__append_121) $(am__append_123) $(am__append_125) \
- $(am__append_127) $(am__append_129)
+ $(am__append_127) $(am__append_129) $(am__append_131)
am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
bus/listeners/listener.h bus/listeners/logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
@@ -362,8 +364,9 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
encoding/payloads/eap_payload.c \
encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
+ encoding/payloads/encrypted_payload.c \
+ encoding/payloads/encrypted_payload.h \
+ encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -553,7 +556,7 @@ am_libcharon_la_OBJECTS = bus/bus.lo bus/listeners/file_logger.lo \
encoding/payloads/delete_payload.lo \
encoding/payloads/eap_payload.lo \
encoding/payloads/encodings.lo \
- encoding/payloads/encryption_payload.lo \
+ encoding/payloads/encrypted_payload.lo \
encoding/payloads/id_payload.lo \
encoding/payloads/ike_header.lo \
encoding/payloads/ke_payload.lo \
@@ -676,22 +679,23 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
plugins/socket_dynamic plugins/socket_win plugins/farp \
plugins/stroke plugins/vici plugins/smp plugins/sql \
plugins/dnscert plugins/ipseckey plugins/updown \
- plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \
- plugins/eap_sim_pcsc plugins/eap_simaka_sql \
- plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
- plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \
- plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_dynamic \
- plugins/eap_radius plugins/eap_tls plugins/eap_ttls \
- plugins/eap_peap plugins/eap_tnc plugins/tnc_ifmap \
- plugins/tnc_pdp plugins/medsrv plugins/medcli plugins/dhcp \
- plugins/osx_attr plugins/android_dns plugins/android_log \
- plugins/maemo plugins/ha plugins/kernel_libipsec \
- plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \
- plugins/lookip plugins/error_notify plugins/certexpire \
- plugins/systime_fix plugins/led plugins/duplicheck \
- plugins/coupling plugins/radattr plugins/uci plugins/addrblock \
- plugins/unity plugins/unit_tester plugins/xauth_generic \
- plugins/xauth_eap plugins/xauth_pam plugins/xauth_noauth
+ plugins/ext_auth plugins/eap_identity plugins/eap_sim \
+ plugins/eap_sim_file plugins/eap_sim_pcsc \
+ plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \
+ plugins/eap_simaka_reauth plugins/eap_aka \
+ plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \
+ plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \
+ plugins/eap_tls plugins/eap_ttls plugins/eap_peap \
+ plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \
+ plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \
+ plugins/android_dns plugins/android_log plugins/maemo \
+ plugins/ha plugins/kernel_libipsec plugins/kernel_wfp \
+ plugins/kernel_iph plugins/whitelist plugins/lookip \
+ plugins/error_notify plugins/certexpire plugins/systime_fix \
+ plugins/led plugins/duplicheck plugins/coupling \
+ plugins/radattr plugins/uci plugins/addrblock plugins/unity \
+ plugins/unit_tester plugins/xauth_generic plugins/xauth_eap \
+ plugins/xauth_pam plugins/xauth_noauth
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -749,6 +753,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -809,6 +814,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -874,6 +880,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -921,6 +929,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -954,8 +966,9 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
encoding/payloads/eap_payload.c \
encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
+ encoding/payloads/encrypted_payload.c \
+ encoding/payloads/encrypted_payload.h \
+ encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -1043,12 +1056,12 @@ libcharon_la_LIBADD = \
$(am__append_27) $(am__append_29) $(am__append_31) \
$(am__append_33) $(am__append_35) $(am__append_37) \
$(am__append_39) $(am__append_41) $(am__append_43) \
- $(am__append_45) $(am__append_47) $(am__append_48) \
+ $(am__append_45) $(am__append_47) $(am__append_49) \
$(am__append_50) $(am__append_52) $(am__append_54) \
$(am__append_56) $(am__append_58) $(am__append_60) \
$(am__append_62) $(am__append_64) $(am__append_66) \
- $(am__append_67) $(am__append_68) $(am__append_70) \
- $(am__append_72) $(am__append_73) $(am__append_75) \
+ $(am__append_68) $(am__append_69) $(am__append_70) \
+ $(am__append_72) $(am__append_74) $(am__append_75) \
$(am__append_77) $(am__append_79) $(am__append_81) \
$(am__append_83) $(am__append_85) $(am__append_87) \
$(am__append_89) $(am__append_91) $(am__append_93) \
@@ -1057,7 +1070,8 @@ libcharon_la_LIBADD = \
$(am__append_107) $(am__append_109) $(am__append_111) \
$(am__append_113) $(am__append_115) $(am__append_117) \
$(am__append_119) $(am__append_121) $(am__append_123) \
- $(am__append_125) $(am__append_127) $(am__append_129)
+ $(am__append_125) $(am__append_127) $(am__append_129) \
+ $(am__append_131)
EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \
@MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \
@@ -1069,13 +1083,13 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \
@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \
@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_49) \
+@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \
@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \
@MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \
-@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \
-@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \
+@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_71) \
+@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_76) \
@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \
@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \
@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \
@@ -1088,7 +1102,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \
@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \
@MONOLITHIC_FALSE@ $(am__append_122) $(am__append_124) \
-@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128)
+@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) \
+@MONOLITHIC_FALSE@ $(am__append_130)
# build optional plugins
########################
@@ -1102,13 +1117,13 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \
@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \
@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_49) \
+@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \
@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \
@MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \
-@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \
-@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \
+@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_71) \
+@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_76) \
@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \
@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \
@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \
@@ -1121,7 +1136,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \
@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \
@MONOLITHIC_TRUE@ $(am__append_122) $(am__append_124) \
-@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128)
+@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) \
+@MONOLITHIC_TRUE@ $(am__append_130)
all: all-recursive
.SUFFIXES:
@@ -1267,7 +1283,7 @@ encoding/payloads/eap_payload.lo: encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
encoding/payloads/encodings.lo: encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
-encoding/payloads/encryption_payload.lo: \
+encoding/payloads/encrypted_payload.lo: \
encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
encoding/payloads/id_payload.lo: encoding/payloads/$(am__dirstamp) \
@@ -1619,7 +1635,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/delete_payload.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/eap_payload.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encodings.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encryption_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/encrypted_payload.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/endpoint_notify.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/fragment_payload.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@encoding/payloads/$(DEPDIR)/hash_payload.Plo@am__quote@
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index d1c138cd1..cb59f976b 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -755,7 +755,7 @@ METHOD(bus_t, ike_rekey, void,
this->mutex->unlock(this->mutex);
}
-METHOD(bus_t, ike_reestablish, void,
+METHOD(bus_t, ike_reestablish_pre, void,
private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
{
enumerator_t *enumerator;
@@ -766,12 +766,40 @@ METHOD(bus_t, ike_reestablish, void,
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->calling || !entry->listener->ike_reestablish)
+ if (entry->calling || !entry->listener->ike_reestablish_pre)
{
continue;
}
entry->calling++;
- keep = entry->listener->ike_reestablish(entry->listener, old, new);
+ keep = entry->listener->ike_reestablish_pre(entry->listener, old, new);
+ entry->calling--;
+ if (!keep)
+ {
+ unregister_listener(this, entry, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(bus_t, ike_reestablish_post, void,
+ private_bus_t *this, ike_sa_t *old, ike_sa_t *new, bool initiated)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ bool keep;
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->calling || !entry->listener->ike_reestablish_post)
+ {
+ continue;
+ }
+ entry->calling++;
+ keep = entry->listener->ike_reestablish_post(entry->listener, old, new,
+ initiated);
entry->calling--;
if (!keep)
{
@@ -978,7 +1006,8 @@ bus_t *bus_create()
.child_keys = _child_keys,
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
- .ike_reestablish = _ike_reestablish,
+ .ike_reestablish_pre = _ike_reestablish_pre,
+ .ike_reestablish_post = _ike_reestablish_post,
.child_updown = _child_updown,
.child_rekey = _child_rekey,
.authorize = _authorize,
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 1d708c5a5..e1d221ca5 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -101,9 +101,11 @@ enum alert_t {
/** received IKE message with invalid body, argument is message_t*,
* followed by a status_t result returned by message_t.parse_body(). */
ALERT_PARSE_ERROR_BODY,
- /** sending a retransmit for a message, argument is packet_t */
+ /** sending a retransmit for a message, argument is packet_t, if the message
+ * got fragmented only the first fragment is passed */
ALERT_RETRANSMIT_SEND,
- /** sending retransmits timed out, argument is packet_t, if available */
+ /** sending retransmits timed out, argument is packet_t, if available and if
+ * the message got fragmented only the first fragment is passed */
ALERT_RETRANSMIT_SEND_TIMEOUT,
/** received a retransmit for a message, argument is message_t */
ALERT_RETRANSMIT_RECEIVE,
@@ -380,12 +382,23 @@ struct bus_t {
void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
/**
- * IKE_SA reestablishing hook.
+ * IKE_SA reestablishing hook (before resolving hosts).
*
* @param old reestablished and obsolete IKE_SA
* @param new new IKE_SA replacing old
*/
- void (*ike_reestablish)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+ void (*ike_reestablish_pre)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+
+ /**
+ * IKE_SA reestablishing hook (after configuring and initiating the new
+ * IKE_SA).
+ *
+ * @param old reestablished and obsolete IKE_SA
+ * @param new new IKE_SA replacing old
+ * @param initiated TRUE if initiated successfully, FALSE otherwise
+ */
+ void (*ike_reestablish_post)(bus_t *this, ike_sa_t *old, ike_sa_t *new,
+ bool initiated);
/**
* CHILD_SA up/down hook.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index abcc765e5..0910cb361 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2011-2014 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -129,14 +130,29 @@ struct listener_t {
/**
* Hook called when an initiator reestablishes an IKE_SA.
*
+ * This is invoked right after creating the new IKE_SA and setting the
+ * peer_cfg (and the old hosts), but before resolving the hosts anew.
+ * It is not invoked on the responder.
+ *
+ * @param old IKE_SA getting reestablished (is destroyed)
+ * @param new new IKE_SA replacing old (gets established)
+ * @return TRUE to stay registered, FALSE to unregister
+ */
+ bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+
+ /**
+ * Hook called when an initiator reestablishes an IKE_SA.
+ *
* This is invoked right before the new IKE_SA is checked in after
* initiating it. It is not invoked on the responder.
*
* @param old IKE_SA getting reestablished (is destroyed)
* @param new new IKE_SA replacing old (gets established)
+ * @param initiated TRUE if initiation was successful, FALSE otherwise
* @return TRUE to stay registered, FALSE to unregister
*/
- bool (*ike_reestablish)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+ bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
+ ike_sa_t *new, bool initiated);
/**
* Hook called when a CHILD_SA gets up or down.
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 7e4a1433d..ed7c0d406 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -163,6 +163,11 @@ METHOD(child_cfg_t, add_proposal, void,
}
}
+static bool match_proposal(proposal_t *item, proposal_t *proposal)
+{
+ return item->equals(item, proposal);
+}
+
METHOD(child_cfg_t, get_proposals, linked_list_t*,
private_child_cfg_t *this, bool strip_dh)
{
@@ -178,6 +183,12 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
{
current->strip_dh(current, MODP_NONE);
}
+ if (proposals->find_first(proposals, (linked_list_match_t)match_proposal,
+ NULL, current) == SUCCESS)
+ {
+ current->destroy(current);
+ continue;
+ }
proposals->insert_last(proposals, current);
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 4d881cd2f..50d3c6f66 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -337,7 +337,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
break;
}
}
- if (e2->enumerate(e2, &alg2, ks2))
+ if (e2->enumerate(e2, &alg2, &ks2))
{
/* other has more algs */
equals = FALSE;
@@ -594,7 +594,7 @@ METHOD(proposal_t, destroy, void,
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create(protocol_id_t protocol, u_int number)
{
@@ -787,7 +787,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_default(protocol_id_t protocol)
{
@@ -826,7 +826,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_default_aead(protocol_id_t protocol)
{
@@ -853,7 +853,7 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
{
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index a89995a51..3ae7c4e6f 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -593,7 +593,7 @@ METHOD(daemon_t, initialize, bool,
PLUGIN_DEPENDS(CUSTOM, "socket"),
};
lib->plugins->add_static_features(lib->plugins, lib->ns, features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
/* load plugins, further infrastructure may need it */
if (!lib->plugins->load(lib->plugins, plugins))
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 0f5f40ada..cb6c97f25 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2006 Daniel Roethlisberger
@@ -23,6 +23,8 @@
#include "message.h"
#include <library.h>
+#include <bio/bio_writer.h>
+#include <collections/array.h>
#include <daemon.h>
#include <sa/ikev1/keymat_v1.h>
#include <encoding/generator.h>
@@ -30,9 +32,11 @@
#include <encoding/payloads/encodings.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/hash_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
+#include <encoding/payloads/encrypted_fragment_payload.h>
#include <encoding/payloads/unknown_payload.h>
#include <encoding/payloads/cp_payload.h>
+#include <encoding/payloads/fragment_payload.h>
/**
* Max number of notify payloads per IKEv2 message
@@ -802,6 +806,30 @@ static message_rule_t message_rules[] = {
#endif /* USE_IKEV1 */
};
+/**
+ * Data for fragment reassembly.
+ */
+typedef struct {
+
+ /**
+ * For IKEv1 the number of the last fragment (in case we receive them out
+ * of order), since the first one starts with 1 this defines the number of
+ * fragments we expect.
+ * For IKEv2 we store the total number of fragment we received last.
+ */
+ u_int16_t last;
+
+ /**
+ * Length of all currently received fragments.
+ */
+ size_t len;
+
+ /**
+ * Maximum length of a fragmented packet.
+ */
+ size_t max_packet;
+
+} fragment_data_t;
typedef struct private_message_t private_message_t;
@@ -876,6 +904,12 @@ struct private_message_t {
packet_t *packet;
/**
+ * Array of generated fragments (if any), as packet_t*.
+ * If defragmenting (i.e. frag != NULL) this contains fragment_t*
+ */
+ array_t *fragments;
+
+ /**
* Linked List where payload data are stored in.
*/
linked_list_t *payloads;
@@ -889,9 +923,46 @@ struct private_message_t {
* The message rule for this message instance
*/
message_rule_t *rule;
+
+ /**
+ * Data used to reassemble a fragmented message
+ */
+ fragment_data_t *frag;
};
/**
+ * Maximum number of fragments we will handle
+ */
+#define MAX_FRAGMENTS 255
+
+/**
+ * A single fragment within a fragmented message
+ */
+typedef struct {
+
+ /** fragment number */
+ u_int8_t num;
+
+ /** fragment data */
+ chunk_t data;
+
+} fragment_t;
+
+static void fragment_destroy(fragment_t *this)
+{
+ chunk_free(&this->data);
+ free(this);
+}
+
+static void reset_defrag(private_message_t *this)
+{
+ array_destroy_function(this->fragments, (void*)fragment_destroy, NULL);
+ this->fragments = NULL;
+ this->frag->last = 0;
+ this->frag->len = 0;
+}
+
+/**
* Get the message rule that applies to this message
*/
static message_rule_t* get_message_rule(private_message_t *this)
@@ -1049,6 +1120,12 @@ METHOD(message_t, is_encoded, bool,
return this->packet->get_data(this->packet).ptr != NULL;
}
+METHOD(message_t, is_fragmented, bool,
+ private_message_t *this)
+{
+ return array_count(this->fragments) > 0;
+}
+
METHOD(message_t, add_payload, void,
private_message_t *this, payload_t *payload)
{
@@ -1330,6 +1407,12 @@ static char* get_string(private_message_t *this, char *buf, int len)
return buf;
}
+METHOD(message_t, disable_sort, void,
+ private_message_t *this)
+{
+ this->sort_disabled = TRUE;
+}
+
/**
* reorder payloads depending on reordering rules
*/
@@ -1339,6 +1422,8 @@ static void order_payloads(private_message_t *this)
payload_t *payload;
int i;
+ DBG2(DBG_ENC, "order payloads in message");
+
/* move to temp list */
list = linked_list_create();
while (this->payloads->remove_last(this->payloads,
@@ -1392,29 +1477,42 @@ static void order_payloads(private_message_t *this)
}
/**
- * Wrap payloads in an encryption payload
+ * Wrap payloads in an encrypted payload
*/
-static encryption_payload_t* wrap_payloads(private_message_t *this)
+static encrypted_payload_t* wrap_payloads(private_message_t *this)
{
- encryption_payload_t *encryption;
+ encrypted_payload_t *encrypted = NULL;
linked_list_t *payloads;
payload_t *current;
- /* copy all payloads in a temporary list */
+ /* move all payloads to a temporary list */
payloads = linked_list_create();
while (this->payloads->remove_first(this->payloads,
(void**)&current) == SUCCESS)
{
- payloads->insert_last(payloads, current);
+ if (current->get_type(current) == PLV2_FRAGMENT)
+ { /* treat encrypted fragment payload as encrypted payload */
+ encrypted = (encrypted_payload_t*)current;
+ }
+ else
+ {
+ payloads->insert_last(payloads, current);
+ }
+ }
+ if (encrypted)
+ { /* simply adopt all the unencrypted payloads */
+ this->payloads->destroy(this->payloads);
+ this->payloads = payloads;
+ return encrypted;
}
if (this->is_encrypted)
{
- encryption = encryption_payload_create(PLV1_ENCRYPTED);
+ encrypted = encrypted_payload_create(PLV1_ENCRYPTED);
}
else
{
- encryption = encryption_payload_create(PLV2_ENCRYPTED);
+ encrypted = encrypted_payload_create(PLV2_ENCRYPTED);
}
while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
{
@@ -1432,7 +1530,7 @@ static encryption_payload_t* wrap_payloads(private_message_t *this)
{ /* encryption is forced for IKEv1 */
DBG2(DBG_ENC, "insert payload %N into encrypted payload",
payload_type_names, type);
- encryption->add_payload(encryption, current);
+ encrypted->add_payload(encrypted, current);
}
else
{
@@ -1443,31 +1541,71 @@ static encryption_payload_t* wrap_payloads(private_message_t *this)
}
payloads->destroy(payloads);
- return encryption;
+ return encrypted;
}
-METHOD(message_t, disable_sort, void,
- private_message_t *this)
+/**
+ * Creates the IKE header for this message
+ */
+static ike_header_t *create_header(private_message_t *this)
{
- this->sort_disabled = TRUE;
+ ike_header_t *ike_header;
+ bool *reserved;
+ int i;
+
+ ike_header = ike_header_create_version(this->major_version,
+ this->minor_version);
+ ike_header->set_exchange_type(ike_header, this->exchange_type);
+ ike_header->set_message_id(ike_header, this->message_id);
+ if (this->major_version == IKEV2_MAJOR_VERSION)
+ {
+ ike_header->set_response_flag(ike_header, !this->is_request);
+ ike_header->set_version_flag(ike_header, this->version_flag);
+ ike_header->set_initiator_flag(ike_header,
+ this->ike_sa_id->is_initiator(this->ike_sa_id));
+ }
+ else
+ {
+ ike_header->set_encryption_flag(ike_header, this->is_encrypted);
+ }
+ ike_header->set_initiator_spi(ike_header,
+ this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
+ ike_header->set_responder_spi(ike_header,
+ this->ike_sa_id->get_responder_spi(this->ike_sa_id));
+
+ for (i = 0; i < countof(this->reserved); i++)
+ {
+ reserved = payload_get_field(&ike_header->payload_interface,
+ RESERVED_BIT, i);
+ if (reserved)
+ {
+ *reserved = this->reserved[i];
+ }
+ }
+ return ike_header;
}
-METHOD(message_t, generate, status_t,
- private_message_t *this, keymat_t *keymat, packet_t **packet)
+/**
+ * Generates the message, if needed, wraps the payloads in an encrypted payload.
+ *
+ * The generator and the possible enrypted payload are returned. The latter
+ * is not yet encrypted (but the transform is set). It is also not added to
+ * the payload list (so unless there are unencrypted payloads that list will
+ * be empty afterwards).
+ */
+static status_t generate_message(private_message_t *this, keymat_t *keymat,
+ generator_t **out_generator, encrypted_payload_t **encrypted)
{
keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
generator_t *generator;
- ike_header_t *ike_header;
- payload_t *payload, *next;
- encryption_payload_t *encryption = NULL;
payload_type_t next_type;
enumerator_t *enumerator;
aead_t *aead = NULL;
- chunk_t chunk, hash = chunk_empty;
+ chunk_t hash = chunk_empty;
char str[BUF_LEN];
- u_int32_t *lenpos;
- bool encrypted = FALSE, *reserved;
- int i;
+ ike_header_t *ike_header;
+ payload_t *payload, *next;
+ bool encrypting = FALSE;
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{
@@ -1493,6 +1631,7 @@ METHOD(message_t, generate, status_t,
{
order_payloads(this);
}
+
if (keymat && keymat->get_version(keymat) == IKEV1)
{
/* get a hash for this message, if any is required */
@@ -1505,16 +1644,17 @@ METHOD(message_t, generate, status_t,
this->payloads->insert_first(this->payloads, hash_payload);
if (this->exchange_type == INFORMATIONAL_V1)
{
- this->is_encrypted = encrypted = TRUE;
+ this->is_encrypted = encrypting = TRUE;
}
chunk_free(&hash);
}
}
+
if (this->major_version == IKEV2_MAJOR_VERSION)
{
- encrypted = this->rule->encrypted;
+ encrypting = this->rule->encrypted;
}
- else if (!encrypted)
+ else if (!encrypting)
{
/* If at least one payload requires encryption, encrypt the message.
* If no key material is available, the flag will be reset below. */
@@ -1526,7 +1666,7 @@ METHOD(message_t, generate, status_t,
rule = get_payload_rule(this, payload->get_type(payload));
if (rule && rule->encrypted)
{
- this->is_encrypted = encrypted = TRUE;
+ this->is_encrypted = encrypting = TRUE;
break;
}
}
@@ -1539,9 +1679,10 @@ METHOD(message_t, generate, status_t,
{
aead = keymat->get_aead(keymat, FALSE);
}
- if (aead && encrypted)
+ if (aead && encrypting)
{
- encryption = wrap_payloads(this);
+ *encrypted = wrap_payloads(this);
+ (*encrypted)->set_transform(*encrypted, aead);
}
else
{
@@ -1549,39 +1690,9 @@ METHOD(message_t, generate, status_t,
this->is_encrypted = FALSE;
}
- ike_header = ike_header_create_version(this->major_version,
- this->minor_version);
- ike_header->set_exchange_type(ike_header, this->exchange_type);
- ike_header->set_message_id(ike_header, this->message_id);
- if (this->major_version == IKEV2_MAJOR_VERSION)
- {
- ike_header->set_response_flag(ike_header, !this->is_request);
- ike_header->set_version_flag(ike_header, this->version_flag);
- ike_header->set_initiator_flag(ike_header,
- this->ike_sa_id->is_initiator(this->ike_sa_id));
- }
- else
- {
- ike_header->set_encryption_flag(ike_header, this->is_encrypted);
- }
- ike_header->set_initiator_spi(ike_header,
- this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
- ike_header->set_responder_spi(ike_header,
- this->ike_sa_id->get_responder_spi(this->ike_sa_id));
-
- for (i = 0; i < countof(this->reserved); i++)
- {
- reserved = payload_get_field(&ike_header->payload_interface,
- RESERVED_BIT, i);
- if (reserved)
- {
- *reserved = this->reserved[i];
- }
- }
-
- generator = generator_create();
-
/* generate all payloads with proper next type */
+ *out_generator = generator = generator_create();
+ ike_header = create_header(this);
payload = (payload_t*)ike_header;
enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &next))
@@ -1591,53 +1702,71 @@ METHOD(message_t, generate, status_t,
payload = next;
}
enumerator->destroy(enumerator);
+
+ next_type = PL_NONE;
if (this->is_encrypted)
{ /* for encrypted IKEv1 messages */
- next_type = encryption->payload_interface.get_next_type(
- (payload_t*)encryption);
+ next_type = (*encrypted)->payload_interface.get_next_type(
+ (payload_t*)*encrypted);
}
- else
- {
- next_type = encryption ? PLV2_ENCRYPTED : PL_NONE;
+ else if (*encrypted)
+ { /* use proper IKEv2 encrypted (fragment) payload type */
+ next_type = (*encrypted)->payload_interface.get_type(
+ (payload_t*)*encrypted);
}
payload->set_next_type(payload, next_type);
generator->generate_payload(generator, payload);
ike_header->destroy(ike_header);
+ return SUCCESS;
+}
- if (encryption)
- { /* set_transform() has to be called before get_length() */
- encryption->set_transform(encryption, aead);
+/**
+ * Encrypts and adds the encrypted payload (if any) to the payload list and
+ * finalizes the message generation. Destroys the given generator.
+ */
+static status_t finalize_message(private_message_t *this, keymat_t *keymat,
+ generator_t *generator, encrypted_payload_t *encrypted)
+{
+ keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
+ chunk_t chunk;
+ u_int32_t *lenpos;
+
+ if (encrypted)
+ {
if (this->is_encrypted)
{ /* for IKEv1 instead of associated data we provide the IV */
if (!keymat_v1->get_iv(keymat_v1, this->message_id, &chunk))
{
generator->destroy(generator);
+ encrypted->destroy(encrypted);
return FAILED;
}
}
else
- { /* build associated data (without header of encryption payload) */
+ { /* build associated data (without header of encrypted payload) */
chunk = generator->get_chunk(generator, &lenpos);
- /* fill in length, including encryption payload */
- htoun32(lenpos, chunk.len + encryption->get_length(encryption));
+ /* fill in length, including encrypted payload */
+ htoun32(lenpos, chunk.len + encrypted->get_length(encrypted));
}
- this->payloads->insert_last(this->payloads, encryption);
- if (encryption->encrypt(encryption, this->message_id, chunk) != SUCCESS)
+ this->payloads->insert_last(this->payloads, encrypted);
+ if (encrypted->encrypt(encrypted, this->message_id, chunk) != SUCCESS)
{
generator->destroy(generator);
return INVALID_STATE;
}
- generator->generate_payload(generator, &encryption->payload_interface);
+ generator->generate_payload(generator, &encrypted->payload_interface);
}
chunk = generator->get_chunk(generator, &lenpos);
htoun32(lenpos, chunk.len);
this->packet->set_data(this->packet, chunk_clone(chunk));
- if (this->is_encrypted)
+ if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1)
{
/* update the IV for the next IKEv1 message */
chunk_t last_block;
+ aead_t *aead;
size_t bs;
+ aead = keymat->get_aead(keymat, FALSE);
bs = aead->get_block_size(aead);
last_block = chunk_create(chunk.ptr + chunk.len - bs, bs);
if (!keymat_v1->update_iv(keymat_v1, this->message_id, last_block) ||
@@ -1648,30 +1777,301 @@ METHOD(message_t, generate, status_t,
}
}
generator->destroy(generator);
- *packet = this->packet->clone(this->packet);
return SUCCESS;
}
-METHOD(message_t, get_packet, packet_t*,
- private_message_t *this)
+METHOD(message_t, generate, status_t,
+ private_message_t *this, keymat_t *keymat, packet_t **packet)
{
- if (this->packet == NULL)
+ generator_t *generator = NULL;
+ encrypted_payload_t *encrypted = NULL;
+ status_t status;
+
+ status = generate_message(this, keymat, &generator, &encrypted);
+ if (status != SUCCESS)
{
- return NULL;
+ DESTROY_IF(generator);
+ return status;
+ }
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ if (packet)
+ {
+ *packet = this->packet->clone(this->packet);
+ }
+ return SUCCESS;
+}
+
+/**
+ * Creates a (basic) clone of the given message
+ */
+static message_t *clone_message(private_message_t *this)
+{
+ message_t *message;
+ host_t *src, *dst;
+
+ src = this->packet->get_source(this->packet);
+ dst = this->packet->get_destination(this->packet);
+
+ message = message_create(this->major_version, this->minor_version);
+ message->set_ike_sa_id(message, this->ike_sa_id);
+ message->set_message_id(message, this->message_id);
+ message->set_request(message, this->is_request);
+ message->set_source(message, src->clone(src));
+ message->set_destination(message, dst->clone(dst));
+ message->set_exchange_type(message, this->exchange_type);
+ memcpy(((private_message_t*)message)->reserved, this->reserved,
+ sizeof(this->reserved));
+ return message;
+}
+
+/**
+ * Create a single fragment with the given data
+ */
+static message_t *create_fragment(private_message_t *this, payload_type_t next,
+ u_int16_t num, u_int16_t count, chunk_t data)
+{
+ enumerator_t *enumerator;
+ payload_t *fragment, *payload;
+ message_t *message;
+ peer_cfg_t *peer_cfg;
+ ike_sa_t *ike_sa;
+
+ message = clone_message(this);
+ if (this->major_version == IKEV1_MAJOR_VERSION)
+ {
+ /* other implementations seem to just use 0 as message ID, so here we go */
+ message->set_message_id(message, 0);
+ /* always use the initial message type for fragments, even for quick mode
+ * or transaction messages. */
+ ike_sa = charon->bus->get_sa(charon->bus);
+ if (ike_sa && (peer_cfg = ike_sa->get_peer_cfg(ike_sa)) &&
+ peer_cfg->use_aggressive(peer_cfg))
+ {
+ message->set_exchange_type(message, AGGRESSIVE);
+ }
+ else
+ {
+ message->set_exchange_type(message, ID_PROT);
+ }
+ fragment = (payload_t*)fragment_payload_create_from_data(
+ num, num == count, data);
+ }
+ else
+ {
+ fragment = (payload_t*)encrypted_fragment_payload_create_from_data(
+ num, count, data);
+ if (num == 1)
+ {
+ /* only in the first fragment is this set to the type of the first
+ * payload in the encrypted payload */
+ fragment->set_next_type(fragment, next);
+ /* move unencrypted payloads to the first fragment */
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ if (payload->get_type(payload) != PLV2_ENCRYPTED)
+ {
+ this->payloads->remove_at(this->payloads, enumerator);
+ message->add_payload(message, payload);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ }
+ message->add_payload(message, (payload_t*)fragment);
+ return message;
+}
+
+/**
+ * Destroy all fragments
+ */
+static void clear_fragments(private_message_t *this)
+{
+ array_destroy_offset(this->fragments, offsetof(packet_t, destroy));
+ this->fragments = NULL;
+}
+
+/**
+ * Reduce the fragment length but ensure it stays > 0
+ */
+#define REDUCE_FRAG_LEN(fl, amount) ({ \
+ fl = max(1, (ssize_t)fl - (amount)); \
+})
+
+METHOD(message_t, fragment, status_t,
+ private_message_t *this, keymat_t *keymat, size_t frag_len,
+ enumerator_t **fragments)
+{
+ encrypted_payload_t *encrypted = NULL;
+ generator_t *generator = NULL;
+ message_t *fragment;
+ packet_t *packet;
+ payload_type_t next = PL_NONE;
+ u_int16_t num, count;
+ host_t *src, *dst;
+ chunk_t data;
+ status_t status;
+ u_int32_t *lenpos;
+ size_t len;
+
+ src = this->packet->get_source(this->packet);
+ dst = this->packet->get_destination(this->packet);
+ if (!frag_len)
+ {
+ frag_len = (src->get_family(src) == AF_INET) ? 576 : 1280;
+ }
+ /* frag_len is the complete IP datagram length, account for overhead (we
+ * assume no IP options/extension headers are used) */
+ REDUCE_FRAG_LEN(frag_len, (src->get_family(src) == AF_INET) ? 20 : 40);
+ /* 8 (UDP header) */
+ REDUCE_FRAG_LEN(frag_len, 8);
+ if (dst->get_port(dst) != IKEV2_UDP_PORT &&
+ src->get_port(src) != IKEV2_UDP_PORT)
+ { /* reduce length due to non-ESP marker */
+ REDUCE_FRAG_LEN(frag_len, 4);
+ }
+
+ if (is_encoded(this))
+ {
+ if (this->major_version == IKEV2_MAJOR_VERSION)
+ {
+ encrypted = (encrypted_payload_t*)get_payload(this, PLV2_ENCRYPTED);
+ }
+ data = this->packet->get_data(this->packet);
+ len = data.len;
+ }
+ else
+ {
+ status = generate_message(this, keymat, &generator, &encrypted);
+ if (status != SUCCESS)
+ {
+ DESTROY_IF(generator);
+ return status;
+ }
+ data = generator->get_chunk(generator, &lenpos);
+ len = data.len + (encrypted ? encrypted->get_length(encrypted) : 0);
+ }
+
+ /* check if we actually need to fragment the message and if we have an
+ * encrypted payload for IKEv2 */
+ if (len <= frag_len ||
+ (this->major_version == IKEV2_MAJOR_VERSION && !encrypted))
+ {
+ if (generator)
+ {
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ }
+ *fragments = enumerator_create_single(this->packet, NULL);
+ return SUCCESS;
+ }
+
+ /* frag_len denoted the maximum IKE message size so far, later on it will
+ * denote the maximum content size of a fragment payload, therefore,
+ * account for IKE header */
+ REDUCE_FRAG_LEN(frag_len, 28);
+
+ if (this->major_version == IKEV1_MAJOR_VERSION)
+ {
+ if (generator)
+ {
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ data = this->packet->get_data(this->packet);
+ generator = NULL;
+ }
+ /* overhead for the fragmentation payload header */
+ REDUCE_FRAG_LEN(frag_len, 8);
}
+ else
+ {
+ aead_t *aead;
+
+ if (generator)
+ {
+ generator->destroy(generator);
+ generator = generator_create();
+ }
+ else
+ { /* do not log again if it was generated previously */
+ generator = generator_create_no_dbg();
+ }
+ next = encrypted->payload_interface.get_next_type((payload_t*)encrypted);
+ encrypted->generate_payloads(encrypted, generator);
+ data = generator->get_chunk(generator, &lenpos);
+ if (!is_encoded(this))
+ {
+ encrypted->destroy(encrypted);
+ }
+ aead = keymat->get_aead(keymat, FALSE);
+ /* overhead for the encrypted fragment payload */
+ REDUCE_FRAG_LEN(frag_len, aead->get_iv_size(aead));
+ REDUCE_FRAG_LEN(frag_len, aead->get_icv_size(aead));
+ /* header */
+ REDUCE_FRAG_LEN(frag_len, 8);
+ /* padding and padding length */
+ frag_len = round_down(frag_len, aead->get_block_size(aead));
+ REDUCE_FRAG_LEN(frag_len, 1);
+ /* TODO-FRAG: if there are unencrypted payloads, should we account for
+ * their length in the first fragment? we still would have to add
+ * an encrypted fragment payload (albeit empty), even so we couldn't
+ * prevent IP fragmentation in every case */
+ }
+
+ count = data.len / frag_len + (data.len % frag_len ? 1 : 0);
+ this->fragments = array_create(0, count);
+ DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into "
+ "%hu fragments", len, count);
+ for (num = 1; num <= count; num++)
+ {
+ len = min(data.len, frag_len);
+ fragment = create_fragment(this, next, num, count,
+ chunk_create(data.ptr, len));
+ status = fragment->generate(fragment, keymat, &packet);
+ fragment->destroy(fragment);
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_ENC, "failed to generate IKE fragment");
+ clear_fragments(this);
+ DESTROY_IF(generator);
+ return FAILED;
+ }
+ array_insert(this->fragments, ARRAY_TAIL, packet);
+ data = chunk_skip(data, len);
+ }
+ *fragments = array_create_enumerator(this->fragments);
+ DESTROY_IF(generator);
+ return SUCCESS;
+}
+
+METHOD(message_t, get_packet, packet_t*,
+ private_message_t *this)
+{
return this->packet->clone(this->packet);
}
METHOD(message_t, get_packet_data, chunk_t,
private_message_t *this)
{
- if (this->packet == NULL)
- {
- return chunk_empty;
- }
return this->packet->get_data(this->packet);
}
+METHOD(message_t, get_fragments, enumerator_t*,
+ private_message_t *this)
+{
+ return array_create_enumerator(this->fragments);
+}
+
METHOD(message_t, parse_header, status_t,
private_message_t *this)
{
@@ -1682,6 +2082,10 @@ METHOD(message_t, parse_header, status_t,
DBG2(DBG_ENC, "parsing header of message");
+ if (!this->parser)
+ { /* reassembled IKEv2 message, header is inherited from fragments */
+ return SUCCESS;
+ }
this->parser->reset_context(this->parser);
status = this->parser->parse_payload(this->parser, PL_HEADER,
(payload_t**)&ike_header);
@@ -1723,7 +2127,7 @@ METHOD(message_t, parse_header, status_t,
this->first_payload = ike_header->payload_interface.get_next_type(
&ike_header->payload_interface);
if (this->first_payload == PLV1_FRAGMENT && this->is_encrypted)
- { /* racoon sets the encryted bit when sending a fragment, but these
+ { /* racoon sets the encrypted bit when sending a fragment, but these
* messages are really not encrypted */
this->is_encrypted = FALSE;
}
@@ -1780,9 +2184,9 @@ static status_t parse_payloads(private_message_t *this)
status_t status;
if (this->is_encrypted)
- { /* wrap the whole encrypted IKEv1 message in a special encryption
+ { /* wrap the whole encrypted IKEv1 message in a special encrypted
* payload which is then handled just like a regular payload */
- encryption_payload_t *encryption;
+ encrypted_payload_t *encryption;
status = this->parser->parse_payload(this->parser, PLV1_ENCRYPTED,
(payload_t**)&encryption);
@@ -1824,9 +2228,9 @@ static status_t parse_payloads(private_message_t *this)
payload_type_names, type);
this->payloads->insert_last(this->payloads, payload);
- /* an encrypted payload is the last one, so STOP here. decryption is
- * done later */
- if (type == PLV2_ENCRYPTED)
+ /* an encrypted (fragment) payload MUST be the last one, so STOP here.
+ * decryption is done later */
+ if (type == PLV2_ENCRYPTED || type == PLV2_FRAGMENT)
{
DBG2(DBG_ENC, "%N payload found, stop parsing",
payload_type_names, type);
@@ -1841,7 +2245,7 @@ static status_t parse_payloads(private_message_t *this)
* Decrypt an encrypted payload and extract all contained payloads.
*/
static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
- payload_t *previous, encryption_payload_t *encryption)
+ payload_t *previous, encrypted_payload_t *encryption)
{
payload_t *encrypted;
payload_type_t type;
@@ -1861,43 +2265,52 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
DBG1(DBG_ENC, "found encrypted payload, but no transform set");
return INVALID_ARG;
}
- bs = aead->get_block_size(aead);
- encryption->set_transform(encryption, aead);
- chunk = this->packet->get_data(this->packet);
- if (chunk.len < encryption->get_length(encryption) ||
- chunk.len < bs)
+ if (!this->parser)
{
- DBG1(DBG_ENC, "invalid payload length");
- return VERIFY_ERROR;
+ /* reassembled IKEv2 messages are already decrypted, we still call
+ * decrypt() to parse the contained payloads */
+ status = encryption->decrypt(encryption, chunk_empty);
}
- if (keymat->get_version(keymat) == IKEV1)
- { /* instead of associated data we provide the IV, we also update
- * the IV with the last encrypted block */
- keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
- chunk_t iv;
-
- if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv))
+ else
+ {
+ bs = aead->get_block_size(aead);
+ encryption->set_transform(encryption, aead);
+ chunk = this->packet->get_data(this->packet);
+ if (chunk.len < encryption->get_length(encryption) ||
+ chunk.len < bs)
{
- status = encryption->decrypt(encryption, iv);
- if (status == SUCCESS)
+ DBG1(DBG_ENC, "invalid payload length");
+ return VERIFY_ERROR;
+ }
+ if (keymat->get_version(keymat) == IKEV1)
+ { /* instead of associated data we provide the IV, we also update
+ * the IV with the last encrypted block */
+ keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
+ chunk_t iv;
+
+ if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv))
{
- if (!keymat_v1->update_iv(keymat_v1, this->message_id,
- chunk_create(chunk.ptr + chunk.len - bs, bs)))
+ status = encryption->decrypt(encryption, iv);
+ if (status == SUCCESS)
{
- status = FAILED;
+ if (!keymat_v1->update_iv(keymat_v1, this->message_id,
+ chunk_create(chunk.ptr + chunk.len - bs, bs)))
+ {
+ status = FAILED;
+ }
}
}
+ else
+ {
+ status = FAILED;
+ }
}
else
{
- status = FAILED;
+ chunk.len -= encryption->get_length(encryption);
+ status = encryption->decrypt(encryption, chunk);
}
}
- else
- {
- chunk.len -= encryption->get_length(encryption);
- status = encryption->decrypt(encryption, chunk);
- }
if (status != SUCCESS)
{
return status;
@@ -1923,6 +2336,41 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
}
/**
+ * Decrypt an encrypted fragment payload.
+ */
+static status_t decrypt_fragment(private_message_t *this, keymat_t *keymat,
+ encrypted_fragment_payload_t *fragment)
+{
+ encrypted_payload_t *encrypted = (encrypted_payload_t*)fragment;
+ chunk_t chunk;
+ aead_t *aead;
+ size_t bs;
+
+ if (!keymat)
+ {
+ DBG1(DBG_ENC, "found encrypted fragment payload, but no keymat");
+ return INVALID_ARG;
+ }
+ aead = keymat->get_aead(keymat, TRUE);
+ if (!aead)
+ {
+ DBG1(DBG_ENC, "found encrypted fragment payload, but no transform set");
+ return INVALID_ARG;
+ }
+ bs = aead->get_block_size(aead);
+ encrypted->set_transform(encrypted, aead);
+ chunk = this->packet->get_data(this->packet);
+ if (chunk.len < encrypted->get_length(encrypted) ||
+ chunk.len < bs)
+ {
+ DBG1(DBG_ENC, "invalid payload length");
+ return VERIFY_ERROR;
+ }
+ chunk.len -= encrypted->get_length(encrypted);
+ return encrypted->decrypt(encrypted, chunk);
+}
+
+/**
* Do we accept unencrypted ID/HASH payloads in Main Mode, as seen from
* some SonicWall boxes?
*/
@@ -1941,7 +2389,7 @@ static bool accept_unencrypted_mm(private_message_t *this, payload_type_t type)
}
/**
- * Decrypt payload from the encryption payload
+ * Decrypt payload from the encrypted payload
*/
static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
{
@@ -1950,7 +2398,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
payload_rule_t *rule;
payload_type_t type;
status_t status = SUCCESS;
- bool was_encrypted = FALSE;
+ char *was_encrypted = NULL;
enumerator = this->payloads->create_enumerator(this->payloads);
while (enumerator->enumerate(enumerator, &payload))
@@ -1959,20 +2407,24 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
- if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED)
+ if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED ||
+ type == PLV2_FRAGMENT)
{
- encryption_payload_t *encryption;
-
if (was_encrypted)
{
- DBG1(DBG_ENC, "encrypted payload can't contain other payloads "
- "of type %N", payload_type_names, type);
+ DBG1(DBG_ENC, "%s can't contain other payloads of type %N",
+ was_encrypted, payload_type_names, type);
status = VERIFY_ERROR;
break;
}
+ }
+
+ if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED)
+ {
+ encrypted_payload_t *encryption;
DBG2(DBG_ENC, "found an encrypted payload");
- encryption = (encryption_payload_t*)payload;
+ encryption = (encrypted_payload_t*)payload;
this->payloads->remove_at(this->payloads, enumerator);
if (enumerator->enumerate(enumerator, NULL))
@@ -1988,7 +2440,27 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
{
break;
}
- was_encrypted = TRUE;
+ was_encrypted = "encrypted payload";
+ }
+ else if (type == PLV2_FRAGMENT)
+ {
+ encrypted_fragment_payload_t *fragment;
+
+ DBG2(DBG_ENC, "found an encrypted fragment payload");
+ fragment = (encrypted_fragment_payload_t*)payload;
+
+ if (enumerator->enumerate(enumerator, NULL))
+ {
+ DBG1(DBG_ENC, "encrypted fragment payload is not last payload");
+ status = VERIFY_ERROR;
+ break;
+ }
+ status = decrypt_fragment(this, keymat, fragment);
+ if (status != SUCCESS)
+ {
+ break;
+ }
+ was_encrypted = "encrypted fragment payload";
}
if (payload_is_known(type) && !was_encrypted &&
@@ -2085,10 +2557,15 @@ METHOD(message_t, parse_body, status_t,
return NOT_SUPPORTED;
}
- status = parse_payloads(this);
- if (status != SUCCESS)
- { /* error is already logged */
- return status;
+ /* reassembled IKEv2 messages are already parsed (except for the payloads
+ * contained in the encrypted payload, which are handled below) */
+ if (this->parser)
+ {
+ status = parse_payloads(this);
+ if (status != SUCCESS)
+ { /* error is already logged */
+ return status;
+ }
}
status = decrypt_payloads(this, keymat);
@@ -2142,7 +2619,7 @@ METHOD(message_t, parse_body, status_t,
}
chunk_free(&hash);
}
- if (this->is_encrypted)
+ if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1)
{ /* message verified, confirm IV */
if (!keymat_v1->confirm_iv(keymat_v1, this->message_id))
{
@@ -2153,13 +2630,234 @@ METHOD(message_t, parse_body, status_t,
return SUCCESS;
}
+/**
+ * Store the fragment data for the fragment with the given fragment number.
+ */
+static status_t add_fragment(private_message_t *this, u_int16_t num,
+ chunk_t data)
+{
+ fragment_t *fragment;
+ int i, insert_at = -1;
+
+ for (i = 0; i < array_count(this->fragments); i++)
+ {
+ array_get(this->fragments, i, &fragment);
+ if (fragment->num == num)
+ {
+ /* ignore a duplicate fragment */
+ DBG1(DBG_ENC, "received duplicate fragment #%hu", num);
+ return NEED_MORE;
+ }
+ if (fragment->num > num)
+ {
+ insert_at = i;
+ break;
+ }
+ }
+ this->frag->len += data.len;
+ if (this->frag->len > this->frag->max_packet)
+ {
+ DBG1(DBG_ENC, "fragmented IKE message is too large");
+ reset_defrag(this);
+ return FAILED;
+ }
+ INIT(fragment,
+ .num = num,
+ .data = chunk_clone(data),
+ );
+ array_insert(this->fragments, insert_at, fragment);
+ return SUCCESS;
+}
+
+/**
+ * Merge the cached fragment data and resets the defragmentation state.
+ * Also updates the IP addresses to those of the last received fragment.
+ */
+static chunk_t merge_fragments(private_message_t *this, message_t *last)
+{
+ fragment_t *fragment;
+ bio_writer_t *writer;
+ host_t *src, *dst;
+ chunk_t data;
+ int i;
+
+ writer = bio_writer_create(this->frag->len);
+ for (i = 0; i < array_count(this->fragments); i++)
+ {
+ array_get(this->fragments, i, &fragment);
+ writer->write_data(writer, fragment->data);
+ }
+ data = writer->extract_buf(writer);
+ writer->destroy(writer);
+
+ /* set addresses to those of the last fragment we received */
+ src = last->get_source(last);
+ dst = last->get_destination(last);
+ this->packet->set_source(this->packet, src->clone(src));
+ this->packet->set_destination(this->packet, dst->clone(dst));
+
+ reset_defrag(this);
+ free(this->frag);
+ this->frag = NULL;
+ return data;
+}
+
+METHOD(message_t, add_fragment_v1, status_t,
+ private_message_t *this, message_t *message)
+{
+ fragment_payload_t *payload;
+ chunk_t data;
+ u_int8_t num;
+ status_t status;
+
+ if (!this->frag)
+ {
+ return INVALID_STATE;
+ }
+ payload = (fragment_payload_t*)message->get_payload(message, PLV1_FRAGMENT);
+ if (!payload)
+ {
+ return INVALID_ARG;
+ }
+ if (!this->fragments || this->message_id != payload->get_id(payload))
+ {
+ reset_defrag(this);
+ this->message_id = payload->get_id(payload);
+ /* we don't know the total number of fragments, assume something */
+ this->fragments = array_create(0, 4);
+ }
+
+ num = payload->get_number(payload);
+ data = payload->get_data(payload);
+ if (!this->frag->last && payload->is_last(payload))
+ {
+ this->frag->last = num;
+ }
+ status = add_fragment(this, num, data);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (array_count(this->fragments) != this->frag->last)
+ {
+ /* there are some fragments missing */
+ DBG1(DBG_ENC, "received fragment #%hhu, waiting for complete IKE "
+ "message", num);
+ return NEED_MORE;
+ }
+
+ DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE "
+ "message", num);
+
+ data = merge_fragments(this, message);
+ this->packet->set_data(this->packet, data);
+ this->parser = parser_create(data);
+
+ if (parse_header(this) != SUCCESS)
+ {
+ DBG1(DBG_IKE, "failed to parse header of reassembled IKE message");
+ return FAILED;
+ }
+ return SUCCESS;
+}
+
+METHOD(message_t, add_fragment_v2, status_t,
+ private_message_t *this, message_t *message)
+{
+ encrypted_fragment_payload_t *encrypted_fragment;
+ encrypted_payload_t *encrypted;
+ payload_t *payload;
+ enumerator_t *enumerator;
+ chunk_t data;
+ u_int16_t total, num;
+ status_t status;
+
+ if (!this->frag)
+ {
+ return INVALID_STATE;
+ }
+ payload = message->get_payload(message, PLV2_FRAGMENT);
+ if (!payload || this->message_id != message->get_message_id(message))
+ {
+ return INVALID_ARG;
+ }
+ encrypted_fragment = (encrypted_fragment_payload_t*)payload;
+ total = encrypted_fragment->get_total_fragments(encrypted_fragment);
+ if (total > MAX_FRAGMENTS)
+ {
+ DBG1(DBG_IKE, "maximum fragment count exceeded");
+ reset_defrag(this);
+ return FAILED;
+ }
+ if (!this->fragments || total > this->frag->last)
+ {
+ reset_defrag(this);
+ this->frag->last = total;
+ this->fragments = array_create(0, total);
+ }
+ num = encrypted_fragment->get_fragment_number(encrypted_fragment);
+ data = encrypted_fragment->get_content(encrypted_fragment);
+ status = add_fragment(this, num, data);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (num == 1)
+ {
+ /* the first fragment denotes the payload type of the first payload in
+ * the original encrypted payload, cache that */
+ this->first_payload = payload->get_next_type(payload);
+ /* move all unencrypted payloads contained in the first fragment */
+ enumerator = message->create_payload_enumerator(message);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ if (payload->get_type(payload) != PLV2_FRAGMENT)
+ {
+ message->remove_payload_at(message, enumerator);
+ this->payloads->insert_last(this->payloads, payload);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ if (array_count(this->fragments) != total)
+ {
+ /* there are some fragments missing */
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, waiting for complete IKE "
+ "message", num, total);
+ return NEED_MORE;
+ }
+
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE "
+ "message", num, total);
+
+ data = merge_fragments(this, message);
+ encrypted = encrypted_payload_create_from_plain(this->first_payload, data);
+ this->payloads->insert_last(this->payloads, encrypted);
+ /* update next payload type (could be an unencrypted payload) */
+ this->payloads->get_first(this->payloads, (void**)&payload);
+ this->first_payload = payload->get_type(payload);
+ return SUCCESS;
+}
+
METHOD(message_t, destroy, void,
private_message_t *this)
{
DESTROY_IF(this->ike_sa_id);
+ DESTROY_IF(this->parser);
this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
this->packet->destroy(this->packet);
- this->parser->destroy(this->parser);
+ if (this->frag)
+ {
+ reset_defrag(this);
+ free(this->frag);
+ }
+ else
+ {
+ array_destroy_offset(this->fragments, offsetof(packet_t, destroy));
+ }
free(this);
}
@@ -2195,6 +2893,9 @@ message_t *message_create_from_packet(packet_t *packet)
.disable_sort = _disable_sort,
.generate = _generate,
.is_encoded = _is_encoded,
+ .is_fragmented = _is_fragmented,
+ .fragment = _fragment,
+ .add_fragment = _add_fragment_v2,
.set_source = _set_source,
.get_source = _get_source,
.set_destination = _set_destination,
@@ -2207,6 +2908,7 @@ message_t *message_create_from_packet(packet_t *packet)
.parse_body = _parse_body,
.get_packet = _get_packet,
.get_packet_data = _get_packet_data,
+ .get_fragments = _get_fragments,
.destroy = _destroy,
},
.exchange_type = EXCHANGE_TYPE_UNDEFINED,
@@ -2232,3 +2934,34 @@ message_t *message_create(int major, int minor)
return this;
}
+
+/*
+ * Described in header.
+ */
+message_t *message_create_defrag(message_t *fragment)
+{
+ private_message_t *this;
+
+ if (!fragment->get_payload(fragment, PLV1_FRAGMENT) &&
+ !fragment->get_payload(fragment, PLV2_FRAGMENT))
+ {
+ return NULL;
+ }
+ this = (private_message_t*)clone_message((private_message_t*)fragment);
+ /* we don't need a parser for IKEv2, the one for IKEv1 is created after
+ * reassembling the original message */
+ this->parser->destroy(this->parser);
+ this->parser = NULL;
+ if (fragment->get_major_version(fragment) == IKEV1_MAJOR_VERSION)
+ {
+ /* we store the fragment ID in the message ID field, which should be
+ * zero for fragments, but make sure */
+ this->message_id = 0;
+ this->public.add_fragment = _add_fragment_v1;
+ }
+ INIT(this->frag,
+ .max_packet = lib->settings->get_int(lib->settings,
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
+ );
+ return &this->public;
+}
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index 7631a7c3a..a03aa8e96 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2011 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -39,7 +39,7 @@ typedef struct message_t message_t;
*
* The message handles parsing and generation of payloads
* via parser_t/generator_t. Encryption is done transparently
- * via the encryption_payload_t. A set of rules for messages
+ * via the encrypted_payload_t. A set of rules for messages
* and payloads does check parsed messages.
*/
struct message_t {
@@ -265,6 +265,53 @@ struct message_t {
bool (*is_encoded)(message_t *this);
/**
+ * Generates the message split into fragments of the given size (total IP
+ * datagram length).
+ *
+ * @param keymat keymat to encrypt/sign message(s)
+ * @param frag_len fragment length (maximum total IP datagram length), 0
+ * for default value depending on address family
+ * @param fragments receives an enumerator with generated packet_t*,
+ * which are owned by the enumerator
+ * @return
+ * - SUCCESS if message could be fragmented
+ * - FAILED if fragmentation failed
+ * - and the possible return values of generate()
+ */
+ status_t (*fragment)(message_t *this, keymat_t *keymat, size_t frag_len,
+ enumerator_t **fragments);
+
+ /**
+ * Check if the message has been encoded and fragmented using fragment(),
+ * and whether there actually resulted fragments (if not is_encoded() will
+ * be TRUE).
+ *
+ * The packets of individual fragments can be retrieved with
+ * get_fragments().
+ *
+ * @return TRUE if message has been encoded and fragmented
+ */
+ bool (*is_fragmented)(message_t *this);
+
+ /**
+ * Add a fragment to the message if it was created with
+ * message_create_defrag().
+ *
+ * Once the message is completed it should be processed like any other
+ * inbound message.
+ *
+ * @param fragment fragment to add
+ * @return
+ * - SUCCESS if message was reassembled
+ * - NEED_MORE if not all fragments have yet been received
+ * - FAILED if reassembling failed
+ * - INVALID_ARG if fragment is invalid for some reason
+ * - INVALID_STATE if message was not created using
+ * message_create_defrag()
+ */
+ status_t (*add_fragment)(message_t *this, message_t *fragment);
+
+ /**
* Gets the source host informations.
*
* @warning Returned host_t object is not getting cloned,
@@ -337,11 +384,11 @@ struct message_t {
notify_payload_t* (*get_notify)(message_t *this, notify_type_t type);
/**
- * Returns a clone of the internal stored packet_t object.
+ * Returns a clone of the internally stored packet_t object.
*
* @return packet_t object as clone of internal one
*/
- packet_t * (*get_packet) (message_t *this);
+ packet_t *(*get_packet) (message_t *this);
/**
* Returns a chunk pointing to internal packet_t data.
@@ -351,6 +398,13 @@ struct message_t {
chunk_t (*get_packet_data) (message_t *this);
/**
+ * Returns internally stored packet_t* objects for each fragment.
+ *
+ * @return enumerator internal packet_t* objects
+ */
+ enumerator_t *(*get_fragments)(message_t *this);
+
+ /**
* Destroys a message and all including objects.
*/
void (*destroy) (message_t *this);
@@ -380,4 +434,14 @@ message_t *message_create_from_packet(packet_t *packet);
*/
message_t *message_create(int major, int minor);
+/**
+ * Creates a message_t object that is used to reassemble fragmented messages.
+ *
+ * Use add_fragment() to add fragments.
+ *
+ * @param fragment initial fragment (is not added)
+ * @return message_t object, NULL if fragment is not actually one
+ */
+message_t *message_create_defrag(message_t *fragment);
+
#endif /** MESSAGE_H_ @}*/
diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c
index c33e30dd3..d6240fde2 100644
--- a/src/libcharon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
@@ -32,7 +32,7 @@
#include <encoding/payloads/nonce_payload.h>
#include <encoding/payloads/id_payload.h>
#include <encoding/payloads/notify_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
new file mode 100644
index 000000000..1c2cc379f
--- /dev/null
+++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup encrypted_fragment_payload encrypted_fragment_payload
+ * @{ @ingroup payloads
+ */
+
+#ifndef ENCRYPTED_FRAGMENT_PAYLOAD_H_
+#define ENCRYPTED_FRAGMENT_PAYLOAD_H_
+
+typedef struct encrypted_fragment_payload_t encrypted_fragment_payload_t;
+
+#include <encoding/payloads/encrypted_payload.h>
+
+/**
+ * The Encrypted Fragment Payload as described in RFC 7383
+ *
+ * The implementation is located in encrypted_payload.c as it is very similar.
+ */
+struct encrypted_fragment_payload_t {
+
+ /**
+ * Implements payload_t interface.
+ */
+ encrypted_payload_t encrypted;
+
+ /**
+ * Get the fragment number.
+ *
+ * @return fragment number
+ */
+ u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Get the total number of fragments.
+ *
+ * @return total number of fragments
+ */
+ u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Get the (decrypted) content of this payload.
+ *
+ * @return internal payload data
+ */
+ chunk_t (*get_content)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Destroys an encrypted_fragment_payload_t object.
+ */
+ void (*destroy)(encrypted_fragment_payload_t *this);
+};
+
+/**
+ * Creates an empty encrypted_fragment_payload_t object.
+ *
+ * @return encrypted_fragment_payload_t object
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create();
+
+/**
+ * Creates an encrypted fragment payload from the given data.
+ *
+ * @param num fragment number (first one should be 1)
+ * @param total total number of fragments
+ * @param data fragment data (gets cloned)
+ * @return encrypted_fragment_payload_t object
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
+ u_int16_t num, u_int16_t total, chunk_t data);
+
+#endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
new file mode 100644
index 000000000..5c574c34d
--- /dev/null
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -0,0 +1,1022 @@
+/*
+ * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include "encrypted_payload.h"
+#include "encrypted_fragment_payload.h"
+
+#include <daemon.h>
+#include <encoding/payloads/encodings.h>
+#include <collections/linked_list.h>
+#include <encoding/parser.h>
+
+typedef struct private_encrypted_payload_t private_encrypted_payload_t;
+typedef struct private_encrypted_fragment_payload_t private_encrypted_fragment_payload_t;
+
+struct private_encrypted_payload_t {
+
+ /**
+ * Public encrypted_payload_t interface.
+ */
+ encrypted_payload_t public;
+
+ /**
+ * There is no next payload for an encrypted payload,
+ * since encrypted payload MUST be the last one.
+ * next_payload means here the first payload of the
+ * contained, encrypted payload.
+ */
+ u_int8_t next_payload;
+
+ /**
+ * Flags, including reserved bits
+ */
+ u_int8_t flags;
+
+ /**
+ * Length of this payload
+ */
+ u_int16_t payload_length;
+
+ /**
+ * Chunk containing the IV, plain, padding and ICV.
+ */
+ chunk_t encrypted;
+
+ /**
+ * AEAD transform to use
+ */
+ aead_t *aead;
+
+ /**
+ * Contained payloads
+ */
+ linked_list_t *payloads;
+
+ /**
+ * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED
+ */
+ payload_type_t type;
+};
+
+struct private_encrypted_fragment_payload_t {
+
+ /**
+ * Public interface.
+ */
+ encrypted_fragment_payload_t public;
+
+ /**
+ * The first fragment contains the type of the first payload contained in
+ * the original encrypted payload, for all other fragments it MUST be set
+ * to zero.
+ */
+ u_int8_t next_payload;
+
+ /**
+ * Flags, including reserved bits
+ */
+ u_int8_t flags;
+
+ /**
+ * Length of this payload
+ */
+ u_int16_t payload_length;
+
+ /**
+ * Chunk containing the IV, plain, padding and ICV.
+ */
+ chunk_t encrypted;
+
+ /**
+ * Fragment number
+ */
+ u_int16_t fragment_number;
+
+ /**
+ * Total fragments
+ */
+ u_int16_t total_fragments;
+
+ /**
+ * AEAD transform to use
+ */
+ aead_t *aead;
+
+ /**
+ * Chunk containing the plain packet data.
+ */
+ chunk_t plain;
+};
+
+/**
+ * Encoding rules to parse or generate a IKEv2-Encrypted Payload.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_v2[] = {
+ /* 1 Byte next payload type, stored in the field next_payload */
+ { U_INT_8, offsetof(private_encrypted_payload_t, next_payload) },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encrypted_payload_t, flags) },
+ /* Length of the whole encrypted payload*/
+ { PAYLOAD_LENGTH, offsetof(private_encrypted_payload_t, payload_length) },
+ /* encrypted data, stored in a chunk. contains iv, data, padding */
+ { CHUNK_DATA, offsetof(private_encrypted_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload !C! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Initialization Vector !
+ ! (length is block size for encryption algorithm) !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+ ! ! Pad Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ~ Integrity Checksum Data ~
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Encoding rules to parse or generate a complete encrypted IKEv1 message.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_v1[] = {
+ /* encrypted data, stored in a chunk */
+ { ENCRYPTED_DATA, offsetof(private_encrypted_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Encoding rules to parse or generate an IKEv2-Encrypted Fragment Payload.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_fragment[] = {
+ /* 1 Byte next payload type, stored in the field next_payload */
+ { U_INT_8, offsetof(private_encrypted_fragment_payload_t, next_payload) },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encrypted_fragment_payload_t, flags) },
+ /* Length of the whole encryption payload*/
+ { PAYLOAD_LENGTH, offsetof(private_encrypted_fragment_payload_t, payload_length) },
+ /* Fragment number */
+ { U_INT_16, offsetof(private_encrypted_fragment_payload_t, fragment_number) },
+ /* Total number of fragments */
+ { U_INT_16, offsetof(private_encrypted_fragment_payload_t, total_fragments) },
+ /* encrypted data, stored in a chunk. contains iv, data, padding */
+ { CHUNK_DATA, offsetof(private_encrypted_fragment_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload !C! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Fragment Number | Total Fragments !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Initialization Vector !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+ ! ! Pad Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ~ Integrity Checksum Data ~
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+METHOD(payload_t, verify, status_t,
+ private_encrypted_payload_t *this)
+{
+ return SUCCESS;
+}
+
+METHOD(payload_t, get_encoding_rules, int,
+ private_encrypted_payload_t *this, encoding_rule_t **rules)
+{
+ if (this->type == PLV2_ENCRYPTED)
+ {
+ *rules = encodings_v2;
+ return countof(encodings_v2);
+ }
+ *rules = encodings_v1;
+ return countof(encodings_v1);
+}
+
+METHOD(payload_t, get_header_length, int,
+ private_encrypted_payload_t *this)
+{
+ if (this->type == PLV2_ENCRYPTED)
+ {
+ return 4;
+ }
+ return 0;
+}
+
+METHOD(payload_t, get_type, payload_type_t,
+ private_encrypted_payload_t *this)
+{
+ return this->type;
+}
+
+METHOD(payload_t, get_next_type, payload_type_t,
+ private_encrypted_payload_t *this)
+{
+ return this->next_payload;
+}
+
+METHOD(payload_t, set_next_type, void,
+ private_encrypted_payload_t *this, payload_type_t type)
+{
+ /* the next payload is set during add, still allow this for IKEv1 */
+ this->next_payload = type;
+}
+
+/**
+ * Get length of encryption/integrity overhead for the given plaintext length
+ */
+static size_t compute_overhead(aead_t *aead, size_t len)
+{
+ size_t bs, overhead;
+
+ /* padding */
+ bs = aead->get_block_size(aead);
+ overhead = bs - (len % bs);
+ /* add iv */
+ overhead += aead->get_iv_size(aead);
+ /* add icv */
+ overhead += aead->get_icv_size(aead);
+ return overhead;
+}
+
+/**
+ * Compute the length of the whole payload
+ */
+static void compute_length(private_encrypted_payload_t *this)
+{
+ enumerator_t *enumerator;
+ payload_t *payload;
+ size_t length = 0;
+
+ if (this->encrypted.len)
+ {
+ length = this->encrypted.len;
+ }
+ else
+ {
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ length += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ if (this->aead)
+ {
+ length += compute_overhead(this->aead, length);
+ }
+ }
+ length += get_header_length(this);
+ this->payload_length = length;
+}
+
+METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
+ private_encrypted_payload_t *this)
+{
+ compute_length(this);
+ return this->payload_length;
+}
+
+METHOD(encrypted_payload_t, add_payload, void,
+ private_encrypted_payload_t *this, payload_t *payload)
+{
+ payload_t *last_payload;
+
+ if (this->payloads->get_count(this->payloads) > 0)
+ {
+ this->payloads->get_last(this->payloads, (void **)&last_payload);
+ last_payload->set_next_type(last_payload, payload->get_type(payload));
+ }
+ else
+ {
+ this->next_payload = payload->get_type(payload);
+ }
+ payload->set_next_type(payload, PL_NONE);
+ this->payloads->insert_last(this->payloads, payload);
+ compute_length(this);
+}
+
+METHOD(encrypted_payload_t, remove_payload, payload_t *,
+ private_encrypted_payload_t *this)
+{
+ payload_t *payload;
+
+ if (this->payloads->remove_first(this->payloads,
+ (void**)&payload) == SUCCESS)
+ {
+ return payload;
+ }
+ return NULL;
+}
+
+/**
+ * Generate payload before encryption
+ */
+static chunk_t generate(private_encrypted_payload_t *this,
+ generator_t *generator)
+{
+ payload_t *current, *next;
+ enumerator_t *enumerator;
+ u_int32_t *lenpos;
+ chunk_t chunk = chunk_empty;
+
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ if (enumerator->enumerate(enumerator, &current))
+ {
+ this->next_payload = current->get_type(current);
+
+ while (enumerator->enumerate(enumerator, &next))
+ {
+ current->set_next_type(current, next->get_type(next));
+ generator->generate_payload(generator, current);
+ current = next;
+ }
+ current->set_next_type(current, PL_NONE);
+ generator->generate_payload(generator, current);
+
+ chunk = generator->get_chunk(generator, &lenpos);
+ DBG2(DBG_ENC, "generated content in encrypted payload");
+ }
+ enumerator->destroy(enumerator);
+ return chunk;
+}
+
+METHOD(encrypted_payload_t, generate_payloads, void,
+ private_encrypted_payload_t *this, generator_t *generator)
+{
+ generate(this, generator);
+}
+
+/**
+ * Append the encrypted payload header to the associated data
+ */
+static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc)
+{
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(get_length(this)),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+/**
+ * Encrypts the data in plain and returns it in an allocated chunk.
+ */
+static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid,
+ chunk_t plain, chunk_t assoc, chunk_t *encrypted)
+{
+ chunk_t iv, padding, icv, crypt;
+ iv_gen_t *iv_gen;
+ rng_t *rng;
+ size_t bs;
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!rng)
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no RNG found", label);
+ return NOT_SUPPORTED;
+ }
+
+ iv_gen = aead->get_iv_gen(aead);
+ if (!iv_gen)
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no IV generator", label);
+ return NOT_SUPPORTED;
+ }
+
+ bs = aead->get_block_size(aead);
+ /* we need at least one byte padding to store the padding length */
+ padding.len = bs - (plain.len % bs);
+ iv.len = aead->get_iv_size(aead);
+ icv.len = aead->get_icv_size(aead);
+
+ /* prepare data to authenticate-encrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ *encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
+ iv.ptr = encrypted->ptr;
+ memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
+ plain.ptr = iv.ptr + iv.len;
+ padding.ptr = plain.ptr + plain.len;
+ icv.ptr = padding.ptr + padding.len;
+ crypt = chunk_create(plain.ptr, plain.len + padding.len);
+
+ if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) ||
+ !rng->get_bytes(rng, padding.len - 1, padding.ptr))
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no IV or padding", label);
+ rng->destroy(rng);
+
+ return FAILED;
+ }
+ padding.ptr[padding.len - 1] = padding.len - 1;
+ rng->destroy(rng);
+
+ DBG3(DBG_ENC, "%s encryption:", label);
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
+
+ if (!aead->encrypt(aead, crypt, assoc, iv, NULL))
+ {
+ return FAILED;
+ }
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ return SUCCESS;
+}
+
+METHOD(encrypted_payload_t, encrypt, status_t,
+ private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc)
+{
+ generator_t *generator;
+ chunk_t plain;
+ status_t status;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "encrypting encrypted payload failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ free(this->encrypted.ptr);
+ generator = generator_create();
+ plain = generate(this, generator);
+ assoc = append_header(this, assoc);
+ status = encrypt_content("encrypted payload", this->aead, mid, plain, assoc,
+ &this->encrypted);
+ generator->destroy(generator);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD(encrypted_payload_t, encrypt_v1, status_t,
+ private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv)
+{
+ generator_t *generator;
+ chunk_t plain, padding;
+ size_t bs;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "encryption failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ generator = generator_create();
+ plain = generate(this, generator);
+ bs = this->aead->get_block_size(this->aead);
+ padding.len = bs - (plain.len % bs);
+
+ /* prepare data to encrypt:
+ * | plain | padding | */
+ free(this->encrypted.ptr);
+ this->encrypted = chunk_alloc(plain.len + padding.len);
+ memcpy(this->encrypted.ptr, plain.ptr, plain.len);
+ plain.ptr = this->encrypted.ptr;
+ padding.ptr = plain.ptr + plain.len;
+ memset(padding.ptr, 0, padding.len);
+ generator->destroy(generator);
+
+ DBG3(DBG_ENC, "encrypting payloads:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+
+ if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
+ {
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
+
+ return SUCCESS;
+}
+
+/**
+ * Parse the payloads after decryption.
+ */
+static status_t parse(private_encrypted_payload_t *this, chunk_t plain)
+{
+ parser_t *parser;
+ payload_type_t type;
+
+ parser = parser_create(plain);
+ type = this->next_payload;
+ while (type != PL_NONE)
+ {
+ payload_t *payload;
+
+ if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
+ {
+ DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
+ payload_type_names, type);
+ parser->destroy(parser);
+ return PARSE_ERROR;
+ }
+ if (parser->parse_payload(parser, type, &payload) != SUCCESS)
+ {
+ parser->destroy(parser);
+ return PARSE_ERROR;
+ }
+ if (payload->verify(payload) != SUCCESS)
+ {
+ DBG1(DBG_ENC, "%N verification failed",
+ payload_type_names, payload->get_type(payload));
+ payload->destroy(payload);
+ parser->destroy(parser);
+ return VERIFY_ERROR;
+ }
+ type = payload->get_next_type(payload);
+ this->payloads->insert_last(this->payloads, payload);
+ }
+ parser->destroy(parser);
+ DBG2(DBG_ENC, "parsed content of encrypted payload");
+ return SUCCESS;
+}
+
+/**
+ * Decrypts the given data in-place and returns a chunk pointing to the
+ * resulting plaintext.
+ */
+static status_t decrypt_content(char *label, aead_t *aead, chunk_t encrypted,
+ chunk_t assoc, chunk_t *plain)
+{
+ chunk_t iv, padding, icv, crypt;
+ size_t bs;
+
+ /* prepare data to authenticate-decrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ bs = aead->get_block_size(aead);
+ iv.len = aead->get_iv_size(aead);
+ iv.ptr = encrypted.ptr;
+ icv.len = aead->get_icv_size(aead);
+ icv.ptr = encrypted.ptr + encrypted.len - icv.len;
+ crypt.ptr = iv.ptr + iv.len;
+ crypt.len = encrypted.len - iv.len;
+
+ if (iv.len + icv.len > encrypted.len ||
+ (crypt.len - icv.len) % bs)
+ {
+ DBG1(DBG_ENC, "decrypting %s payload failed, invalid length", label);
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "%s decryption:", label);
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
+
+ if (!aead->decrypt(aead, crypt, assoc, iv, NULL))
+ {
+ DBG1(DBG_ENC, "verifying %s integrity failed", label);
+ return FAILED;
+ }
+
+ *plain = chunk_create(crypt.ptr, crypt.len - icv.len);
+ padding.len = plain->ptr[plain->len - 1] + 1;
+ if (padding.len > plain->len)
+ {
+ DBG1(DBG_ENC, "decrypting %s failed, padding invalid %B", label,
+ &crypt);
+ return PARSE_ERROR;
+ }
+ plain->len -= padding.len;
+ padding.ptr = plain->ptr + plain->len;
+
+ DBG3(DBG_ENC, "plain %B", plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ return SUCCESS;
+}
+
+METHOD(encrypted_payload_t, decrypt, status_t,
+ private_encrypted_payload_t *this, chunk_t assoc)
+{
+ chunk_t plain;
+ status_t status;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "decrypting encrypted payload failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ assoc = append_header(this, assoc);
+ status = decrypt_content("encrypted payload", this->aead, this->encrypted,
+ assoc, &plain);
+ free(assoc.ptr);
+
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ return parse(this, plain);
+}
+
+METHOD(encrypted_payload_t, decrypt_plain, status_t,
+ private_encrypted_payload_t *this, chunk_t assoc)
+{
+ if (!this->encrypted.ptr)
+ {
+ return FAILED;
+ }
+ return parse(this, this->encrypted);
+}
+
+METHOD(encrypted_payload_t, decrypt_v1, status_t,
+ private_encrypted_payload_t *this, chunk_t iv)
+{
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "decryption failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ /* data must be a multiple of block size */
+ if (iv.len != this->aead->get_block_size(this->aead) ||
+ this->encrypted.len < iv.len || this->encrypted.len % iv.len)
+ {
+ DBG1(DBG_ENC, "decryption failed, invalid length");
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "decrypting payloads:");
+ DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
+
+ if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
+ {
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "plain %B", &this->encrypted);
+
+ return parse(this, this->encrypted);
+}
+
+METHOD(encrypted_payload_t, set_transform, void,
+ private_encrypted_payload_t *this, aead_t* aead)
+{
+ this->aead = aead;
+}
+
+METHOD2(payload_t, encrypted_payload_t, destroy, void,
+ private_encrypted_payload_t *this)
+{
+ this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
+ free(this->encrypted.ptr);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+encrypted_payload_t *encrypted_payload_create(payload_type_t type)
+{
+ private_encrypted_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .payload_interface = {
+ .verify = _verify,
+ .get_encoding_rules = _get_encoding_rules,
+ .get_header_length = _get_header_length,
+ .get_length = _get_length,
+ .get_next_type = _get_next_type,
+ .set_next_type = _set_next_type,
+ .get_type = _get_type,
+ .destroy = _destroy,
+ },
+ .get_length = _get_length,
+ .add_payload = _add_payload,
+ .remove_payload = _remove_payload,
+ .generate_payloads = _generate_payloads,
+ .set_transform = _set_transform,
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .destroy = _destroy,
+ },
+ .next_payload = PL_NONE,
+ .payloads = linked_list_create(),
+ .type = type,
+ );
+ this->payload_length = get_header_length(this);
+
+ if (type == PLV1_ENCRYPTED)
+ {
+ this->public.encrypt = _encrypt_v1;
+ this->public.decrypt = _decrypt_v1;
+ }
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
+ chunk_t plain)
+{
+ private_encrypted_payload_t *this;
+
+ this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
+ this->public.decrypt = _decrypt_plain;
+ this->next_payload = next;
+ this->encrypted = plain;
+ compute_length(this);
+
+ return &this->public;
+}
+
+METHOD(payload_t, frag_verify, status_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ if (!this->fragment_number || !this->total_fragments ||
+ this->fragment_number > this->total_fragments)
+ {
+ DBG1(DBG_ENC, "invalid fragment number (%u) or total fragments (%u)",
+ this->fragment_number, this->total_fragments);
+ return FAILED;
+ }
+ if (this->fragment_number > 1 && this->next_payload != 0)
+ {
+ DBG1(DBG_ENC, "invalid next payload (%u) for fragment %u, ignored",
+ this->next_payload, this->fragment_number);
+ this->next_payload = 0;
+ }
+ return SUCCESS;
+}
+
+METHOD(payload_t, frag_get_encoding_rules, int,
+ private_encrypted_fragment_payload_t *this, encoding_rule_t **rules)
+{
+ *rules = encodings_fragment;
+ return countof(encodings_fragment);
+}
+
+METHOD(payload_t, frag_get_header_length, int,
+ private_encrypted_fragment_payload_t *this)
+{
+ return 8;
+}
+
+METHOD(payload_t, frag_get_type, payload_type_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return PLV2_FRAGMENT;
+}
+
+METHOD(payload_t, frag_get_next_type, payload_type_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->next_payload;
+}
+
+METHOD(payload_t, frag_set_next_type, void,
+ private_encrypted_fragment_payload_t *this, payload_type_t type)
+{
+ if (this->fragment_number == 1 && this->next_payload == PL_NONE)
+ {
+ this->next_payload = type;
+ }
+}
+
+METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ if (this->encrypted.len)
+ {
+ this->payload_length = this->encrypted.len;
+ }
+ else
+ {
+ this->payload_length = this->plain.len;
+
+ if (this->aead)
+ {
+ this->payload_length += compute_overhead(this->aead,
+ this->payload_length);
+ }
+ }
+ this->payload_length += frag_get_header_length(this);
+ return this->payload_length;
+}
+
+METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->fragment_number;
+}
+
+METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->total_fragments;
+}
+
+METHOD(encrypted_fragment_payload_t, frag_get_content, chunk_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->plain;
+}
+
+METHOD(encrypted_payload_t, frag_add_payload, void,
+ private_encrypted_fragment_payload_t *this, payload_t* payload)
+{
+ payload->destroy(payload);
+}
+
+METHOD(encrypted_payload_t, frag_set_transform, void,
+ private_encrypted_fragment_payload_t *this, aead_t* aead)
+{
+ this->aead = aead;
+}
+
+/**
+ * Append the encrypted fragment payload header to the associated data
+ */
+static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this,
+ chunk_t assoc)
+{
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ u_int16_t fragment_number;
+ u_int16_t total_fragments;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(frag_get_length(this)),
+ .fragment_number = htons(this->fragment_number),
+ .total_fragments = htons(this->total_fragments),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+METHOD(encrypted_payload_t, frag_encrypt, status_t,
+ private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc)
+{
+ status_t status;
+
+ if (!this->aead)
+ {
+ DBG1(DBG_ENC, "encrypting encrypted fragment payload failed, "
+ "transform missing");
+ return INVALID_STATE;
+ }
+ free(this->encrypted.ptr);
+ assoc = append_header_frag(this, assoc);
+ status = encrypt_content("encrypted fragment payload", this->aead, mid,
+ this->plain, assoc, &this->encrypted);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD(encrypted_payload_t, frag_decrypt, status_t,
+ private_encrypted_fragment_payload_t *this, chunk_t assoc)
+{
+ status_t status;
+
+ if (!this->aead)
+ {
+ DBG1(DBG_ENC, "decrypting encrypted fragment payload failed, "
+ "transform missing");
+ return INVALID_STATE;
+ }
+ free(this->plain.ptr);
+ assoc = append_header_frag(this, assoc);
+ status = decrypt_content("encrypted fragment payload", this->aead,
+ this->encrypted, assoc, &this->plain);
+ this->plain = chunk_clone(this->plain);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD2(payload_t, encrypted_payload_t, frag_destroy, void,
+ private_encrypted_fragment_payload_t *this)
+{
+ free(this->encrypted.ptr);
+ free(this->plain.ptr);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create()
+{
+ private_encrypted_fragment_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .encrypted = {
+ .payload_interface = {
+ .verify = _frag_verify,
+ .get_encoding_rules = _frag_get_encoding_rules,
+ .get_header_length = _frag_get_header_length,
+ .get_length = _frag_get_length,
+ .get_next_type = _frag_get_next_type,
+ .set_next_type = _frag_set_next_type,
+ .get_type = _frag_get_type,
+ .destroy = _frag_destroy,
+ },
+ .get_length = _frag_get_length,
+ .add_payload = _frag_add_payload,
+ .remove_payload = (void*)return_null,
+ .generate_payloads = nop,
+ .set_transform = _frag_set_transform,
+ .encrypt = _frag_encrypt,
+ .decrypt = _frag_decrypt,
+ .destroy = _frag_destroy,
+ },
+ .get_fragment_number = _get_fragment_number,
+ .get_total_fragments = _get_total_fragments,
+ .get_content = _frag_get_content,
+ },
+ .next_payload = PL_NONE,
+ );
+ this->payload_length = frag_get_header_length(this);
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
+ u_int16_t num, u_int16_t total, chunk_t plain)
+{
+ private_encrypted_fragment_payload_t *this;
+
+ this = (private_encrypted_fragment_payload_t*)encrypted_fragment_payload_create();
+ this->fragment_number = num;
+ this->total_fragments = total;
+ this->plain = chunk_clone(plain);
+
+ return &this->public;
+}
diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index ee44c2de1..be59e3c2d 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
@@ -16,23 +17,24 @@
*/
/**
- * @defgroup encryption_payload encryption_payload
+ * @defgroup encrypted_payload encrypted_payload
* @{ @ingroup payloads
*/
-#ifndef ENCRYPTION_PAYLOAD_H_
-#define ENCRYPTION_PAYLOAD_H_
+#ifndef ENCRYPTED_PAYLOAD_H_
+#define ENCRYPTED_PAYLOAD_H_
-typedef struct encryption_payload_t encryption_payload_t;
+typedef struct encrypted_payload_t encrypted_payload_t;
#include <library.h>
#include <crypto/aead.h>
#include <encoding/payloads/payload.h>
+#include <encoding/generator.h>
/**
- * The encryption payload as described in RFC section 3.14.
+ * The encrypted payload as described in RFC section 3.14.
*/
-struct encryption_payload_t {
+struct encrypted_payload_t {
/**
* Implements payload_t interface.
@@ -44,14 +46,14 @@ struct encryption_payload_t {
*
* @return (expected) payload length
*/
- size_t (*get_length)(encryption_payload_t *this);
+ size_t (*get_length)(encrypted_payload_t *this);
/**
* Adds a payload to this encryption payload.
*
* @param payload payload_t object to add
*/
- void (*add_payload) (encryption_payload_t *this, payload_t *payload);
+ void (*add_payload) (encrypted_payload_t *this, payload_t *payload);
/**
* Remove the first payload in the list
@@ -59,14 +61,22 @@ struct encryption_payload_t {
* @param payload removed payload
* @return payload, NULL if none left
*/
- payload_t* (*remove_payload)(encryption_payload_t *this);
+ payload_t* (*remove_payload)(encrypted_payload_t *this);
+
+ /**
+ * Uses the given generator to generate the contained payloads.
+ *
+ * @param generator generator used to generate the contained payloads
+ */
+ void (*generate_payloads)(encrypted_payload_t *this,
+ generator_t *generator);
/**
* Set the AEAD transform to use.
*
* @param aead aead transform to use
*/
- void (*set_transform) (encryption_payload_t *this, aead_t *aead);
+ void (*set_transform) (encrypted_payload_t *this, aead_t *aead);
/**
* Generate, encrypt and sign contained payloads.
@@ -78,7 +88,7 @@ struct encryption_payload_t {
* - FAILED if encryption failed
* - INVALID_STATE if aead not supplied, but needed
*/
- status_t (*encrypt) (encryption_payload_t *this, u_int64_t mid,
+ status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid,
chunk_t assoc);
/**
@@ -92,20 +102,31 @@ struct encryption_payload_t {
* - FAILED if integrity check failed
* - INVALID_STATE if aead not supplied, but needed
*/
- status_t (*decrypt) (encryption_payload_t *this, chunk_t assoc);
+ status_t (*decrypt) (encrypted_payload_t *this, chunk_t assoc);
/**
- * Destroys an encryption_payload_t object.
+ * Destroys an encrypted_payload_t object.
*/
- void (*destroy) (encryption_payload_t *this);
+ void (*destroy) (encrypted_payload_t *this);
};
/**
- * Creates an empty encryption_payload_t object.
+ * Creates an empty encrypted_payload_t object.
*
* @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED
- * @return encryption_payload_t object
+ * @return encrypted_payload_t object
+ */
+encrypted_payload_t *encrypted_payload_create(payload_type_t type);
+
+/**
+ * Creates an encrypted payload with the given plain text data and next payload
+ * type.
+ *
+ * @param next next payload type
+ * @param plain plaintext data (gets adopted)
+ * @return encrypted_payload_t object
*/
-encryption_payload_t *encryption_payload_create(payload_type_t type);
+encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
+ chunk_t plain);
-#endif /** ENCRYPTION_PAYLOAD_H_ @}*/
+#endif /** ENCRYPTED_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
deleted file mode 100644
index 5784562f8..000000000
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ /dev/null
@@ -1,634 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- * Copyright (C) 2011 Tobias Brunner
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include "encryption_payload.h"
-
-#include <daemon.h>
-#include <encoding/payloads/encodings.h>
-#include <collections/linked_list.h>
-#include <encoding/generator.h>
-#include <encoding/parser.h>
-
-typedef struct private_encryption_payload_t private_encryption_payload_t;
-
-/**
- * Private data of an encryption_payload_t' Object.
- *
- */
-struct private_encryption_payload_t {
-
- /**
- * Public encryption_payload_t interface.
- */
- encryption_payload_t public;
-
- /**
- * There is no next payload for an encryption payload,
- * since encryption payload MUST be the last one.
- * next_payload means here the first payload of the
- * contained, encrypted payload.
- */
- u_int8_t next_payload;
-
- /**
- * Flags, including reserved bits
- */
- u_int8_t flags;
-
- /**
- * Length of this payload
- */
- u_int16_t payload_length;
-
- /**
- * Chunk containing the IV, plain, padding and ICV.
- */
- chunk_t encrypted;
-
- /**
- * AEAD transform to use
- */
- aead_t *aead;
-
- /**
- * Contained payloads
- */
- linked_list_t *payloads;
-
- /**
- * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED
- */
- payload_type_t type;
-};
-
-/**
- * Encoding rules to parse or generate a IKEv2-Encryption Payload.
- *
- * The defined offsets are the positions in a object of type
- * private_encryption_payload_t.
- */
-static encoding_rule_t encodings_v2[] = {
- /* 1 Byte next payload type, stored in the field next_payload */
- { U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
- /* Critical and 7 reserved bits, all stored for reconstruction */
- { U_INT_8, offsetof(private_encryption_payload_t, flags) },
- /* Length of the whole encryption payload*/
- { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
- /* encrypted data, stored in a chunk. contains iv, data, padding */
- { CHUNK_DATA, offsetof(private_encryption_payload_t, encrypted) },
-};
-
-/*
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Next Payload !C! RESERVED ! Payload Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Initialization Vector !
- ! (length is block size for encryption algorithm) !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Encrypted IKE Payloads !
- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! ! Padding (0-255 octets) !
- +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
- ! ! Pad Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Integrity Checksum Data ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-*/
-
-/**
- * Encoding rules to parse or generate a complete encrypted IKEv1 message.
- *
- * The defined offsets are the positions in a object of type
- * private_encryption_payload_t.
- */
-static encoding_rule_t encodings_v1[] = {
- /* encrypted data, stored in a chunk */
- { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
-};
-
-/*
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Encrypted IKE Payloads !
- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! ! Padding (0-255 octets) !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-*/
-
-METHOD(payload_t, verify, status_t,
- private_encryption_payload_t *this)
-{
- return SUCCESS;
-}
-
-METHOD(payload_t, get_encoding_rules, int,
- private_encryption_payload_t *this, encoding_rule_t **rules)
-{
- if (this->type == PLV2_ENCRYPTED)
- {
- *rules = encodings_v2;
- return countof(encodings_v2);
- }
- *rules = encodings_v1;
- return countof(encodings_v1);
-}
-
-METHOD(payload_t, get_header_length, int,
- private_encryption_payload_t *this)
-{
- if (this->type == PLV2_ENCRYPTED)
- {
- return 4;
- }
- return 0;
-}
-
-METHOD(payload_t, get_type, payload_type_t,
- private_encryption_payload_t *this)
-{
- return this->type;
-}
-
-METHOD(payload_t, get_next_type, payload_type_t,
- private_encryption_payload_t *this)
-{
- return this->next_payload;
-}
-
-METHOD(payload_t, set_next_type, void,
- private_encryption_payload_t *this, payload_type_t type)
-{
- /* the next payload is set during add, still allow this for IKEv1 */
- this->next_payload = type;
-}
-
-/**
- * Compute the length of the whole payload
- */
-static void compute_length(private_encryption_payload_t *this)
-{
- enumerator_t *enumerator;
- payload_t *payload;
- size_t bs, length = 0;
-
- if (this->encrypted.len)
- {
- length = this->encrypted.len;
- }
- else
- {
- enumerator = this->payloads->create_enumerator(this->payloads);
- while (enumerator->enumerate(enumerator, &payload))
- {
- length += payload->get_length(payload);
- }
- enumerator->destroy(enumerator);
-
- if (this->aead)
- {
- /* append padding */
- bs = this->aead->get_block_size(this->aead);
- length += bs - (length % bs);
- /* add iv */
- length += this->aead->get_iv_size(this->aead);
- /* add icv */
- length += this->aead->get_icv_size(this->aead);
- }
- }
- length += get_header_length(this);
- this->payload_length = length;
-}
-
-METHOD2(payload_t, encryption_payload_t, get_length, size_t,
- private_encryption_payload_t *this)
-{
- compute_length(this);
- return this->payload_length;
-}
-
-METHOD(encryption_payload_t, add_payload, void,
- private_encryption_payload_t *this, payload_t *payload)
-{
- payload_t *last_payload;
-
- if (this->payloads->get_count(this->payloads) > 0)
- {
- this->payloads->get_last(this->payloads, (void **)&last_payload);
- last_payload->set_next_type(last_payload, payload->get_type(payload));
- }
- else
- {
- this->next_payload = payload->get_type(payload);
- }
- payload->set_next_type(payload, PL_NONE);
- this->payloads->insert_last(this->payloads, payload);
- compute_length(this);
-}
-
-METHOD(encryption_payload_t, remove_payload, payload_t *,
- private_encryption_payload_t *this)
-{
- payload_t *payload;
-
- if (this->payloads->remove_first(this->payloads,
- (void**)&payload) == SUCCESS)
- {
- return payload;
- }
- return NULL;
-}
-
-/**
- * Generate payload before encryption
- */
-static chunk_t generate(private_encryption_payload_t *this,
- generator_t *generator)
-{
- payload_t *current, *next;
- enumerator_t *enumerator;
- u_int32_t *lenpos;
- chunk_t chunk = chunk_empty;
-
- enumerator = this->payloads->create_enumerator(this->payloads);
- if (enumerator->enumerate(enumerator, &current))
- {
- this->next_payload = current->get_type(current);
-
- while (enumerator->enumerate(enumerator, &next))
- {
- current->set_next_type(current, next->get_type(next));
- generator->generate_payload(generator, current);
- current = next;
- }
- current->set_next_type(current, PL_NONE);
- generator->generate_payload(generator, current);
-
- chunk = generator->get_chunk(generator, &lenpos);
- DBG2(DBG_ENC, "generated content in encryption payload");
- }
- enumerator->destroy(enumerator);
- return chunk;
-}
-
-/**
- * Append the encryption payload header to the associated data
- */
-static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc)
-{
- struct {
- u_int8_t next_payload;
- u_int8_t flags;
- u_int16_t length;
- } __attribute__((packed)) header = {
- .next_payload = this->next_payload,
- .flags = this->flags,
- .length = htons(get_length(this)),
- };
- return chunk_cat("cc", assoc, chunk_from_thing(header));
-}
-
-METHOD(encryption_payload_t, encrypt, status_t,
- private_encryption_payload_t *this, u_int64_t mid, chunk_t assoc)
-{
- chunk_t iv, plain, padding, icv, crypt;
- generator_t *generator;
- iv_gen_t *iv_gen;
- rng_t *rng;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing");
- return INVALID_STATE;
- }
-
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found");
- return NOT_SUPPORTED;
- }
-
- iv_gen = this->aead->get_iv_gen(this->aead);
- if (!iv_gen)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no IV generator");
- return NOT_SUPPORTED;
- }
-
- assoc = append_header(this, assoc);
-
- generator = generator_create();
- plain = generate(this, generator);
- bs = this->aead->get_block_size(this->aead);
- /* we need at least one byte padding to store the padding length */
- padding.len = bs - (plain.len % bs);
- iv.len = this->aead->get_iv_size(this->aead);
- icv.len = this->aead->get_icv_size(this->aead);
-
- /* prepare data to authenticate-encrypt:
- * | IV | plain | padding | ICV |
- * \____crypt______/ ^
- * | /
- * v /
- * assoc -> + ------->/
- */
- free(this->encrypted.ptr);
- this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
- iv.ptr = this->encrypted.ptr;
- memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
- plain.ptr = iv.ptr + iv.len;
- padding.ptr = plain.ptr + plain.len;
- icv.ptr = padding.ptr + padding.len;
- crypt = chunk_create(plain.ptr, plain.len + padding.len);
- generator->destroy(generator);
-
- if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) ||
- !rng->get_bytes(rng, padding.len - 1, padding.ptr))
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding");
- rng->destroy(rng);
- free(assoc.ptr);
- return FAILED;
- }
- padding.ptr[padding.len - 1] = padding.len - 1;
- rng->destroy(rng);
-
- DBG3(DBG_ENC, "encryption payload encryption:");
- DBG3(DBG_ENC, "IV %B", &iv);
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
- DBG3(DBG_ENC, "assoc %B", &assoc);
-
- if (!this->aead->encrypt(this->aead, crypt, assoc, iv, NULL))
- {
- free(assoc.ptr);
- return FAILED;
- }
-
- DBG3(DBG_ENC, "encrypted %B", &crypt);
- DBG3(DBG_ENC, "ICV %B", &icv);
-
- free(assoc.ptr);
-
- return SUCCESS;
-}
-
-METHOD(encryption_payload_t, encrypt_v1, status_t,
- private_encryption_payload_t *this, u_int64_t mid, chunk_t iv)
-{
- generator_t *generator;
- chunk_t plain, padding;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "encryption failed, transform missing");
- return INVALID_STATE;
- }
-
- generator = generator_create();
- plain = generate(this, generator);
- bs = this->aead->get_block_size(this->aead);
- padding.len = bs - (plain.len % bs);
-
- /* prepare data to encrypt:
- * | plain | padding | */
- free(this->encrypted.ptr);
- this->encrypted = chunk_alloc(plain.len + padding.len);
- memcpy(this->encrypted.ptr, plain.ptr, plain.len);
- plain.ptr = this->encrypted.ptr;
- padding.ptr = plain.ptr + plain.len;
- memset(padding.ptr, 0, padding.len);
- generator->destroy(generator);
-
- DBG3(DBG_ENC, "encrypting payloads:");
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
-
- if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
- {
- return FAILED;
- }
-
- DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
-
- return SUCCESS;
-}
-
-/**
- * Parse the payloads after decryption.
- */
-static status_t parse(private_encryption_payload_t *this, chunk_t plain)
-{
- parser_t *parser;
- payload_type_t type;
-
- parser = parser_create(plain);
- type = this->next_payload;
- while (type != PL_NONE)
- {
- payload_t *payload;
-
- if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
- {
- DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
- payload_type_names, type);
- parser->destroy(parser);
- return PARSE_ERROR;
- }
- if (parser->parse_payload(parser, type, &payload) != SUCCESS)
- {
- parser->destroy(parser);
- return PARSE_ERROR;
- }
- if (payload->verify(payload) != SUCCESS)
- {
- DBG1(DBG_ENC, "%N verification failed",
- payload_type_names, payload->get_type(payload));
- payload->destroy(payload);
- parser->destroy(parser);
- return VERIFY_ERROR;
- }
- type = payload->get_next_type(payload);
- this->payloads->insert_last(this->payloads, payload);
- }
- parser->destroy(parser);
- DBG2(DBG_ENC, "parsed content of encryption payload");
- return SUCCESS;
-}
-
-METHOD(encryption_payload_t, decrypt, status_t,
- private_encryption_payload_t *this, chunk_t assoc)
-{
- chunk_t iv, plain, padding, icv, crypt;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
- return INVALID_STATE;
- }
-
- /* prepare data to authenticate-decrypt:
- * | IV | plain | padding | ICV |
- * \____crypt______/ ^
- * | /
- * v /
- * assoc -> + ------->/
- */
-
- bs = this->aead->get_block_size(this->aead);
- iv.len = this->aead->get_iv_size(this->aead);
- iv.ptr = this->encrypted.ptr;
- icv.len = this->aead->get_icv_size(this->aead);
- icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len;
- crypt.ptr = iv.ptr + iv.len;
- crypt.len = this->encrypted.len - iv.len;
-
- if (iv.len + icv.len > this->encrypted.len ||
- (crypt.len - icv.len) % bs)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
- return FAILED;
- }
-
- assoc = append_header(this, assoc);
-
- DBG3(DBG_ENC, "encryption payload decryption:");
- DBG3(DBG_ENC, "IV %B", &iv);
- DBG3(DBG_ENC, "encrypted %B", &crypt);
- DBG3(DBG_ENC, "ICV %B", &icv);
- DBG3(DBG_ENC, "assoc %B", &assoc);
-
- if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL))
- {
- DBG1(DBG_ENC, "verifying encryption payload integrity failed");
- free(assoc.ptr);
- return FAILED;
- }
- free(assoc.ptr);
-
- plain = chunk_create(crypt.ptr, crypt.len - icv.len);
- padding.len = plain.ptr[plain.len - 1] + 1;
- if (padding.len > plain.len)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, "
- "padding invalid %B", &crypt);
- return PARSE_ERROR;
- }
- plain.len -= padding.len;
- padding.ptr = plain.ptr + plain.len;
-
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
-
- return parse(this, plain);
-}
-
-METHOD(encryption_payload_t, decrypt_v1, status_t,
- private_encryption_payload_t *this, chunk_t iv)
-{
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "decryption failed, transform missing");
- return INVALID_STATE;
- }
-
- /* data must be a multiple of block size */
- if (iv.len != this->aead->get_block_size(this->aead) ||
- this->encrypted.len < iv.len || this->encrypted.len % iv.len)
- {
- DBG1(DBG_ENC, "decryption failed, invalid length");
- return FAILED;
- }
-
- DBG3(DBG_ENC, "decrypting payloads:");
- DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
-
- if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
- {
- return FAILED;
- }
-
- DBG3(DBG_ENC, "plain %B", &this->encrypted);
-
- return parse(this, this->encrypted);
-}
-
-METHOD(encryption_payload_t, set_transform, void,
- private_encryption_payload_t *this, aead_t* aead)
-{
- this->aead = aead;
-}
-
-METHOD2(payload_t, encryption_payload_t, destroy, void,
- private_encryption_payload_t *this)
-{
- this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
- free(this->encrypted.ptr);
- free(this);
-}
-
-/*
- * Described in header
- */
-encryption_payload_t *encryption_payload_create(payload_type_t type)
-{
- private_encryption_payload_t *this;
-
- INIT(this,
- .public = {
- .payload_interface = {
- .verify = _verify,
- .get_encoding_rules = _get_encoding_rules,
- .get_header_length = _get_header_length,
- .get_length = _get_length,
- .get_next_type = _get_next_type,
- .set_next_type = _set_next_type,
- .get_type = _get_type,
- .destroy = _destroy,
- },
- .get_length = _get_length,
- .add_payload = _add_payload,
- .remove_payload = _remove_payload,
- .set_transform = _set_transform,
- .encrypt = _encrypt,
- .decrypt = _decrypt,
- .destroy = _destroy,
- },
- .next_payload = PL_NONE,
- .payloads = linked_list_create(),
- .type = type,
- );
- this->payload_length = get_header_length(this);
-
- if (type == PLV1_ENCRYPTED)
- {
- this->public.encrypt = _encrypt_v1;
- this->public.decrypt = _decrypt_v1;
- }
-
- return &this->public;
-}
diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 7015667ee..c96738a34 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -210,8 +210,9 @@ METHOD(payload_t, verify, status_t,
case TRANSACTION:
case QUICK_MODE:
case NEW_GROUP_MODE:
- if (this->maj_version != IKEV1_MAJOR_VERSION)
+ if (this->maj_version == IKEV2_MAJOR_VERSION)
{
+ /* IKEv1 exchange type in IKEv2? */
return FAILED;
}
break;
@@ -223,14 +224,20 @@ METHOD(payload_t, verify, status_t,
#ifdef ME
case ME_CONNECT:
#endif /* ME */
- if (this->maj_version != IKEV2_MAJOR_VERSION)
+ if (this->maj_version == IKEV1_MAJOR_VERSION)
{
+ /* IKEv2 exchange type in IKEv1? */
return FAILED;
}
break;
default:
- /* unsupported exchange type */
- return FAILED;
+ if (this->maj_version == IKEV1_MAJOR_VERSION ||
+ this->maj_version == IKEV2_MAJOR_VERSION)
+ {
+ /* unsupported exchange type for known version */
+ return FAILED;
+ }
+ break;
}
if (this->initiator_spi == 0)
{
@@ -501,4 +508,3 @@ ike_header_t *ike_header_create_version(int major, int minor)
}
return this;
}
-
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index dd92e429a..94723ddd7 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_
"ME_CONNECT_FAILED");
ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_NOTIFY_STATUS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -110,8 +110,10 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"PSK_PERSIST",
"PSK_CONFIRM",
"ERX_SUPPORTED",
- "IFOM_CAPABILITY");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
+ "IFOM_CAPABILITY",
+ "SENDER_REQUEST_ID",
+ "FRAGMENTATION_SUPPORTED");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -128,7 +130,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE,
"ME_CONNECTKEY",
"ME_CONNECTAUTH",
"ME_RESPONSE",
- "RADIUS_ATTRIBUTE",);
+ "RADIUS_ATTRIBUTE");
ENUM_END(notify_type_names, RADIUS_ATTRIBUTE);
@@ -172,7 +174,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S
"ME_CONN_FAIL");
ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_STATUS");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -217,8 +219,10 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_S
"PSK_PST",
"PSK_CFM",
"ERX_SUP",
- "IFOM_CAP");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
+ "IFOM_CAP",
+ "SENDER_REQ_ID",
+ "FRAG_SUP");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 3c56f0673..25521c2bb 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -147,6 +147,10 @@ enum notify_type_t {
ERX_SUPPORTED = 16427,
/* IFOM capability, 3GPP TS 24.303, annex B.2 */
IFOM_CAPABILITY = 16428,
+ /* SENDER_REQUEST_ID (draft-yeung-g-ikev2) */
+ SENDER_REQUEST_ID = 16429,
+ /* IKEv2 fragmentation supported, RFC 7383 */
+ FRAGMENTATION_SUPPORTED = 16430,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index fd616620d..600b6dd68 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -28,7 +28,8 @@
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
+#include <encoding/payloads/encrypted_fragment_payload.h>
#include <encoding/payloads/ts_payload.h>
#include <encoding/payloads/delete_payload.h>
#include <encoding/payloads/vendor_id_payload.h>
@@ -59,7 +60,7 @@ ENUM_NEXT(payload_type_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_
ENUM_NEXT(payload_type_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION,
"NAT_D_V1",
"NAT_OA_V1");
-ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
+ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA,
"SECURITY_ASSOCIATION",
"KEY_EXCHANGE",
"ID_INITIATOR",
@@ -76,16 +77,20 @@ ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
"ENCRYPTED",
"CONFIGURATION",
"EAP",
- "GSPM");
+ "GSPM",
+ "GROUP_ID",
+ "GROUP_SECURITY_ASSOCIATION",
+ "KEY_DOWNLOAD",
+ "ENCRYPTED_FRAGMENT");
#ifdef ME
-ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM,
+ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT,
"ID_PEER");
ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER,
"NAT_D_DRAFT_V1",
"NAT_OA_DRAFT_V1",
"FRAGMENT");
#else
-ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM,
+ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT,
"NAT_D_DRAFT_V1",
"NAT_OA_DRAFT_V1",
"FRAGMENT");
@@ -125,7 +130,7 @@ ENUM_NEXT(payload_type_short_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATIO
ENUM_NEXT(payload_type_short_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION,
"NAT-D",
"NAT-OA");
-ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
+ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA,
"SA",
"KE",
"IDi",
@@ -142,16 +147,20 @@ ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_N
"E",
"CP",
"EAP",
- "GSPM");
+ "GSPM",
+ "IDg",
+ "GSA",
+ "KD",
+ "EF");
#ifdef ME
-ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM,
+ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT,
"IDp");
ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER,
"NAT-D",
"NAT-OA",
"FRAG");
#else
-ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM,
+ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT,
"NAT-D",
"NAT-OA",
"FRAG");
@@ -244,9 +253,11 @@ payload_t *payload_create(payload_type_t type)
return (payload_t*)eap_payload_create();
case PLV2_ENCRYPTED:
case PLV1_ENCRYPTED:
- return (payload_t*)encryption_payload_create(type);
+ return (payload_t*)encrypted_payload_create(type);
case PLV1_FRAGMENT:
return (payload_t*)fragment_payload_create();
+ case PLV2_FRAGMENT:
+ return (payload_t*)encrypted_fragment_payload_create();
default:
return (payload_t*)unknown_payload_create(type);
}
@@ -261,15 +272,19 @@ bool payload_is_known(payload_type_t type)
{
return TRUE;
}
- if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
+ if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
{
return TRUE;
}
- if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
+ if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
{
return TRUE;
}
- if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
+ if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
+ {
+ return TRUE;
+ }
+ if (type == PLV2_FRAGMENT)
{
return TRUE;
}
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index d9dd619f7..036cd422d 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -193,7 +193,7 @@ enum payload_type_t {
PLV2_TS_RESPONDER = 45,
/**
- * Encryption payload, contains other payloads (E).
+ * Encrypted payload, contains other payloads (E).
*/
PLV2_ENCRYPTED = 46,
@@ -212,6 +212,26 @@ enum payload_type_t {
*/
PLV2_GSPM = 49,
+ /**
+ * Group Identification (draft-yeung-g-ikev2)
+ */
+ PLV2_IDG = 50,
+
+ /**
+ * Group Security Association (draft-yeung-g-ikev2)
+ */
+ PLV2_GSA = 51,
+
+ /**
+ * Key Download (draft-yeung-g-ikev2)
+ */
+ PLV2_KD = 52,
+
+ /**
+ * Encrypted fragment payload (SKF), RFC 7383
+ */
+ PLV2_FRAGMENT = 53,
+
#ifdef ME
/**
* Identification payload for peers has a value from
@@ -231,7 +251,7 @@ enum payload_type_t {
PLV1_NAT_OA_DRAFT_00_03 = 131,
/**
- * IKE fragment (proprietary IKEv1 extension)
+ * IKEv1 fragment (proprietary IKEv1 extension)
*/
PLV1_FRAGMENT = 132,
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 8e3a01285..407038a2d 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -296,7 +296,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*,
linked_list_t *substructs, *list;
if (this->type == PLV1_SECURITY_ASSOCIATION)
- { /* IKEv1 proposals start with 0 */
+ { /* IKEv1 proposals may start with 0 or 1 (or any other number really) */
struct_number = ignore_struct_number = -1;
}
@@ -309,17 +309,22 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*,
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &substruct))
{
+ int current_number = substruct->get_proposal_number(substruct);
+
/* check if a proposal has a single protocol */
- if (substruct->get_proposal_number(substruct) == struct_number)
+ if (current_number == struct_number)
{
if (ignore_struct_number < struct_number)
- { /* remove an already added, if first of series */
+ { /* remove an already added substruct, if first of series */
substructs->remove_last(substructs, (void**)&substruct);
ignore_struct_number = struct_number;
}
continue;
}
- struct_number++;
+ /* for IKEv1 the numbers don't have to be consecutive, for IKEv2 they do
+ * but since we don't really care for the actual number we accept them
+ * anyway. we already verified that they increase monotonically. */
+ struct_number = current_number;
substructs->insert_last(substructs, substruct);
}
enumerator->destroy(enumerator);
@@ -364,7 +369,7 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*,
}
if (proposal_number != current_proposal)
{ /* start of a new proposal */
- if (espah && ipcomp)
+ if (espah && ipcomp && ipcomp->get_cpi(ipcomp, NULL))
{ /* previous proposal is valid */
break;
}
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index a2a3b1f89..5ce9471bd 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
#ifdef USE_IKEV2
send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
INVALID_MAJOR_VERSION, chunk_empty);
-#endif /* USE_IKEV2 */
-#ifdef USE_IKEV1
+#elif defined(USE_IKEV1)
send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
INVALID_MAJOR_VERSION, chunk_empty);
#endif /* USE_IKEV1 */
@@ -684,4 +683,3 @@ receiver_t *receiver_create()
return &this->public;
}
-
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 0655959ca..c3b014c3c 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 287c94acc..50594a452 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 9fd515073..700a4219c 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index edda93e77..08101d51d 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 5670f4323..679d2dae6 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index da364b06e..768c2b32b 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index d408cd24e..3484e08a3 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 97432f1b1..381d7a119 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 5b20fe5a6..3b0f8763c 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index d0ee19899..839a379ea 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 78b66ac96..fdbad6234 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 7f18792c4..9675104da 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 5275a348c..0610b5859 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 5dd623d6e..38c9d0b7c 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index c0e42198c..f5dfd6814 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 615a916c1..5ccd58158 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index cd4355dfa..04cc422f5 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 6719497d3..60d12dc1d 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -414,6 +414,30 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id,
}
/**
+ * Add a DNS/NBNS configuration attribute
+ */
+static void add_nameserver_attribute(eap_radius_provider_t *provider,
+ u_int32_t id, int type, chunk_t data)
+{
+ /* these are from different vendors, but there is currently no conflict */
+ switch (type)
+ {
+ case 5: /* CVPN3000-Primary-DNS */
+ case 6: /* CVPN3000-Secondary-DNS */
+ case 28: /* MS-Primary-DNS-Server */
+ case 29: /* MS-Secondary-DNS-Server */
+ provider->add_attribute(provider, id, INTERNAL_IP4_DNS, data);
+ break;
+ case 7: /* CVPN3000-Primary-WINS */
+ case 8: /* CVPN3000-Secondary-WINS */
+ case 30: /* MS-Primary-NBNS-Server */
+ case 31: /* MS-Secondary-NBNS-Server */
+ provider->add_attribute(provider, id, INTERNAL_IP4_NBNS, data);
+ break;
+ }
+}
+
+/**
* Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute
*/
static void add_unity_split_attribute(eap_radius_provider_t *provider,
@@ -515,6 +539,16 @@ static void process_cfg_attributes(radius_message_t *msg)
{
switch (type)
{
+ case 5: /* CVPN3000-Primary-DNS */
+ case 6: /* CVPN3000-Secondary-DNS */
+ case 7: /* CVPN3000-Primary-WINS */
+ case 8: /* CVPN3000-Secondary-WINS */
+ if (data.len == 4)
+ {
+ add_nameserver_attribute(provider,
+ ike_sa->get_unique_id(ike_sa), type, data);
+ }
+ break;
case 15: /* CVPN3000-IPSec-Banner1 */
case 28: /* CVPN3000-IPSec-Default-Domain */
case 29: /* CVPN3000-IPSec-Split-DNS-Names */
@@ -546,6 +580,22 @@ static void process_cfg_attributes(radius_message_t *msg)
break;
}
}
+ if (vendor == PEN_MICROSOFT)
+ {
+ switch (type)
+ {
+ case 28: /* MS-Primary-DNS-Server */
+ case 29: /* MS-Secondary-DNS-Server */
+ case 30: /* MS-Primary-NBNS-Server */
+ case 31: /* MS-Secondary-NBNS-Server */
+ if (data.len == 4)
+ {
+ add_nameserver_attribute(provider,
+ ike_sa->get_unique_id(ike_sa), type, data);
+ }
+ break;
+ }
+ }
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 0020c5d57..31c96d229 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -488,6 +488,16 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
+ if (!entry->interim.interval)
+ {
+ entry->interim.interval = lib->settings->get_time(lib->settings,
+ "%s.plugins.eap-radius.accounting_interval", 0, lib->ns);
+ if (entry->interim.interval)
+ {
+ DBG1(DBG_CFG, "scheduling RADIUS Interim-Updates every %us",
+ entry->interim.interval);
+ }
+ }
schedule_interim(this, entry);
this->mutex->unlock(this->mutex);
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index 494efd99a..6a00ea74d 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 82e7561f8..7a08f4e0e 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 9a7a1909e..a1ec7adc1 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 886b0c575..bf99ab095 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 57c64246b..ce4602365 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index eb4d3fa95..0c0b7fd52 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index c63d56b53..25696f524 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 97552dfd0..2d5d65875 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 70cc18405..38c7632ac 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 0782dde53..d9fa454ca 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.am b/src/libcharon/plugins/ext_auth/Makefile.am
new file mode 100644
index 000000000..d51ea8881
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/Makefile.am
@@ -0,0 +1,18 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ext-auth.la
+else
+plugin_LTLIBRARIES = libstrongswan-ext-auth.la
+endif
+
+libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \
+ ext_auth_listener.h ext_auth_listener.c
+
+libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
new file mode 100644
index 000000000..a1b47dd33
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -0,0 +1,774 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/ext_auth
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ext_auth_la_LIBADD =
+am_libstrongswan_ext_auth_la_OBJECTS = ext_auth_plugin.lo \
+ ext_auth_listener.lo
+libstrongswan_ext_auth_la_OBJECTS = \
+ $(am_libstrongswan_ext_auth_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_ext_auth_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ext_auth_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ext_auth_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ext_auth_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_ext_auth_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ext_auth_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ext-auth.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ext-auth.la
+libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \
+ ext_auth_listener.h ext_auth_listener.c
+
+libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libstrongswan-ext-auth.la: $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_DEPENDENCIES) $(EXTRA_libstrongswan_ext_auth_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_ext_auth_la_LINK) $(am_libstrongswan_ext_auth_la_rpath) $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_auth_listener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_auth_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.c b/src/libcharon/plugins/ext_auth/ext_auth_listener.c
new file mode 100644
index 000000000..06cec20d7
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr)
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* for vasprintf() */
+#define _GNU_SOURCE
+#include "ext_auth_listener.h"
+
+#include <daemon.h>
+#include <utils/process.h>
+
+#include <stdio.h>
+#include <unistd.h>
+
+typedef struct private_ext_auth_listener_t private_ext_auth_listener_t;
+
+/**
+ * Private data of an ext_auth_listener_t object.
+ */
+struct private_ext_auth_listener_t {
+
+ /**
+ * Public ext_auth_listener_listener_t interface.
+ */
+ ext_auth_listener_t public;
+
+ /**
+ * Path to authorization program
+ */
+ char *script;
+};
+
+/**
+ * Allocate and push a format string to the environment
+ */
+static bool push_env(char *envp[], u_int count, char *fmt, ...)
+{
+ int i = 0;
+ char *str;
+ va_list args;
+
+ while (envp[i])
+ {
+ if (++i + 1 >= count)
+ {
+ return FALSE;
+ }
+ }
+ va_start(args, fmt);
+ if (vasprintf(&str, fmt, args) >= 0)
+ {
+ envp[i] = str;
+ }
+ va_end(args);
+ return envp[i] != NULL;
+}
+
+/**
+ * Free all allocated environment strings
+ */
+static void free_env(char *envp[])
+{
+ int i;
+
+ for (i = 0; envp[i]; i++)
+ {
+ free(envp[i]);
+ }
+}
+
+METHOD(listener_t, authorize, bool,
+ private_ext_auth_listener_t *this, ike_sa_t *ike_sa,
+ bool final, bool *success)
+{
+ if (final)
+ {
+ FILE *shell;
+ process_t *process;
+ char *envp[32] = {};
+ int out, retval;
+
+ *success = FALSE;
+
+ push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ push_env(envp, countof(envp), "IKE_NAME=%s",
+ ike_sa->get_name(ike_sa));
+
+ push_env(envp, countof(envp), "IKE_LOCAL_HOST=%H",
+ ike_sa->get_my_host(ike_sa));
+ push_env(envp, countof(envp), "IKE_REMOTE_HOST=%H",
+ ike_sa->get_other_host(ike_sa));
+
+ push_env(envp, countof(envp), "IKE_LOCAL_ID=%Y",
+ ike_sa->get_my_id(ike_sa));
+ push_env(envp, countof(envp), "IKE_REMOTE_ID=%Y",
+ ike_sa->get_other_id(ike_sa));
+
+ if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
+ ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
+ {
+ push_env(envp, countof(envp), "IKE_REMOTE_EAP_ID=%Y",
+ ike_sa->get_other_eap_id(ike_sa));
+ }
+
+ process = process_start_shell(envp, NULL, &out, NULL,
+ "2>&1 %s", this->script);
+ if (process)
+ {
+ shell = fdopen(out, "r");
+ if (shell)
+ {
+ while (TRUE)
+ {
+ char resp[128], *e;
+
+ if (fgets(resp, sizeof(resp), shell) == NULL)
+ {
+ if (ferror(shell))
+ {
+ DBG1(DBG_CFG, "error reading from ext-auth script");
+ }
+ break;
+ }
+ else
+ {
+ e = resp + strlen(resp);
+ if (e > resp && e[-1] == '\n')
+ {
+ e[-1] = '\0';
+ }
+ DBG1(DBG_CHD, "ext-auth: %s", resp);
+ }
+ }
+ fclose(shell);
+ }
+ else
+ {
+ close(out);
+ }
+ if (process->wait(process, &retval))
+ {
+ if (retval == EXIT_SUCCESS)
+ {
+ *success = TRUE;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "rejecting IKE_SA for ext-auth result: %d",
+ retval);
+ }
+ }
+ }
+ free_env(envp);
+ }
+ return TRUE;
+}
+
+METHOD(ext_auth_listener_t, destroy, void,
+ private_ext_auth_listener_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+ext_auth_listener_t *ext_auth_listener_create(char *script)
+{
+ private_ext_auth_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .authorize = _authorize,
+ },
+ .destroy = _destroy,
+ },
+ .script = script,
+ );
+
+ return &this->public;
+}
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.h b/src/libcharon/plugins/ext_auth/ext_auth_listener.h
new file mode 100644
index 000000000..3fec83066
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup ext_auth_listener ext_auth_listener
+ * @{ @ingroup ext_auth
+ */
+
+#ifndef EXT_AUTH_LISTENER_H_
+#define EXT_AUTH_LISTENER_H_
+
+#include <bus/listeners/listener.h>
+
+typedef struct ext_auth_listener_t ext_auth_listener_t;
+
+/**
+ * Listener using an external script to authorize connection
+ */
+struct ext_auth_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy the listener.
+ */
+ void (*destroy)(ext_auth_listener_t *this);
+};
+
+/**
+ * Create ext_auth_listener instance.
+ *
+ * @param script path to authorization script
+ * @return listener instance
+ */
+ext_auth_listener_t *ext_auth_listener_create(char *script);
+
+#endif /** ext_auth_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.c b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c
new file mode 100644
index 000000000..b3698c767
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr)
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "ext_auth_plugin.h"
+#include "ext_auth_listener.h"
+
+#include <daemon.h>
+
+typedef struct private_ext_auth_plugin_t private_ext_auth_plugin_t;
+
+/**
+ * private data of ext_auth plugin
+ */
+struct private_ext_auth_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ ext_auth_plugin_t public;
+
+ /**
+ * Listener verifying peers during authorization
+ */
+ ext_auth_listener_t *listener;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_ext_auth_plugin_t *this)
+{
+ return "ext-auth";
+}
+
+/**
+ * Create a listener instance, NULL on error
+ */
+static ext_auth_listener_t* create_listener()
+{
+ char *script;
+
+ script = lib->settings->get_str(lib->settings,
+ "%s.plugins.ext-auth.script", NULL, lib->ns);
+ if (!script)
+ {
+ DBG1(DBG_CFG, "no script for ext-auth script defined, disabled");
+ return NULL;
+ }
+ DBG1(DBG_CFG, "using ext-auth script '%s'", script);
+ return ext_auth_listener_create(script);
+}
+
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_ext_auth_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ this->listener = create_listener();
+ if (!this->listener)
+ {
+ return FALSE;
+ }
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+ }
+ else
+ {
+ if (this->listener)
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
+ }
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_ext_auth_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "ext_auth"),
+ };
+ *features = f;
+ return countof(f);
+}
+
+
+METHOD(plugin_t, reload, bool,
+ private_ext_auth_plugin_t *this)
+{
+ ext_auth_listener_t *listener;
+
+ /* reload new listener overlapped */
+ listener = create_listener();
+ if (listener)
+ {
+ charon->bus->add_listener(charon->bus, &listener->listener);
+ }
+ if (this->listener)
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
+ }
+ this->listener = listener;
+
+ return TRUE;
+}
+
+METHOD(plugin_t, destroy, void,
+ private_ext_auth_plugin_t *this)
+{
+ free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *ext_auth_plugin_create()
+{
+ private_ext_auth_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .reload = _reload,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.h b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h
new file mode 100644
index 000000000..1288e240c
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras@it.auth.gr)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup ext_auth ext_auth
+ * @ingroup cplugins
+ *
+ * @defgroup ext_auth_plugin ext_auth_plugin
+ * @{ @ingroup ext_auth
+ */
+
+#ifndef EXT_AUTH_PLUGIN_H_
+#define EXT_AUTH_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ext_auth_plugin_t ext_auth_plugin_t;
+
+/**
+ * Plugin using an external script to authorize connections.
+ */
+struct ext_auth_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** EXT_AUTH_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 75ff158a8..2bfd38ba1 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index cec73620a..aa5bdb747 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 6ff24c334..e20e872c1 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -437,11 +437,13 @@ static void process_ike_update(private_ha_dispatcher_t *this,
pools->destroy(pools);
}
}
+#ifdef USE_IKEV1
if (ike_sa->get_version(ike_sa) == IKEV1)
{
lib->processor->queue_job(lib->processor, (job_t*)
adopt_children_job_create(ike_sa->get_id(ike_sa)));
}
+#endif /* USE_IKEV1 */
this->cache->cache(this->cache, ike_sa, message);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index da2e8d7fb..bd3fd63aa 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index 460c7b730..7e1f79bd8 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index a4e5ba931..c961c0bd8 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index ff987f8d4..1c92e30fc 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 78ec6660e..db4552dde 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index df75c0f4b..418dccba5 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -245,6 +245,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -305,6 +306,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -370,6 +372,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -417,6 +421,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index deb517ed8..f0f2c75f4 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -241,6 +241,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -301,6 +302,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -366,6 +368,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -413,6 +417,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index aa3ade079..3a866e968 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 919b936c0..e0f70ce44 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index ce81fb1a8..adb61e817 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index 870b42790..a0c21c442 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 35ebf9975..14abba99a 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 35e7f2a87..7c5b030f4 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index bee1259e6..548524a38 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 081d3efc7..9cc39955b 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -45,9 +45,6 @@
#include <daemon.h>
#include <threading/thread.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* these are not defined on some platforms */
#ifndef SOL_IP
#define SOL_IP IPPROTO_IP
@@ -739,7 +736,7 @@ socket_default_socket_t *socket_default_socket_create()
.natt = lib->settings->get_int(lib->settings,
"%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
.set_source = lib->settings->get_bool(lib->settings,
"%s.plugins.socket-default.set_source", TRUE,
lib->ns),
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 073806d64..892549c6c 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index 3161a709f..b82a69e1b 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -42,9 +42,6 @@
#include <threading/rwlock.h>
#include <collections/hashtable.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* these are not defined on some platforms */
#ifndef SOL_IP
#define SOL_IP IPPROTO_IP
@@ -668,7 +665,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create()
},
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
);
if (pipe(this->notify) != 0)
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index ff38e8158..88b2ac3f0 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c
index 5ebe04aac..fbfbedae1 100644
--- a/src/libcharon/plugins/socket_win/socket_win_socket.c
+++ b/src/libcharon/plugins/socket_win/socket_win_socket.c
@@ -25,9 +25,6 @@
#include <mswsock.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* number of sockets in use */
#define SOCKET_COUNT 2
@@ -458,7 +455,7 @@ socket_win_socket_t *socket_win_socket_create()
"%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
},
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
);
for (i = 0; i < SOCKET_COUNT; i++)
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 208b900e1..3c132457b 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 59a59834a..d4680186a 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index f908219ed..83431d17c 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -65,6 +65,11 @@ struct private_stroke_cred_t {
stroke_cred_t public;
/**
+ * secrets file with credential information
+ */
+ char *secrets_file;
+
+ /**
* credentials
*/
mem_cred_t *creds;
@@ -1297,7 +1302,7 @@ METHOD(stroke_cred_t, reread, void,
if (msg->reread.flags & REREAD_SECRETS)
{
DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
}
if (msg->reread.flags & REREAD_CACERTS)
{
@@ -1370,6 +1375,9 @@ stroke_cred_t *stroke_cred_create()
.cachecrl = _cachecrl,
.destroy = _destroy,
},
+ .secrets_file = lib->settings->get_str(lib->settings,
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
+ lib->ns),
.creds = mem_cred_create(),
);
@@ -1380,7 +1388,7 @@ stroke_cred_t *stroke_cred_create()
FALSE, lib->ns);
load_certs(this);
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
return &this->public;
}
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 769ad52bc..0e477f9f3 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 51d46a673..3f2952c4b 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 531c00c0c..97c479632 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -239,6 +239,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -299,6 +300,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -364,6 +366,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -411,6 +415,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 948db7e3c..5e16c3c35 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 6e4dbff2b..1aca319c7 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 4d411f68e..1e04ebced 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 9f72a80da..52a2c7f24 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -139,6 +139,23 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
configured->destroy(configured);
}
+/**
+ * Check if any Split-Include attributes are active on this IKE_SA
+ */
+static bool has_split_includes(private_unity_narrow_t *this, ike_sa_t *ike_sa)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+ bool has;
+
+ enumerator = this->handler->create_include_enumerator(this->handler,
+ ike_sa->get_unique_id(ike_sa));
+ has = enumerator->enumerate(enumerator, &ts);
+ enumerator->destroy(enumerator);
+
+ return has;
+}
+
METHOD(listener_t, narrow, bool,
private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
narrow_hook_t type, linked_list_t *local, linked_list_t *remote)
@@ -146,23 +163,43 @@ METHOD(listener_t, narrow, bool,
if (ike_sa->get_version(ike_sa) == IKEV1 &&
ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
{
- switch (type)
+ /* depending on who initiates a rekeying the hooks will not match the
+ * roles in the IKE_SA */
+ if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
{
- case NARROW_INITIATOR_PRE_AUTH:
- narrow_pre(remote, "other");
- break;
- case NARROW_INITIATOR_POST_AUTH:
- narrow_initiator(this, ike_sa,
- child_sa->get_config(child_sa), remote);
- break;
- case NARROW_RESPONDER:
- narrow_pre(local, "us");
- break;
- case NARROW_RESPONDER_POST:
- narrow_responder_post(child_sa->get_config(child_sa), local);
- break;
- default:
- break;
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ if (has_split_includes(this, ike_sa))
+ {
+ narrow_pre(remote, "other");
+ }
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_initiator(this, ike_sa,
+ child_sa->get_config(child_sa), remote);
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ narrow_pre(local, "us");
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_responder_post(child_sa->get_config(child_sa), local);
+ break;
+ default:
+ break;
+ }
}
}
return TRUE;
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index b377110ec..834d373f3 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 200f298a1..1d15cc55e 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -16,9 +16,11 @@
#define _GNU_SOURCE
#include <stdio.h>
+#include <unistd.h>
#include "updown_listener.h"
+#include <utils/process.h>
#include <hydra.h>
#include <daemon.h>
#include <config/child_cfg.h>
@@ -97,53 +99,84 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid)
}
/**
- * Create variables for handled DNS attributes
+ * Allocate and push a format string to the environment
*/
-static char *make_dns_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
+static bool push_env(char *envp[], u_int count, char *fmt, ...)
{
- enumerator_t *enumerator;
- host_t *host;
- int v4 = 0, v6 = 0;
- char total[512] = "", current[64];
+ int i = 0;
+ char *str;
+ va_list args;
- if (!this->handler)
+ while (envp[i])
{
- return strdup("");
+ if (++i + 1 >= count)
+ {
+ return FALSE;
+ }
}
+ va_start(args, fmt);
+ if (vasprintf(&str, fmt, args) >= 0)
+ {
+ envp[i] = str;
+ }
+ va_end(args);
+ return envp[i] != NULL;
+}
- enumerator = this->handler->create_dns_enumerator(this->handler,
- ike_sa->get_unique_id(ike_sa));
- while (enumerator->enumerate(enumerator, &host))
+/**
+ * Free all allocated environment strings
+ */
+static void free_env(char *envp[])
+{
+ int i;
+
+ for (i = 0; envp[i]; i++)
{
- switch (host->get_family(host))
+ free(envp[i]);
+ }
+}
+
+/**
+ * Push variables for handled DNS attributes
+ */
+static void push_dns_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ char *envp[], u_int count)
+{
+ enumerator_t *enumerator;
+ host_t *host;
+ int v4 = 0, v6 = 0;
+
+ if (this->handler)
+ {
+ enumerator = this->handler->create_dns_enumerator(this->handler,
+ ike_sa->get_unique_id(ike_sa));
+ while (enumerator->enumerate(enumerator, &host))
{
- case AF_INET:
- snprintf(current, sizeof(current),
- "PLUTO_DNS4_%d='%H' ", ++v4, host);
- break;
- case AF_INET6:
- snprintf(current, sizeof(current),
- "PLUTO_DNS6_%d='%H' ", ++v6, host);
- break;
- default:
- continue;
+ switch (host->get_family(host))
+ {
+ case AF_INET:
+ push_env(envp, count, "PLUTO_DNS4_%d=%H", ++v4, host);
+ break;
+ case AF_INET6:
+ push_env(envp, count, "PLUTO_DNS6_%d=%H", ++v6, host);
+ break;
+ default:
+ continue;
+ }
}
- strncat(total, current, sizeof(total) - strlen(total) - 1);
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
-
- return strdup(total);
}
/**
- * Create variables for local virtual IPs
+ * Push variables for local virtual IPs
*/
-static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
+static void push_vip_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ char *envp[], u_int count)
{
enumerator_t *enumerator;
host_t *host;
int v4 = 0, v6 = 0;
- char total[512] = "", current[64];
bool first = TRUE;
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
@@ -151,28 +184,22 @@ static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
{
if (first)
{ /* legacy variable for first VIP */
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP='%H' ", host);
- strncat(total, current, sizeof(total) - strlen(total) - 1);
+ first = FALSE;
+ push_env(envp, count, "PLUTO_MY_SOURCEIP=%H", host);
}
switch (host->get_family(host))
{
case AF_INET:
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP4_%d='%H' ", ++v4, host);
+ push_env(envp, count, "PLUTO_MY_SOURCEIP4_%d=%H", ++v4, host);
break;
case AF_INET6:
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP6_%d='%H' ", ++v6, host);
+ push_env(envp, count, "PLUTO_MY_SOURCEIP6_%d=%H", ++v6, host);
break;
default:
continue;
}
- strncat(total, current, sizeof(total) - strlen(total) - 1);
}
enumerator->destroy(enumerator);
-
- return strdup(total);
}
/**
@@ -196,240 +223,182 @@ static u_int16_t get_port(traffic_selector_t *me,
return local ? me->get_from_port(me) : other->get_from_port(other);
}
-METHOD(listener_t, child_updown, bool,
- private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
- bool up)
+/**
+ * Invoke the updown script once for given traffic selectors
+ */
+static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, child_cfg_t *config, bool up,
+ traffic_selector_t *my_ts, traffic_selector_t *other_ts)
{
- traffic_selector_t *my_ts, *other_ts;
- enumerator_t *enumerator;
- child_cfg_t *config;
- host_t *me, *other;
- char *script;
+ host_t *me, *other, *host;
+ char *iface;
+ u_int8_t mask;
+ mark_t mark;
+ bool is_host, is_ipv6;
+ int out;
+ FILE *shell;
+ process_t *process;
+ char *envp[128] = {};
- config = child_sa->get_config(child_sa);
- script = config->get_updown(config);
me = ike_sa->get_my_host(ike_sa);
other = ike_sa->get_other_host(ike_sa);
- if (script == NULL)
+ push_env(envp, countof(envp), "PLUTO_VERSION=1.1");
+ is_host = my_ts->is_host(my_ts, me);
+ if (is_host)
{
- return TRUE;
+ is_ipv6 = me->get_family(me) == AF_INET6;
}
-
- enumerator = child_sa->create_policy_enumerator(child_sa);
- while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+ else
{
- char command[2048];
- host_t *my_client, *other_client;
- u_int8_t my_client_mask, other_client_mask;
- char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth;
- mark_t mark;
- bool is_host, is_ipv6, use_ipcomp;
- FILE *shell;
-
- my_ts->to_subnet(my_ts, &my_client, &my_client_mask);
- other_ts->to_subnet(other_ts, &other_client, &other_client_mask);
-
- virtual_ip = make_vip_vars(this, ike_sa);
-
- /* check for the presence of an inbound mark */
- mark = config->get_mark(config, TRUE);
- if (mark.value)
- {
- if (asprintf(&mark_in, "PLUTO_MARK_IN='%u/0x%08x' ",
- mark.value, mark.mask ) < 0)
- {
- mark_in = NULL;
- }
- }
- else
- {
- if (asprintf(&mark_in, "") < 0)
- {
- mark_in = NULL;
- }
- }
-
- /* check for the presence of an outbound mark */
- mark = config->get_mark(config, FALSE);
- if (mark.value)
- {
- if (asprintf(&mark_out, "PLUTO_MARK_OUT='%u/0x%08x' ",
- mark.value, mark.mask ) < 0)
- {
- mark_out = NULL;
- }
- }
- else
- {
- if (asprintf(&mark_out, "") < 0)
- {
- mark_out = NULL;
- }
- }
-
- /* check for a NAT condition causing ESP_IN_UDP encapsulation */
- if (ike_sa->has_condition(ike_sa, COND_NAT_ANY))
+ is_ipv6 = my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE;
+ }
+ push_env(envp, countof(envp), "PLUTO_VERB=%s%s%s",
+ up ? "up" : "down",
+ is_host ? "-host" : "-client",
+ is_ipv6 ? "-v6" : "");
+ push_env(envp, countof(envp), "PLUTO_CONNECTION=%s",
+ config->get_name(config));
+ if (up)
+ {
+ if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
+ me, &iface))
{
- if (asprintf(&udp_enc, "PLUTO_UDP_ENC='%u' ",
- other->get_port(other)) < 0)
- {
- udp_enc = NULL;
- }
-
+ cache_iface(this, child_sa->get_reqid(child_sa), iface);
}
else
{
- if (asprintf(&udp_enc, "") < 0)
- {
- udp_enc = NULL;
- }
-
+ iface = NULL;
}
+ }
+ else
+ {
+ iface = uncache_iface(this, child_sa->get_reqid(child_sa));
+ }
+ push_env(envp, countof(envp), "PLUTO_INTERFACE=%s",
+ iface ? iface : "unknown");
+ push_env(envp, countof(envp), "PLUTO_REQID=%u",
+ child_sa->get_reqid(child_sa));
+ push_env(envp, countof(envp), "PLUTO_PROTO=%s",
+ child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah");
+ push_env(envp, countof(envp), "PLUTO_UNIQUEID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ push_env(envp, countof(envp), "PLUTO_ME=%H", me);
+ push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa));
+ if (my_ts->to_subnet(my_ts, &host, &mask))
+ {
+ push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
+ }
+ push_env(envp, countof(envp), "PLUTO_MY_PORT=%u",
+ get_port(my_ts, other_ts, TRUE));
+ push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u",
+ my_ts->get_protocol(my_ts));
+ push_env(envp, countof(envp), "PLUTO_PEER=%H", other);
+ push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y",
+ ike_sa->get_other_id(ike_sa));
+ if (other_ts->to_subnet(other_ts, &host, &mask))
+ {
+ push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
+ }
+ push_env(envp, countof(envp), "PLUTO_PEER_PORT=%u",
+ get_port(my_ts, other_ts, FALSE));
+ push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u",
+ other_ts->get_protocol(other_ts));
+ if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
+ ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
+ {
+ push_env(envp, countof(envp), "PLUTO_XAUTH_ID=%Y",
+ ike_sa->get_other_eap_id(ike_sa));
+ }
+ push_vip_env(this, ike_sa, envp, countof(envp));
+ mark = config->get_mark(config, TRUE);
+ if (mark.value)
+ {
+ push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x",
+ mark.value, mark.mask);
+ }
+ mark = config->get_mark(config, FALSE);
+ if (mark.value)
+ {
+ push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x",
+ mark.value, mark.mask);
+ }
+ if (ike_sa->has_condition(ike_sa, COND_NAT_ANY))
+ {
+ push_env(envp, countof(envp), "PLUTO_UDP_ENC=%u",
+ other->get_port(other));
+ }
+ if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE)
+ {
+ push_env(envp, countof(envp), "PLUTO_IPCOMP=1");
+ }
+ push_dns_env(this, ike_sa, envp, countof(envp));
+ if (config->get_hostaccess(config))
+ {
+ push_env(envp, countof(envp), "PLUTO_HOST_ACCESS=1");
+ }
- if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
- ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
- {
- if (asprintf(&xauth, "PLUTO_XAUTH_ID='%Y' ",
- ike_sa->get_other_eap_id(ike_sa)) < 0)
- {
- xauth = NULL;
- }
- }
- else
+ process = process_start_shell(envp, NULL, &out, NULL, "2>&1 %s",
+ config->get_updown(config));
+ if (process)
+ {
+ shell = fdopen(out, "r");
+ if (shell)
{
- if (asprintf(&xauth, "") < 0)
+ while (TRUE)
{
- xauth = NULL;
- }
- }
+ char resp[128];
- if (up)
- {
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- me, &iface))
- {
- cache_iface(this, child_sa->get_reqid(child_sa), iface);
- }
- else
- {
- iface = NULL;
+ if (fgets(resp, sizeof(resp), shell) == NULL)
+ {
+ if (ferror(shell))
+ {
+ DBG1(DBG_CHD, "error reading from updown script");
+ }
+ break;
+ }
+ else
+ {
+ char *e = resp + strlen(resp);
+ if (e > resp && e[-1] == '\n')
+ {
+ e[-1] = '\0';
+ }
+ DBG1(DBG_CHD, "updown: %s", resp);
+ }
}
+ fclose(shell);
}
else
{
- iface = uncache_iface(this, child_sa->get_reqid(child_sa));
+ close(out);
}
+ process->wait(process, NULL);
+ }
+ free(iface);
+ free_env(envp);
+}
- dns = make_dns_vars(this, ike_sa);
-
- /* check for IPComp */
- use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE;
-
- /* determine IPv4/IPv6 and client/host situation */
- is_host = my_ts->is_host(my_ts, me);
- is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) :
- (my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE);
-
- /* build the command with all env variables.
- */
- snprintf(command, sizeof(command),
- "2>&1 "
- "PLUTO_VERSION='1.1' "
- "PLUTO_VERB='%s%s%s' "
- "PLUTO_CONNECTION='%s' "
- "PLUTO_INTERFACE='%s' "
- "PLUTO_REQID='%u' "
- "PLUTO_PROTO='%s' "
- "PLUTO_UNIQUEID='%u' "
- "PLUTO_ME='%H' "
- "PLUTO_MY_ID='%Y' "
- "PLUTO_MY_CLIENT='%+H/%u' "
- "PLUTO_MY_PORT='%u' "
- "PLUTO_MY_PROTOCOL='%u' "
- "PLUTO_PEER='%H' "
- "PLUTO_PEER_ID='%Y' "
- "PLUTO_PEER_CLIENT='%+H/%u' "
- "PLUTO_PEER_PORT='%u' "
- "PLUTO_PEER_PROTOCOL='%u' "
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s",
- up ? "up" : "down",
- is_host ? "-host" : "-client",
- is_ipv6 ? "-v6" : "",
- config->get_name(config),
- iface ? iface : "unknown",
- child_sa->get_reqid(child_sa),
- child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah",
- ike_sa->get_unique_id(ike_sa),
- me, ike_sa->get_my_id(ike_sa),
- my_client, my_client_mask,
- get_port(my_ts, other_ts, TRUE),
- my_ts->get_protocol(my_ts),
- other, ike_sa->get_other_id(ike_sa),
- other_client, other_client_mask,
- get_port(my_ts, other_ts, FALSE),
- other_ts->get_protocol(other_ts),
- xauth,
- virtual_ip,
- mark_in,
- mark_out,
- udp_enc,
- use_ipcomp ? "PLUTO_IPCOMP='1' " : "",
- config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "",
- dns,
- script);
- my_client->destroy(my_client);
- other_client->destroy(other_client);
- free(virtual_ip);
- free(mark_in);
- free(mark_out);
- free(udp_enc);
- free(dns);
- free(iface);
- free(xauth);
-
- DBG3(DBG_CHD, "running updown script: %s", command);
- shell = popen(command, "r");
-
- if (shell == NULL)
- {
- DBG1(DBG_CHD, "could not execute updown script '%s'", script);
- return TRUE;
- }
+METHOD(listener_t, child_updown, bool,
+ private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+ bool up)
+{
+ traffic_selector_t *my_ts, *other_ts;
+ enumerator_t *enumerator;
+ child_cfg_t *config;
- while (TRUE)
+ config = child_sa->get_config(child_sa);
+ if (config->get_updown(config))
+ {
+ enumerator = child_sa->create_policy_enumerator(child_sa);
+ while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
- char resp[128];
-
- if (fgets(resp, sizeof(resp), shell) == NULL)
- {
- if (ferror(shell))
- {
- DBG1(DBG_CHD, "error reading output from updown script");
- }
- break;
- }
- else
- {
- char *e = resp + strlen(resp);
- if (e > resp && e[-1] == '\n')
- { /* trim trailing '\n' */
- e[-1] = '\0';
- }
- DBG1(DBG_CHD, "updown: %s", resp);
- }
+ invoke_once(this, ike_sa, child_sa, config, up, my_ts, other_ts);
}
- pclose(shell);
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
return TRUE;
}
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index 7e459c58d..da71de394 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -67,3 +67,10 @@ vici_tests_LDFLAGS = @COVERAGE_LDFLAGS@
vici_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
+
+
+SUBDIRS =
+
+if USE_RUBY_GEMS
+SUBDIRS += ruby
+endif
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index e0a6a1b5d..34546b905 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -80,6 +80,7 @@ build_triplet = @build@
host_triplet = @host@
TESTS = vici_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
+@USE_RUBY_GEMS_TRUE@am__append_1 = ruby
subdir = src/libcharon/plugins/vici
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -206,11 +207,27 @@ SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \
$(vici_tests_SOURCES)
DIST_SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \
$(vici_tests_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+ ctags-recursive dvi-recursive html-recursive info-recursive \
+ install-data-recursive install-dvi-recursive \
+ install-exec-recursive install-html-recursive \
+ install-info-recursive install-pdf-recursive \
+ install-ps-recursive install-recursive installcheck-recursive \
+ installdirs-recursive pdf-recursive ps-recursive \
+ tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+am__recursive_targets = \
+ $(RECURSIVE_TARGETS) \
+ $(RECURSIVE_CLEAN_TARGETS) \
+ $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+ distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -252,7 +269,33 @@ am__tty_colors = { \
std=''; \
fi; \
}
+DIST_SUBDIRS = ruby
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
@@ -284,6 +327,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -344,6 +388,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -409,6 +454,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -456,6 +503,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -520,7 +571,8 @@ vici_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
-all: all-am
+SUBDIRS = $(am__append_1)
+all: all-recursive
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
@@ -869,14 +921,61 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+# (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+ @fail=; \
+ if $(am__make_keepgoing); then \
+ failcom='fail=yes'; \
+ else \
+ failcom='exit 1'; \
+ fi; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
+tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
@@ -889,7 +988,7 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$$unique; \
fi; \
fi
-ctags: ctags-am
+ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
@@ -902,7 +1001,7 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
+cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
@@ -1044,24 +1143,50 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ $(am__make_dryrun) \
+ || test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
+check: check-recursive
all-am: Makefile $(LTLIBRARIES)
-installdirs:
+installdirs: installdirs-recursive
+installdirs-am:
for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(plugindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-installcheck: installcheck-am
+installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
@@ -1085,96 +1210,97 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
+clean: clean-recursive
clean-am: clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \
clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
mostlyclean-am
-distclean: distclean-am
+distclean: distclean-recursive
-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
-dvi: dvi-am
+dvi: dvi-recursive
dvi-am:
-html: html-am
+html: html-recursive
html-am:
-info: info-am
+info: info-recursive
info-am:
install-data-am: install-ipseclibLTLIBRARIES install-pluginLTLIBRARIES
-install-dvi: install-dvi-am
+install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
-install-html: install-html-am
+install-html: install-html-recursive
install-html-am:
-install-info: install-info-am
+install-info: install-info-recursive
install-info-am:
install-man:
-install-pdf: install-pdf-am
+install-pdf: install-pdf-recursive
install-pdf-am:
-install-ps: install-ps-am
+install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
-maintainer-clean: maintainer-clean-am
+maintainer-clean: maintainer-clean-recursive
-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
-mostlyclean: mostlyclean-am
+mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
-pdf: pdf-am
+pdf: pdf-recursive
pdf-am:
-ps: ps-am
+ps: ps-recursive
ps-am:
uninstall-am: uninstall-ipseclibLTLIBRARIES \
uninstall-pluginLTLIBRARIES
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-ipseclibLTLIBRARIES \
- install-man install-pdf install-pdf-am \
- install-pluginLTLIBRARIES install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+.MAKE: $(am__recursive_targets) check-am install-am install-strip
+
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
+ check-TESTS check-am clean clean-checkPROGRAMS clean-generic \
+ clean-ipseclibLTLIBRARIES clean-libtool \
+ clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-ipseclibLTLIBRARIES install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index aeabbbd4d..272491052 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -84,12 +84,12 @@ The message encoding consists of a sequence of elements. Each element starts
with the element type, optionally followed by an element name and/or an element
value. Currently the following message element types are defined:
-* _SECTION_START = 0_: Begin a new section having a name
-* _SECTION_END = 1_: End a previously started section
-* _KEY_VALUE = 2_: Define a value for a named key in the current section
-* _LIST_START = 3_: Begin a named list for list items
-* _LIST_ITEM = 4_: Define an unnamed item value in the current list
-* _LIST_END = 5_: End a previously started list
+* _SECTION_START = 1_: Begin a new section having a name
+* _SECTION_END = 2_: End a previously started section
+* _KEY_VALUE = 3_: Define a value for a named key in the current section
+* _LIST_START = 4_: Begin a named list for list items
+* _LIST_ITEM = 5_: Define an unnamed item value in the current list
+* _LIST_END = 6_: End a previously started list
Types are encoded as 8-bit values. Types having a name (SECTION_START,
KEY_VALUE and LIST_START) have an ASCII string following the type, which itself
@@ -103,7 +103,8 @@ the length field itself.
The interpretation of any value is not defined by the message format; it can
take arbitrary blobs. The application may specify types for specific keys, such
-as strings or integer representations.
+as strings or integer representations. The vici plugin currently uses
+non-null terminated strings as values only; numbers get encoded as strings.
### Sections ###
@@ -165,6 +166,513 @@ the following C array:
1,
};
+## Client-initiated commands ##
+
+Based on the packet layer, VICI implements commands requested by the client
+and responded to by the server using named _CMD_REQUEST_ and _CMD_RESPONSE_
+packets wrapping messages. The request message may contain command arguments,
+the response message the reply.
+
+Some commands use response streaming, that is, a request triggers a series of
+events to consecutively stream data to the client before the response message
+completes the stream. A client must register for the appropriate event to
+receive the stream, and unregister after the response has been received.
+
+The following client issued commands with the appropriate command input and
+output messages are currently defined:
+
+### version() ###
+
+Returns daemon and system specific version information.
+
+ {} => {
+ daemon = <IKE daemon name>
+ version = <strongSwan version>
+ sysname = <operating system name>
+ release = <operating system release>
+ machine = <hardware identifier>
+ }
+
+### stats() ###
+
+Returns IKE daemon statistics and load information.
+
+ {} => {
+ uptime = {
+ running = <relative uptime in human-readable form>
+ since = <absolute startup time>
+ }
+ workers = {
+ total = <total number of worker threads>
+ idle = <worker threads currently idle>
+ active = {
+ critical = <threads processing "critical" priority jobs>
+ high = <threads processing "high" priority jobs>
+ medium = <threads processing "medium" priority jobs>
+ low = <threads processing "low" priority jobs>
+ }
+ }
+ queues = {
+ critical = <jobs queued with "critical" priority>
+ high = <jobs queued with "high" priority>
+ medium = <jobs queued with "medium" priority>
+ low = <jobs queued with "low" priority>
+ }
+ scheduled = <number of jobs scheduled for timed execution>
+ ikesas = {
+ total = <total number of IKE_SAs active>
+ half-open = <number of IKE_SAs in half-open state>
+ }
+ plugins = [
+ <names of loaded plugins>
+ ]
+ mem = { # available if built with leak-detective or on Windows
+ total = <total heap memory usage in bytes>
+ allocs = <total heap allocation blocks>
+ <heap-name>* = { # on Windows only
+ total = <heap memory usage in bytes by this heap>
+ allocs = <allocated blocks for this heap>
+ }
+ }
+ mallinfo = { # available with mallinfo() support
+ sbrk = <non-mmaped space available>
+ mmap = <mmaped space available>
+ used = <total number of bytes used>
+ free = <available but unused bytes>
+ }
+ }
+
+### reload-settings() ###
+
+Reloads _strongswan.conf_ settings and all plugins supporting configuration
+reload.
+
+ {} => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### initiate() ###
+
+Initiates an SA while streaming _control-log_ events.
+
+ {
+ child = <CHILD_SA configuration name to initiate>
+ timeout = <timeout in seconds before returning>
+ loglevel = <loglevel to issue "control-log" events for>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure or timeout>
+ }
+
+### terminate() ###
+
+Terminates an SA while streaming _control-log_ events.
+
+ {
+ child = <terminate a CHILD_SA by configuration name>
+ ike = <terminate an IKE_SA by configuration name>
+ child_id = <terminate a CHILD_SA by its reqid>
+ ike_id = <terminate an IKE_SA by its unique id>
+ timeout = <timeout in seconds before returning>
+ loglevel = <loglevel to issue "control-log" events for>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure or timeout>
+ }
+
+### install() ###
+
+Install a trap, drop or bypass policy defined by a CHILD_SA config.
+
+ {
+ child = <CHILD_SA configuration name to install>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### uninstall() ###
+
+Uninstall a trap, drop or bypass policy defined by a CHILD_SA config.
+
+ {
+ child = <CHILD_SA configuration name to install>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### list-sas() ###
+
+Lists currently active IKE_SAs and associated CHILD_SAs by streaming _list-sa_
+events.
+
+ {
+ noblock = <use non-blocking mode if key is set>
+ ike = <filter listed IKE_SAs by its name>
+ ike_id = <filter listed IKE_SA by its unique id>
+ } => {
+ # completes after streaming list-sa events
+ }
+
+### list-policies() ###
+
+List currently installed trap, drop and bypass policies by streaming
+_list-policy_ events.
+
+ {
+ drop = <set to yes to list drop policies>
+ pass = <set to yes to list bypass policies>
+ trap = <set to yes to list trap policies>
+ child = <filter by CHILD_SA configuration name>
+ } => {
+ # completes after streaming list-sa events
+ }
+
+### list-conns() ###
+
+List currently loaded connections by streaming _list-conn_ events. This
+call includes all connections known by the daemon, not only those loaded
+over vici.
+
+ {
+ ike = <list connections matching a given configuration name only>
+ } => {
+ # completes after streaming list-conn events
+ }
+
+### get-conns() ###
+
+Return a list of connection names loaded exclusively over vici, not including
+connections found in other backends.
+
+ {} => {
+ conns = [
+ <list of connection names>
+ ]
+ }
+
+### list-certs() ###
+
+List currently loaded certificates by streaming _list-cert_ events. This
+call includes all certificates known by the daemon, not only those loaded
+over vici.
+
+ {
+ type = <certificate type to filter for, or ANY>
+ subject = <set to list only certificates having subject>
+ } => {
+ # completes after streaming list-cert events
+ }
+
+### load-conn() ###
+
+Load a single connection definition into the daemon. An existing connection
+with the same name gets updated or replaced.
+
+ {
+ <IKE_SA config name> = {
+ # IKE configuration parameters with authentication and CHILD_SA
+ # subsections. Refer to swanctl.conf(5) for details.
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+ }
+
+### unload-conn() ###
+
+Unload a previously loaded connection definition by name.
+
+ {
+ name = <IKE_SA config name>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-cert() ###
+
+Load a certificate into the daemon.
+
+ {
+ type = <certificate type, X509|X509CA|X509AA|X509CRL|X509AC>
+ data = <PEM or DER encoded certificate data>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-key() ###
+
+Load a private key into the daemon.
+
+ {
+ type = <private key type, RSA|ECDSA>
+ data = <PEM or DER encoded key data>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-shared() ###
+
+Load a shared IKE PSK, EAP or XAuth secret into the daemon.
+
+ {
+ type = <private key type, IKE|EAP|XAUTH>
+ data = <raw shared key data>
+ owners = [
+ <list of shared key owner identities>
+ ]
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### clear-creds() ###
+
+Clear all loaded certificate, private key and shared key credentials. This
+affects only credentials loaded over vici, but additionally flushes the
+credential cache.
+
+ {} => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-pool() ###
+
+Load an in-memory virtual IP and configuration attribute pool. Existing
+pools with the same name get updated, if possible.
+
+ {
+ <pool name> = {
+ addrs = <subnet of virtual IP pool addresses>
+ <attribute type>* = [
+ # attribute type is one of address, dns, nbns, dhcp, netmask,
+ # server, subnet, split_include, split_exclude or a numerical
+ # attribute type identifier.
+ <list of attributes for type>
+ ]
+ }
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### unload-pool() ###
+
+Unload a previously loaded virtual IP and configuration attribute pool.
+Unloading fails for pools with leases currently online.
+
+ {
+ name = <virtual IP address pool to delete>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### get-pools() ###
+
+List the currently loaded pools.
+
+ {} => {
+ <pool name>* = {
+ base = <virtual IP pool base address>
+ size = <total number of addresses in the pool>
+ online = <number of leases online>
+ offline = <number of leases offline>
+ }
+ }
+
+## Server-issued events ##
+
+Based on the packet layer, the vici plugin raises event messages using named
+EVENT packets wrapping messages. The message contains event details.
+
+### log ###
+
+The _log_ event is issued to registered clients for each debug log message.
+This event is not associated with a command.
+
+ {
+ group = <subsystem identifier for debug message>
+ level = <log level, 0-4>
+ thread = <numerical thread identifier issuing the log message>
+ ikesa-name = <name of IKE_SA, if log is associated with any>
+ ikesa-uniqued = <unique identifier of IKE_A, if log associated with any>
+ msg = <log message text>
+ }
+
+### control-log ###
+
+The _control-log_ event is issued for log events during active _initiate_ or
+_terminate_ commands. It is issued only to clients currently having such
+a command active.
+
+ {
+ group = <subsystem identifier for debug message>
+ level = <log level, 0-4>
+ ikesa-name = <name of IKE_SA, if log associated with any>
+ ikesa-uniqued = <unique identifier of IKE_A, if log associated with any>
+ msg = <log message text>
+ }
+
+### list-sa ###
+
+The _list-sa_ event is issued to stream IKE_SAs during an active _list-sas_
+command.
+
+ {
+ <IKE_SA config name> = {
+ uniqueid = <IKE_SA unique identifier>
+ version = <IKE version, 1 or 2>
+ state = <IKE_SA state name>
+ local-host = <local IKE endpoint address>
+ local-id = <local IKE identity>
+ remote-host = <remote IKE endpoint address>
+ remote-id = <remote IKE identity>
+ remote-xauth-id = <remote XAuth identity, if XAuth-authenticated>
+ remote-eap-id = <remote EAP identity, if EAP-authenticated>
+ initiator = <yes, if initiator of IKE_SA>
+ initiator-spi = <hex encoded initiator SPI / cookie>
+ responder-spi = <hex encoded responder SPI / cookie>
+ encr-alg = <IKE encryption algorithm string>
+ encr-keysize = <key size for encr-alg, if applicable>
+ integ-alg = <IKE integrity algorithm string>
+ integ-keysize = <key size for encr-alg, if applicable>
+ prf-alg = <IKE pseudo random function string>
+ dh-group = <IKE Diffie-Hellman group string>
+ established = <seconds the IKE_SA has been established>
+ rekey-time = <seconds before IKE_SA gets rekeyed>
+ reauth-time = <seconds before IKE_SA gets re-authenticated>
+ tasks-queued = [
+ <list of currently queued tasks for execution>
+ ]
+ tasks-active = [
+ <list of tasks currently initiating actively>
+ ]
+ tasks-passive = [
+ <list of tasks currently handling passively>
+ ]
+ child-sas = {
+ <child-sa-name>* = {
+ reqid = <reqid of CHILD_SA>
+ state = <state string of CHILD_SA>
+ mode = <IPsec mode, tunnel|transport|beet>
+ protocol = <IPsec protocol AH|ESP>
+ encap = <yes if using UDP encapsulation>
+ spi-in = <hex encoded inbound SPI>
+ spi-out = <hex encoded outbound SPI>
+ cpi-in = <hex encoded inbound CPI, if using compression>
+ cpi-out = <hex encoded outbound CPI, if using compression>
+ encr-alg = <ESP encryption algorithm name, if any>
+ encr-keysize = <ESP encryption key size, if applicable>
+ integ-alg = <ESP or AH integrity algorithm name, if any>
+ integ-keysize = <ESP or AH integrity key size, if applicable>
+ prf-alg = <CHILD_SA pseudo random function name>
+ dh-group = <CHILD_SA PFS rekeying DH group name, if any>
+ esn = <1 if using extended sequence numbers>
+ bytes-in = <number of input bytes processed>
+ packets-in = <number of input packets processed>
+ use-in = <seconds since last inbound packet, if any>
+ bytes-out = <number of output bytes processed>
+ packets-out = <number of output packets processed>
+ use-out = <seconds since last outbound packet, if any>
+ rekey-time = <seconds before CHILD_SA gets rekeyed>
+ life-time = <seconds before CHILD_SA expires>
+ install-time = <seconds the CHILD_SA has been installed>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+ }
+ }
+
+### list-policy ###
+
+The _list-policy_ event is issued to stream installed policies during an active
+_list-policies_ command.
+
+ {
+ <child-sa-config-name> = {
+ mode = <policy mode, tunnel|transport|pass|drop>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+
+### list-conn ###
+
+The _list-conn_ event is issued to stream loaded connection during an active
+_list-conns_ command.
+
+ {
+ <IKE_SA connection name> = {
+ local_addrs = [
+ <list of valid local IKE endpoint addresses>
+ ]
+ remote_addrs = [
+ <list of valid remote IKE endpoint addresses>
+ ]
+ version = <IKE version as string, IKEv1|IKEv2 or 0 for any>
+
+ local*, remote* = { # multiple local and remote auth sections
+ class = <authentication type>
+ eap-type = <EAP type to authenticate if when using EAP>
+ eap-vendor = <EAP vendor for type, if any>
+ xauth = <xauth backend name>
+ revocation = <revocation policy>
+ id = <IKE identity>
+ aaa_id = <AAA authentication backend identity>
+ eap_id = <EAP identity for authentication>
+ xauth_id = <XAuth username for authentication>
+ groups = [
+ <group membership required to use connection>
+ ]
+ certs = [
+ <certificates allowed for authentication>
+ ]
+ cacerts = [
+ <CA certificates allowed for authentication>
+ ]
+ }
+ children = {
+ <CHILD_SA config name>* = {
+ mode = <IPsec mode>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+ }
+ }
+
+### list-cert ###
+
+The _list-cert_ event is issued to stream loaded certificates during an active
+_list-certs_ command.
+
+ {
+ type = <certificate type>
+ has_privkey = <set if a private key for the certificate is available>
+ data = <ASN1 encoded certificate data>
+ }
+
+
# libvici C client library #
libvici is the reference implementation of a C client library implementing
@@ -172,5 +680,177 @@ the vici protocol. It builds upon libstrongswan, but provides a stable API
to implement client applications in the C programming language. libvici uses
the libstrongswan thread pool to deliver event messages asynchronously.
-More information about the libvici API is available in the libvici.h header
-file.
+## Connecting to the daemon ##
+
+This example shows how to connect to the daemon using the default URI, and
+then perform proper cleanup:
+
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+
+ #include <libvici.h>
+
+ int main(int argc, char *argv[])
+ {
+ vici_conn_t *conn;
+ int ret = 0;
+
+ vici_init();
+ conn = vici_connect(NULL);
+ if (conn)
+ {
+ /* do stuff */
+ vici_disconnect(conn);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "connecting failed: %s\n", strerror(errno));
+ }
+ vici_deinit();
+ return ret;
+ }
+
+## A simple client request ##
+
+In the following example, a simple _version_ request is issued to the daemon
+and the result is printed:
+
+ int get_version(vici_conn_t *conn)
+ {
+ vici_req_t *req;
+ vici_res_t *res;
+ int ret = 0;
+
+ req = vici_begin("version");
+ res = vici_submit(req, conn);
+ if (res)
+ {
+ printf("%s %s (%s, %s, %s)\n",
+ vici_find_str(res, "", "daemon"),
+ vici_find_str(res, "", "version"),
+ vici_find_str(res, "", "sysname"),
+ vici_find_str(res, "", "release"),
+ vici_find_str(res, "", "machine"));
+ vici_free_res(res);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "version request failed: %s\n", strerror(errno));
+ }
+ return ret;
+ }
+
+## A request with event streaming and callback parsing ##
+
+In this more advanced example, the _list-conns_ command is used to stream
+loaded connections with the _list-conn_ event. The event message is parsed
+with a simple callback to print the connection name:
+
+ int conn_cb(void *null, vici_res_t *res, char *name)
+ {
+ printf("%s\n", name);
+ return 0;
+ }
+
+ void list_cb(void *null, char *name, vici_res_t *res)
+ {
+ if (vici_parse_cb(res, conn_cb, NULL, NULL, NULL) != 0)
+ {
+ fprintf(stderr, "parsing failed: %s\n", strerror(errno));
+ }
+ }
+
+ int list_conns(vici_conn_t *conn)
+ {
+ vici_req_t *req;
+ vici_res_t *res;
+ int ret = 0;
+
+ if (vici_register(conn, "list-conn", list_cb, NULL) == 0)
+ {
+ req = vici_begin("list-conns");
+ res = vici_submit(req, conn);
+ if (res)
+ {
+ vici_free_res(res);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "request failed: %s\n", strerror(errno));
+ }
+ vici_register(conn, "list-conn", NULL, NULL);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "registration failed: %s\n", strerror(errno));
+ }
+ return ret;
+ }
+
+## API documentation ##
+
+More information about the libvici API is available in the _libvici.h_ header
+file or the generated Doxygen documentation.
+
+# vici ruby gem #
+
+The _vici ruby gem_ is a pure ruby implementation of the VICI protocol to
+implement client applications. It is provided in the _ruby_ subdirectory, and
+gets built and installed if strongSwan has been _./configure_'d with
+_--enable-vici_ and _--enable-ruby-gems_.
+
+The _Connection_ class from the _Vici_ module provides the high level interface,
+the underlying classes are usually not required to build ruby applications
+using VICI. The _Connection_ class provides methods for the supported VICI
+commands and an event listening mechanism.
+
+To represent the VICI message data tree, the gem converts the binary encoding
+to ruby data types. The _Connection_ class takes and returns ruby objects for
+the exchanged message data:
+ * Sections get encoded as Hash, containing other sections as Hash, or
+ * Key/Values, where the values are Strings as Hash values
+ * Lists get encoded as Arrays with String values
+Non-String values that are not a Hash nor an Array get converted with .to_s
+during encoding.
+
+## Connecting to the daemon ##
+
+To create a connection to the daemon, a socket must be passed to the
+_Connection_ constructor. There is no default, but on Unix systems usually
+a Unix socket over _/var/run/charon.vici_ is used:
+
+ require "vici"
+ require "socket"
+
+ v = Vici::Connection.new(UNIXSocket.new("/var/run/charon.vici"))
+
+## A simple client request ##
+
+An example to print the daemon version information is as simple as:
+
+ x = v.version
+ puts "%s %s (%s, %s, %s)" % [
+ x["daemon"], x["version"], x["sysname"], x["release"], x["machine"]
+ ]
+
+## A request with closure invocation ##
+
+The _Connection_ class takes care of event streaming by invoking a closure
+for each event. The following example lists all loaded connections using the
+_list-conns_ command and implicitly the _list-conn_ event:
+
+ v.list_conns { |conn|
+ conn.each { |key, value|
+ puts key
+ }
+ }
+
+## API documentation ##
+
+For more details about the ruby gem refer to the comments in the gem source
+code or the generated documentation.
diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c
index a2cbb3082..c0205ccb6 100644
--- a/src/libcharon/plugins/vici/libvici.c
+++ b/src/libcharon/plugins/vici/libvici.c
@@ -438,7 +438,7 @@ void vici_free_req(vici_req_t *req)
free(req);
}
-int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out)
+int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out)
{
if (res->message->dump(res->message, label, pretty, out))
{
@@ -754,11 +754,14 @@ void vici_init()
library_init(NULL, "vici");
if (lib->processor->get_total_threads(lib->processor) < 4)
{
+ dbg_default_set_level(0);
lib->processor->set_threads(lib->processor, 4);
+ dbg_default_set_level(1);
}
}
void vici_deinit()
{
+ lib->processor->cancel(lib->processor);
library_deinit();
}
diff --git a/src/libcharon/plugins/vici/libvici.h b/src/libcharon/plugins/vici/libvici.h
index 58595d8cc..641370efd 100644
--- a/src/libcharon/plugins/vici/libvici.h
+++ b/src/libcharon/plugins/vici/libvici.h
@@ -75,8 +75,6 @@
#include <stdio.h>
-#include <utils/utils.h>
-
/**
* Opaque vici connection contex.
*/
@@ -284,7 +282,7 @@ void vici_free_req(vici_req_t *req);
* @param out FILE to dump to
* @return 0 if dumped complete message, 1 on error
*/
-int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out);
+int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out);
/**
* Parse next element from a vici response message.
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.am b/src/libcharon/plugins/vici/ruby/Makefile.am
new file mode 100644
index 000000000..ce38e1c3d
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/Makefile.am
@@ -0,0 +1,22 @@
+EXTRA_DIST = vici.gemspec.in lib/vici.rb
+
+vici.gemspec: $(srcdir)/vici.gemspec.in
+ $(AM_V_GEN) sed \
+ -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \
+ $(srcdir)/vici.gemspec.in > $@
+
+vici-$(PACKAGE_VERSION).gem: vici.gemspec
+ $(GEM) build vici.gemspec
+
+all-local: vici-$(PACKAGE_VERSION).gem
+
+clean-local:
+ rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem
+
+install-data-local: vici-$(PACKAGE_VERSION).gem
+ $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ vici-$(PACKAGE_VERSION).gem
+
+uninstall-local:
+ $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ --version $(PACKAGE_VERSION) vici
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
new file mode 100644
index 000000000..c8a8c11fb
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -0,0 +1,556 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/vici/ruby
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+EXTRA_DIST = vici.gemspec.in lib/vici.rb
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-local
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am all-local check check-am clean clean-generic \
+ clean-libtool clean-local cscopelist-am ctags-am distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-local install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
+ uninstall-am uninstall-local
+
+
+vici.gemspec: $(srcdir)/vici.gemspec.in
+ $(AM_V_GEN) sed \
+ -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \
+ $(srcdir)/vici.gemspec.in > $@
+
+vici-$(PACKAGE_VERSION).gem: vici.gemspec
+ $(GEM) build vici.gemspec
+
+all-local: vici-$(PACKAGE_VERSION).gem
+
+clean-local:
+ rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem
+
+install-data-local: vici-$(PACKAGE_VERSION).gem
+ $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ vici-$(PACKAGE_VERSION).gem
+
+uninstall-local:
+ $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ --version $(PACKAGE_VERSION) vici
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
new file mode 100644
index 000000000..e8a9ddca9
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -0,0 +1,569 @@
+##
+# The Vici module implements a native ruby client side library for the
+# strongSwan VICI protocol. The Connection class provides a high-level
+# interface to issue requests or listen for events.
+#
+# Copyright (C) 2014 Martin Willi
+# Copyright (C) 2014 revosec AG
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+module Vici
+
+ ##
+ # Vici specific exception all others inherit from
+ class Error < StandardError
+ end
+
+ ##
+ # Error while parsing a vici message from the daemon
+ class ParseError < Error
+ end
+
+ ##
+ # Error while encoding a vici message from ruby data structures
+ class EncodeError < Error
+ end
+
+ ##
+ # Error while exchanging messages over the vici Transport layer
+ class TransportError < Error
+ end
+
+ ##
+ # Generic vici command execution error
+ class CommandError < Error
+ end
+
+ ##
+ # Error if an issued vici command is unknown by the daemon
+ class CommandUnknownError < CommandError
+ end
+
+ ##
+ # Error if a command failed to execute in the daemon
+ class CommandExecError < CommandError
+ end
+
+ ##
+ # Generic vici event handling error
+ class EventError < Error
+ end
+
+ ##
+ # Tried to register to / unregister from an unknown vici event
+ class EventUnknownError < EventError
+ end
+
+ ##
+ # Exception to raise from an event listening closure to stop listening
+ class StopEventListening < Exception
+ end
+
+
+ ##
+ # The Message class provides the low level encoding and decoding of vici
+ # protocol messages. Directly using this class is usually not required.
+ class Message
+
+ SECTION_START = 1
+ SECTION_END = 2
+ KEY_VALUE = 3
+ LIST_START = 4
+ LIST_ITEM = 5
+ LIST_END = 6
+
+ def initialize(data = "")
+ if data == nil
+ @root = Hash.new()
+ elsif data.is_a?(Hash)
+ @root = data
+ else
+ @encoded = data
+ end
+ end
+
+ ##
+ # Get the raw byte encoding of an on-the-wire message
+ def encoding
+ if @encoded == nil
+ @encoded = encode(@root)
+ end
+ @encoded
+ end
+
+ ##
+ # Get the root element of the parsed ruby data structures
+ def root
+ if @root == nil
+ @root = parse(@encoded)
+ end
+ @root
+ end
+
+ private
+
+ def encode_name(name)
+ [name.length].pack("c") << name
+ end
+
+ def encode_value(value)
+ if value.class != String
+ value = value.to_s
+ end
+ [value.length].pack("n") << value
+ end
+
+ def encode_kv(encoding, key, value)
+ encoding << KEY_VALUE << encode_name(key) << encode_value(value)
+ end
+
+ def encode_section(encoding, key, value)
+ encoding << SECTION_START << encode_name(key)
+ encoding << encode(value) << SECTION_END
+ end
+
+ def encode_list(encoding, key, value)
+ encoding << LIST_START << encode_name(key)
+ value.each do |item|
+ encoding << LIST_ITEM << encode_value(item)
+ end
+ encoding << LIST_END
+ end
+
+ def encode(node)
+ encoding = ""
+ node.each do |key, value|
+ case value.class
+ when String, Fixnum, true, false
+ encoding = encode_kv(encoding, key, value)
+ else
+ if value.is_a?(Hash)
+ encoding = encode_section(encoding, key, value)
+ elsif value.is_a?(Array)
+ encoding = encode_list(encoding, key, value)
+ else
+ encoding = encode_kv(encoding, key, value)
+ end
+ end
+ end
+ encoding
+ end
+
+ def parse_name(encoding)
+ len = encoding.unpack("c")[0]
+ name = encoding[1, len]
+ return encoding[(1 + len)..-1], name
+ end
+
+ def parse_value(encoding)
+ len = encoding.unpack("n")[0]
+ value = encoding[2, len]
+ return encoding[(2 + len)..-1], value
+ end
+
+ def parse(encoding)
+ stack = [Hash.new]
+ list = nil
+ while encoding.length != 0 do
+ type = encoding.unpack("c")[0]
+ encoding = encoding[1..-1]
+ case type
+ when SECTION_START
+ encoding, name = parse_name(encoding)
+ stack.push(stack[-1][name] = Hash.new)
+ when SECTION_END
+ if stack.length() == 1
+ raise ParseError, "unexpected section end"
+ end
+ stack.pop()
+ when KEY_VALUE
+ encoding, name = parse_name(encoding)
+ encoding, value = parse_value(encoding)
+ stack[-1][name] = value
+ when LIST_START
+ encoding, name = parse_name(encoding)
+ stack[-1][name] = []
+ list = name
+ when LIST_ITEM
+ raise ParseError, "unexpected list item" if list == nil
+ encoding, value = parse_value(encoding)
+ stack[-1][list].push(value)
+ when LIST_END
+ raise ParseError, "unexpected list end" if list == nil
+ list = nil
+ else
+ raise ParseError, "invalid type: #{type}"
+ end
+ end
+ if stack.length() > 1
+ raise ParseError, "unexpected message end"
+ end
+ stack[0]
+ end
+ end
+
+
+ ##
+ # The Transport class implements to low level segmentation of packets
+ # to the underlying transport stream. Directly using this class is usually
+ # not required.
+ class Transport
+
+ CMD_REQUEST = 0
+ CMD_RESPONSE = 1
+ CMD_UNKNOWN = 2
+ EVENT_REGISTER = 3
+ EVENT_UNREGISTER = 4
+ EVENT_CONFIRM = 5
+ EVENT_UNKNOWN = 6
+ EVENT = 7
+
+ ##
+ # Create a transport layer using a provided socket for communication.
+ def initialize(socket)
+ @socket = socket
+ @events = Hash.new
+ end
+
+ ##
+ # Write a packet prefixed by its length over the transport socket. Type
+ # specifies the message, the optional label and message get appended.
+ def write(type, label, message)
+ encoding = ""
+ if label
+ encoding << label.length << label
+ end
+ if message
+ encoding << message.encoding
+ end
+ @socket.send([encoding.length + 1, type].pack("Nc") + encoding, 0)
+ end
+
+ ##
+ # Read a packet from the transport socket. Returns the packet type, and
+ # if available in the packet a label and the contained message.
+ def read
+ len = @socket.recv(4).unpack("N")[0]
+ encoding = @socket.recv(len)
+ type = encoding.unpack("c")[0]
+ len = 1
+ case type
+ when CMD_REQUEST, EVENT_REGISTER, EVENT_UNREGISTER, EVENT
+ label = encoding[2, encoding[1].unpack("c")[0]]
+ len += label.length + 1
+ when CMD_RESPONSE, CMD_UNKNOWN, EVENT_CONFIRM, EVENT_UNKNOWN
+ label = nil
+ else
+ raise TransportError, "invalid message: #{type}"
+ end
+ if encoding.length == len
+ return type, label, Message.new
+ end
+ return type, label, Message.new(encoding[len..-1])
+ end
+
+ def dispatch_event(name, message)
+ @events[name].each do |handler|
+ handler.call(name, message)
+ end
+ end
+
+ def read_and_dispatch_event
+ type, label, message = read
+ p
+ if type == EVENT
+ dispatch_event(label, message)
+ else
+ raise TransportError, "unexpected message: #{type}"
+ end
+ end
+
+ def read_and_dispatch_events
+ loop do
+ type, label, message = read
+ if type == EVENT
+ dispatch_event(label, message)
+ else
+ return type, label, message
+ end
+ end
+ end
+
+ ##
+ # Send a command with a given name, and optionally a message. Returns
+ # the reply message on success.
+ def request(name, message = nil)
+ write(CMD_REQUEST, name, message)
+ type, label, message = read_and_dispatch_events
+ case type
+ when CMD_RESPONSE
+ return message
+ when CMD_UNKNOWN
+ raise CommandUnknownError, name
+ else
+ raise CommandError, "invalid response for #{name}"
+ end
+ end
+
+ ##
+ # Register a handler method for the given event name
+ def register(name, handler)
+ write(EVENT_REGISTER, name, nil)
+ type, label, message = read_and_dispatch_events
+ case type
+ when EVENT_CONFIRM
+ if @events.has_key?(name)
+ @events[name] += [handler]
+ else
+ @events[name] = [handler];
+ end
+ when EVENT_UNKNOWN
+ raise EventUnknownError, name
+ else
+ raise EventError, "invalid response for #{name} register"
+ end
+ end
+
+ ##
+ # Unregister a handler method for the given event name
+ def unregister(name, handler)
+ write(EVENT_UNREGISTER, name, nil)
+ type, label, message = read_and_dispatch_events
+ case type
+ when EVENT_CONFIRM
+ @events[name] -= [handler]
+ when EVENT_UNKNOWN
+ raise EventUnknownError, name
+ else
+ raise EventError, "invalid response for #{name} unregister"
+ end
+ end
+ end
+
+
+ ##
+ # The Connection class provides the high-level interface to monitor, configure
+ # and control the IKE daemon. It takes a connected stream-oriented Socket for
+ # the communication with the IKE daemon.
+ #
+ # This class takes and returns ruby objects for the exchanged message data.
+ # * Sections get encoded as Hash, containing other sections as Hash, or
+ # * Key/Values, where the values are Strings as Hash values
+ # * Lists get encoded as Arrays with String values
+ # Non-String values that are not a Hash nor an Array get converted with .to_s
+ # during encoding.
+ class Connection
+
+ def initialize(socket)
+ @transp = Transport.new(socket)
+ end
+
+ ##
+ # List matching loaded connections. The provided closure is invoked
+ # for each matching connection.
+ def list_conns(match = nil, &block)
+ call_with_event("list-conns", Message.new(match), "list-conn", &block)
+ end
+
+ ##
+ # List matching active SAs. The provided closure is invoked for each
+ # matching SA.
+ def list_sas(match = nil, &block)
+ call_with_event("list-sas", Message.new(match), "list-sa", &block)
+ end
+
+ ##
+ # List matching installed policies. The provided closure is invoked
+ # for each matching policy.
+ def list_policies(match, &block)
+ call_with_event("list-policies", Message.new(match), "list-policy",
+ &block)
+ end
+
+ ##
+ # List matching loaded certificates. The provided closure is invoked
+ # for each matching certificate definition.
+ def list_certs(match = nil, &block)
+ call_with_event("list-certs", Message.new(match), "list-cert", &block)
+ end
+
+ ##
+ # Load a connection into the daemon.
+ def load_conn(conn)
+ check_success(@transp.request("load-conn", Message.new(conn)))
+ end
+
+ ##
+ # Unload a connection from the daemon.
+ def unload_conn(conn)
+ check_success(@transp.request("unload-conn", Message.new(conn)))
+ end
+
+ ##
+ # Get the names of connections managed by vici.
+ def get_conns()
+ @transp.request("get-conns").root
+ end
+
+ ##
+ # Clear all loaded credentials.
+ def clear_creds()
+ check_success(@transp.request("clear-creds"))
+ end
+
+ ##
+ # Load a certificate into the daemon.
+ def load_cert(cert)
+ check_success(@transp.request("load-cert", Message.new(cert)))
+ end
+
+ ##
+ # Load a private key into the daemon.
+ def load_key(key)
+ check_success(@transp.request("load-key", Message.new(key)))
+ end
+
+ ##
+ # Load a shared key into the daemon.
+ def load_shared(shared)
+ check_success(@transp.request("load-shared", Message.new(shared)))
+ end
+
+ ##
+ # Load a virtual IP / attribute pool
+ def load_pool(pool)
+ check_success(@transp.request("load-pool", Message.new(pool)))
+ end
+
+ ##
+ # Unload a virtual IP / attribute pool
+ def unload_pool(pool)
+ check_success(@transp.request("unload-pool", Message.new(pool)))
+ end
+
+ ##
+ # Get the currently loaded pools.
+ def get_pools()
+ @transp.request("get-pools").root
+ end
+
+ ##
+ # Initiate a connection. The provided closure is invoked for each log line.
+ def initiate(options, &block)
+ check_success(call_with_event("initiate", Message.new(options),
+ "control-log", &block))
+ end
+
+ ##
+ # Terminate a connection. The provided closure is invoked for each log line.
+ def terminate(options, &block)
+ check_success(call_with_event("terminate", Message.new(options),
+ "control-log", &block))
+ end
+
+ ##
+ # Install a shunt/route policy.
+ def install(policy)
+ check_success(@transp.request("install", Message.new(policy)))
+ end
+
+ ##
+ # Uninstall a shunt/route policy.
+ def uninstall(policy)
+ check_success(@transp.request("uninstall", Message.new(policy)))
+ end
+
+ ##
+ # Reload strongswan.conf settings.
+ def reload_settings
+ check_success(@transp.request("reload-settings", nil))
+ end
+
+ ##
+ # Get daemon statistics and information.
+ def stats
+ @transp.request("stats", nil).root
+ end
+
+ ##
+ # Get daemon version information
+ def version
+ @transp.request("version", nil).root
+ end
+
+ ##
+ # Listen for a set of event messages. This call is blocking, and invokes
+ # the passed closure for each event received. The closure receives the
+ # event name and the event message as argument. To stop listening, the
+ # closure may raise a StopEventListening exception, the only catched
+ # exception.
+ def listen_events(events, &block)
+ self.class.instance_eval do
+ define_method(:listen_event) do |label, message|
+ block.call(label, message.root)
+ end
+ end
+ events.each do |event|
+ @transp.register(event, method(:listen_event))
+ end
+ begin
+ loop do
+ @transp.read_and_dispatch_event
+ end
+ rescue StopEventListening
+ ensure
+ events.each do |event|
+ @transp.unregister(event, method(:listen_event))
+ end
+ end
+ end
+
+ ##
+ # Issue a command request, but register for a specific event while the
+ # command is active. VICI uses this mechanism to stream potentially large
+ # data objects continuously. The provided closure is invoked for all
+ # event messages.
+ def call_with_event(command, request, event, &block)
+ self.class.instance_eval do
+ define_method(:call_event) do |label, message|
+ block.call(message.root)
+ end
+ end
+ @transp.register(event, method(:call_event))
+ begin
+ reply = @transp.request(command, request)
+ ensure
+ @transp.unregister(event, method(:call_event))
+ end
+ reply
+ end
+
+ ##
+ # Check if the reply of a command indicates "success", otherwise raise a
+ # CommandExecError exception
+ def check_success(reply)
+ root = reply.root
+ if root["success"] != "yes"
+ raise CommandExecError, root["errmsg"]
+ end
+ root
+ end
+ end
+end
diff --git a/src/libcharon/plugins/vici/ruby/vici.gemspec.in b/src/libcharon/plugins/vici/ruby/vici.gemspec.in
new file mode 100644
index 000000000..5ad61c0a0
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/vici.gemspec.in
@@ -0,0 +1,16 @@
+Gem::Specification.new do |s|
+ s.name = "vici"
+ s.version = "@GEM_VERSION@"
+ s.authors = ["Martin Willi"]
+ s.email = ["martin@strongswan.ch"]
+ s.description = %q{
+ The strongSwan VICI protocol allows external application to monitor,
+ configure and control the IKE daemon charon. This ruby gem provides a
+ native client side implementation of the VICI protocol, well suited to
+ script automated tasks in a relaible way.
+ }
+ s.summary = "Native ruby interface for strongSwan VICI"
+ s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"
+ s.license = "MIT"
+ s.files = "lib/vici.rb"
+end
diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c
index 293117348..e76d27332 100644
--- a/src/libcharon/plugins/vici/suites/test_message.c
+++ b/src/libcharon/plugins/vici/suites/test_message.c
@@ -347,7 +347,7 @@ START_TEST(test_get_int)
ck_assert_int_eq(m->get_int(m, 2, "section1.key2"), 0x12);
ck_assert_int_eq(m->get_int(m, 2, "section1.section2.key3"), -1);
ck_assert_int_eq(m->get_int(m, 2, "section1.key4"), 2);
- ck_assert_int_eq(m->get_int(m, 2, "key5"), 0);
+ ck_assert_int_eq(m->get_int(m, 2, "key5"), 2);
ck_assert_int_eq(m->get_int(m, 2, "nonexistent"), 2);
ck_assert_int_eq(m->get_int(m, 2, "n.o.n.e.x.i.s.t.e.n.t"), 2);
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index 3cd008162..292a40032 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -450,6 +450,17 @@ CALLBACK(uninstall, vici_message_t*,
return send_reply(this, "policy '%s' not found", child);
}
+CALLBACK(reload_settings, vici_message_t*,
+ private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
+{
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
+ {
+ lib->plugins->reload(lib->plugins, NULL);
+ return send_reply(this, NULL);
+ }
+ return send_reply(this, "reloading '%s' failed", lib->conf);
+}
+
static void manage_command(private_vici_control_t *this,
char *name, vici_command_cb_t cb, bool reg)
{
@@ -466,6 +477,7 @@ static void manage_commands(private_vici_control_t *this, bool reg)
manage_command(this, "terminate", terminate, reg);
manage_command(this, "install", install, reg);
manage_command(this, "uninstall", uninstall, reg);
+ manage_command(this, "reload-settings", reload_settings, reg);
this->dispatcher->manage_event(this->dispatcher, "control-log", reg);
}
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index cc6434b62..d4c02de6d 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -270,13 +270,10 @@ CALLBACK(load_shared, vici_message_t*,
CALLBACK(clear_creds, vici_message_t*,
private_vici_cred_t *this, char *name, u_int id, vici_message_t *message)
{
- vici_builder_t *builder;
-
this->creds->clear(this->creds);
lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
- builder = vici_builder_create();
- return builder->finalize(builder);
+ return create_reply(NULL);
}
static void manage_command(private_vici_cred_t *this,
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index dcc175f67..e79fbc8d3 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -355,6 +355,10 @@ METHOD(vici_message_t, vget_int, int,
found = find_value(this, &value, fmt, args);
if (found)
{
+ if (value.len == 0)
+ {
+ return def;
+ }
if (chunk_printable(value, NULL, 0))
{
snprintf(buf, sizeof(buf), "%.*s", (int)value.len, value.ptr);
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 8a714a9ea..b1cc1d118 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 26bb6fb1a..e393ee163 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index f06fdb593..f0e772700 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 72f3dc668..a4c1aaeb2 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 9af015e29..296ccaa1c 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index f99c0b932..fb480eee2 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -17,6 +17,7 @@
#include <daemon.h>
#include <hydra.h>
+#include <collections/array.h>
typedef struct private_adopt_children_job_t private_adopt_children_job_t;
@@ -34,11 +35,17 @@ struct private_adopt_children_job_t {
* IKE_SA id to adopt children from
*/
ike_sa_id_t *id;
+
+ /**
+ * Tasks queued for execution
+ */
+ array_t *tasks;
};
METHOD(job_t, destroy, void,
private_adopt_children_job_t *this)
{
+ array_destroy_offset(this->tasks, offsetof(task_t, destroy));
this->id->destroy(this->id);
free(this);
}
@@ -149,6 +156,32 @@ METHOD(job_t, execute, job_requeue_t,
}
}
children->destroy_offset(children, offsetof(child_sa_t, destroy));
+
+ if (array_count(this->tasks))
+ {
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ this->id);
+ if (ike_sa)
+ {
+ task_t *task;
+
+ while (array_remove(this->tasks, ARRAY_HEAD, &task))
+ {
+ task->migrate(task, ike_sa);
+ ike_sa->queue_task(ike_sa, task);
+ }
+ if (ike_sa->initiate(ike_sa, NULL, 0, NULL, NULL) == DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(
+ charon->ike_sa_manager, ike_sa);
+ }
+ else
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager,
+ ike_sa);
+ }
+ }
+ }
}
return JOB_REQUEUE_NONE;
}
@@ -159,6 +192,12 @@ METHOD(job_t, get_priority, job_priority_t,
return JOB_PRIO_HIGH;
}
+METHOD(adopt_children_job_t, queue_task, void,
+ private_adopt_children_job_t *this, task_t *task)
+{
+ array_insert_create(&this->tasks, ARRAY_TAIL, task);
+}
+
/**
* See header
*/
@@ -173,6 +212,7 @@ adopt_children_job_t *adopt_children_job_create(ike_sa_id_t *id)
.get_priority = _get_priority,
.destroy = _destroy,
},
+ .queue_task = _queue_task,
},
.id = id->clone(id),
);
diff --git a/src/libcharon/processing/jobs/adopt_children_job.h b/src/libcharon/processing/jobs/adopt_children_job.h
index 073504abd..ee99ee4e5 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.h
+++ b/src/libcharon/processing/jobs/adopt_children_job.h
@@ -24,6 +24,7 @@
#include <library.h>
#include <processing/jobs/job.h>
#include <sa/ike_sa_id.h>
+#include <sa/task.h>
typedef struct adopt_children_job_t adopt_children_job_t;
@@ -36,6 +37,13 @@ struct adopt_children_job_t {
* Implements job_t.
*/
job_t job_interface;
+
+ /**
+ * Queue a job for execution after completing migration.
+ *
+ * @param task task to queue for execution
+ */
+ void (*queue_task)(adopt_children_job_t *this, task_t *task);
};
/**
diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 694318522..e6d7da2c6 100644
--- a/src/libcharon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
@@ -63,12 +63,7 @@ METHOD(job_t, execute, job_requeue_t,
}
else
{
- /* we update only if other host is NATed, but not our */
- if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) &&
- !ike_sa->has_condition(ike_sa, COND_NAT_HERE))
- {
- ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE);
- }
+ ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
return JOB_REQUEUE_NONE;
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index c338cdaef..d92b9df8e 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -16,6 +16,28 @@
* for more details.
*/
+/*
+ * Copyright (c) 2014 Volker Rümelin
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include <string.h>
#include <sys/stat.h>
#include <errno.h>
@@ -251,6 +273,11 @@ struct private_ike_sa_t {
* Flush auth configs once established?
*/
bool flush_auth_cfg;
+
+ /**
+ * Maximum length of a single fragment, 0 for address-specific defaults
+ */
+ size_t fragment_size;
};
/**
@@ -909,11 +936,14 @@ METHOD(ike_sa_t, update_hosts, void,
update = TRUE;
}
- if (!other->equals(other, this->other_host))
+ if (!other->equals(other, this->other_host) &&
+ (force || has_condition(this, COND_NAT_THERE)))
{
- /* update others address if we are NOT NATed */
- if ((has_condition(this, COND_NAT_THERE) &&
- !has_condition(this, COND_NAT_HERE)) || force )
+ /* only update other's address if we are behind a static NAT,
+ * which we assume is the case if we are not initiator */
+ if (force ||
+ (!has_condition(this, COND_NAT_HERE) ||
+ !has_condition(this, COND_ORIGINAL_INITIATOR)))
{
set_other_host(this, other->clone(other));
update = TRUE;
@@ -994,6 +1024,69 @@ METHOD(ike_sa_t, generate_message, status_t,
return status;
}
+static bool filter_fragments(private_ike_sa_t *this, packet_t **fragment,
+ packet_t **packet)
+{
+ *packet = (*fragment)->clone(*fragment);
+ set_dscp(this, *packet);
+ return TRUE;
+}
+
+METHOD(ike_sa_t, generate_message_fragmented, status_t,
+ private_ike_sa_t *this, message_t *message, enumerator_t **packets)
+{
+ enumerator_t *fragments;
+ packet_t *packet;
+ status_t status;
+ bool use_frags = FALSE;
+
+ if (this->ike_cfg)
+ {
+ switch (this->ike_cfg->fragmentation(this->ike_cfg))
+ {
+ case FRAGMENTATION_FORCE:
+ use_frags = TRUE;
+ break;
+ case FRAGMENTATION_YES:
+ use_frags = supports_extension(this, EXT_IKE_FRAGMENTATION);
+ if (use_frags && this->version == IKEV1 &&
+ supports_extension(this, EXT_MS_WINDOWS))
+ {
+ /* It seems Windows 7 and 8 peers only accept proprietary
+ * fragmented messages if they expect certificates. */
+ use_frags = message->get_payload(message,
+ PLV1_CERTIFICATE) != NULL;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ if (!use_frags)
+ {
+ status = generate_message(this, message, &packet);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ *packets = enumerator_create_single(packet, NULL);
+ return SUCCESS;
+ }
+
+ this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
+ message->set_ike_sa_id(message, this->ike_sa_id);
+ charon->bus->message(charon->bus, message, FALSE, TRUE);
+ status = message->fragment(message, this->keymat, this->fragment_size,
+ &fragments);
+ if (status == SUCCESS)
+ {
+ charon->bus->message(charon->bus, message, FALSE, FALSE);
+ *packets = enumerator_create_filter(fragments, (void*)filter_fragments,
+ this, NULL);
+ }
+ return status;
+}
+
METHOD(ike_sa_t, set_kmaddress, void,
private_ike_sa_t *this, host_t *local, host_t *remote)
{
@@ -1487,6 +1580,14 @@ METHOD(ike_sa_t, reauth, status_t,
{
return INVALID_STATE;
}
+ if (this->state == IKE_CONNECTING)
+ {
+ DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
+ get_name(this), this->unique_id);
+ reset(this);
+ this->task_manager->queue_ike(this->task_manager);
+ return this->task_manager->initiate(this->task_manager);
+ }
/* we can't reauthenticate as responder when we use EAP or virtual IPs.
* If the peer does not support RFC4478, there is no way to keep the
* IKE_SA up. */
@@ -1650,6 +1751,7 @@ METHOD(ike_sa_t, reestablish, status_t,
new->set_other_host(new, host->clone(host));
host = this->my_host;
new->set_my_host(new, host->clone(host));
+ charon->bus->ike_reestablish_pre(charon->bus, &this->public, new);
/* resolve hosts but use the old addresses above as fallback */
resolve_hosts((private_ike_sa_t*)new);
/* if we already have a virtual IP, we reuse it */
@@ -1734,12 +1836,15 @@ METHOD(ike_sa_t, reestablish, status_t,
if (status == DESTROY_ME)
{
+ charon->bus->ike_reestablish_post(charon->bus, &this->public, new,
+ FALSE);
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
status = FAILED;
}
else
{
- charon->bus->ike_reestablish(charon->bus, &this->public, new);
+ charon->bus->ike_reestablish_post(charon->bus, &this->public, new,
+ TRUE);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
status = SUCCESS;
}
@@ -1899,11 +2004,29 @@ static bool is_any_path_valid(private_ike_sa_t *this)
bool valid = FALSE;
enumerator_t *enumerator;
host_t *src = NULL, *addr;
+ int family = AF_UNSPEC;
+
+ switch (charon->socket->supported_families(charon->socket))
+ {
+ case SOCKET_FAMILY_IPV4:
+ family = AF_INET;
+ break;
+ case SOCKET_FAMILY_IPV6:
+ family = AF_INET6;
+ break;
+ case SOCKET_FAMILY_BOTH:
+ case SOCKET_FAMILY_NONE:
+ break;
+ }
DBG1(DBG_IKE, "old path is not available anymore, try to find another");
enumerator = create_peer_address_enumerator(this);
while (enumerator->enumerate(enumerator, &addr))
{
+ if (family != AF_UNSPEC && addr->get_family(addr) != family)
+ {
+ continue;
+ }
DBG1(DBG_IKE, "looking for a route to %H ...", addr);
src = hydra->kernel_interface->get_source_addr(
hydra->kernel_interface, addr, NULL);
@@ -2332,6 +2455,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.inherit_pre = _inherit_pre,
.inherit_post = _inherit_post,
.generate_message = _generate_message,
+ .generate_message_fragmented = _generate_message_fragmented,
.reset = _reset,
.get_unique_id = _get_unique_id,
.add_virtual_ip = _add_virtual_ip,
@@ -2377,6 +2501,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
"%s.retry_initiate_interval", 0, lib->ns),
.flush_auth_cfg = lib->settings->get_bool(lib->settings,
"%s.flush_auth_cfg", FALSE, lib->ns),
+ .fragment_size = lib->settings->get_int(lib->settings,
+ "%s.fragment_size", 0, lib->ns),
);
if (version == IKEV2)
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 15fb47484..c72d87367 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -102,7 +102,7 @@ enum ike_extension_t {
EXT_EAP_ONLY_AUTHENTICATION = (1<<5),
/**
- * peer is probably a Windows 7 RAS client
+ * peer is probably a Windows RAS client
*/
EXT_MS_WINDOWS = (1<<6),
@@ -128,7 +128,7 @@ enum ike_extension_t {
EXT_NATT_DRAFT_02_03 = (1<<10),
/**
- * peer support proprietary IKE fragmentation
+ * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation
*/
EXT_IKE_FRAGMENTATION = (1<<11),
};
@@ -756,7 +756,7 @@ struct ike_sa_t {
status_t (*roam)(ike_sa_t *this, bool address);
/**
- * Processes a incoming IKEv2-Message.
+ * Processes an incoming IKE message.
*
* Message processing may fail. If a critical failure occurs,
* process_message() return DESTROY_ME. Then the caller must
@@ -768,10 +768,10 @@ struct ike_sa_t {
* - FAILED
* - DESTROY_ME if this IKE_SA MUST be deleted
*/
- status_t (*process_message) (ike_sa_t *this, message_t *message);
+ status_t (*process_message)(ike_sa_t *this, message_t *message);
/**
- * Generate a IKE message to send it to the peer.
+ * Generate an IKE message to send it to the peer.
*
* This method generates all payloads in the message and encrypts/signs
* the packet.
@@ -783,8 +783,26 @@ struct ike_sa_t {
* - FAILED
* - DESTROY_ME if this IKE_SA MUST be deleted
*/
- status_t (*generate_message) (ike_sa_t *this, message_t *message,
- packet_t **packet);
+ status_t (*generate_message)(ike_sa_t *this, message_t *message,
+ packet_t **packet);
+
+ /**
+ * Generate an IKE message to send it to the peer. If enabled and supported
+ * it will be fragmented.
+ *
+ * This method generates all payloads in the message and encrypts/signs
+ * the packet/fragments.
+ *
+ * @param message message to generate
+ * @param packets enumerator of generated packet_t* (are not destroyed
+ * with the enumerator)
+ * @return
+ * - SUCCESS
+ * - FAILED
+ * - DESTROY_ME if this IKE_SA MUST be deleted
+ */
+ status_t (*generate_message_fragmented)(ike_sa_t *this, message_t *message,
+ enumerator_t **packets);
/**
* Retransmits a request.
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 8e68e7bee..bdabc59b5 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -384,11 +384,6 @@ struct private_ike_sa_manager_t {
rng_t *rng;
/**
- * SHA1 hasher for IKE_SA_INIT retransmit detection
- */
- hasher_t *hasher;
-
- /**
* reuse existing IKE_SAs in checkout_by_config
*/
bool reuse_ikesa;
@@ -962,49 +957,39 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
*
* @returns TRUE on success
*/
-static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message,
- chunk_t *hash)
+static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash)
{
host_t *src;
- if (!this->hasher)
- { /* this might be the case when flush() has been called */
- return FALSE;
- }
if (message->get_first_payload_type(message) == PLV1_FRAGMENT)
{ /* only hash the source IP, port and SPI for fragmented init messages */
u_int16_t port;
u_int64_t spi;
src = message->get_source(message);
- if (!this->hasher->allocate_hash(this->hasher,
- src->get_address(src), NULL))
+ if (!hasher->allocate_hash(hasher, src->get_address(src), NULL))
{
return FALSE;
}
port = src->get_port(src);
- if (!this->hasher->allocate_hash(this->hasher,
- chunk_from_thing(port), NULL))
+ if (!hasher->allocate_hash(hasher, chunk_from_thing(port), NULL))
{
return FALSE;
}
spi = message->get_initiator_spi(message);
- return this->hasher->allocate_hash(this->hasher,
- chunk_from_thing(spi), hash);
+ return hasher->allocate_hash(hasher, chunk_from_thing(spi), hash);
}
if (message->get_exchange_type(message) == ID_PROT)
{ /* include the source for Main Mode as the hash will be the same if
* SPIs are reused by two initiators that use the same proposal */
src = message->get_source(message);
- if (!this->hasher->allocate_hash(this->hasher,
- src->get_address(src), NULL))
+ if (!hasher->allocate_hash(hasher, src->get_address(src), NULL))
{
return FALSE;
}
}
- return this->hasher->allocate_hash(this->hasher,
- message->get_packet_data(message), hash);
+ return hasher->allocate_hash(hasher, message->get_packet_data(message), hash);
}
/**
@@ -1227,15 +1212,19 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
if (is_init)
{
+ hasher_t *hasher;
u_int64_t our_spi;
chunk_t hash;
- if (!get_init_hash(this, message, &hash))
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !get_init_hash(hasher, message, &hash))
{
DBG1(DBG_MGR, "ignoring message, failed to hash message");
+ DESTROY_IF(hasher);
id->destroy(id);
return NULL;
}
+ hasher->destroy(hasher);
/* ensure this is not a retransmit of an already handled init message */
switch (check_and_put_init_hash(this, hash, &our_spi))
@@ -1313,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
ike_id = entry->ike_sa->get_id(entry->ike_sa);
entry->checked_out = TRUE;
- if (message->get_first_payload_type(message) != PLV1_FRAGMENT)
- {
+ if (message->get_first_payload_type(message) != PLV1_FRAGMENT &&
+ message->get_first_payload_type(message) != PLV2_FRAGMENT)
+ { /* TODO-FRAG: this fails if there are unencrypted payloads */
entry->processing = get_message_id_or_hash(message);
}
if (ike_id->get_responder_spi(ike_id) == 0)
@@ -2058,8 +2048,6 @@ METHOD(ike_sa_manager_t, flush, void,
this->rng->destroy(this->rng);
this->rng = NULL;
- this->hasher->destroy(this->hasher);
- this->hasher = NULL;
}
METHOD(ike_sa_manager_t, destroy, void,
@@ -2134,18 +2122,10 @@ ike_sa_manager_t *ike_sa_manager_create()
},
);
- this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (this->hasher == NULL)
- {
- DBG1(DBG_MGR, "manager initialization failed, no hasher supported");
- free(this);
- return NULL;
- }
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (this->rng == NULL)
{
DBG1(DBG_MGR, "manager initialization failed, no RNG supported");
- this->hasher->destroy(this->hasher);
free(this);
return NULL;
}
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 114b8a3e4..d01a831f8 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -536,6 +536,7 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
enumerator_t *enumerator;
peer_cfg_t *current;
host_t *me, *other;
+ int unusable = 0;
if (this->peer_cfg)
{ /* try to find an alternative config */
@@ -571,6 +572,10 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
this->candidates->insert_last(this->candidates, current);
}
}
+ else
+ {
+ unusable++;
+ }
}
enumerator->destroy(enumerator);
@@ -580,6 +585,13 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
this->peer_cfg->get_name(this->peer_cfg));
return this->peer_cfg->get_ref(this->peer_cfg);
}
+ if (unusable)
+ {
+ DBG1(DBG_IKE, "found %d matching config%s, but none allows %N "
+ "authentication using %s Mode", unusable, unusable > 1 ? "s" : "",
+ auth_method_names, method, aggressive ? "Aggressive" : "Main");
+ return NULL;
+ }
DBG1(DBG_IKE, "no peer config found");
return NULL;
}
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 97812a5c5..0f8e8bc6d 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2013 Tobias Brunner
+ * Copyright (C) 2007-2014 Tobias Brunner
* Copyright (C) 2007-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -38,8 +38,7 @@
#include <processing/jobs/dpd_timeout_job.h>
#include <processing/jobs/process_message_job.h>
-#include <encoding/payloads/fragment_payload.h>
-#include <bio/bio_writer.h>
+#include <collections/array.h>
/**
* Number of old messages hashes we keep for retransmission.
@@ -51,20 +50,6 @@
#define MAX_OLD_HASHES 2
/**
- * Maximum packet size for fragmented packets (same as in sockets)
- */
-#define MAX_PACKET 10000
-
-/**
- * Maximum size of fragment data when sending packets (currently the same is
- * used for IPv4 and IPv6, even though the latter has a higher minimum datagram
- * size). 576 (= min. IPv4) - 20 (= IP header) - 8 (= UDP header) -
- * - 28 (= IKE header) - 8 (= fragment header) = 512
- * This is reduced by 4 in case of NAT-T (due to the non-ESP marker).
- */
-#define MAX_FRAGMENT_SIZE 512
-
-/**
* First sequence number of responding packets.
*
* To distinguish retransmission jobs for initiating and responding packets,
@@ -127,9 +112,9 @@ struct private_task_manager_t {
u_int32_t hash;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* Sequence number of the last sent message
@@ -173,9 +158,9 @@ struct private_task_manager_t {
u_int retransmitted;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* type of the initiated exchange
@@ -185,50 +170,9 @@ struct private_task_manager_t {
} initiating;
/**
- * Data used to reassemble a fragmented message
+ * Message we are currently defragmenting, if any (only one at a time)
*/
- struct {
-
- /**
- * Fragment ID (currently only one is supported at a time)
- */
- u_int16_t id;
-
- /**
- * The number of the last fragment (in case we receive the fragments out
- * of order), since the first starts with 1 this defines the number of
- * fragments we expect
- */
- u_int8_t last;
-
- /**
- * List of fragments (fragment_t*)
- */
- linked_list_t *list;
-
- /**
- * Length of all currently received fragments
- */
- size_t len;
-
- /**
- * Maximum length of a fragmented packet
- */
- size_t max_packet;
-
- /**
- * Maximum length of a single fragment (when sending)
- */
- size_t size;
-
- /**
- * The exchange type we use for fragments. Always the initial type even
- * for fragmented quick mode or transaction messages (i.e. either
- * ID_PROT or AGGRESSIVE)
- */
- exchange_type_t exchange;
-
- } frag;
+ message_t *defrag;
/**
* List of queued tasks not yet in action
@@ -277,31 +221,16 @@ struct private_task_manager_t {
};
/**
- * A single fragment within a fragmented message
+ * Reset retransmission packet list
*/
-typedef struct {
-
- /** fragment number */
- u_int8_t num;
-
- /** fragment data */
- chunk_t data;
-
-} fragment_t;
-
-static void fragment_destroy(fragment_t *this)
+static void clear_packets(array_t *array)
{
- chunk_free(&this->data);
- free(this);
-}
+ packet_t *packet;
-static void clear_fragments(private_task_manager_t *this, u_int16_t id)
-{
- DESTROY_FUNCTION_IF(this->frag.list, (void*)fragment_destroy);
- this->frag.list = NULL;
- this->frag.last = 0;
- this->frag.len = 0;
- this->frag.id = id;
+ while (array_remove(array, ARRAY_TAIL, &packet))
+ {
+ packet->destroy(packet);
+ }
}
METHOD(task_manager_t, flush_queue, void,
@@ -321,8 +250,7 @@ METHOD(task_manager_t, flush_queue, void,
list = this->active_tasks;
/* cancel pending retransmits */
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- DESTROY_IF(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
break;
case TASK_QUEUE_PASSIVE:
list = this->passive_tasks;
@@ -373,110 +301,53 @@ static bool activate_task(private_task_manager_t *this, task_type_t type)
}
/**
- * Send a single fragment with the given data
+ * Send packets in the given array (they get cloned)
*/
-static bool send_fragment(private_task_manager_t *this, bool request,
- host_t *src, host_t *dst, fragment_payload_t *fragment)
+static void send_packets(private_task_manager_t *this, array_t *packets)
{
- message_t *message;
+ enumerator_t *enumerator;
packet_t *packet;
- status_t status;
- message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
- /* other implementations seem to just use 0 as message ID, so here we go */
- message->set_message_id(message, 0);
- message->set_request(message, request);
- message->set_source(message, src->clone(src));
- message->set_destination(message, dst->clone(dst));
- message->set_exchange_type(message, this->frag.exchange);
- message->add_payload(message, (payload_t*)fragment);
-
- status = this->ike_sa->generate_message(this->ike_sa, message, &packet);
- if (status != SUCCESS)
+ enumerator = array_create_enumerator(packets);
+ while (enumerator->enumerate(enumerator, &packet))
{
- DBG1(DBG_IKE, "failed to generate IKE fragment");
- message->destroy(message);
- return FALSE;
+ charon->sender->send(charon->sender, packet->clone(packet));
}
- charon->sender->send(charon->sender, packet);
- message->destroy(message);
- return TRUE;
+ enumerator->destroy(enumerator);
}
/**
- * Send a packet, if supported and required do so in fragments
+ * Generates the given message and stores packet(s) in the given array
*/
-static bool send_packet(private_task_manager_t *this, bool request,
- packet_t *packet)
+static bool generate_message(private_task_manager_t *this, message_t *message,
+ array_t **packets)
{
- bool use_frags = FALSE;
- ike_cfg_t *ike_cfg;
- chunk_t data;
+ enumerator_t *fragments;
+ packet_t *fragment;
- ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
- if (ike_cfg)
+ if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
+ &fragments) != SUCCESS)
{
- switch (ike_cfg->fragmentation(ike_cfg))
- {
- case FRAGMENTATION_FORCE:
- use_frags = TRUE;
- break;
- case FRAGMENTATION_YES:
- use_frags = this->ike_sa->supports_extension(this->ike_sa,
- EXT_IKE_FRAGMENTATION);
- break;
- default:
- break;
- }
+ return FALSE;
}
- data = packet->get_data(packet);
- if (data.len > this->frag.size && use_frags)
+ while (fragments->enumerate(fragments, &fragment))
{
- fragment_payload_t *fragment;
- u_int8_t num, count;
- size_t len, frag_size;
- host_t *src, *dst;
-
- src = packet->get_source(packet);
- dst = packet->get_destination(packet);
-
- frag_size = this->frag.size;
- if (dst->get_port(dst) != IKEV2_UDP_PORT &&
- src->get_port(src) != IKEV2_UDP_PORT)
- { /* reduce size due to non-ESP marker */
- frag_size -= 4;
- }
- count = data.len / frag_size + (data.len % frag_size ? 1 : 0);
-
- DBG1(DBG_IKE, "sending IKE message with length of %zu bytes in "
- "%hhu fragments", data.len, count);
- for (num = 1; num <= count; num++)
- {
- len = min(data.len, frag_size);
- fragment = fragment_payload_create_from_data(num, num == count,
- chunk_create(data.ptr, len));
- if (!send_fragment(this, request, src, dst, fragment))
- {
- packet->destroy(packet);
- return FALSE;
- }
- data = chunk_skip(data, len);
- }
- packet->destroy(packet);
- return TRUE;
+ array_insert_create(packets, ARRAY_TAIL, fragment);
}
- charon->sender->send(charon->sender, packet);
+ fragments->destroy(fragments);
return TRUE;
}
/**
- * Retransmit a packet, either as initiator or as responder
+ * Retransmit a packet (or its fragments)
*/
-static status_t retransmit_packet(private_task_manager_t *this, bool request,
- u_int32_t seqnr, u_int mid, u_int retransmitted, packet_t *packet)
+static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
+ u_int mid, u_int retransmitted, array_t *packets)
{
+ packet_t *packet;
u_int32_t t;
+ array_get(packets, 0, &packet);
if (retransmitted > this->retransmit_tries)
{
DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
@@ -492,10 +363,7 @@ static status_t retransmit_packet(private_task_manager_t *this, bool request,
mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
}
- if (!send_packet(this, request, packet->clone(packet)))
- {
- return DESTROY_ME;
- }
+ send_packets(this, packets);
lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
return NEED_MORE;
@@ -506,20 +374,22 @@ METHOD(task_manager_t, retransmit, status_t,
{
status_t status = SUCCESS;
- if (seqnr == this->initiating.seqnr && this->initiating.packet)
+ if (seqnr == this->initiating.seqnr &&
+ array_count(this->initiating.packets))
{
- status = retransmit_packet(this, TRUE, seqnr, this->initiating.mid,
- this->initiating.retransmitted, this->initiating.packet);
+ status = retransmit_packet(this, seqnr, this->initiating.mid,
+ this->initiating.retransmitted, this->initiating.packets);
if (status == NEED_MORE)
{
this->initiating.retransmitted++;
status = SUCCESS;
}
}
- if (seqnr == this->responding.seqnr && this->responding.packet)
+ if (seqnr == this->responding.seqnr &&
+ array_count(this->responding.packets))
{
- status = retransmit_packet(this, FALSE, seqnr, this->responding.mid,
- this->responding.retransmitted, this->responding.packet);
+ status = retransmit_packet(this, seqnr, this->responding.mid,
+ this->responding.retransmitted, this->responding.packets);
if (status == NEED_MORE)
{
this->responding.retransmitted++;
@@ -586,7 +456,6 @@ METHOD(task_manager_t, initiate, status_t,
task_t *task;
message_t *message;
host_t *me, *other;
- status_t status;
exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
@@ -790,10 +659,8 @@ METHOD(task_manager_t, initiate, status_t,
return initiate(this);
}
- DESTROY_IF(this->initiating.packet);
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->initiating.packet);
- if (status != SUCCESS)
+ clear_packets(this->initiating.packets);
+ if (!generate_message(this, message, &this->initiating.packets))
{
/* message generation failed. There is nothing more to do than to
* close the SA */
@@ -811,13 +678,12 @@ METHOD(task_manager_t, initiate, status_t,
}
if (keep)
{ /* keep the packet for retransmission, the responder might request it */
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
}
else
{
- send_packet(this, TRUE, this->initiating.packet);
- this->initiating.packet = NULL;
+ send_packets(this, this->initiating.packets);
+ clear_packets(this->initiating.packets);
}
message->destroy(message);
@@ -848,7 +714,6 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
message_t *message;
host_t *me, *other;
bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
- status_t status;
me = request->get_destination(request);
other = request->get_source(request);
@@ -900,28 +765,25 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
}
enumerator->destroy(enumerator);
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
if (cancelled)
{
message->destroy(message);
return initiate(this);
}
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->responding.packet);
- message->destroy(message);
- if (status != SUCCESS)
+ if (!generate_message(this, message, &this->responding.packets))
{
+ message->destroy(message);
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return DESTROY_ME;
}
+ message->destroy(message);
if (expect_request && !delete)
{
return retransmit(this, this->responding.seqnr);
}
- send_packet(this, FALSE,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets);
if (delete)
{
return DESTROY_ME;
@@ -937,7 +799,7 @@ static void send_notify(private_task_manager_t *this, message_t *request,
notify_type_t type)
{
message_t *response;
- packet_t *packet;
+ array_t *packets = NULL;
host_t *me, *other;
u_int32_t mid;
@@ -973,11 +835,12 @@ static void send_notify(private_task_manager_t *this, message_t *request,
}
response->set_source(response, me->clone(me));
response->set_destination(response, other->clone(other));
- if (this->ike_sa->generate_message(this->ike_sa, response,
- &packet) == SUCCESS)
+ if (generate_message(this, response, &packets))
{
- send_packet(this, TRUE, packet);
+ send_packets(this, packets);
}
+ clear_packets(packets);
+ array_destroy(packets);
response->destroy(response);
}
@@ -1075,7 +938,6 @@ static status_t process_request(private_task_manager_t *this,
this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
- this->frag.exchange = AGGRESSIVE;
break;
case QUICK_MODE:
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
@@ -1164,8 +1026,7 @@ static status_t process_request(private_task_manager_t *this,
else
{ /* We don't send a response, so don't retransmit one if we get
* the same message again. */
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
}
if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
this->queued_tasks->get_count(this->queued_tasks) > 0)
@@ -1237,8 +1098,7 @@ static status_t process_response(private_task_manager_t *this,
enumerator->destroy(enumerator);
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- DESTROY_IF(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
{
@@ -1258,107 +1118,23 @@ static status_t process_response(private_task_manager_t *this,
static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
{
- fragment_payload_t *payload;
- enumerator_t *enumerator;
- fragment_t *fragment;
- status_t status = SUCCESS;
- chunk_t data;
- u_int8_t num;
-
- payload = (fragment_payload_t*)msg->get_payload(msg, PLV1_FRAGMENT);
- if (!payload)
- {
- return FAILED;
- }
-
- if (!this->frag.list || this->frag.id != payload->get_id(payload))
- {
- clear_fragments(this, payload->get_id(payload));
- this->frag.list = linked_list_create();
- }
-
- num = payload->get_number(payload);
- if (!this->frag.last && payload->is_last(payload))
- {
- this->frag.last = num;
- }
+ status_t status;
- enumerator = this->frag.list->create_enumerator(this->frag.list);
- while (enumerator->enumerate(enumerator, &fragment))
+ if (!this->defrag)
{
- if (fragment->num == num)
- { /* ignore a duplicate fragment */
- DBG1(DBG_IKE, "received duplicate fragment #%hhu", num);
- enumerator->destroy(enumerator);
- return NEED_MORE;
- }
- if (fragment->num > num)
+ this->defrag = message_create_defrag(msg);
+ if (!this->defrag)
{
- break;
+ return FAILED;
}
}
-
- data = payload->get_data(payload);
- this->frag.len += data.len;
- if (this->frag.len > this->frag.max_packet)
- {
- DBG1(DBG_IKE, "fragmented IKE message is too large");
- enumerator->destroy(enumerator);
- clear_fragments(this, 0);
- return FAILED;
- }
-
- INIT(fragment,
- .num = num,
- .data = chunk_clone(data),
- );
-
- this->frag.list->insert_before(this->frag.list, enumerator, fragment);
- enumerator->destroy(enumerator);
-
- if (this->frag.list->get_count(this->frag.list) == this->frag.last)
+ status = this->defrag->add_fragment(this->defrag, msg);
+ if (status == SUCCESS)
{
- message_t *message;
- packet_t *pkt;
- host_t *src, *dst;
- bio_writer_t *writer;
-
- writer = bio_writer_create(this->frag.len);
- DBG1(DBG_IKE, "received fragment #%hhu, reassembling fragmented IKE "
- "message", num);
- enumerator = this->frag.list->create_enumerator(this->frag.list);
- while (enumerator->enumerate(enumerator, &fragment))
- {
- writer->write_data(writer, fragment->data);
- }
- enumerator->destroy(enumerator);
-
- src = msg->get_source(msg);
- dst = msg->get_destination(msg);
- pkt = packet_create_from_data(src->clone(src), dst->clone(dst),
- writer->extract_buf(writer));
- writer->destroy(writer);
-
- message = message_create_from_packet(pkt);
- if (message->parse_header(message) != SUCCESS)
- {
- DBG1(DBG_IKE, "failed to parse header of reassembled IKE message");
- message->destroy(message);
- status = FAILED;
- }
- else
- {
- lib->processor->queue_job(lib->processor,
- (job_t*)process_message_job_create(message));
- status = NEED_MORE;
-
- }
- clear_fragments(this, 0);
- }
- else
- { /* there are some fragments missing */
- DBG1(DBG_IKE, "received fragment #%hhu, waiting for complete IKE "
- "message", num);
+ lib->processor->queue_job(lib->processor,
+ (job_t*)process_message_job_create(this->defrag));
+ this->defrag = NULL;
+ /* do not process the last fragment */
status = NEED_MORE;
}
return status;
@@ -1435,15 +1211,14 @@ METHOD(task_manager_t, process_message, status_t,
{
if (this->initiating.old_hashes[i] == hash)
{
- if (this->initiating.packet &&
+ if (array_count(this->initiating.packets) &&
i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
(msg->get_exchange_type(msg) == QUICK_MODE ||
msg->get_exchange_type(msg) == AGGRESSIVE))
{
DBG1(DBG_IKE, "received retransmit of response with ID %u, "
"resending last request", mid);
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
return SUCCESS;
}
DBG1(DBG_IKE, "received retransmit of response with ID %u, "
@@ -1484,20 +1259,18 @@ METHOD(task_manager_t, process_message, status_t,
{
if (hash == this->responding.hash)
{
- if (this->responding.packet)
+ if (array_count(this->responding.packets))
{
DBG1(DBG_IKE, "received retransmit of request with ID %u, "
"retransmitting response", mid);
- send_packet(this, FALSE,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets);
}
- else if (this->initiating.packet &&
+ else if (array_count(this->initiating.packets) &&
this->initiating.type == INFORMATIONAL_V1)
{
DBG1(DBG_IKE, "received retransmit of DPD request, "
"retransmitting response");
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
}
else
{
@@ -1593,13 +1366,6 @@ METHOD(task_manager_t, process_message, status_t,
return SUCCESS;
}
-METHOD(task_manager_t, queue_task, void,
- private_task_manager_t *this, task_t *task)
-{
- DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
- this->queued_tasks->insert_last(this->queued_tasks, task);
-}
-
/**
* Check if a given task has been queued already
*/
@@ -1622,6 +1388,28 @@ static bool has_queued(private_task_manager_t *this, task_type_t type)
return found;
}
+METHOD(task_manager_t, queue_task, void,
+ private_task_manager_t *this, task_t *task)
+{
+ task_type_t type = task->get_type(task);
+
+ switch (type)
+ {
+ case TASK_MODE_CONFIG:
+ case TASK_XAUTH:
+ if (has_queued(this, type))
+ {
+ task->destroy(task);
+ return;
+ }
+ break;
+ default:
+ break;
+ }
+ DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
+ this->queued_tasks->insert_last(this->queued_tasks, task);
+}
+
METHOD(task_manager_t, queue_ike, void,
private_task_manager_t *this)
{
@@ -1642,7 +1430,6 @@ METHOD(task_manager_t, queue_ike, void,
{
queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
}
- this->frag.exchange = AGGRESSIVE;
}
else
{
@@ -1969,17 +1756,16 @@ METHOD(task_manager_t, reset, void,
task_t *task;
/* reset message counters and retransmit packets */
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
+ clear_packets(this->initiating.packets);
this->responding.seqnr = RESPONDING_SEQ;
this->responding.retransmitted = 0;
- this->initiating.packet = NULL;
this->initiating.mid = 0;
this->initiating.seqnr = 0;
this->initiating.retransmitted = 0;
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- clear_fragments(this, 0);
+ DESTROY_IF(this->defrag);
+ this->defrag = NULL;
if (initiate != UINT_MAX)
{
this->dpd_send = initiate;
@@ -2030,11 +1816,13 @@ METHOD(task_manager_t, destroy, void,
this->active_tasks->destroy(this->active_tasks);
this->queued_tasks->destroy(this->queued_tasks);
this->passive_tasks->destroy(this->passive_tasks);
- clear_fragments(this, 0);
+ DESTROY_IF(this->defrag);
DESTROY_IF(this->queued);
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
+ clear_packets(this->responding.packets);
+ array_destroy(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ array_destroy(this->initiating.packets);
DESTROY_IF(this->rng);
free(this);
}
@@ -2079,13 +1867,6 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.responding = {
.seqnr = RESPONDING_SEQ,
},
- .frag = {
- .exchange = ID_PROT,
- .max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
- .size = lib->settings->get_int(lib->settings,
- "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns),
- },
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
.queued_tasks = linked_list_create(),
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 7009ae95d..710bf1cd2 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -475,6 +475,9 @@ METHOD(task_t, process_r, status_t,
}
case AM_AUTH:
{
+ adopt_children_job_t *job = NULL;
+ xauth_t *xauth = NULL;
+
while (TRUE)
{
if (this->ph1->verify_auth(this->ph1, this->method, message,
@@ -504,8 +507,8 @@ METHOD(task_t, process_r, status_t,
case AUTH_XAUTH_INIT_PSK:
case AUTH_XAUTH_INIT_RSA:
case AUTH_HYBRID_INIT_RSA:
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)xauth_create(this->ike_sa, TRUE));
+ xauth = xauth_create(this->ike_sa, TRUE);
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
break;
case AUTH_XAUTH_RESP_PSK:
case AUTH_XAUTH_RESP_RSA:
@@ -524,9 +527,8 @@ METHOD(task_t, process_r, status_t,
{
return send_delete(this);
}
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(
- this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(
+ this->ike_sa->get_id(this->ike_sa));
break;
}
/* check for and prepare mode config push/pull */
@@ -542,10 +544,26 @@ METHOD(task_t, process_r, status_t,
{
if (!this->peer_cfg->use_pull_mode(this->peer_cfg))
{
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ if (job)
+ {
+ job->queue_task(job, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ else if (xauth)
+ {
+ xauth->queue_mode_config_push(xauth);
+ }
+ else
+ {
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
}
}
+ if (job)
+ {
+ lib->processor->queue_job(lib->processor, (job_t*)job);
+ }
return SUCCESS;
}
default:
diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c
index b742dbef9..2798978b2 100644
--- a/src/libcharon/sa/ikev1/tasks/informational.c
+++ b/src/libcharon/sa/ikev1/tasks/informational.c
@@ -112,16 +112,16 @@ METHOD(task_t, process_r, status_t,
IKEV2_UDP_PORT);
if (redirect)
{ /* treat the redirect as reauthentication */
- DBG1(DBG_IKE, "received %N notify. redirected to %H",
+ DBG1(DBG_IKE, "received %N notify, redirected to %H",
notify_type_names, type, redirect);
/* Cisco boxes reject the first message from 4500 */
me = this->ike_sa->get_my_host(this->ike_sa);
me->set_port(me, charon->socket->get_port(
charon->socket, FALSE));
this->ike_sa->set_other_host(this->ike_sa, redirect);
- this->ike_sa->reauth(this->ike_sa);
+ status = this->ike_sa->reauth(this->ike_sa);
enumerator->destroy(enumerator);
- return DESTROY_ME;
+ return status;
}
else
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 426c4bd69..0162fd84e 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -15,7 +15,7 @@
*/
/*
- * Copyright (C) 2012 Volker Rümelin
+ * Copyright (C) 2012-2014 Volker Rümelin
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -106,10 +106,15 @@ static struct {
"\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
/* Proprietary IKE fragmentation extension. Capabilities are handled
- * specially on receipt of this VID. */
+ * specially on receipt of this VID. Windows peers send this VID
+ * without capabilities, but accept it with and without capabilities. */
{ "FRAGMENTATION", EXT_IKE_FRAGMENTATION, FALSE, 20,
"\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00"},
+ /* Windows peers send this VID and a version number */
+ { "MS NT5 ISAKMPOAKLEY", EXT_MS_WINDOWS, FALSE, 20,
+ "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x00"},
+
}, vendor_natt_ids[] = {
/* NAT-Traversal VIDs ordered by preference */
@@ -167,15 +172,27 @@ static struct {
*/
static const u_int32_t fragmentation_ike = 0x80000000;
-/**
- * Check if the given vendor ID indicate support for fragmentation
- */
-static bool fragmentation_supported(chunk_t data, int i)
+static bool is_known_vid(chunk_t data, int i)
{
- if (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION &&
- data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16))
+ switch (vendor_ids[i].extension)
{
- return untoh32(&data.ptr[16]) & fragmentation_ike;
+ case EXT_IKE_FRAGMENTATION:
+ if (data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16))
+ {
+ switch (data.len)
+ {
+ case 16:
+ return TRUE;
+ case 20:
+ return untoh32(&data.ptr[16]) & fragmentation_ike;
+ }
+ }
+ break;
+ case EXT_MS_WINDOWS:
+ return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16);
+ default:
+ return chunk_equals(data, chunk_create(vendor_ids[i].id,
+ vendor_ids[i].len));
}
return FALSE;
}
@@ -251,9 +268,7 @@ static void process(private_isakmp_vendor_t *this, message_t *message)
for (i = 0; i < countof(vendor_ids); i++)
{
- if (chunk_equals(data, chunk_create(vendor_ids[i].id,
- vendor_ids[i].len)) ||
- fragmentation_supported(data, i))
+ if (is_known_vid(data, i))
{
DBG1(DBG_IKE, "received %s vendor ID", vendor_ids[i].desc);
if (vendor_ids[i].extension)
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 8a5d9ae16..2fb4c6935 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -479,6 +479,8 @@ METHOD(task_t, build_r, status_t,
{
id_payload_t *id_payload;
identification_t *id;
+ adopt_children_job_t *job = NULL;
+ xauth_t *xauth = NULL;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
if (!id)
@@ -502,8 +504,8 @@ METHOD(task_t, build_r, status_t,
case AUTH_XAUTH_INIT_PSK:
case AUTH_XAUTH_INIT_RSA:
case AUTH_HYBRID_INIT_RSA:
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)xauth_create(this->ike_sa, TRUE));
+ xauth = xauth_create(this->ike_sa, TRUE);
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
break;
case AUTH_XAUTH_RESP_PSK:
case AUTH_XAUTH_RESP_RSA:
@@ -522,9 +524,8 @@ METHOD(task_t, build_r, status_t,
{
return send_notify(this, AUTHENTICATION_FAILED);
}
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(
- this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(
+ this->ike_sa->get_id(this->ike_sa));
break;
}
if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
@@ -539,10 +540,26 @@ METHOD(task_t, build_r, status_t,
{
if (!this->peer_cfg->use_pull_mode(this->peer_cfg))
{
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ if (job)
+ {
+ job->queue_task(job, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ else if (xauth)
+ {
+ xauth->queue_mode_config_push(xauth);
+ }
+ else
+ {
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
}
}
+ if (job)
+ {
+ lib->processor->queue_job(lib->processor, (job_t*)job);
+ }
return SUCCESS;
}
default:
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index e6273682d..1133aab65 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1030,7 +1030,8 @@ METHOD(task_t, process_r, status_t,
}
tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
- if (!this->config || !this->tsi || !this->tsr)
+ if (!this->config || !this->tsi || !this->tsr ||
+ this->mode != this->config->get_mode(this->config))
{
DBG1(DBG_IKE, "no matching CHILD_SA config found");
return send_notify(this, INVALID_ID_INFORMATION);
@@ -1117,11 +1118,22 @@ METHOD(task_t, process_r, status_t,
}
case QM_NEGOTIATED:
{
- if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
- has_notify_errors(this, message))
+ if (has_notify_errors(this, message))
{
return SUCCESS;
}
+ if (message->get_exchange_type(message) == INFORMATIONAL_V1)
+ {
+ if (message->get_payload(message, PLV1_DELETE))
+ {
+ /* If the DELETE for a Quick Mode follows immediately
+ * after rekeying, we might receive it before the
+ * third completing Quick Mode message. Ignore it, as
+ * it gets handled by a separately queued delete task. */
+ return NEED_MORE;
+ }
+ return SUCCESS;
+ }
if (!install(this))
{
ike_sa_t *ike_sa = this->ike_sa;
@@ -1198,6 +1210,14 @@ METHOD(task_t, build_r, status_t,
this->state = QM_NEGOTIATED;
return NEED_MORE;
}
+ case QM_NEGOTIATED:
+ if (message->get_exchange_type(message) == INFORMATIONAL_V1)
+ {
+ /* skip INFORMATIONAL response if we received a INFORMATIONAL
+ * delete, see process_r() */
+ return ALREADY_DONE;
+ }
+ /* fall */
default:
return FAILED;
}
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index bdc5d67f7..a770e90ff 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -19,6 +19,7 @@
#include <hydra.h>
#include <encoding/payloads/cp_payload.h>
#include <processing/jobs/adopt_children_job.h>
+#include <sa/ikev1/tasks/mode_config.h>
typedef struct private_xauth_t private_xauth_t;
@@ -74,6 +75,11 @@ struct private_xauth_t {
* status of Xauth exchange
*/
xauth_status_t status;
+
+ /**
+ * Queue a Mode Config Push mode after completing XAuth?
+ */
+ bool mode_config_push;
};
/**
@@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t,
private_xauth_t *this, message_t *message)
{
cp_payload_t *cp;
+ adopt_children_job_t *job;
cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION);
if (!cp || cp->get_type(cp) != CFG_ACK)
@@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t,
return FAILED;
}
this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa));
+ if (this->mode_config_push)
+ {
+ job->queue_task(job,
+ (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ lib->processor->queue_job(lib->processor, (job_t*)job);
return SUCCESS;
}
@@ -511,6 +523,12 @@ METHOD(task_t, migrate, void,
}
}
+METHOD(xauth_t, queue_mode_config_push, void,
+ private_xauth_t *this)
+{
+ this->mode_config_push = TRUE;
+}
+
METHOD(task_t, destroy, void,
private_xauth_t *this)
{
@@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator)
.migrate = _migrate,
.destroy = _destroy,
},
+ .queue_mode_config_push = _queue_mode_config_push,
},
.initiator = initiator,
.ike_sa = ike_sa,
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.h b/src/libcharon/sa/ikev1/tasks/xauth.h
index 303eb31ce..ffaf32a32 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.h
+++ b/src/libcharon/sa/ikev1/tasks/xauth.h
@@ -36,6 +36,11 @@ struct xauth_t {
* Implements the task_t interface
*/
task_t task;
+
+ /**
+ * Queue a Mode Config in Push mode after completing XAuth.
+ */
+ void (*queue_mode_config_push)(xauth_t *this);
};
/**
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index ada798bdc..eb7df3516 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2011 Tobias Brunner
+ * Copyright (C) 2007-2014 Tobias Brunner
* Copyright (C) 2007-2010 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -90,9 +90,14 @@ struct private_task_manager_t {
u_int32_t mid;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
+
+ /**
+ * Helper to defragment the request
+ */
+ message_t *defrag;
} responding;
@@ -111,15 +116,25 @@ struct private_task_manager_t {
u_int retransmitted;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* type of the initated exchange
*/
exchange_type_t type;
+ /**
+ * TRUE if exchange was deferred because no path was available
+ */
+ bool deferred;
+
+ /**
+ * Helper to defragment the response
+ */
+ message_t *defrag;
+
} initiating;
/**
@@ -158,6 +173,19 @@ struct private_task_manager_t {
double retransmit_base;
};
+/**
+ * Reset retransmission packet list
+ */
+static void clear_packets(array_t *array)
+{
+ packet_t *packet;
+
+ while (array_remove(array, ARRAY_TAIL, &packet))
+ {
+ packet->destroy(packet);
+ }
+}
+
METHOD(task_manager_t, flush_queue, void,
private_task_manager_t *this, task_queue_t queue)
{
@@ -217,10 +245,60 @@ static bool activate_task(private_task_manager_t *this, task_type_t type)
return found;
}
+/**
+ * Send packets in the given array (they get cloned). Optionally, the
+ * source and destination addresses are changed before sending it.
+ */
+static void send_packets(private_task_manager_t *this, array_t *packets,
+ host_t *src, host_t *dst)
+{
+ packet_t *packet, *clone;
+ int i;
+
+ for (i = 0; i < array_count(packets); i++)
+ {
+ array_get(packets, i, &packet);
+ clone = packet->clone(packet);
+ if (src)
+ {
+ clone->set_source(clone, src->clone(src));
+ }
+ if (dst)
+ {
+ clone->set_destination(clone, dst->clone(dst));
+ }
+ charon->sender->send(charon->sender, clone);
+ }
+}
+
+/**
+ * Generates the given message and stores packet(s) in the given array
+ */
+static bool generate_message(private_task_manager_t *this, message_t *message,
+ array_t **packets)
+{
+ enumerator_t *fragments;
+ packet_t *fragment;
+
+ if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
+ &fragments) != SUCCESS)
+ {
+ return FALSE;
+ }
+ while (fragments->enumerate(fragments, &fragment))
+ {
+ array_insert_create(packets, ARRAY_TAIL, fragment);
+ }
+ fragments->destroy(fragments);
+ array_compress(*packets);
+ return TRUE;
+}
+
METHOD(task_manager_t, retransmit, status_t,
private_task_manager_t *this, u_int32_t message_id)
{
- if (this->initiating.packet && message_id == this->initiating.mid)
+ if (message_id == this->initiating.mid &&
+ array_count(this->initiating.packets))
{
u_int32_t timeout;
job_t *job;
@@ -229,23 +307,24 @@ METHOD(task_manager_t, retransmit, status_t,
task_t *task;
ike_mobike_t *mobike = NULL;
+ array_get(this->initiating.packets, 0, &packet);
+
/* check if we are retransmitting a MOBIKE routability check */
- enumerator = array_create_enumerator(this->active_tasks);
- while (enumerator->enumerate(enumerator, (void*)&task))
+ if (this->initiating.type == INFORMATIONAL)
{
- if (task->get_type(task) == TASK_IKE_MOBIKE)
+ enumerator = array_create_enumerator(this->active_tasks);
+ while (enumerator->enumerate(enumerator, (void*)&task))
{
- mobike = (ike_mobike_t*)task;
- if (!mobike->is_probing(mobike))
+ if (task->get_type(task) == TASK_IKE_MOBIKE)
{
- mobike = NULL;
+ mobike = (ike_mobike_t*)task;
+ break;
}
- break;
}
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
- if (mobike == NULL)
+ if (!mobike || !mobike->is_probing(mobike))
{
if (this->initiating.retransmitted <= this->retransmit_tries)
{
@@ -257,7 +336,7 @@ METHOD(task_manager_t, retransmit, status_t,
DBG1(DBG_IKE, "giving up after %d retransmits",
this->initiating.retransmitted - 1);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT,
- this->initiating.packet);
+ packet);
return DESTROY_ME;
}
@@ -265,11 +344,29 @@ METHOD(task_manager_t, retransmit, status_t,
{
DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
this->initiating.retransmitted, message_id);
- charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND,
- this->initiating.packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
+ }
+ if (!mobike)
+ {
+ send_packets(this, this->initiating.packets,
+ this->ike_sa->get_my_host(this->ike_sa),
+ this->ike_sa->get_other_host(this->ike_sa));
+ }
+ else
+ {
+ if (!mobike->transmit(mobike, packet))
+ {
+ DBG1(DBG_IKE, "no route found to reach peer, MOBIKE update "
+ "deferred");
+ this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
+ this->initiating.deferred = TRUE;
+ return SUCCESS;
+ }
+ else if (mobike->is_probing(mobike))
+ {
+ timeout = ROUTEABILITY_CHECK_INTERVAL;
+ }
}
- packet = this->initiating.packet->clone(this->initiating.packet);
- charon->sender->send(charon->sender, packet);
}
else
{ /* for routeability checks, we use a more aggressive behavior */
@@ -289,7 +386,16 @@ METHOD(task_manager_t, retransmit, status_t,
DBG1(DBG_IKE, "path probing attempt %d",
this->initiating.retransmitted);
}
- mobike->transmit(mobike, this->initiating.packet);
+ /* TODO-FRAG: presumably these small packets are not fragmented,
+ * we should maybe ensure this is the case when generating them */
+ if (!mobike->transmit(mobike, packet))
+ {
+ DBG1(DBG_IKE, "no route found to reach peer, path probing "
+ "deferred");
+ this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
+ this->initiating.deferred = TRUE;
+ return SUCCESS;
+ }
}
this->initiating.retransmitted++;
@@ -307,7 +413,6 @@ METHOD(task_manager_t, initiate, status_t,
task_t *task;
message_t *message;
host_t *me, *other;
- status_t status;
exchange_type_t exchange = 0;
if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
@@ -315,6 +420,12 @@ METHOD(task_manager_t, initiate, status_t,
DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
exchange_type_names, this->initiating.type);
/* do not initiate if we already have a message in the air */
+ if (this->initiating.deferred)
+ { /* re-initiate deferred exchange */
+ this->initiating.deferred = FALSE;
+ this->initiating.retransmitted = 0;
+ return retransmit(this, this->initiating.mid);
+ }
return SUCCESS;
}
@@ -347,39 +458,39 @@ METHOD(task_manager_t, initiate, status_t,
}
break;
case IKE_ESTABLISHED:
- if (activate_task(this, TASK_CHILD_CREATE))
+ if (activate_task(this, TASK_IKE_MOBIKE))
{
- exchange = CREATE_CHILD_SA;
+ exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_CHILD_DELETE))
+ if (activate_task(this, TASK_IKE_DELETE))
{
exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_CHILD_REKEY))
+ if (activate_task(this, TASK_CHILD_DELETE))
{
- exchange = CREATE_CHILD_SA;
+ exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_IKE_DELETE))
+ if (activate_task(this, TASK_IKE_REAUTH))
{
exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_IKE_REKEY))
+ if (activate_task(this, TASK_CHILD_CREATE))
{
exchange = CREATE_CHILD_SA;
break;
}
- if (activate_task(this, TASK_IKE_REAUTH))
+ if (activate_task(this, TASK_CHILD_REKEY))
{
- exchange = INFORMATIONAL;
+ exchange = CREATE_CHILD_SA;
break;
}
- if (activate_task(this, TASK_IKE_MOBIKE))
+ if (activate_task(this, TASK_IKE_REKEY))
{
- exchange = INFORMATIONAL;
+ exchange = CREATE_CHILD_SA;
break;
}
if (activate_task(this, TASK_IKE_DPD))
@@ -458,6 +569,7 @@ METHOD(task_manager_t, initiate, status_t,
message->set_exchange_type(message, exchange);
this->initiating.type = exchange;
this->initiating.retransmitted = 0;
+ this->initiating.deferred = FALSE;
enumerator = array_create_enumerator(this->active_tasks);
while (enumerator->enumerate(enumerator, &task))
@@ -493,9 +605,7 @@ METHOD(task_manager_t, initiate, status_t,
/* update exchange type if a task changed it */
this->initiating.type = message->get_exchange_type(message);
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->initiating.packet);
- if (status != SUCCESS)
+ if (!generate_message(this, message, &this->initiating.packets))
{
/* message generation failed. There is nothing more to do than to
* close the SA */
@@ -567,8 +677,7 @@ static status_t process_response(private_task_manager_t *this,
this->initiating.mid++;
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- this->initiating.packet->destroy(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
array_compress(this->active_tasks);
@@ -636,8 +745,8 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
host_t *me, *other;
bool delete = FALSE, hook = FALSE;
ike_sa_id_t *id = NULL;
- u_int64_t responder_spi;
- status_t status;
+ u_int64_t responder_spi = 0;
+ bool result;
me = request->get_destination(request);
other = request->get_source(request);
@@ -699,23 +808,20 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
}
/* message complete, send it */
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->responding.packet);
+ clear_packets(this->responding.packets);
+ result = generate_message(this, message, &this->responding.packets);
message->destroy(message);
if (id)
{
id->set_responder_spi(id, responder_spi);
}
- if (status != SUCCESS)
+ if (!result)
{
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return DESTROY_ME;
}
- charon->sender->send(charon->sender,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets, NULL, NULL);
if (delete)
{
if (hook)
@@ -964,6 +1070,48 @@ METHOD(task_manager_t, incr_mid, void,
}
/**
+ * Handle the given IKE fragment, if it is one.
+ *
+ * Returns SUCCESS if the message is not a fragment, and NEED_MORE if it was
+ * handled properly. Error states are returned if the fragment was invalid or
+ * the reassembled message could not have been processed properly.
+ */
+static status_t handle_fragment(private_task_manager_t *this,
+ message_t **defrag, message_t *msg)
+{
+ message_t *reassembled;
+ status_t status;
+
+ if (!msg->get_payload(msg, PLV2_FRAGMENT))
+ {
+ return SUCCESS;
+ }
+ if (!*defrag)
+ {
+ *defrag = message_create_defrag(msg);
+ if (!*defrag)
+ {
+ return FAILED;
+ }
+ }
+ status = (*defrag)->add_fragment(*defrag, msg);
+ if (status == SUCCESS)
+ {
+ /* reinject the reassembled message */
+ reassembled = *defrag;
+ *defrag = NULL;
+ status = this->ike_sa->process_message(this->ike_sa, reassembled);
+ if (status == SUCCESS)
+ {
+ /* avoid processing the last fragment */
+ status = NEED_MORE;
+ }
+ reassembled->destroy(reassembled);
+ }
+ return status;
+}
+
+/**
* Send a notify back to the sender
*/
static void send_notify_response(private_task_manager_t *this,
@@ -1156,6 +1304,11 @@ METHOD(task_manager_t, process_message, status_t,
{ /* with MOBIKE, we do no implicit updates */
this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
}
+ status = handle_fragment(this, &this->responding.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
charon->bus->message(charon->bus, msg, TRUE, TRUE);
if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
{ /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
@@ -1168,20 +1321,19 @@ METHOD(task_manager_t, process_message, status_t,
}
this->responding.mid++;
}
- else if ((mid == this->responding.mid - 1) && this->responding.packet)
+ else if ((mid == this->responding.mid - 1) &&
+ array_count(this->responding.packets))
{
- packet_t *clone;
- host_t *host;
-
+ status = handle_fragment(this, &this->responding.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
DBG1(DBG_IKE, "received retransmit of request with ID %d, "
"retransmitting response", mid);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
- clone = this->responding.packet->clone(this->responding.packet);
- host = msg->get_destination(msg);
- clone->set_source(clone, host->clone(host));
- host = msg->get_source(msg);
- clone->set_destination(clone, host->clone(host));
- charon->sender->send(charon->sender, clone);
+ send_packets(this, this->responding.packets,
+ msg->get_destination(msg), msg->get_source(msg));
}
else
{
@@ -1209,6 +1361,11 @@ METHOD(task_manager_t, process_message, status_t,
this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE);
}
}
+ status = handle_fragment(this, &this->initiating.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
charon->bus->message(charon->bus, msg, TRUE, TRUE);
if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
{ /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
@@ -1368,7 +1525,25 @@ METHOD(task_manager_t, queue_mobike, void,
mobike = ike_mobike_create(this->ike_sa, TRUE);
if (roam)
{
+ enumerator_t *enumerator;
+ task_t *current;
+
mobike->roam(mobike, address);
+
+ /* enable path probing for a currently active MOBIKE task. This might
+ * not be the case if an address appeared on a new interface while the
+ * current address is not working but has not yet disappeared. */
+ enumerator = array_create_enumerator(this->active_tasks);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (current->get_type(current) == TASK_IKE_MOBIKE)
+ {
+ ike_mobike_t *active = (ike_mobike_t*)current;
+ active->enable_probing(active);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
}
else
{
@@ -1485,10 +1660,12 @@ METHOD(task_manager_t, reset, void,
task_t *task;
/* reset message counters and retransmit packets */
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
- this->responding.packet = NULL;
- this->initiating.packet = NULL;
+ clear_packets(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ DESTROY_IF(this->responding.defrag);
+ DESTROY_IF(this->initiating.defrag);
+ this->responding.defrag = NULL;
+ this->initiating.defrag = NULL;
if (initiate != UINT_MAX)
{
this->initiating.mid = initiate;
@@ -1542,8 +1719,12 @@ METHOD(task_manager_t, destroy, void,
array_destroy(this->queued_tasks);
array_destroy(this->passive_tasks);
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
+ clear_packets(this->responding.packets);
+ array_destroy(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ array_destroy(this->initiating.packets);
+ DESTROY_IF(this->responding.defrag);
+ DESTROY_IF(this->initiating.defrag);
free(this);
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index e3c18ea0f..71c5f22fa 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
message->add_payload(message, (payload_t*)ke_payload);
message->add_payload(message, (payload_t*)nonce_payload);
}
+
+ /* negotiate fragmentation if we are not rekeying */
+ if (!this->old_sa &&
+ this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+ {
+ if (this->initiator ||
+ this->ike_sa->supports_extension(this->ike_sa,
+ EXT_IKE_FRAGMENTATION))
+ {
+ message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
+ chunk_empty);
+ }
+ }
}
/**
@@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
this->other_nonce = nonce_payload->get_nonce(nonce_payload);
break;
}
+ case PLV2_NOTIFY:
+ {
+ notify_payload_t *notify = (notify_payload_t*)payload;
+
+ if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_IKE_FRAGMENTATION);
+ }
+ }
default:
break;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 00ca615d8..d91fa5862 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2012 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -77,6 +77,11 @@ struct private_ike_mobike_t {
* additional addresses got updated
*/
bool addresses_updated;
+
+ /**
+ * whether the pending updates counter was increased
+ */
+ bool pending_update;
};
/**
@@ -301,35 +306,61 @@ static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
host->set_port(host, port);
}
-METHOD(ike_mobike_t, transmit, void,
+METHOD(ike_mobike_t, transmit, bool,
private_ike_mobike_t *this, packet_t *packet)
{
host_t *me, *other, *me_old, *other_old;
enumerator_t *enumerator;
ike_cfg_t *ike_cfg;
packet_t *copy;
+ int family = AF_UNSPEC;
+ bool found = FALSE;
+
+ me_old = this->ike_sa->get_my_host(this->ike_sa);
+ other_old = this->ike_sa->get_other_host(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
if (!this->check)
{
- return;
+ me = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
+ other_old, me_old);
+ if (me)
+ {
+ if (me->ip_equals(me, me_old))
+ {
+ charon->sender->send(charon->sender, packet->clone(packet));
+ me->destroy(me);
+ return TRUE;
+ }
+ me->destroy(me);
+ }
+ this->check = TRUE;
}
- me_old = this->ike_sa->get_my_host(this->ike_sa);
- other_old = this->ike_sa->get_other_host(this->ike_sa);
- ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+ switch (charon->socket->supported_families(charon->socket))
+ {
+ case SOCKET_FAMILY_IPV4:
+ family = AF_INET;
+ break;
+ case SOCKET_FAMILY_IPV6:
+ family = AF_INET6;
+ break;
+ case SOCKET_FAMILY_BOTH:
+ case SOCKET_FAMILY_NONE:
+ break;
+ }
enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, (void**)&other))
{
+ if (family != AF_UNSPEC && other->get_family(other) != family)
+ {
+ continue;
+ }
me = hydra->kernel_interface->get_source_addr(
hydra->kernel_interface, other, NULL);
if (me)
{
- if (me->get_family(me) != other->get_family(other))
- {
- me->destroy(me);
- continue;
- }
/* reuse port for an active address, 4500 otherwise */
apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE);
other = other->clone(other);
@@ -339,9 +370,11 @@ METHOD(ike_mobike_t, transmit, void,
copy->set_source(copy, me);
copy->set_destination(copy, other);
charon->sender->send(charon->sender, copy);
+ found = TRUE;
}
}
enumerator->destroy(enumerator);
+ return found;
}
METHOD(task_t, build_i, status_t,
@@ -481,9 +514,7 @@ METHOD(task_t, process_i, status_t,
}
else if (message->get_exchange_type(message) == INFORMATIONAL)
{
- u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1;
- this->ike_sa->set_pending_updates(this->ike_sa, updates);
- if (updates > 0)
+ if (this->ike_sa->get_pending_updates(this->ike_sa) > 1)
{
/* newer update queued, ignore this one */
return SUCCESS;
@@ -560,7 +591,6 @@ METHOD(task_t, process_i, status_t,
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
this->check = FALSE;
- this->ike_sa->set_pending_updates(this->ike_sa, 1);
return NEED_MORE;
}
}
@@ -573,8 +603,12 @@ METHOD(ike_mobike_t, addresses, void,
private_ike_mobike_t *this)
{
this->address = TRUE;
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, roam, void,
@@ -582,8 +616,12 @@ METHOD(ike_mobike_t, roam, void,
{
this->check = TRUE;
this->address = address;
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, dpd, void,
@@ -593,8 +631,12 @@ METHOD(ike_mobike_t, dpd, void,
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, is_probing, bool,
@@ -603,6 +645,12 @@ METHOD(ike_mobike_t, is_probing, bool,
return this->check;
}
+METHOD(ike_mobike_t, enable_probing, void,
+ private_ike_mobike_t *this)
+{
+ this->check = TRUE;
+}
+
METHOD(task_t, get_type, task_type_t,
private_ike_mobike_t *this)
{
@@ -618,11 +666,21 @@ METHOD(task_t, migrate, void,
{
this->natd->task.migrate(&this->natd->task, ike_sa);
}
+ if (this->pending_update)
+ {
+ this->ike_sa->set_pending_updates(this->ike_sa,
+ this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(task_t, destroy, void,
private_ike_mobike_t *this)
{
+ if (this->pending_update)
+ {
+ this->ike_sa->set_pending_updates(this->ike_sa,
+ this->ike_sa->get_pending_updates(this->ike_sa) - 1);
+ }
chunk_free(&this->cookie2);
if (this->natd)
{
@@ -650,6 +708,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator)
.dpd = _dpd,
.transmit = _transmit,
.is_probing = _is_probing,
+ .enable_probing = _enable_probing,
},
.ike_sa = ike_sa,
.initiator = initiator,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index b145a9a8b..bb2318c9c 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -70,8 +70,9 @@ struct ike_mobike_t {
* probing.
*
* @param packet the packet to transmit
+ * @return TRUE if transmitted, FALSE if no path found
*/
- void (*transmit)(ike_mobike_t *this, packet_t *packet);
+ bool (*transmit)(ike_mobike_t *this, packet_t *packet);
/**
* Check if this task is probing for routability.
@@ -79,6 +80,11 @@ struct ike_mobike_t {
* @return TRUE if task is probing
*/
bool (*is_probing)(ike_mobike_t *this);
+
+ /**
+ * Enable probing for routability.
+ */
+ void (*enable_probing)(ike_mobike_t *this);
};
/**
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index cc4f6f77e..f0e9cbe35 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am
index 0c8ecda9e..510f2a124 100644
--- a/src/libhydra/Makefile.am
+++ b/src/libhydra/Makefile.am
@@ -21,8 +21,7 @@ endif
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DPLUGINDIR=\"${plugindir}\" \
- -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ -DPLUGINDIR=\"${plugindir}\"
AM_LDFLAGS = \
-no-undefined
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index 0b494b3ca..e3ff1981c 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -291,6 +291,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -351,6 +352,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -416,6 +418,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -463,6 +467,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -492,8 +500,7 @@ libhydra_la_LIBADD = \
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DPLUGINDIR=\"${plugindir}\" \
- -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ -DPLUGINDIR=\"${plugindir}\"
AM_LDFLAGS = \
-no-undefined
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index ddf2a4486..50ea066c5 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 6f27bf37e..076e1f8f2 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index 2a67bd595..a9b523eb8 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index d9b55cfa7..dfd71f3bd 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -310,6 +310,12 @@ struct private_kernel_netlink_ipsec_t {
bool install_routes;
/**
+ * Whether to set protocol and ports on selector installed with transport
+ * mode IPsec SAs
+ */
+ bool proto_port_transport;
+
+ /**
* Whether to track the history of a policy
*/
bool policy_history;
@@ -810,7 +816,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
u_int32_t reqid = 0;
int proto = 0;
- acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr);
+ acquire = NLMSG_DATA(hdr);
rta = XFRM_RTA(hdr, struct xfrm_user_acquire);
rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire);
@@ -856,7 +862,7 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
u_int32_t spi, reqid;
u_int8_t protocol;
- expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr);
+ expire = NLMSG_DATA(hdr);
protocol = expire->state.id.proto;
spi = expire->state.id.spi;
reqid = expire->state.reqid;
@@ -890,7 +896,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this,
u_int32_t reqid = 0;
policy_dir_t dir;
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
rta = XFRM_RTA(hdr, struct xfrm_userpolicy_id);
rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id);
@@ -957,7 +963,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
struct xfrm_user_mapping *mapping;
u_int32_t spi, reqid;
- mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr);
+ mapping = NLMSG_DATA(hdr);
spi = mapping->id.spi;
reqid = mapping->reqid;
@@ -1059,12 +1065,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_ALLOCSPI;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userspi_info));
- userspi = (struct xfrm_userspi_info*)NLMSG_DATA(hdr);
+ userspi = NLMSG_DATA(hdr);
host2xfrm(src, &userspi->info.saddr);
host2xfrm(dst, &userspi->info.id.daddr);
userspi->info.id.proto = proto;
@@ -1208,12 +1214,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark "
"%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
- sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr);
+ sa = NLMSG_DATA(hdr);
host2xfrm(src, &sa->saddr);
host2xfrm(dst, &sa->id.daddr);
sa->id.spi = spi;
@@ -1235,12 +1241,15 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if (src_ts && dst_ts)
{
sa->sel = ts2selector(src_ts, dst_ts);
- /* don't install proto/port on SA. This would break
- * potential secondary SAs for the same address using a
- * different prot/port. */
- sa->sel.proto = 0;
- sa->sel.dport = sa->sel.dport_mask = 0;
- sa->sel.sport = sa->sel.sport_mask = 0;
+ if (!this->proto_port_transport)
+ {
+ /* don't install proto/port on SA. This would break
+ * potential secondary SAs for the same address using a
+ * different prot/port. */
+ sa->sel.proto = 0;
+ sa->sel.dport = sa->sel.dport_mask = 0;
+ sa->sel.sport = sa->sel.sport_mask = 0;
+ }
}
break;
default:
@@ -1512,7 +1521,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
status = SUCCESS;
failed:
- memwipe(request, sizeof(request));
+ memwipe(&request, sizeof(request));
return status;
}
@@ -1540,12 +1549,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x",
ntohl(spi));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETAE;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id));
- aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr);
+ aevent_id = NLMSG_DATA(hdr);
aevent_id->flags = XFRM_AE_RVAL;
host2xfrm(dst, &aevent_id->sa_id.daddr);
@@ -1632,12 +1641,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)",
ntohl(spi), mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1657,7 +1666,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
{
case XFRM_MSG_NEWSA:
{
- sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr);
+ sa = NLMSG_DATA(hdr);
break;
}
case NLMSG_ERROR:
@@ -1735,12 +1744,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)",
ntohl(spi), mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_DELSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1804,12 +1813,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi));
/* query the existing SA first */
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1867,7 +1876,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
ntohl(spi), src, dst, new_src, new_dst);
/* copy over the SA from out to request */
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
@@ -1958,7 +1967,7 @@ failed:
free(replay);
free(replay_esn);
memwipe(out, len);
- memwipe(request, sizeof(request));
+ memwipe(&request, sizeof(request));
free(out);
return status;
@@ -1975,12 +1984,12 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
DBG2(DBG_KNL, "flushing all SAD entries");
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_FLUSHSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush));
- flush = (struct xfrm_usersa_flush*)NLMSG_DATA(hdr);
+ flush = NLMSG_DATA(hdr);
flush->proto = IPSEC_PROTO_ANY;
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
@@ -2011,12 +2020,12 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
memcpy(&clone, policy, sizeof(policy_entry_t));
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = update ? XFRM_MSG_UPDPOLICY : XFRM_MSG_NEWPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info));
- policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr);
+ policy_info = NLMSG_DATA(hdr);
policy_info->sel = policy->sel;
policy_info->dir = policy->direction;
@@ -2335,12 +2344,12 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
src_ts, dst_ts, policy_dir_names, direction,
mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
policy_id->sel = ts2selector(src_ts, dst_ts);
policy_id->dir = direction;
@@ -2358,7 +2367,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
{
case XFRM_MSG_NEWPOLICY:
{
- policy = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr);
+ policy = NLMSG_DATA(hdr);
break;
}
case NLMSG_ERROR:
@@ -2492,12 +2501,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_DELPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
policy_id->sel = current->sel;
policy_id->dir = direction;
@@ -2551,7 +2560,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
DBG2(DBG_KNL, "flushing all policies from SPD");
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_FLUSHPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(0); /* no data associated */
@@ -2683,6 +2692,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
.policy_history = TRUE,
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE, lib->ns),
+ .proto_port_transport = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.set_proto_port_transport_sa",
+ FALSE, lib->ns),
);
if (streq(lib->ns, "starter"))
@@ -2699,7 +2711,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
fclose(f);
}
- this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
+ this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names);
if (!this->socket_xfrm)
{
destroy(this);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 82b637d1e..9d9f15974 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -78,6 +78,27 @@
#define ROUTING_TABLE_PRIO 0
#endif
+ENUM(rt_msg_names, RTM_NEWLINK, RTM_GETRULE,
+ "RTM_NEWLINK",
+ "RTM_DELLINK",
+ "RTM_GETLINK",
+ "RTM_SETLINK",
+ "RTM_NEWADDR",
+ "RTM_DELADDR",
+ "RTM_GETADDR",
+ "31",
+ "RTM_NEWROUTE",
+ "RTM_DELROUTE",
+ "RTM_GETROUTE",
+ "35",
+ "RTM_NEWNEIGH",
+ "RTM_DELNEIGH",
+ "RTM_GETNEIGH",
+ "RTM_NEWRULE",
+ "RTM_DELRULE",
+ "RTM_GETRULE",
+);
+
typedef struct addr_entry_t addr_entry_t;
/**
@@ -478,6 +499,16 @@ struct private_kernel_netlink_net_t {
* list with routing tables to be excluded from route lookup
*/
linked_list_t *rt_exclude;
+
+ /**
+ * MTU to set on installed routes
+ */
+ u_int32_t mtu;
+
+ /**
+ * MSS to set on installed routes
+ */
+ u_int32_t mss;
};
/**
@@ -928,7 +959,7 @@ static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface,
static void process_link(private_kernel_netlink_net_t *this,
struct nlmsghdr *hdr, bool event)
{
- struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
+ struct ifinfomsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = IFLA_RTA(msg);
size_t rtasize = IFLA_PAYLOAD (hdr);
enumerator_t *enumerator;
@@ -1030,7 +1061,7 @@ static void process_link(private_kernel_netlink_net_t *this,
static void process_addr(private_kernel_netlink_net_t *this,
struct nlmsghdr *hdr, bool event)
{
- struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
+ struct ifaddrmsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = IFA_RTA(msg);
size_t rtasize = IFA_PAYLOAD (hdr);
host_t *host = NULL;
@@ -1173,7 +1204,7 @@ static void process_addr(private_kernel_netlink_net_t *this,
*/
static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
{
- struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
+ struct rtmsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = RTM_RTA(msg);
size_t rtasize = RTM_PAYLOAD(hdr);
u_int32_t rta_oif = 0;
@@ -1530,7 +1561,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
struct rtmsg *msg;
size_t rtasize;
- msg = (struct rtmsg*)(NLMSG_DATA(hdr));
+ msg = NLMSG_DATA(hdr);
rta = RTM_RTA(msg);
rtasize = RTM_PAYLOAD(hdr);
@@ -1615,7 +1646,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
memset(&request, 0, sizeof(request));
family = dest->get_family(dest);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
if (family == AF_INET || this->rta_prefsrc_for_ipv6 ||
this->routing_table || match_net)
@@ -1627,7 +1658,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
hdr->nlmsg_type = RTM_GETROUTE;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_family = family;
if (candidate)
{
@@ -1854,12 +1885,12 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type
chunk = ip->get_address(ip);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
hdr->nlmsg_type = nlmsg_type;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
- msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->ifa_family = ip->get_family(ip);
msg->ifa_flags = 0;
msg->ifa_prefixlen = prefix < 0 ? chunk.len * 8 : prefix;
@@ -2055,6 +2086,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
netlink_buf_t request;
struct nlmsghdr *hdr;
struct rtmsg *msg;
+ struct rtattr *rta;
int ifindex;
chunk_t chunk;
@@ -2081,12 +2113,12 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
hdr->nlmsg_type = nlmsg_type;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_family = src_ip->get_family(src_ip);
msg->rtm_dst_len = prefixlen;
msg->rtm_table = this->routing_table;
@@ -2107,6 +2139,30 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
chunk.len = sizeof(ifindex);
netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
+ if (this->mtu || this->mss)
+ {
+ chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) +
+ sizeof(u_int32_t)) * 2));
+ chunk.len = 0;
+ rta = (struct rtattr*)chunk.ptr;
+ if (this->mtu)
+ {
+ rta->rta_type = RTAX_MTU;
+ rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
+ memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t));
+ chunk.len = rta->rta_len;
+ }
+ if (this->mss)
+ {
+ rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len));
+ rta->rta_type = RTAX_ADVMSS;
+ rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
+ memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t));
+ chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len;
+ }
+ netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request));
+ }
+
return this->socket->send_ack(this->socket, hdr);
}
@@ -2186,10 +2242,10 @@ static status_t init_address_list(private_kernel_netlink_net_t *this)
memset(&request, 0, sizeof(request));
- in = (struct nlmsghdr*)&request;
+ in = &request.hdr;
in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
- msg = (struct rtgenmsg*)NLMSG_DATA(in);
+ msg = NLMSG_DATA(in);
msg->rtgen_family = AF_UNSPEC;
/* get all links */
@@ -2273,7 +2329,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
char *fwmark;
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = nlmsg_type;
if (nlmsg_type == RTM_NEWRULE)
@@ -2282,7 +2338,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
}
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_table = table;
msg->rtm_family = family;
msg->rtm_protocol = RTPROT_BOOT;
@@ -2434,7 +2490,7 @@ kernel_netlink_net_t *kernel_netlink_net_create()
.destroy = _destroy,
},
},
- .socket = netlink_socket_create(NETLINK_ROUTE),
+ .socket = netlink_socket_create(NETLINK_ROUTE, rt_msg_names),
.rt_exclude = linked_list_create(),
.routes = hashtable_create((hashtable_hash_t)route_entry_hash,
(hashtable_equals_t)route_entry_equals, 16),
@@ -2466,6 +2522,10 @@ kernel_netlink_net_t *kernel_netlink_net_create()
"%s.prefer_temporary_addrs", FALSE, lib->ns),
.roam_events = lib->settings->get_bool(lib->settings,
"%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns),
+ .mtu = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.mtu", 0, lib->ns),
+ .mss = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.mss", 0, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
index fd00c23af..b4cece720 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -46,14 +46,14 @@ struct private_netlink_socket_t {
int seq;
/**
- * netlink socket protocol
+ * netlink socket
*/
- int protocol;
+ int socket;
/**
- * netlink socket
+ * Enum names for Netlink messages
*/
- int socket;
+ enum_name_t *names;
};
/**
@@ -65,10 +65,13 @@ METHOD(netlink_socket_t, netlink_send, status_t,
private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out,
size_t *out_len)
{
- int len, addr_len;
+ union {
+ struct nlmsghdr hdr;
+ u_char bytes[4096];
+ } response;
struct sockaddr_nl addr;
- chunk_t result = chunk_empty, tmp;
- struct nlmsghdr *msg, peek;
+ chunk_t result = chunk_empty;
+ int len;
this->mutex->lock(this->mutex);
@@ -80,13 +83,11 @@ METHOD(netlink_socket_t, netlink_send, status_t,
addr.nl_pid = 0;
addr.nl_groups = 0;
- if (this->protocol == NETLINK_XFRM)
+ if (this->names)
{
- chunk_t in_chunk = { (u_char*)in, in->nlmsg_len };
-
- DBG3(DBG_KNL, "sending %N: %B", xfrm_msg_names, in->nlmsg_type, &in_chunk);
+ DBG3(DBG_KNL, "sending %N: %b",
+ this->names, in->nlmsg_type, in, in->nlmsg_len);
}
-
while (TRUE)
{
len = sendto(this->socket, in, in->nlmsg_len, 0,
@@ -108,20 +109,7 @@ METHOD(netlink_socket_t, netlink_send, status_t,
while (TRUE)
{
- char buf[4096];
- tmp.len = sizeof(buf);
- tmp.ptr = buf;
- msg = (struct nlmsghdr*)tmp.ptr;
-
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
- addr.nl_pid = getpid();
- addr.nl_groups = 0;
- addr_len = sizeof(addr);
-
- len = recvfrom(this->socket, tmp.ptr, tmp.len, 0,
- (struct sockaddr*)&addr, &addr_len);
-
+ len = recv(this->socket, &response, sizeof(response), 0);
if (len < 0)
{
if (errno == EINTR)
@@ -135,17 +123,17 @@ METHOD(netlink_socket_t, netlink_send, status_t,
free(result.ptr);
return FAILED;
}
- if (!NLMSG_OK(msg, len))
+ if (!NLMSG_OK(&response.hdr, len))
{
DBG1(DBG_KNL, "received corrupted netlink message");
this->mutex->unlock(this->mutex);
free(result.ptr);
return FAILED;
}
- if (msg->nlmsg_seq != this->seq)
+ if (response.hdr.nlmsg_seq != this->seq)
{
DBG1(DBG_KNL, "received invalid netlink sequence number");
- if (msg->nlmsg_seq < this->seq)
+ if (response.hdr.nlmsg_seq < this->seq)
{
continue;
}
@@ -154,17 +142,13 @@ METHOD(netlink_socket_t, netlink_send, status_t,
return FAILED;
}
- tmp.len = len;
- result.ptr = realloc(result.ptr, result.len + tmp.len);
- memcpy(result.ptr + result.len, tmp.ptr, tmp.len);
- result.len += tmp.len;
+ result = chunk_cat("mc", result, chunk_create(response.bytes, len));
/* NLM_F_MULTI flag does not seem to be set correctly, we use sequence
* numbers to detect multi header messages */
- len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT,
- (struct sockaddr*)&addr, &addr_len);
-
- if (len == sizeof(peek) && peek.nlmsg_seq == this->seq)
+ len = recv(this->socket, &response.hdr, sizeof(response.hdr),
+ MSG_PEEK | MSG_DONTWAIT);
+ if (len == sizeof(response.hdr) && response.hdr.nlmsg_seq == this->seq)
{
/* seems to be multipart */
continue;
@@ -197,7 +181,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t,
{
case NLMSG_ERROR:
{
- struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr);
+ struct nlmsgerr* err = NLMSG_DATA(hdr);
if (err->error)
{
@@ -235,7 +219,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t,
METHOD(netlink_socket_t, destroy, void,
private_netlink_socket_t *this)
{
- if (this->socket > 0)
+ if (this->socket != -1)
{
close(this->socket);
}
@@ -246,10 +230,12 @@ METHOD(netlink_socket_t, destroy, void,
/**
* Described in header.
*/
-netlink_socket_t *netlink_socket_create(int protocol)
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names)
{
private_netlink_socket_t *this;
- struct sockaddr_nl addr;
+ struct sockaddr_nl addr = {
+ .nl_family = AF_NETLINK,
+ };
INIT(this,
.public = {
@@ -259,21 +245,16 @@ netlink_socket_t *netlink_socket_create(int protocol)
},
.seq = 200,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .protocol = protocol,
+ .socket = socket(AF_NETLINK, SOCK_RAW, protocol),
+ .names = names,
);
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
-
- this->socket = socket(AF_NETLINK, SOCK_RAW, protocol);
- if (this->socket < 0)
+ if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create netlink socket");
destroy(this);
return NULL;
}
-
- addr.nl_groups = 0;
if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
{
DBG1(DBG_KNL, "unable to bind netlink socket");
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
index 8be935bc3..069f746d1 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -26,7 +26,10 @@
* 1024 byte is currently sufficient for all operations. Some platform
* require an enforced aligment to four bytes (e.g. ARM).
*/
-typedef u_char netlink_buf_t[1024] __attribute__((aligned(RTA_ALIGNTO)));
+typedef union {
+ struct nlmsghdr hdr;
+ u_char bytes[1024];
+} netlink_buf_t __attribute__((aligned(RTA_ALIGNTO)));
typedef struct netlink_socket_t netlink_socket_t;
@@ -61,9 +64,10 @@ struct netlink_socket_t {
/**
* Create a netlink_socket_t object.
*
- * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE)
+ * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE)
+ * @param names optional enum names for Netlink messages
*/
-netlink_socket_t *netlink_socket_create(int protocol);
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names);
/**
* Creates an rtattr and adds it to the given netlink message.
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 767769698..821ad7710 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index e1a58aa94..00ab5ab5a 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1978,8 +1978,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
}
if (packets)
{
- /* not supported by PF_KEY */
- *packets = 0;
+ /* at least on Linux and FreeBSD this contains the number of packets */
+ *packets = response.lft_current->sadb_lifetime_allocations;
}
if (time)
{
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 7938a3d23..662f2fd7d 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index c4e8664f7..26fae0d6b 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -875,6 +875,41 @@ static void process_link(private_kernel_pfroute_net_t *this,
}
}
+#ifdef HAVE_RTM_IFANNOUNCE
+
+/**
+ * Process an RTM_IFANNOUNCE message from the kernel
+ */
+static void process_announce(private_kernel_pfroute_net_t *this,
+ struct if_announcemsghdr *msg)
+{
+ enumerator_t *enumerator;
+ iface_entry_t *iface;
+
+ if (msg->ifan_what != IFAN_DEPARTURE)
+ {
+ /* we handle new interfaces in process_link() */
+ return;
+ }
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->ifaces->create_enumerator(this->ifaces);
+ while (enumerator->enumerate(enumerator, &iface))
+ {
+ if (iface->ifindex == msg->ifan_index)
+ {
+ DBG1(DBG_KNL, "interface %s disappeared", iface->ifname);
+ this->ifaces->remove_at(this->ifaces, enumerator);
+ iface_entry_destroy(iface);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
+#endif /* HAVE_RTM_IFANNOUNCE */
+
/**
* Process an RTM_*ROUTE message from the kernel
*/
@@ -895,6 +930,9 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
struct rt_msghdr rtm;
struct if_msghdr ifm;
struct ifa_msghdr ifam;
+#ifdef HAVE_RTM_IFANNOUNCE
+ struct if_announcemsghdr ifanm;
+#endif
};
char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
} msg;
@@ -935,6 +973,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
case RTM_IFINFO:
hdrlen = sizeof(msg.ifm);
break;
+#ifdef HAVE_RTM_IFANNOUNCE
+ case RTM_IFANNOUNCE:
+ hdrlen = sizeof(msg.ifanm);
+ break;
+#endif /* HAVE_RTM_IFANNOUNCE */
case RTM_ADD:
case RTM_DELETE:
case RTM_GET:
@@ -957,6 +1000,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
case RTM_IFINFO:
process_link(this, &msg.ifm);
break;
+#ifdef HAVE_RTM_IFANNOUNCE
+ case RTM_IFANNOUNCE:
+ process_announce(this, &msg.ifanm);
+ break;
+#endif /* HAVE_RTM_IFANNOUNCE */
case RTM_ADD:
case RTM_DELETE:
process_route(this, &msg.rtm);
@@ -1518,8 +1566,7 @@ retry:
{ /* timed out? */
break;
}
- if (this->reply->rtm_msglen < sizeof(*this->reply) ||
- msg.hdr.rtm_seq != this->reply->rtm_seq)
+ if (!this->reply)
{
continue;
}
@@ -1559,6 +1606,8 @@ retry:
{
failed = TRUE;
}
+ free(this->reply);
+ this->reply = NULL;
/* signal completion of query to a waiting thread */
this->waiting_seq = 0;
this->condvar->signal(this->condvar);
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index 32eed617a..5b4c7bc6a 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 4253fe274..8269d7296 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -41,7 +41,62 @@ libimcv_la_SOURCES := \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES))
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 4bed3bf03..d9a5cd50d 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -1,6 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif
+ -I$(top_srcdir)/src/libtncif \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
@@ -11,6 +12,10 @@ libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libtncif/libtncif.la
+if USE_TROUSERS
+ libimcv_la_LIBADD += -ltspi
+endif
+
if USE_WINDOWS
libimcv_la_LIBADD += -lws2_32
endif
@@ -54,7 +59,62 @@ libimcv_la_SOURCES = \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -95,3 +155,45 @@ endif
if USE_IMV_OS
SUBDIRS += plugins/imv_os
endif
+
+if USE_IMC_ATTESTATION
+ SUBDIRS += plugins/imc_attestation
+endif
+
+if USE_IMV_ATTESTATION
+ SUBDIRS += plugins/imv_attestation
+endif
+
+if USE_IMC_SWID
+ SUBDIRS += plugins/imc_swid
+endif
+
+if USE_IMV_SWID
+ SUBDIRS += plugins/imv_swid
+endif
+
+TESTS = imcv_tests
+
+check_PROGRAMS = $(TESTS)
+
+imcv_tests_SOURCES = \
+ ita/ita_attr_command.c \
+ pa_tnc/pa_tnc_attr_manager.c \
+ seg/seg_env.c seg/seg_contract.c \
+ seg/seg_contract_manager.c \
+ suites/test_imcv_seg.c \
+ ietf/ietf_attr_pa_tnc_error.c \
+ tcg/seg/tcg_seg_attr_seg_env.c \
+ imcv.c imcv_tests.h imcv_tests.c
+
+imcv_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
+
+imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+imcv_tests_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 4614dd607..239e62a17 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -81,14 +81,21 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-@USE_WINDOWS_TRUE@am__append_1 = -lws2_32
+@USE_TROUSERS_TRUE@am__append_1 = -ltspi
+@USE_WINDOWS_TRUE@am__append_2 = -lws2_32
ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
-@USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test
-@USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test
-@USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner
-@USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner
-@USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os
-@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os
+@USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test
+@USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test
+@USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner
+@USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner
+@USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os
+@USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os
+@USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation
+@USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation
+@USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid
+@USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid
+TESTS = imcv_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libimcv
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp $(dist_templates_DATA)
@@ -142,7 +149,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libimcv_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1)
+ $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
am__dirstamp = $(am__leading_dot)dirstamp
am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
imc/imc_os_info.lo imv/imv_agent.lo imv/imv_database.lo \
@@ -163,7 +171,42 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
ita/ita_attr_get_settings.lo ita/ita_attr_settings.lo \
ita/ita_attr_angel.lo ita/ita_attr_device_id.lo \
os_info/os_info.lo pa_tnc/pa_tnc_msg.lo \
- pa_tnc/pa_tnc_attr_manager.lo
+ pa_tnc/pa_tnc_attr_manager.lo pts/pts.lo pts/pts_error.lo \
+ pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \
+ pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \
+ pts/pts_file_type.lo pts/pts_ima_bios_list.lo \
+ pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \
+ pts/components/pts_component_manager.lo \
+ pts/components/pts_comp_evidence.lo \
+ pts/components/pts_comp_func_name.lo \
+ pts/components/ita/ita_comp_func_name.lo \
+ pts/components/ita/ita_comp_ima.lo \
+ pts/components/ita/ita_comp_tboot.lo \
+ pts/components/ita/ita_comp_tgrub.lo \
+ pts/components/tcg/tcg_comp_func_name.lo seg/seg_contract.lo \
+ seg/seg_contract_manager.lo seg/seg_env.lo swid/swid_error.lo \
+ swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \
+ tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \
+ tcg/pts/tcg_pts_attr_meas_algo.lo \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \
+ tcg/pts/tcg_pts_attr_tpm_version_info.lo \
+ tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.lo \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.lo \
+ tcg/pts/tcg_pts_attr_simple_evid_final.lo \
+ tcg/pts/tcg_pts_attr_req_file_meas.lo \
+ tcg/pts/tcg_pts_attr_file_meas.lo \
+ tcg/pts/tcg_pts_attr_req_file_meta.lo \
+ tcg/pts/tcg_pts_attr_unix_file_meta.lo \
+ tcg/seg/tcg_seg_attr_max_size.lo \
+ tcg/seg/tcg_seg_attr_seg_env.lo \
+ tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \
+ tcg/swid/tcg_swid_attr_tag_id_inv.lo \
+ tcg/swid/tcg_swid_attr_tag_inv.lo
libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -172,7 +215,24 @@ am__v_lt_1 =
libimcv_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libimcv_la_LDFLAGS) $(LDFLAGS) -o $@
+am__EXEEXT_1 = imcv_tests$(EXEEXT)
PROGRAMS = $(ipsec_PROGRAMS)
+am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \
+ pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT) \
+ seg/imcv_tests-seg_env.$(OBJEXT) \
+ seg/imcv_tests-seg_contract.$(OBJEXT) \
+ seg/imcv_tests-seg_contract_manager.$(OBJEXT) \
+ suites/imcv_tests-test_imcv_seg.$(OBJEXT) \
+ ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT) \
+ tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT) \
+ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT)
+imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS)
+imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(imcv_tests_CFLAGS) \
+ $(CFLAGS) $(imcv_tests_LDFLAGS) $(LDFLAGS) -o $@
am_imv_policy_manager_OBJECTS = imv/imv_policy_manager.$(OBJEXT) \
imv/imv_policy_manager_usage.$(OBJEXT)
imv_policy_manager_OBJECTS = $(am_imv_policy_manager_OBJECTS)
@@ -213,8 +273,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES)
-DIST_SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES)
+SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \
+ $(imv_policy_manager_SOURCES)
+DIST_SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \
+ $(imv_policy_manager_SOURCES)
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
@@ -256,8 +318,32 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \
- plugins/imv_scanner plugins/imc_os plugins/imv_os
+ plugins/imv_scanner plugins/imc_os plugins/imv_os \
+ plugins/imc_attestation plugins/imv_attestation \
+ plugins/imc_swid plugins/imv_swid
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -315,6 +401,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -375,6 +462,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -440,6 +528,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -487,6 +577,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -498,7 +592,8 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif
+ -I$(top_srcdir)/src/libtncif \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
libimcv_la_LDFLAGS = \
@@ -506,7 +601,8 @@ libimcv_la_LDFLAGS = \
libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__append_1)
+ $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \
+ $(am__append_2)
libimcv_la_SOURCES = \
imcv.h imcv.c \
imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \
@@ -546,7 +642,62 @@ libimcv_la_SOURCES = \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -560,8 +711,32 @@ imv_policy_manager_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
-SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \
- $(am__append_5) $(am__append_6) $(am__append_7)
+SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
+ $(am__append_6) $(am__append_7) $(am__append_8) \
+ $(am__append_9) $(am__append_10) $(am__append_11) \
+ $(am__append_12)
+imcv_tests_SOURCES = \
+ ita/ita_attr_command.c \
+ pa_tnc/pa_tnc_attr_manager.c \
+ seg/seg_env.c seg/seg_contract.c \
+ seg/seg_contract_manager.c \
+ suites/test_imcv_seg.c \
+ ietf/ietf_attr_pa_tnc_error.c \
+ tcg/seg/tcg_seg_attr_seg_env.c \
+ imcv.c imcv_tests.h imcv_tests.c
+
+imcv_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
+
+imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+imcv_tests_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+
all: all-recursive
.SUFFIXES:
@@ -728,9 +903,176 @@ pa_tnc/pa_tnc_msg.lo: pa_tnc/$(am__dirstamp) \
pa_tnc/$(DEPDIR)/$(am__dirstamp)
pa_tnc/pa_tnc_attr_manager.lo: pa_tnc/$(am__dirstamp) \
pa_tnc/$(DEPDIR)/$(am__dirstamp)
+pts/$(am__dirstamp):
+ @$(MKDIR_P) pts
+ @: > pts/$(am__dirstamp)
+pts/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/$(DEPDIR)
+ @: > pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_meas.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_meta.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_type.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_meas_algo.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/components/$(am__dirstamp):
+ @$(MKDIR_P) pts/components
+ @: > pts/components/$(am__dirstamp)
+pts/components/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/$(DEPDIR)
+ @: > pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_component_manager.lo: \
+ pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/ita
+ @: > pts/components/ita/$(am__dirstamp)
+pts/components/ita/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/ita/$(DEPDIR)
+ @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_func_name.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_ima.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_tboot.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_tgrub.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/tcg/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/tcg
+ @: > pts/components/tcg/$(am__dirstamp)
+pts/components/tcg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/tcg/$(DEPDIR)
+ @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+pts/components/tcg/tcg_comp_func_name.lo: \
+ pts/components/tcg/$(am__dirstamp) \
+ pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+seg/$(am__dirstamp):
+ @$(MKDIR_P) seg
+ @: > seg/$(am__dirstamp)
+seg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) seg/$(DEPDIR)
+ @: > seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_contract_manager.lo: seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
+swid/$(am__dirstamp):
+ @$(MKDIR_P) swid
+ @: > swid/$(am__dirstamp)
+swid/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) swid/$(DEPDIR)
+ @: > swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_error.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_inventory.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_tag_id.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+tcg/$(am__dirstamp):
+ @$(MKDIR_P) tcg
+ @: > tcg/$(am__dirstamp)
+tcg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/$(DEPDIR)
+ @: > tcg/$(DEPDIR)/$(am__dirstamp)
+tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/$(am__dirstamp):
+ @$(MKDIR_P) tcg/pts
+ @: > tcg/pts/$(am__dirstamp)
+tcg/pts/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/pts/$(DEPDIR)
+ @: > tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/$(am__dirstamp):
+ @$(MKDIR_P) tcg/seg
+ @: > tcg/seg/$(am__dirstamp)
+tcg/seg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/seg/$(DEPDIR)
+ @: > tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_max_size.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/$(am__dirstamp):
+ @$(MKDIR_P) tcg/swid
+ @: > tcg/swid/$(am__dirstamp)
+tcg/swid/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/swid/$(DEPDIR)
+ @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES)
$(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
@list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
@@ -780,6 +1122,32 @@ clean-ipsecPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
+ita/imcv_tests-ita_attr_command.$(OBJEXT): ita/$(am__dirstamp) \
+ ita/$(DEPDIR)/$(am__dirstamp)
+pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT): \
+ pa_tnc/$(am__dirstamp) pa_tnc/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_env.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_contract.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_contract_manager.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/imcv_tests-test_imcv_seg.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT): \
+ ietf/$(am__dirstamp) ietf/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT): \
+ tcg/seg/$(am__dirstamp) tcg/seg/$(DEPDIR)/$(am__dirstamp)
+
+imcv_tests$(EXEEXT): $(imcv_tests_OBJECTS) $(imcv_tests_DEPENDENCIES) $(EXTRA_imcv_tests_DEPENDENCIES)
+ @rm -f imcv_tests$(EXEEXT)
+ $(AM_V_CCLD)$(imcv_tests_LINK) $(imcv_tests_OBJECTS) $(imcv_tests_LDADD) $(LIBS)
imv/imv_policy_manager.$(OBJEXT): imv/$(am__dirstamp) \
imv/$(DEPDIR)/$(am__dirstamp)
imv/imv_policy_manager_usage.$(OBJEXT): imv/$(am__dirstamp) \
@@ -838,11 +1206,34 @@ mostlyclean-compile:
-rm -f os_info/*.lo
-rm -f pa_tnc/*.$(OBJEXT)
-rm -f pa_tnc/*.lo
+ -rm -f pts/*.$(OBJEXT)
+ -rm -f pts/*.lo
+ -rm -f pts/components/*.$(OBJEXT)
+ -rm -f pts/components/*.lo
+ -rm -f pts/components/ita/*.$(OBJEXT)
+ -rm -f pts/components/ita/*.lo
+ -rm -f pts/components/tcg/*.$(OBJEXT)
+ -rm -f pts/components/tcg/*.lo
+ -rm -f seg/*.$(OBJEXT)
+ -rm -f seg/*.lo
+ -rm -f suites/*.$(OBJEXT)
+ -rm -f swid/*.$(OBJEXT)
+ -rm -f swid/*.lo
+ -rm -f tcg/*.$(OBJEXT)
+ -rm -f tcg/*.lo
+ -rm -f tcg/pts/*.$(OBJEXT)
+ -rm -f tcg/pts/*.lo
+ -rm -f tcg/seg/*.$(OBJEXT)
+ -rm -f tcg/seg/*.lo
+ -rm -f tcg/swid/*.$(OBJEXT)
+ -rm -f tcg/swid/*.lo
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv_tests-imcv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imcv_tests-imcv_tests.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_assess_result.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_attr_request.Plo@am__quote@
@@ -856,6 +1247,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_product_info.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_remediation_instr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_string_version.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_agent.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_msg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_os_info.Plo@am__quote@
@@ -871,6 +1263,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_session.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_session_manager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@imv/$(DEPDIR)/imv_workitem.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_angel.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_command.Plo@am__quote@
@@ -879,8 +1272,65 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_get_settings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ita/$(DEPDIR)/ita_attr_settings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@os_info/$(DEPDIR)/os_info.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/pa_tnc_attr_manager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@pa_tnc/$(DEPDIR)/pa_tnc_msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_creds.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_database.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_dh_group.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_error.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meas.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meta.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_type.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_bios_list.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_event_list.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_meas_algo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_pcr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_evidence.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_func_name.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_component_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_env.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -906,6 +1356,146 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+ita/imcv_tests-ita_attr_command.o: ita/ita_attr_command.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.o -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c
+
+ita/imcv_tests-ita_attr_command.obj: ita/ita_attr_command.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.obj -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi`
+
+pa_tnc/imcv_tests-pa_tnc_attr_manager.o: pa_tnc/pa_tnc_attr_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.o -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c
+
+pa_tnc/imcv_tests-pa_tnc_attr_manager.obj: pa_tnc/pa_tnc_attr_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.obj -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi`
+
+seg/imcv_tests-seg_env.o: seg/seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c
+
+seg/imcv_tests-seg_env.obj: seg/seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi`
+
+seg/imcv_tests-seg_contract.o: seg/seg_contract.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c
+
+seg/imcv_tests-seg_contract.obj: seg/seg_contract.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi`
+
+seg/imcv_tests-seg_contract_manager.o: seg/seg_contract_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c
+
+seg/imcv_tests-seg_contract_manager.obj: seg/seg_contract_manager.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi`
+
+suites/imcv_tests-test_imcv_seg.o: suites/test_imcv_seg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c
+
+suites/imcv_tests-test_imcv_seg.obj: suites/test_imcv_seg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.obj -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi`
+
+ietf/imcv_tests-ietf_attr_pa_tnc_error.o: ietf/ietf_attr_pa_tnc_error.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.o -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c
+
+ietf/imcv_tests-ietf_attr_pa_tnc_error.obj: ietf/ietf_attr_pa_tnc_error.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.obj -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi`
+
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o: tcg/seg/tcg_seg_attr_seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c
+
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj: tcg/seg/tcg_seg_attr_seg_env.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi`
+
+imcv_tests-imcv.o: imcv.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c
+
+imcv_tests-imcv.obj: imcv.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi`
+
+imcv_tests-imcv_tests.o: imcv_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c
+
+imcv_tests-imcv_tests.obj: imcv_tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi`
+
mostlyclean-libtool:
-rm -f *.lo
@@ -917,6 +1507,16 @@ clean-libtool:
-rm -rf ita/.libs ita/_libs
-rm -rf os_info/.libs os_info/_libs
-rm -rf pa_tnc/.libs pa_tnc/_libs
+ -rm -rf pts/.libs pts/_libs
+ -rm -rf pts/components/.libs pts/components/_libs
+ -rm -rf pts/components/ita/.libs pts/components/ita/_libs
+ -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs
+ -rm -rf seg/.libs seg/_libs
+ -rm -rf swid/.libs swid/_libs
+ -rm -rf tcg/.libs tcg/_libs
+ -rm -rf tcg/pts/.libs tcg/pts/_libs
+ -rm -rf tcg/seg/.libs tcg/seg/_libs
+ -rm -rf tcg/swid/.libs tcg/swid/_libs
install-dist_templatesDATA: $(dist_templates_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
@@ -1038,6 +1638,99 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -1094,6 +1787,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-recursive
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA)
installdirs: installdirs-recursive
@@ -1139,17 +1834,39 @@ distclean-generic:
-rm -f os_info/$(am__dirstamp)
-rm -f pa_tnc/$(DEPDIR)/$(am__dirstamp)
-rm -f pa_tnc/$(am__dirstamp)
+ -rm -f pts/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/$(am__dirstamp)
+ -rm -f pts/components/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/$(am__dirstamp)
+ -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/ita/$(am__dirstamp)
+ -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/tcg/$(am__dirstamp)
+ -rm -f seg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f seg/$(am__dirstamp)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+ -rm -f swid/$(DEPDIR)/$(am__dirstamp)
+ -rm -f swid/$(am__dirstamp)
+ -rm -f tcg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/$(am__dirstamp)
+ -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/pts/$(am__dirstamp)
+ -rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/seg/$(am__dirstamp)
+ -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/swid/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
-clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \
+ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1196,7 +1913,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1216,17 +1933,17 @@ ps-am:
uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
-.MAKE: $(am__recursive_targets) install-am install-strip
+.MAKE: $(am__recursive_targets) check-am install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-ipsecPROGRAMS \
- clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dist_templatesDATA install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
+ check-TESTS check-am clean clean-checkPROGRAMS clean-generic \
+ clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES clean-libtool \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dist_templatesDATA \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-html install-html-am install-info install-info-am \
install-ipsecPROGRAMS install-ipsecSCRIPTS \
install-ipseclibLTLIBRARIES install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 2f3819898..67269af53 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -47,34 +47,35 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
/**
* See header
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value)
{
switch (type)
{
case IETF_ATTR_ATTRIBUTE_REQUEST:
- return ietf_attr_attr_request_create_from_data(value);
+ return ietf_attr_attr_request_create_from_data(length, value);
case IETF_ATTR_PRODUCT_INFORMATION:
- return ietf_attr_product_info_create_from_data(value);
+ return ietf_attr_product_info_create_from_data(length, value);
case IETF_ATTR_NUMERIC_VERSION:
- return ietf_attr_numeric_version_create_from_data(value);
+ return ietf_attr_numeric_version_create_from_data(length, value);
case IETF_ATTR_STRING_VERSION:
- return ietf_attr_string_version_create_from_data(value);
+ return ietf_attr_string_version_create_from_data(length, value);
case IETF_ATTR_OPERATIONAL_STATUS:
- return ietf_attr_op_status_create_from_data(value);
+ return ietf_attr_op_status_create_from_data(length, value);
case IETF_ATTR_PORT_FILTER:
- return ietf_attr_port_filter_create_from_data(value);
+ return ietf_attr_port_filter_create_from_data(length, value);
case IETF_ATTR_INSTALLED_PACKAGES:
- return ietf_attr_installed_packages_create_from_data(value);
+ return ietf_attr_installed_packages_create_from_data(length, value);
case IETF_ATTR_PA_TNC_ERROR:
- return ietf_attr_pa_tnc_error_create_from_data(value);
+ return ietf_attr_pa_tnc_error_create_from_data(length, value);
case IETF_ATTR_ASSESSMENT_RESULT:
- return ietf_attr_assess_result_create_from_data(value);
+ return ietf_attr_assess_result_create_from_data(length, value);
case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
- return ietf_attr_remediation_instr_create_from_data(value);
+ return ietf_attr_remediation_instr_create_from_data(length, value);
case IETF_ATTR_FORWARDING_ENABLED:
- return ietf_attr_fwd_enabled_create_from_data(value);
+ return ietf_attr_fwd_enabled_create_from_data(length, value);
case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
- return ietf_attr_default_pwd_enabled_create_from_data(value);
+ return ietf_attr_default_pwd_enabled_create_from_data(length, value);
case IETF_ATTR_TESTING:
case IETF_ATTR_RESERVED:
default:
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index d22175d94..169ed78e8 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,8 +56,10 @@ extern enum_name_t *ietf_attr_names;
* Create an IETF PA-TNC attribute from data
*
* @param type attribute type
- * @param value attribute value
+ * @param length attribute length
+ * @param value attribute value or segment
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value);
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c
index 55226e3bb..1cffdcaae 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.c
+++ b/src/libimcv/ietf/ietf_attr_assess_result.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_assess_result_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer = bio_writer_create(ASSESS_RESULT_SIZE);
writer->write_uint32(writer, this->result);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -115,10 +121,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ASSESS_RESULT_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF assessment result");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -128,6 +139,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_assess_result_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_assess_result_t *this)
{
@@ -167,6 +184,7 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -183,7 +201,8 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_assess_result_t *this;
@@ -196,12 +215,14 @@ pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_result = _get_result,
},
.type = { PEN_IETF, IETF_ATTR_ASSESSMENT_RESULT },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h
index e94b57b88..b1a5166dc 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.h
+++ b/src/libimcv/ietf/ietf_attr_assess_result.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result);
/**
* Creates an ietf_attr_assess_result_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_ASSESS_RESULT_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c
index 3b4fd26cd..3862a0aa8 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.c
+++ b/src/libimcv/ietf/ietf_attr_attr_request.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -59,7 +59,12 @@ struct private_ietf_attr_attr_request_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -126,6 +131,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -150,11 +156,17 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t reserved;
int count;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+
count = this->value.len / ATTR_REQUEST_ENTRY_SIZE;
if (this->value.len != ATTR_REQUEST_ENTRY_SIZE * count)
{
DBG1(DBG_TNC, "incorrect attribute length for IETF attribute request");
- *offset = 0;
return FAILED;
}
@@ -184,6 +196,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_attr_request_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_attr_request_t *this)
{
@@ -224,6 +242,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -246,7 +265,8 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_attr_request_t *this;
@@ -259,6 +279,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -266,6 +287,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_IETF, IETF_ATTR_ATTRIBUTE_REQUEST },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h
index fc9e08676..47b038605 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.h
+++ b/src/libimcv/ietf/ietf_attr_attr_request.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -62,10 +62,10 @@ struct ietf_attr_attr_request_t {
pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type);
/**
- * Creates an ietf_attr_attr_request_t object from received data
- *
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_ATTR_REQUEST_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
index 2c6b3d542..ee5864d29 100644
--- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_default_pwd_enabled_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32(writer, this->status);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != DEFAULT_PWD_ENABLED_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF factory default password "
@@ -139,6 +149,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_default_pwd_enabled_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_default_pwd_enabled_t *this)
{
@@ -178,6 +194,7 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -194,7 +211,8 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_default_pwd_enabled_t *this;
@@ -207,12 +225,14 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_status = _get_status,
},
.type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
index 6fe1a02b1..3999590d4 100644
--- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
@@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create(bool status);
/**
* Creates an ietf_attr_default_pwd_enabled_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PWD_ENABLED_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
index a906b2258..c00a5efc2 100644
--- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c
+++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_fwd_enabled_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32(writer, this->fwd_status);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != FORWARDING_ENABLED_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF forwarding enabled attribute");
@@ -138,6 +148,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_fwd_enabled_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_fwd_enabled_t *this)
{
@@ -177,6 +193,7 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -193,7 +210,8 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_fwd_enabled_t *this;
@@ -206,12 +224,14 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_status = _get_status,
},
.type = { PEN_IETF, IETF_ATTR_FORWARDING_ENABLED },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.h b/src/libimcv/ietf/ietf_attr_fwd_enabled.h
index 41714380e..c4b6c1547 100644
--- a/src/libimcv/ietf/ietf_attr_fwd_enabled.h
+++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -57,8 +57,10 @@ pa_tnc_attr_t* ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status);
/**
* Creates an ietf_attr_fwd_enabled_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_FWD_ENABLED_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c
index f33f643af..39eea555a 100644
--- a/src/libimcv/ietf/ietf_attr_installed_packages.c
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.c
@@ -57,16 +57,36 @@ struct private_ietf_attr_installed_packages_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
*/
chunk_t value;
/**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
* Noskip flag
*/
bool noskip_flag;
/**
+ * Number of Installed Packages in attribute
+ */
+ uint16_t count;
+
+ /**
* List of Installed Package entries
*/
linked_list_t *packages;
@@ -143,6 +163,8 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -151,72 +173,91 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
package_entry_t *entry;
- status_t status = FAILED;
+ status_t status = NEED_MORE;
chunk_t name, version;
- u_int16_t reserved, count;
+ u_int16_t reserved;
u_char *pos;
- *offset = 0;
-
- if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for IETF installed packages");
- return FAILED;
+ if (this->offset == 0)
+ {
+ if (this->length < IETF_INSTALLED_PACKAGES_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF,
+ ietf_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint16(reader, &reserved);
+ reader->read_uint16(reader, &this->count);
+ this->offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
}
+
reader = bio_reader_create(this->value);
- reader->read_uint16(reader, &reserved);
- reader->read_uint16(reader, &count);
- *offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
- while (reader->remaining(reader))
+ while (this->count)
{
- if (!reader->read_data8(reader, &name))
+ if (!reader->read_data8(reader, &name) ||
+ !reader->read_data8(reader, &version))
{
- DBG1(DBG_TNC, "insufficient data for IETF installed package name");
goto end;
}
pos = memchr(name.ptr, '\0', name.len);
if (pos)
{
DBG1(DBG_TNC, "nul termination in IETF installed package name");
- *offset += 1 + (pos - name.ptr);
- goto end;
- }
- *offset += 1 + name.len;
-
- if (!reader->read_data8(reader, &version))
- {
- DBG1(DBG_TNC, "insufficient data for IETF installed package version");
+ *offset = this->offset + 1 + (pos - name.ptr);
+ status = FAILED;
goto end;
}
pos = memchr(version.ptr, '\0', version.len);
if (pos)
{
DBG1(DBG_TNC, "nul termination in IETF installed package version");
- *offset += 1 + (pos - version.ptr);
+ *offset = this->offset + 1 + name.len + 1 + (pos - version.ptr);
+ status = FAILED;
goto end;
}
- *offset += 1 + version.len;
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
entry = malloc_thing(package_entry_t);
entry->name = chunk_clone(name);
entry->version = chunk_clone(version);
this->packages->insert_last(this->packages, entry);
+
+ /* at least one tag ID was processed */
+ status = SUCCESS;
+ this->count--;
}
- if (count != this->packages->get_count(this->packages))
+ if (this->length != this->offset)
{
- DBG1(DBG_TNC, "IETF installed package count unequal to "
- "number of included packages");
- goto end;
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF,
+ ietf_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
}
- status = SUCCESS;
end:
reader->destroy(reader);
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_installed_packages_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_installed_packages_t *this)
{
@@ -230,7 +271,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
if (ref_put(&this->ref))
{
this->packages->destroy_function(this->packages, (void*)free_package_entry);
- free(this->value.ptr);
+ free(this->segment.ptr);
free(this);
}
}
@@ -269,6 +310,23 @@ METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*,
(void*)package_filter, NULL, NULL);
}
+METHOD(ietf_attr_installed_packages_t, get_count, uint16_t,
+ private_ietf_attr_installed_packages_t *this)
+{
+ return this->count;
+}
+
+METHOD(ietf_attr_installed_packages_t, clear_packages, void,
+ private_ietf_attr_installed_packages_t *this)
+{
+ package_entry_t *entry;
+
+ while (this->packages->remove_first(this->packages,(void**)&entry) == SUCCESS)
+ {
+ free_package_entry(entry);
+ }
+}
+
/**
* Described in header.
*/
@@ -285,11 +343,14 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.create_enumerator = _create_enumerator,
+ .get_count = _get_count,
+ .clear_packages = _clear_packages,
},
.type = { PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES },
.packages = linked_list_create(),
@@ -300,9 +361,11 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void)
}
/**
- * Described in header.
+ * Described in header. .length = length,
+
*/
-pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_installed_packages_t *this;
@@ -315,18 +378,25 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.create_enumerator = _create_enumerator,
+ .get_count = _get_count,
+ .clear_packages = _clear_packages,
},
.type = {PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES },
- .value = chunk_clone(data),
+ .length = length,
+ .segment = chunk_clone(data),
.packages = linked_list_create(),
.ref = 1,
);
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
return &this->public.pa_tnc_attribute;
}
diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.h b/src/libimcv/ietf/ietf_attr_installed_packages.h
index e19d0f47b..9f7b7cbcf 100644
--- a/src/libimcv/ietf/ietf_attr_installed_packages.h
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.h
@@ -56,6 +56,18 @@ struct ietf_attr_installed_packages_t {
*/
enumerator_t* (*create_enumerator)(ietf_attr_installed_packages_t *this);
+ /**
+ * Number of Installed Packages still missing
+ *
+ * @return Number of missing installed packages
+ */
+ uint16_t (*get_count)(ietf_attr_installed_packages_t *this);
+
+ /**
+ * Remove all Installed Packages from list
+ */
+ void (*clear_packages)(ietf_attr_installed_packages_t *this);
+
};
/**
@@ -67,8 +79,10 @@ pa_tnc_attr_t* ietf_attr_installed_packages_create(void);
/**
* Creates an ietf_attr_installed_packages_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_INSTALLED_PACKAGES_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c
index 739256457..c8fd6c1ca 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.c
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,7 +56,12 @@ struct private_ietf_attr_numeric_version_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -138,6 +143,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, this->service_pack_minor);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -146,10 +152,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < NUMERIC_VERSION_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF numeric version");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -163,6 +174,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_numeric_version_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_numeric_version_t *this)
{
@@ -231,6 +248,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -253,7 +271,8 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_numeric_version_t *this;
@@ -266,6 +285,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -274,6 +294,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
.get_service_pack = _get_service_pack,
},
.type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h
index bbda6b895..34393c673 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.h
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -77,8 +77,10 @@ pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
/**
* Creates an ietf_attr_numeric_version_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_NUMERIC_VERSION_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c
index 23530684a..d061a52f9 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.c
+++ b/src/libimcv/ietf/ietf_attr_op_status.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -76,7 +76,12 @@ struct private_ietf_attr_op_status_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -154,6 +159,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, chunk_create(last_use, 20));
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -167,6 +173,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != OP_STATUS_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF operational status");
@@ -212,6 +222,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_op_status_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_op_status_t *this)
{
@@ -264,6 +280,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -284,7 +301,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_op_status_create_from_data(size_t length, chunk_t data)
{
private_ietf_attr_op_status_t *this;
@@ -297,6 +314,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h
index b70fab608..f19185f0a 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.h
+++ b/src/libimcv/ietf/ietf_attr_op_status.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -100,8 +100,10 @@ pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
/**
* Creates an ietf_attr_op_status_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_op_status_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_op_status_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_OP_STATUS_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 5f20f8958..0dbb4aaef 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -113,7 +113,12 @@ struct private_ietf_attr_pa_tnc_error_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -133,14 +138,19 @@ struct private_ietf_attr_pa_tnc_error_t {
chunk_t msg_info;
/**
- * First 8 bytes of unsupported PA-TNC attribute
+ * Flags of unsupported PA-TNC attribute
+ */
+ uint8_t flags;
+
+ /**
+ * Vendor ID and type of unsupported PA-TNC attribute
*/
- chunk_t attr_info;
+ pen_type_t unsupported_type;
/**
* PA-TNC error offset
*/
- u_int32_t error_offset;
+ uint32_t error_offset;
/**
* Reference count
@@ -200,26 +210,35 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, PA_ERROR_VERSION_RESERVED);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- writer->write_data(writer, this->attr_info);
+ writer->write_uint8 (writer, this->flags);
+ writer->write_uint24(writer, this->unsupported_type.vendor_id);
+ writer->write_uint32(writer, this->unsupported_type.type);
break;
default:
break;
}
}
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_pa_tnc_error_t *this, u_int32_t *offset)
+ private_ietf_attr_pa_tnc_error_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ uint8_t reserved;
+ uint32_t vendor_id, type;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PA_ERROR_HEADER_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PA-TNC error header");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -250,8 +269,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
}
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- if (!reader->read_data(reader, PA_ERROR_ATTR_INFO_SIZE,
- &this->attr_info))
+ if (reader->remaining(reader) < PA_ERROR_ATTR_INFO_SIZE)
{
reader->destroy(reader);
DBG1(DBG_TNC, "insufficient data for unsupported attribute "
@@ -259,7 +277,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
return FAILED;
}
- this->attr_info = chunk_clone(this->attr_info);
+ reader->read_uint8 (reader, &this->flags);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ this->unsupported_type = pen_type_create(vendor_id, type);
break;
default:
break;
@@ -275,6 +296,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_pa_tnc_error_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_pa_tnc_error_t *this)
{
@@ -289,7 +316,6 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
free(this->value.ptr);
free(this->msg_info.ptr);
- free(this->attr_info.ptr);
free(this);
}
}
@@ -306,19 +332,24 @@ METHOD(ietf_attr_pa_tnc_error_t, get_msg_info, chunk_t,
return this->msg_info;
}
-METHOD(ietf_attr_pa_tnc_error_t, get_attr_info, chunk_t,
- private_ietf_attr_pa_tnc_error_t *this)
+METHOD(ietf_attr_pa_tnc_error_t, get_unsupported_attr, pen_type_t,
+ private_ietf_attr_pa_tnc_error_t *this, uint8_t *flags)
{
- return this->attr_info;
+ if (flags)
+ {
+ *flags = this->flags;
+ }
+ return this->unsupported_type;
}
-METHOD(ietf_attr_pa_tnc_error_t, set_attr_info, void,
- private_ietf_attr_pa_tnc_error_t *this, chunk_t attr_info)
+METHOD(ietf_attr_pa_tnc_error_t, set_unsupported_attr, void,
+ private_ietf_attr_pa_tnc_error_t *this, uint8_t flags, pen_type_t type)
{
- this->attr_info = chunk_clone(attr_info);
+ this->flags = flags;
+ this->unsupported_type = type;
}
-METHOD(ietf_attr_pa_tnc_error_t, get_offset, u_int32_t,
+METHOD(ietf_attr_pa_tnc_error_t, get_offset, uint32_t,
private_ietf_attr_pa_tnc_error_t *this)
{
return this->error_offset;
@@ -340,13 +371,14 @@ static private_ietf_attr_pa_tnc_error_t* create_generic()
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_error_code = _get_error_code,
.get_msg_info = _get_msg_info,
- .get_attr_info = _get_attr_info,
- .set_attr_info = _set_attr_info,
+ .get_unsupported_attr = _get_unsupported_attr,
+ .set_unsupported_attr = _set_unsupported_attr,
.get_offset = _get_offset,
},
.type = { PEN_IETF, IETF_ATTR_PA_TNC_ERROR },
@@ -385,7 +417,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_type_t error_code,
*/
pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
chunk_t msg_info,
- u_int32_t error_offset)
+ uint32_t error_offset)
{
private_ietf_attr_pa_tnc_error_t *this;
@@ -403,11 +435,13 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_pa_tnc_error_t *this;
this = create_generic();
+ this->length = length;
this->value = chunk_clone(data);
return &this->public.pa_tnc_attribute;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index faa38f8f9..b1df1945a 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -69,25 +69,29 @@ struct ietf_attr_pa_tnc_error_t {
chunk_t (*get_msg_info)(ietf_attr_pa_tnc_error_t *this);
/**
- * Get first 8 bytes of unsupported PA-TNC attribute
+ * Get flags, vendor ID and type of unsupported PA-TNC attribute
*
- * @return PA-TNC attribute info
+ * @param flags PA-TNC attribute flags
+ * @return PA-TNC attribute vendor ID and type
*/
- chunk_t (*get_attr_info)(ietf_attr_pa_tnc_error_t *this);
+ pen_type_t (*get_unsupported_attr)(ietf_attr_pa_tnc_error_t *this,
+ uint8_t *flags);
/**
- * Set first 8 bytes of unsupported PA-TNC attribute
+ * Set flags, vendor ID and type of unsupported PA-TNC attribute
*
- * @param attr_info PA-TNC message info
+ * @param flags PA-TNC attribute flags
+ * @param attr_info PA-TNC attribute vendor ID and type
*/
- void (*set_attr_info)(ietf_attr_pa_tnc_error_t *this, chunk_t attr_info);
+ void (*set_unsupported_attr)(ietf_attr_pa_tnc_error_t *this, uint8_t flags,
+ pen_type_t type);
/**
* Get the PA-TNC error offset
*
* @return PA-TNC error offset
*/
- u_int32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
+ uint32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
};
@@ -111,13 +115,15 @@ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_type_t error_code,
*/
pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
chunk_t header,
- u_int32_t error_offset);
+ uint32_t error_offset);
/**
* Creates an ietf_attr_pa_tnc_error_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PA_TNC_ERROR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c
index 1d516a51f..46824406a 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.c
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -63,7 +64,12 @@ struct private_ietf_attr_port_filter_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -131,6 +137,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -141,11 +148,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
port_entry_t *entry;
u_int8_t blocked;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len % PORT_FILTER_ENTRY_SIZE)
{
DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
PORT_FILTER_ENTRY_SIZE);
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -164,6 +176,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_port_filter_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_port_filter_t *this)
{
@@ -231,6 +249,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -248,7 +267,8 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_port_filter_t *this;
@@ -261,6 +281,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -268,6 +289,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
.create_port_enumerator = _create_port_enumerator,
},
.type = {PEN_IETF, IETF_ATTR_PORT_FILTER },
+ .length = length,
.value = chunk_clone(data),
.ports = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h
index 93b696e45..d383b19a2 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.h
+++ b/src/libimcv/ietf/ietf_attr_port_filter.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -67,8 +67,10 @@ pa_tnc_attr_t* ietf_attr_port_filter_create(void);
/**
* Creates an ietf_attr_port_filter_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PORT_FILTER_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c
index a107c27d3..37c89e9e5 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.c
+++ b/src/libimcv/ietf/ietf_attr_product_info.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -51,7 +52,12 @@ struct private_ietf_attr_product_info_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -120,6 +126,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->product_name);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -129,10 +136,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
chunk_t product_name;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PRODUCT_INFO_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF product information");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -153,6 +165,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_product_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_product_info_t *this)
{
@@ -202,6 +220,7 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -220,7 +239,8 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_product_info_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_product_info_t *this;
@@ -233,12 +253,14 @@ pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_info = _get_info,
},
.type = { PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h
index d0b2d2a84..5151b5808 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.h
+++ b/src/libimcv/ietf/ietf_attr_product_info.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
/**
* Creates an ietf_attr_product_info_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_product_info_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_product_info_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PRODUCT_INFO_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c
index 5d85e5d89..64070374e 100644
--- a/src/libimcv/ietf/ietf_attr_remediation_instr.c
+++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -79,7 +79,12 @@ struct private_ietf_attr_remediation_instr_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -155,6 +160,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->parameters);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -168,6 +174,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < REMEDIATION_INSTR_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF remediation instructions");
@@ -218,6 +228,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_remediation_instr_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_remediation_instr_t *this)
{
@@ -275,6 +291,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create(pen_type_t parameters_type,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -328,7 +345,8 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_string(chunk_t string,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_remediation_instr_t *this;
@@ -341,6 +359,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -350,6 +369,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
.get_string = _get_string,
},
.type = { PEN_IETF, IETF_ATTR_REMEDIATION_INSTRUCTIONS },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.h b/src/libimcv/ietf/ietf_attr_remediation_instr.h
index 5c7c8891b..bc03e995a 100644
--- a/src/libimcv/ietf/ietf_attr_remediation_instr.h
+++ b/src/libimcv/ietf/ietf_attr_remediation_instr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -102,8 +102,10 @@ pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_string(chunk_t string,
/**
* Creates an ietf_attr_remediation_instr_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_REMEDIATION_INSTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c
index 68adde612..c46200b8f 100644
--- a/src/libimcv/ietf/ietf_attr_string_version.c
+++ b/src/libimcv/ietf/ietf_attr_string_version.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,7 +54,12 @@ struct private_ietf_attr_string_version_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -124,6 +129,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data8(writer, this->config);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -137,6 +143,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < STRING_VERSION_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF string version");
@@ -198,6 +208,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_string_version_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_string_version_t *this)
{
@@ -254,6 +270,7 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -272,7 +289,8 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_string_version_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_string_version_t *this;
@@ -285,12 +303,14 @@ pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_version = _get_version,
},
.type = { PEN_IETF, IETF_ATTR_STRING_VERSION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_string_version.h b/src/libimcv/ietf/ietf_attr_string_version.h
index 9ccc1f0ee..432ed4a0f 100644
--- a/src/libimcv/ietf/ietf_attr_string_version.h
+++ b/src/libimcv/ietf/ietf_attr_string_version.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_string_version_create(chunk_t version, chunk_t build,
/**
* Creates an ietf_attr_string_version_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_string_version_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_string_version_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_STRING_VERSION_H_ @}*/
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 533151799..0d622f1b8 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -59,6 +59,11 @@ struct private_imc_agent_t {
linked_list_t *additional_ids;
/**
+ * list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t *non_fatal_attr_types;
+
+ /**
* list of TNCC connection entries
*/
linked_list_t *connections;
@@ -510,11 +515,29 @@ METHOD(imc_agent_t, create_id_enumerator, enumerator_t*,
return this->additional_ids->create_enumerator(this->additional_ids);
}
+METHOD(imc_agent_t, add_non_fatal_attr_type, void,
+ private_imc_agent_t *this, pen_type_t type)
+{
+ pen_type_t *type_p;
+
+ type_p = malloc_thing(pen_type_t);
+ *type_p = type;
+ this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
+ private_imc_agent_t *this)
+{
+ return this->non_fatal_attr_types;
+}
+
METHOD(imc_agent_t, destroy, void,
private_imc_agent_t *this)
{
DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
this->additional_ids->destroy(this->additional_ids);
+ this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+ free);
this->connections->destroy_function(this->connections, free);
this->connection_lock->destroy(this->connection_lock);
free(this);
@@ -550,6 +573,8 @@ imc_agent_t *imc_agent_create(const char *name,
.reserve_additional_ids = _reserve_additional_ids,
.count_additional_ids = _count_additional_ids,
.create_id_enumerator = _create_id_enumerator,
+ .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+ .get_non_fatal_attr_types = _get_non_fatal_attr_types,
.destroy = _destroy,
},
.name = name,
@@ -557,6 +582,7 @@ imc_agent_t *imc_agent_create(const char *name,
.type_count = type_count,
.id = id,
.additional_ids = linked_list_create(),
+ .non_fatal_attr_types = linked_list_create(),
.connections = linked_list_create(),
.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h
index 0a1638f47..8bdfb6c32 100644
--- a/src/libimcv/imc/imc_agent.h
+++ b/src/libimcv/imc/imc_agent.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -172,6 +172,16 @@ struct imc_agent_t {
enumerator_t* (*create_id_enumerator)(imc_agent_t *this);
/**
+ * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+ */
+ void (*add_non_fatal_attr_type)(imc_agent_t *this, pen_type_t type);
+
+ /**
+ * Get a list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
+
+ /**
* Destroys an imc_agent_t object
*/
void (*destroy)(imc_agent_t *this);
diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c
index 1cf81c730..83337cf7b 100644
--- a/src/libimcv/imc/imc_msg.c
+++ b/src/libimcv/imc/imc_msg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,12 @@
#include "ietf/ietf_attr.h"
#include "ietf/ietf_attr_assess_result.h"
#include "ietf/ietf_attr_remediation_instr.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
@@ -104,11 +108,18 @@ METHOD(imc_msg_t, send_, TNC_Result,
pa_tnc_attr_t *attr;
TNC_UInt32 msg_flags;
TNC_MessageType msg_type;
- bool attr_added;
+ bool attr_added, oversize;
chunk_t msg;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
enumerator_t *enumerator;
TNC_Result result = TNC_RESULT_SUCCESS;
+ /* Get IF-M segmentation contract for this subtype if any */
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->dst_id);
+
while (this->attr_list->get_count(this->attr_list))
{
pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
@@ -117,6 +128,17 @@ METHOD(imc_msg_t, send_, TNC_Result,
enumerator = this->attr_list->create_enumerator(this->attr_list);
while (enumerator->enumerate(enumerator, &attr))
{
+ if (contract && contract->check_size(contract, attr, &oversize))
+ {
+ if (oversize)
+ {
+ /* TODO generate SWID error msg */
+ }
+ else
+ {
+ attr = contract->first_segment(contract, attr);
+ }
+ }
if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
{
attr_added = TRUE;
@@ -208,8 +230,9 @@ static void print_assessment_trailer(bool first)
}
METHOD(imc_msg_t, receive, TNC_Result,
- private_imc_msg_t *this, bool *fatal_error)
+ private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
{
+ linked_list_t *non_fatal_types;
TNC_UInt32 target_imc_id;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
@@ -251,26 +274,14 @@ METHOD(imc_msg_t, receive, TNC_Result,
break;
case VERIFY_ERROR:
{
- imc_msg_t *error_msg;
- TNC_Result result;
-
- error_msg = imc_msg_create_as_reply(&this->public);
-
/* extract and copy by reference all error attributes */
enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- error_msg->add_attribute(error_msg, attr->get_ref(attr));
+ out_msg->add_attribute(out_msg, attr->get_ref(attr));
}
enumerator->destroy(enumerator);
-
- /*
- * send the PA-TNC message containing all error attributes
- * with the excl flag set
- */
- result = error_msg->send(error_msg, TRUE);
- error_msg->destroy(error_msg);
- return result;
+ return TNC_RESULT_SUCCESS;
}
case FAILED:
default:
@@ -281,8 +292,192 @@ METHOD(imc_msg_t, receive, TNC_Result,
target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
this->dst_id : this->agent->get_id(this->agent);
+ /* process any IF-M segmentation contracts */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ contracts = this->state->get_contracts(this->state);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ switch (type.type)
+ {
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, TRUE);
+ contract->set_responder(contract, target_imc_id);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is possible select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Add Maximum Attribute Size Response attribute */
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, TNC_IMCID_ANY);
+ if (contract)
+ {
+ contract = contract->clone(contract);
+ contract->set_responder(contract, this->src_id);
+ contracts->add_contract(contracts, contract);
+ }
+ }
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, FALSE);
+ DBG2(DBG_IMC, "%s", buf);
+ }
+ else
+ {
+ /* TODO no request pending */
+ DBG1(DBG_IMC, "no contract for this PA message type found");
+ }
+ break;
+ }
+ case TCG_SEG_ATTR_SEG_ENV:
+ {
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pa_tnc_attr_t *error;
+ uint32_t base_attr_id;
+ bool more;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ DBG2(DBG_IMC, "no contract for received attribute segment "
+ "with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->add_segment(contract, attr, &error, &more);
+ if (error)
+ {
+ out_msg->add_attribute(out_msg, error);
+ }
+ if (attr)
+ {
+ this->pa_msg->add_attribute(this->pa_msg, attr);
+ }
+ if (more)
+ {
+ /* Send Next Segment Request */
+ attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ break;
+ }
+ case TCG_SEG_NEXT_SEG_REQ:
+ {
+ tcg_seg_attr_next_seg_t *attr_cast;
+ uint32_t base_attr_id;
+
+ attr_cast = (tcg_seg_attr_next_seg_t*)attr;
+ base_attr_id = attr_cast->get_base_attr_id(attr_cast);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (!contract)
+ {
+ /* TODO no contract - generate error message */
+ DBG1(DBG_IMC, "no contract for received next segment "
+ "request with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->next_segment(contract, base_attr_id);
+ if (attr)
+ {
+ out_msg->add_attribute(out_msg, attr);
+ }
+ else
+ {
+ /* TODO no more segments - generate error message */
+ DBG1(DBG_IMC, "no more segments found for "
+ "base attribute ID %u", base_attr_id);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* preprocess any received IETF standard error attributes */
- *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+ non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+ *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+ non_fatal_types);
/* preprocess any received IETF assessment result attribute */
enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
@@ -297,16 +492,16 @@ METHOD(imc_msg_t, receive, TNC_Result,
if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
{
ietf_attr_assess_result_t *attr_cast;
- TNC_IMV_Evaluation_Result result;
+ TNC_IMV_Evaluation_Result res;
attr_cast = (ietf_attr_assess_result_t*)attr;
- result = attr_cast->get_result(attr_cast);
- this->state->set_result(this->state, target_imc_id, result);
+ res = attr_cast->get_result(attr_cast);
+ this->state->set_result(this->state, target_imc_id, res);
print_assessment_header(this->agent->get_name(this->agent),
target_imc_id, this->src_id, &first);
DBG1(DBG_IMC, "assessment result is '%N'",
- TNC_IMV_Evaluation_Result_names, result);
+ TNC_IMV_Evaluation_Result_names, res);
}
else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
{
diff --git a/src/libimcv/imc/imc_msg.h b/src/libimcv/imc/imc_msg.h
index 588225dbe..a8c4d3c02 100644
--- a/src/libimcv/imc/imc_msg.h
+++ b/src/libimcv/imc/imc_msg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -65,10 +65,12 @@ struct imc_msg_t {
/**
* Processes a received PA-TNC message
*
+ * @param out_msg outgoing PA-TN message
* @param fatal_error TRUE if IMV sent a fatal error message
* @return TNC result code
*/
- TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error);
+ TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg,
+ bool *fatal_error);
/**
* Add a PA-TNC attribute to the send queue
diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h
index a6db44314..6bb0e960c 100644
--- a/src/libimcv/imc/imc_os_info.h
+++ b/src/libimcv/imc/imc_os_info.h
@@ -15,7 +15,7 @@
/**
* @defgroup imc_os_info imc_os_info
- * @{ @ingroup libimcv
+ * @{ @ingroup libimcv_imc
*/
#ifndef IMC_OS_INFO_H_
diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h
index 7e763fbe1..efcf567f0 100644
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,8 @@
#ifndef IMC_STATE_H_
#define IMC_STATE_H_
+#include "seg/seg_contract_manager.h"
+
#include <tncif.h>
#include <tncifimv.h>
#include <tncifimc.h>
@@ -80,6 +82,13 @@ struct imc_state_t {
u_int32_t (*get_max_msg_len)(imc_state_t *this);
/**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imc_state_t *this);
+
+ /**
* Change the connection state
*
* @param new_state new connection state
diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
index 30679a33d..bd4156c19 100644
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@@ -15,6 +15,14 @@
#include "imcv.h"
#include "ietf/ietf_attr.h"
#include "ita/ita_attr.h"
+#include "tcg/tcg_attr.h"
+#include "pts/components/pts_component.h"
+#include "pts/components/pts_component_manager.h"
+#include "pts/components/tcg/tcg_comp_func_name.h"
+#include "pts/components/ita/ita_comp_func_name.h"
+#include "pts/components/ita/ita_comp_ima.h"
+#include "pts/components/ita/ita_comp_tboot.h"
+#include "pts/components/ita/ita_comp_tgrub.h"
#include <utils/debug.h>
#include <utils/utils.h>
@@ -24,8 +32,12 @@
#include <syslog.h>
#endif
+#ifndef IPSEC_SCRIPT
+#define IPSEC_SCRIPT "ipsec"
+#endif
+
#define IMCV_DEBUG_LEVEL 1
-#define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy"
+#define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
/**
@@ -44,6 +56,11 @@ imv_session_manager_t *imcv_sessions;
imv_database_t *imcv_db;
/**
+ * PTS Functional Component manager
+ */
+pts_component_manager_t *imcv_pts_components;
+
+/**
* Reference count for libimcv
*/
static refcount_t libimcv_ref = 0;
@@ -162,7 +179,26 @@ bool libimcv_init(bool is_imv)
ietf_attr_create_from_data, ietf_attr_names);
imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
ita_attr_create_from_data, ita_attr_names);
-
+ imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
+ tcg_attr_create_from_data, tcg_attr_names);
+
+ imcv_pts_components = pts_component_manager_create();
+ imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
+ pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
+ pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
+ imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
+ pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
+ pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
+
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_TGRUB,
+ pts_ita_comp_tgrub_create);
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_TBOOT,
+ pts_ita_comp_tboot_create);
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ pts_ita_comp_ima_create);
if (is_imv)
{
/* instantiate global IMV session manager */
@@ -193,8 +229,13 @@ void libimcv_deinit(void)
{
if (ref_put(&libimcv_ref))
{
+ imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
+ imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
+ imcv_pts_components->destroy(imcv_pts_components);
+
imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
+ imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
DESTROY_IF(imcv_pa_tnc_attributes);
imcv_pa_tnc_attributes = NULL;
DESTROY_IF(imcv_db);
diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h
index 771038803..31536eca5 100644
--- a/src/libimcv/imcv.h
+++ b/src/libimcv/imcv.h
@@ -27,6 +27,12 @@
* @defgroup libimcv_plugins plugins
* @ingroup libimcv
*
+ * @defgroup libimcv_seg seg
+ * @ingroup libimcv
+ *
+ * @defgroup libimcv_swid swid
+ * @ingroup libimcv
+ *
* @addtogroup libimcv
* @{
*/
@@ -37,6 +43,7 @@
#include "pa_tnc/pa_tnc_attr_manager.h"
#include "imv/imv_database.h"
#include "imv/imv_session_manager.h"
+#include "pts/components/pts_component_manager.h"
#include <library.h>
@@ -68,4 +75,9 @@ extern imv_database_t* imcv_db;
*/
extern imv_session_manager_t* imcv_sessions;
+/**
+ * PTS Functional Component manager
+ */
+extern pts_component_manager_t* imcv_pts_components;
+
#endif /** IMCV_H_ @}*/
diff --git a/src/libimcv/imcv_tests.c b/src/libimcv/imcv_tests.c
new file mode 100644
index 000000000..e9bb303b4
--- /dev/null
+++ b/src/libimcv/imcv_tests.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+#include <library.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#include "imcv_tests.h"
+#undef TEST_SUITE
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#include "imcv_tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (!init)
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("libimcv", tests, test_runner_init);
+}
diff --git a/src/libimcv/imcv_tests.h b/src/libimcv/imcv_tests.h
new file mode 100644
index 000000000..d3ea24b1f
--- /dev/null
+++ b/src/libimcv/imcv_tests.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(imcv_seg_suite_create)
+
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index b45cad487..425748f59 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -306,6 +306,23 @@ INSERT INTO products ( /* 51 */
'Android 4.4.4'
);
+INSERT INTO products ( /* 52 */
+ name
+) VALUES (
+ 'Debian 7.6 i686'
+);
+
+INSERT INTO products ( /* 53 */
+ name
+) VALUES (
+ 'Debian 7.6 x86_64'
+);
+INSERT INTO products ( /* 54 */
+ name
+) VALUES (
+ 'Debian 7.6 armv6l'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -777,6 +794,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 52
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -825,6 +848,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 53
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1026,6 +1055,12 @@ INSERT INTO groups_product_defaults (
14, 48
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 14, 54
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index a46455d47..6b24f4b28 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -65,6 +65,11 @@ struct private_imv_agent_t {
linked_list_t *additional_ids;
/**
+ * list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t *non_fatal_attr_types;
+
+ /**
* list of TNCS connection entries
*/
linked_list_t *connections;
@@ -772,11 +777,29 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result,
return this->provide_recommendation(this->id, connection_id, rec, eval);
}
+METHOD(imv_agent_t, add_non_fatal_attr_type, void,
+ private_imv_agent_t *this, pen_type_t type)
+{
+ pen_type_t *type_p;
+
+ type_p = malloc_thing(pen_type_t);
+ *type_p = type;
+ this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imv_agent_t, get_non_fatal_attr_types, linked_list_t*,
+ private_imv_agent_t *this)
+{
+ return this->non_fatal_attr_types;
+}
+
METHOD(imv_agent_t, destroy, void,
private_imv_agent_t *this)
{
DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
this->additional_ids->destroy(this->additional_ids);
+ this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+ free);
this->connections->destroy_offset(this->connections,
offsetof(imv_state_t, destroy));
this->connection_lock->destroy(this->connection_lock);
@@ -815,6 +838,8 @@ imv_agent_t *imv_agent_create(const char *name,
.create_id_enumerator = _create_id_enumerator,
.create_language_enumerator = _create_language_enumerator,
.provide_recommendation = _provide_recommendation,
+ .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+ .get_non_fatal_attr_types = _get_non_fatal_attr_types,
.destroy = _destroy,
},
.name = name,
@@ -822,6 +847,7 @@ imv_agent_t *imv_agent_create(const char *name,
.type_count = type_count,
.id = id,
.additional_ids = linked_list_create(),
+ .non_fatal_attr_types = linked_list_create(),
.connections = linked_list_create(),
.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h
index 47ce770bc..1f6a10b7c 100644
--- a/src/libimcv/imv/imv_agent.h
+++ b/src/libimcv/imv/imv_agent.h
@@ -189,6 +189,16 @@ struct imv_agent_t {
TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state);
/**
+ * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+ */
+ void (*add_non_fatal_attr_type)(imv_agent_t *this, pen_type_t type);
+
+ /**
+ * Get a list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t* (*get_non_fatal_attr_types)(imv_agent_t *this);
+
+ /**
* Destroys an imv_agent_t object
*/
void (*destroy)(imv_agent_t *this);
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index e7181750c..fdf63325d 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,12 @@
#include "ietf/ietf_attr.h"
#include "ietf/ietf_attr_assess_result.h"
#include "ietf/ietf_attr_remediation_instr.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
@@ -121,11 +125,18 @@ METHOD(imv_msg_t, send_, TNC_Result,
pa_tnc_attr_t *attr;
TNC_UInt32 msg_flags;
TNC_MessageType msg_type;
- bool attr_added;
+ bool attr_added, oversize;
chunk_t msg;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
enumerator_t *enumerator;
TNC_Result result = TNC_RESULT_SUCCESS;
+ /* Get IF-M segmentation contract for this subtype if any */
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->dst_id);
+
while (this->attr_list->get_count(this->attr_list))
{
pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
@@ -134,6 +145,17 @@ METHOD(imv_msg_t, send_, TNC_Result,
enumerator = this->attr_list->create_enumerator(this->attr_list);
while (enumerator->enumerate(enumerator, &attr))
{
+ if (contract && contract->check_size(contract, attr, &oversize))
+ {
+ if (oversize)
+ {
+ /* TODO generate SWID error msg */
+ }
+ else
+ {
+ attr = contract->first_segment(contract, attr);
+ }
+ }
if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
{
attr_added = TRUE;
@@ -246,8 +268,11 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
}
METHOD(imv_msg_t, receive, TNC_Result,
- private_imv_msg_t *this, bool *fatal_error)
+ private_imv_msg_t *this, imv_msg_t *out_msg, bool *fatal_error)
{
+ TNC_Result result = TNC_RESULT_SUCCESS;
+ TNC_UInt32 target_imv_id;
+ linked_list_t *non_fatal_types;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
chunk_t msg;
@@ -286,36 +311,211 @@ METHOD(imv_msg_t, receive, TNC_Result,
break;
case VERIFY_ERROR:
{
- imv_msg_t *error_msg;
- TNC_Result result;
-
- error_msg = imv_msg_create_as_reply(&this->public);
-
/* extract and copy by reference all error attributes */
enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- error_msg->add_attribute(error_msg, attr->get_ref(attr));
+ out_msg->add_attribute(out_msg, attr->get_ref(attr));
}
enumerator->destroy(enumerator);
-
- /*
- * send the PA-TNC message containing all error attributes
- * with the excl flag set
- */
- result = error_msg->send(error_msg, TRUE);
- error_msg->destroy(error_msg);
- return result;
}
case FAILED:
default:
return TNC_RESULT_FATAL;
}
+ /* determine target IMV ID */
+ target_imv_id = (this->dst_id != TNC_IMVID_ANY) ?
+ this->dst_id : this->agent->get_id(this->agent);
+
+ /* process IF-M segmentation attributes */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ seg_contract_manager_t *contracts;
+ seg_contract_t *contract;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ contracts = this->state->get_contracts(this->state);
+
+ switch (type.type)
+ {
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, FALSE);
+ contract->set_responder(contract, target_imv_id);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is possible select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ DBG2(DBG_IMV, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Add Maximum Attribute Size Response attribute */
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, TNC_IMCID_ANY);
+ if (contract)
+ {
+ contract = contract->clone(contract);
+ contract->set_responder(contract, this->src_id);
+ contracts->add_contract(contracts, contract);
+ }
+ }
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, FALSE);
+ DBG2(DBG_IMV, "%s", buf);
+ }
+ else
+ {
+ /* TODO no request pending */
+ DBG1(DBG_IMV, "no contract for this PA message type found");
+ }
+ break;
+ }
+ case TCG_SEG_ATTR_SEG_ENV:
+ {
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pa_tnc_attr_t *error;
+ uint32_t base_attr_id;
+ bool more;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ DBG2(DBG_IMV, "no contract for received attribute segment "
+ "with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->add_segment(contract, attr, &error, &more);
+ if (error)
+ {
+ out_msg->add_attribute(out_msg, error);
+ }
+ if (attr)
+ {
+ this->pa_msg->add_attribute(this->pa_msg, attr);
+ }
+ if (more)
+ {
+ /* Send Next Segment Request */
+ attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ break;
+ }
+ case TCG_SEG_NEXT_SEG_REQ:
+ {
+ tcg_seg_attr_next_seg_t *attr_cast;
+ uint32_t base_attr_id;
+
+ attr_cast = (tcg_seg_attr_next_seg_t*)attr;
+ base_attr_id = attr_cast->get_base_attr_id(attr_cast);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (!contract)
+ {
+ /* TODO no contract - generate error message */
+ DBG1(DBG_IMV, "no contract for received next segment "
+ "request with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->next_segment(contract, base_attr_id);
+ if (attr)
+ {
+ out_msg->add_attribute(out_msg, attr);
+ }
+ else
+ {
+ /* TODO no more segments - generate error message */
+ DBG1(DBG_IMV, "no more segments found for "
+ "base attribute ID %u", base_attr_id);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* preprocess any received IETF standard error attributes */
- *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+ non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+ *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+ non_fatal_types);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_msg_t, get_attribute_count, int,
diff --git a/src/libimcv/imv/imv_msg.h b/src/libimcv/imv/imv_msg.h
index dfec169cc..43b91e908 100644
--- a/src/libimcv/imv/imv_msg.h
+++ b/src/libimcv/imv/imv_msg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -79,10 +79,12 @@ struct imv_msg_t {
/**
* Processes a received PA-TNC message
*
+ * @param out_msg outgoing PA-TN message
* @param fatal_error TRUE if IMC sent a fatal error message
* @return TNC result code
*/
- TNC_Result (*receive)(imv_msg_t *this, bool *fatal_error);
+ TNC_Result (*receive)(imv_msg_t *this, imv_msg_t *out_msg,
+ bool *fatal_error);
/**
* Add a PA-TNC attribute to the send queue
diff --git a/src/libimcv/imv/imv_os_info.h b/src/libimcv/imv/imv_os_info.h
index b68a17ee7..7cd609a22 100644
--- a/src/libimcv/imv/imv_os_info.h
+++ b/src/libimcv/imv/imv_os_info.h
@@ -15,7 +15,7 @@
/**
* @defgroup imv_os_info imv_os_info
- * @{ @ingroup libimcv
+ * @{ @ingroup libimcv_imv
*/
#ifndef IMV_OS_INFO_H_
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index d11d15e0d..30ed612b3 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -23,6 +23,7 @@
#define IMV_STATE_H_
#include "imv_session.h"
+#include "seg/seg_contract_manager.h"
#include <tncifimv.h>
@@ -108,6 +109,13 @@ struct imv_state_t {
imv_session_t* (*get_session)(imv_state_t *this);
/**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return Contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imv_state_t *this);
+
+ /**
* Change the connection state
*
* @param new_state new connection state
diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c
index f3956717d..9d7706dba 100644
--- a/src/libimcv/ita/ita_attr.c
+++ b/src/libimcv/ita/ita_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -35,24 +35,25 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID,
/**
* See header
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value)
+pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value)
{
switch (type)
{
case ITA_ATTR_COMMAND:
- return ita_attr_command_create_from_data(value);
+ return ita_attr_command_create_from_data(length, value);
case ITA_ATTR_DUMMY:
- return ita_attr_dummy_create_from_data(value);
+ return ita_attr_dummy_create_from_data(length, value);
case ITA_ATTR_GET_SETTINGS:
- return ita_attr_get_settings_create_from_data(value);
+ return ita_attr_get_settings_create_from_data(length, value);
case ITA_ATTR_SETTINGS:
- return ita_attr_settings_create_from_data(value);
+ return ita_attr_settings_create_from_data(length, value);
case ITA_ATTR_START_ANGEL:
- return ita_attr_angel_create_from_data(TRUE, value);
+ return ita_attr_angel_create_from_data(TRUE);
case ITA_ATTR_STOP_ANGEL:
- return ita_attr_angel_create_from_data(FALSE, value);
+ return ita_attr_angel_create_from_data(FALSE);
case ITA_ATTR_DEVICE_ID:
- return ita_attr_device_id_create_from_data(value);
+ return ita_attr_device_id_create_from_data(length, value);
default:
return NULL;
}
diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h
index ac5d8abaa..7378a1cbe 100644
--- a/src/libimcv/ita/ita_attr.h
+++ b/src/libimcv/ita/ita_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,8 +50,10 @@ extern enum_name_t *ita_attr_names;
* Create a ITA PA-TNC attribute from data
*
* @param type attribute type
- * @param value attribute value
+ * @param length attribute length
+ * @param value attribute value or segment
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value);
+pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
#endif /** ITA_ATTR_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c
index 0e9cff0a9..110863608 100644
--- a/src/libimcv/ita/ita_attr_angel.c
+++ b/src/libimcv/ita/ita_attr_angel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -86,6 +86,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_angel_t *this, chunk_t segment)
+{
+ /* nothing to add */
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_angel_t *this)
{
@@ -118,6 +124,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -132,7 +139,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data)
+pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start)
{
private_ita_attr_angel_t *this;
@@ -145,6 +152,7 @@ pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
diff --git a/src/libimcv/ita/ita_attr_angel.h b/src/libimcv/ita/ita_attr_angel.h
index d42e7119a..8cd979b01 100644
--- a/src/libimcv/ita/ita_attr_angel.h
+++ b/src/libimcv/ita/ita_attr_angel.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,8 +49,7 @@ pa_tnc_attr_t* ita_attr_angel_create(bool start);
* Creates an ita_attr_angel_t object from received data
*
* @param start TRUE for Start, FALSE for Stop Angel attribute
- * @param value binary value blob
*/
-pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start, chunk_t value);
+pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start);
#endif /** ITA_ATTR_ANGEL_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index 9692e1ffd..a6b187f13 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -40,7 +40,12 @@ struct private_ita_attr_command_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -91,18 +96,30 @@ METHOD(pa_tnc_attr_t, build, void,
{
return;
}
- this->value = chunk_create(this->command, strlen(this->command));
- this->value = chunk_clone(this->value);
+ this->value = chunk_clone(chunk_from_str(this->command));
+ this->length = this->value.len;
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_command_t *this, u_int32_t *offset)
{
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
this->command = strndup(this->value.ptr, this->value.len);
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_command_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_command_t *this)
{
@@ -143,6 +160,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -159,7 +177,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_command_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_command_t *this;
@@ -172,12 +190,14 @@ pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_command = _get_command,
},
.type = {PEN_ITA, ITA_ATTR_COMMAND },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ita/ita_attr_command.h b/src/libimcv/ita/ita_attr_command.h
index 3926c3887..dd4701e12 100644
--- a/src/libimcv/ita/ita_attr_command.h
+++ b/src/libimcv/ita/ita_attr_command.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,8 +54,9 @@ pa_tnc_attr_t* ita_attr_command_create(char *command);
/**
* Creates an ita_attr_command_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_command_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_command_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_COMMAND_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_device_id.c b/src/libimcv/ita/ita_attr_device_id.c
index 36907eb34..232842695 100644
--- a/src/libimcv/ita/ita_attr_device_id.c
+++ b/src/libimcv/ita/ita_attr_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,12 @@ struct private_ita_attr_device_id_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -86,9 +91,21 @@ METHOD(pa_tnc_attr_t, build, void,
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_device_id_t *this, u_int32_t *offset)
{
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_device_id_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_device_id_t *this)
{
@@ -109,7 +126,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
+pa_tnc_attr_t *ita_attr_device_id_create_from_data(size_t length, chunk_t value)
{
private_ita_attr_device_id_t *this;
@@ -122,11 +139,13 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = { PEN_ITA, ITA_ATTR_DEVICE_ID },
+ .length = length,
.value = chunk_clone(value),
.ref = 1,
);
@@ -139,6 +158,6 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
*/
pa_tnc_attr_t *ita_attr_device_id_create(chunk_t value)
{
- return ita_attr_device_id_create_from_data(value);
+ return ita_attr_device_id_create_from_data(value.len, value);
}
diff --git a/src/libimcv/ita/ita_attr_device_id.h b/src/libimcv/ita/ita_attr_device_id.h
index ffacdba1e..94bb778c0 100644
--- a/src/libimcv/ita/ita_attr_device_id.h
+++ b/src/libimcv/ita/ita_attr_device_id.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -48,8 +48,9 @@ pa_tnc_attr_t* ita_attr_device_id_create(chunk_t value);
/**
* Creates an ita_attr_device_id_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_device_id_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_device_id_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_DEVICE_ID_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c
index 6497d4645..0d21ac6ea 100644
--- a/src/libimcv/ita/ita_attr_dummy.c
+++ b/src/libimcv/ita/ita_attr_dummy.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,12 @@ struct private_ita_attr_dummy_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -89,18 +94,28 @@ METHOD(pa_tnc_attr_t, build, void,
{
return;
}
- this->value = chunk_alloc(this->size);
+ this->value = chunk_alloc(this->length);
memset(this->value.ptr, 0xdd, this->value.len);
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_dummy_t *this, u_int32_t *offset)
{
- this->size = this->value.len;
+ *offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_dummy_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_dummy_t *this)
{
@@ -121,13 +136,13 @@ METHOD(pa_tnc_attr_t, destroy, void,
METHOD(ita_attr_dummy_t, get_size, int,
private_ita_attr_dummy_t *this)
{
- return this->size;
+ return this->length;
}
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_dummy_create(int size)
+pa_tnc_attr_t *ita_attr_dummy_create(size_t size)
{
private_ita_attr_dummy_t *this;
@@ -140,13 +155,14 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_size = _get_size,
},
.type = { PEN_ITA, ITA_ATTR_DUMMY },
- .size = size,
+ .length = size,
.ref = 1,
);
@@ -156,7 +172,7 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_dummy_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_dummy_t *this;
@@ -169,12 +185,14 @@ pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_size = _get_size,
},
.type = { PEN_ITA, ITA_ATTR_DUMMY },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ita/ita_attr_dummy.h b/src/libimcv/ita/ita_attr_dummy.h
index 1f85ece54..717862efe 100644
--- a/src/libimcv/ita/ita_attr_dummy.h
+++ b/src/libimcv/ita/ita_attr_dummy.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,13 +49,14 @@ struct ita_attr_dummy_t {
*
* @param size size of dummy attribute value
*/
-pa_tnc_attr_t* ita_attr_dummy_create(int size);
+pa_tnc_attr_t* ita_attr_dummy_create(size_t size);
/**
* Creates an ita_attr_dummy_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_dummy_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_dummy_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_DUMMY_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c
index d0bc31d32..3c047fb82 100644
--- a/src/libimcv/ita/ita_attr_get_settings.c
+++ b/src/libimcv/ita/ita_attr_get_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -64,7 +64,12 @@ struct private_ita_attr_get_settings_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -130,6 +135,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -141,10 +147,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
chunk_t name;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ITA_GET_SETTINGS_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for ITA Get Settings attribute");
- *offset = 0;
return FAILED;
}
@@ -171,6 +182,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_get_settings_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_get_settings_t *this)
{
@@ -217,6 +234,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -238,7 +256,8 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_get_settings_create_from_data(size_t length,
+ chunk_t data)
{
private_ita_attr_get_settings_t *this;
@@ -251,6 +270,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -258,6 +278,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_ITA, ITA_ATTR_GET_SETTINGS },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ita/ita_attr_get_settings.h b/src/libimcv/ita/ita_attr_get_settings.h
index 975fd0d9d..2eb43f5c1 100644
--- a/src/libimcv/ita/ita_attr_get_settings.h
+++ b/src/libimcv/ita/ita_attr_get_settings.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -61,8 +61,10 @@ pa_tnc_attr_t* ita_attr_get_settings_create(char *name);
/**
* Creates an ita_attr_get_settings_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_get_settings_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_get_settings_create_from_data(size_t length,
+ chunk_t value);
#endif /** ITA_ATTR_GET_SETTINGS_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index 0d2967e66..ced347705 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -91,7 +91,12 @@ struct private_ita_attr_settings_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -159,6 +164,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -171,10 +177,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
entry_t *entry;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ITA_SETTINGS_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for ITA Settings attribute");
- *offset = 0;
return FAILED;
}
@@ -216,6 +227,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_settings_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_settings_t *this)
{
@@ -279,6 +296,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -296,7 +314,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_settings_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_settings_t *this;
@@ -309,6 +327,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -316,6 +335,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_ITA, ITA_ATTR_SETTINGS },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ita/ita_attr_settings.h b/src/libimcv/ita/ita_attr_settings.h
index eb7eedae3..87eb87f60 100644
--- a/src/libimcv/ita/ita_attr_settings.h
+++ b/src/libimcv/ita/ita_attr_settings.h
@@ -60,8 +60,9 @@ pa_tnc_attr_t* ita_attr_settings_create(void);
/**
* Creates an ita_attr_settings_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_settings_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_settings_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_SETTINGS_H_ @}*/
diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h
index 031355458..aa7b137dc 100644
--- a/src/libimcv/os_info/os_info.h
+++ b/src/libimcv/os_info/os_info.h
@@ -21,7 +21,6 @@
#ifndef OS_INFO_H_
#define OS_INFO_H_
-typedef struct os_info_t os_info_t;
typedef enum os_type_t os_type_t;
typedef enum os_fwd_status_t os_fwd_status_t;
typedef enum os_package_state_t os_package_state_t;
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr.h b/src/libimcv/pa_tnc/pa_tnc_attr.h
index 1e0c339c9..be0bef32e 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr.h
+++ b/src/libimcv/pa_tnc/pa_tnc_attr.h
@@ -26,8 +26,12 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t;
#include <library.h>
#include <pen/pen.h>
+#define PA_TNC_ATTR_INFO_SIZE 8
#define PA_TNC_ATTR_HEADER_SIZE 12
+#define PA_TNC_ATTR_FLAG_NONE 0x00
+#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
+
/**
* Interface for an RFC 5792 PA-TNC Posture Attribute.
*
@@ -70,12 +74,19 @@ struct pa_tnc_attr_t {
/**
* Process the value of an PA-TNC attribute to extract its parameters
*
- * @param relative error offset within attribute body
+ * @param offset relative error offset within attribute body
* @return result status
*/
status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
/**
+ * Add a data segment to an attribute allowing incremental processing
+ *
+ * @param segment data segment to be appended
+ */
+ void (*add_segment)(pa_tnc_attr_t *this, chunk_t segment);
+
+ /**
* Get a new reference to the PA-TNC attribute
*
* @return this, with an increased refcount
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
index 900a55716..522213bd5 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
+++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
*
* HSR Hochschule fuer Technik Rapperswil
*
@@ -16,6 +16,10 @@
#include "pa_tnc_attr_manager.h"
+#include "imcv.h"
+#include "pa_tnc_attr.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+
#include <collections/linked_list.h>
#include <utils/debug.h>
@@ -100,14 +104,102 @@ METHOD(pa_tnc_attr_manager_t, get_names, enum_name_t*,
return attr_names;
}
+/**
+ * PA-TNC attribute
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | PA-TNC Attribute Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Attribute Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Attribute Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Attribute Value (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*,
- private_pa_tnc_attr_manager_t *this, pen_t vendor_id, u_int32_t type,
- chunk_t value)
+ private_pa_tnc_attr_manager_t *this, bio_reader_t *reader, bool segmented,
+ uint32_t *offset, chunk_t msg_info, pa_tnc_attr_t **error)
{
+ uint8_t flags;
+ uint32_t type, length, value_len;
+ chunk_t value;
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_t vendor_id;
+ pen_type_t unsupported_type;
+ pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
+ enum_name_t *pa_attr_names;
+ pa_tnc_attr_t *attr = NULL;
enumerator_t *enumerator;
entry_t *entry;
- pa_tnc_attr_t *attr = NULL;
+ /* properly initialize error return argument in case of no error */
+ *error = NULL;
+
+ if (reader->remaining(reader) < PA_TNC_ATTR_HEADER_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset);
+ return NULL;
+ }
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ reader->read_uint32(reader, &length);
+
+ pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ vendor_id);
+ if (pa_attr_names)
+ {
+ DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ pa_attr_names, type, vendor_id, type);
+ }
+ else
+ {
+ DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ vendor_id, type);
+ }
+
+ if (length < PA_TNC_ATTR_HEADER_SIZE)
+ {
+ DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
+ length);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + PA_TNC_ATTR_INFO_SIZE);
+ return NULL;
+ }
+ length -= PA_TNC_ATTR_HEADER_SIZE;
+ value_len = segmented ? reader->remaining(reader) : length;
+
+ if (!reader->read_data(reader, value_len, &value))
+ {
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + PA_TNC_ATTR_INFO_SIZE);
+ return NULL;
+ }
+ DBG3(DBG_TNC, "%B", &value);
+
+ if (vendor_id == PEN_RESERVED)
+ {
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + 1);
+ return NULL;
+ }
+ if (type == IETF_ATTR_RESERVED)
+ {
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + 4);
+ return NULL;
+ }
+
+ /* check if the attribute type is registered */
enumerator = this->list->create_enumerator(this->list);
while (enumerator->enumerate(enumerator, &entry))
{
@@ -115,13 +207,71 @@ METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*,
{
if (entry->attr_create)
{
- attr = entry->attr_create(type, value);
+ attr = entry->attr_create(type, length, value);
}
break;
}
}
enumerator->destroy(enumerator);
+ if (!attr)
+ {
+ if (!(flags & PA_TNC_ATTR_FLAG_NOSKIP))
+ {
+ DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
+ (*offset) += PA_TNC_ATTR_HEADER_SIZE + length;
+ return NULL;
+ }
+
+ DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
+ unsupported_type = pen_type_create(vendor_id, type);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_ATTR_TYPE_NOT_SUPPORTED);
+ *error = ietf_attr_pa_tnc_error_create(error_code, msg_info);
+ error_attr = (ietf_attr_pa_tnc_error_t*)(*error);
+ error_attr->set_unsupported_attr(error_attr, flags, unsupported_type);
+ return NULL;
+ }
+ (*offset) += PA_TNC_ATTR_HEADER_SIZE;
+
+ return attr;
+}
+
+METHOD(pa_tnc_attr_manager_t, construct, pa_tnc_attr_t*,
+ private_pa_tnc_attr_manager_t *this, pen_t vendor_id, uint32_t type,
+ chunk_t value)
+{
+ enum_name_t *pa_attr_names;
+ pa_tnc_attr_t *attr = NULL;
+ enumerator_t *enumerator;
+ entry_t *entry;
+
+ pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ vendor_id);
+ if (pa_attr_names)
+ {
+ DBG2(DBG_TNC, "generating PA-TNC attribute type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ pa_attr_names, type, vendor_id, type);
+ }
+ else
+ {
+ DBG2(DBG_TNC, "generating PA-TNC attribute type '%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ vendor_id, type);
+ }
+ enumerator = this->list->create_enumerator(this->list);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->vendor_id == vendor_id)
+ {
+ if (entry->attr_create)
+ {
+ attr = entry->attr_create(type, value.len, value);
+ }
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
return attr;
}
@@ -145,6 +295,7 @@ pa_tnc_attr_manager_t *pa_tnc_attr_manager_create(void)
.remove_vendor = _remove_vendor,
.get_names = _get_names,
.create = _create,
+ .construct = _construct,
.destroy = _destroy,
},
.list = linked_list_create(),
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
index 121be7f90..8607feede 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
+++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,8 +26,10 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t;
#include "pa_tnc_attr.h"
#include <library.h>
+#include <bio/bio_reader.h>
-typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, chunk_t value);
+typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length,
+ chunk_t value);
/**
* Manages PA-TNC attributes for arbitrary PENs
@@ -61,15 +63,29 @@ struct pa_tnc_attr_manager_t {
enum_name_t* (*get_names)(pa_tnc_attr_manager_t *this, pen_t vendor_id);
/**
- * Create a PA-TNC attribute object from data for a given vendor ID and type
+ * Create and pre-parse a PA-TNC attribute object from data
+ *
+ * @param reader PA-TNC attribute as encoded data
+ * @param segmented TRUE if attribute is segmented
+ * @param offset Offset in bytes where an error has been found
+ * @param msg_info Message info added to an error attribute
+ * @param error Error attribute if an error occurred
+ * @return PA-TNC attribute object if supported, NULL else
+ */
+ pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, bio_reader_t *reader,
+ bool segmented, uint32_t *offset, chunk_t msg_info,
+ pa_tnc_attr_t **error);
+
+ /**
+ * Generically construct a PA-TNC attribute from type and data
*
* @param vendor_id Private Enterprise Number (PEN)
* @param type PA-TNC attribute type
* @param value PA-TNC attribute value as encoded data
* @return PA-TNC attribute object if supported, NULL else
*/
- pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, pen_t vendor_id,
- u_int32_t type, chunk_t value);
+ pa_tnc_attr_t* (*construct)(pa_tnc_attr_manager_t *this, pen_t vendor_id,
+ uint32_t type, chunk_t value);
/**
* Destroys a pa_tnc_attr_manager_t object.
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index 77d383b93..d9b441707 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -40,26 +40,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
#define PA_TNC_RESERVED 0x000000
/**
- * PA-TNC attribute
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | PA-TNC Attribute Vendor ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | PA-TNC Attribute Type |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | PA-TNC Attribute Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Attribute Value (Variable Length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PA_TNC_ATTR_FLAG_NONE 0x00
-#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
-#define PA_TNC_ATTR_INFO_SIZE 8
-
-/**
* Private data of a pa_tnc_msg_t object.
*
*/
@@ -96,6 +76,11 @@ struct private_pa_tnc_msg_t {
size_t max_msg_len;
/**
+ * TRUE if attribute was extracted from data
+ */
+ bool from_data;
+
+ /**
* Encoded message
*/
chunk_t encoding;
@@ -113,17 +98,19 @@ METHOD(pa_tnc_msg_t, add_attribute, bool,
chunk_t attr_value;
size_t attr_len;
- attr->build(attr);
- attr_value = attr->get_value(attr);
- attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
-
- if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
+ if (!this->from_data)
{
- /* attribute just does not fit into this message */
- return FALSE;
- }
- this->msg_len += attr_len;
+ attr->build(attr);
+ attr_value = attr->get_value(attr);
+ attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
+ if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
+ {
+ /* attribute just does not fit into this message */
+ return FALSE;
+ }
+ this->msg_len += attr_len;
+ }
this->attributes->insert_last(this->attributes, attr);
return TRUE;
}
@@ -201,7 +188,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
private_pa_tnc_msg_t *this)
{
bio_reader_t *reader;
- pa_tnc_attr_t *error;
+ pa_tnc_attr_t *attr, *error;
+ pen_type_t attr_type;
+ chunk_t attr_value;
uint8_t version;
uint32_t reserved, offset, attr_offset;
pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
@@ -231,119 +220,38 @@ METHOD(pa_tnc_msg_t, process, status_t,
offset = PA_TNC_HEADER_SIZE;
/* pre-process PA-TNC attributes */
- while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
+ while (reader->remaining(reader) > 0)
{
- pen_t vendor_id;
- uint8_t flags;
- uint32_t type, length;
- chunk_t value, attr_info;
- pa_tnc_attr_t *attr;
- enum_name_t *pa_attr_names;
- ietf_attr_pa_tnc_error_t *error_attr;
-
- attr_info = reader->peek(reader);
- attr_info.len = PA_TNC_ATTR_INFO_SIZE;
- reader->read_uint8 (reader, &flags);
- reader->read_uint24(reader, &vendor_id);
- reader->read_uint32(reader, &type);
- reader->read_uint32(reader, &length);
-
- pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
- vendor_id);
- if (pa_attr_names)
- {
- DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
- "0x%06x/0x%08x", pen_names, vendor_id,
- pa_attr_names, type, vendor_id, type);
- }
- else
- {
- DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
- "0x%06x/0x%08x", pen_names, vendor_id,
- vendor_id, type);
- }
-
- if (length < PA_TNC_ATTR_HEADER_SIZE)
- {
- DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
- length);
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + PA_TNC_ATTR_INFO_SIZE);
- goto err;
- }
-
- if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
- {
- DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + PA_TNC_ATTR_INFO_SIZE);
- goto err;
- }
- DBG3(DBG_TNC, "%B", &value);
-
- if (vendor_id == PEN_RESERVED)
- {
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + 1);
- goto err;
- }
- if (type == IETF_ATTR_RESERVED)
- {
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + 4);
- goto err;
- }
attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
- vendor_id, type, value);
+ reader, FALSE, &offset, this->encoding, &error);
if (!attr)
{
- if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
- {
- DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
- error_code = pen_type_create(PEN_IETF,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED);
- error = ietf_attr_pa_tnc_error_create(error_code,
- this->encoding);
- error_attr = (ietf_attr_pa_tnc_error_t*)error;
- error_attr->set_attr_info(error_attr, attr_info);
- goto err;
- }
- else
- {
- DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
- offset += length;
- continue;
- }
+ goto err;
}
+ attr_value = attr->get_value(attr);
+ attr_type = attr->get_type(attr);
if (attr->process(attr, &attr_offset) != SUCCESS)
{
attr->destroy(attr);
- if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
+
+ if (attr_type.vendor_id == PEN_IETF &&
+ attr_type.type == IETF_ATTR_PA_TNC_ERROR)
{
- /* error while processing a PA-TNC error attribute - abort */
- reader->destroy(reader);
- return FAILED;
+ /* suppress error while processing a PA-TNC error attribute */
+ offset += attr_value.len;
+ continue;
}
- error_code = pen_type_create(PEN_IETF,
- PA_ERROR_INVALID_PARAMETER);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding,
- offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ this->encoding, offset + attr_offset);
goto err;
}
+ offset += attr_value.len;
this->attributes->insert_last(this->attributes, attr);
- offset += length;
}
-
- if (reader->remaining(reader) == 0)
- {
- reader->destroy(reader);
- return SUCCESS;
- }
- DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset);
+ reader->destroy(reader);
+ return SUCCESS;
err:
reader->destroy(reader);
@@ -352,24 +260,27 @@ err:
}
METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
- private_pa_tnc_msg_t *this)
+ private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
{
- enumerator_t *enumerator;
+ enumerator_t *e1, *e2;
+ enum_name_t *pa_attr_names;
pa_tnc_attr_t *attr;
- pen_type_t type;
+ pen_type_t type, unsupported_type;
+ uint8_t flags;
bool fatal_error = FALSE;
- enumerator = this->attributes->create_enumerator(this->attributes);
- while (enumerator->enumerate(enumerator, &attr))
+ e1 = this->attributes->create_enumerator(this->attributes);
+ while (e1->enumerate(e1, &attr))
{
type = attr->get_type(attr);
if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
{
ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info, attr_info;
+ pen_type_t error_code, *non_fatal_type;
+ chunk_t msg_info;
uint32_t offset;
+ bool fatal_current_error = TRUE;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
@@ -391,16 +302,49 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
DBG1(DBG_TNC, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_TNC, " unsupported attribute %#B", &attr_info);
+ unsupported_type =
+ error_attr->get_unsupported_attr(error_attr, &flags);
+ pa_attr_names =
+ imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ unsupported_type.vendor_id);
+ if (pa_attr_names)
+ {
+ DBG1(DBG_TNC, " unsupported attribute type '%N/%N' "
+ "0x%06x/0x%08x, flags 0x%02x",
+ pen_names, unsupported_type.vendor_id,
+ pa_attr_names, unsupported_type.type,
+ unsupported_type.vendor_id, unsupported_type.type,
+ flags);
+ }
+ else
+ {
+ DBG1(DBG_TNC, " unsupported attribute type '%N' "
+ "0x%06x/0x%08x, flags 0x%02x",
+ pen_names, unsupported_type.vendor_id,
+ unsupported_type.vendor_id, unsupported_type.type,
+ flags);
+ }
+ e2 = non_fatal_types->create_enumerator(non_fatal_types);
+ while (e2->enumerate(e2, &non_fatal_type))
+ {
+ if (pen_type_equals(unsupported_type, *non_fatal_type))
+ {
+ fatal_current_error = FALSE;
+ break;
+ }
+ }
+ e2->destroy(e2);
break;
default:
break;
}
- fatal_error = TRUE;
+ if (fatal_current_error)
+ {
+ fatal_error = TRUE;
+ }
}
}
- enumerator->destroy(enumerator);
+ e1->destroy(e1);
return fatal_error;
}
@@ -476,6 +420,7 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
.encoding = chunk_clone(data),
.attributes = linked_list_create(),
.errors = linked_list_create(),
+ .from_data = TRUE,
);
return &this->public;
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index 84814b92b..57ff1a04c 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -68,9 +68,11 @@ struct pa_tnc_msg_t {
/**
* Process all IETF standard error PA-TNC attributes
*
- * @return TRUE if at least one error attribute processed
+ * @param non_fatal_types list of non fatal unsupported attribute types
+ * @return TRUE if at least one fatal error processed
*/
- bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+ bool (*process_ietf_std_errors)(pa_tnc_msg_t *this,
+ linked_list_t *non_fatal_types);
/**
* Enumerates over all PA-TNC attributes
diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am
index 88d9ddd8b..e7b1f1ce1 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.am
+++ b/src/libimcv/plugins/imc_attestation/Makefile.am
@@ -1,8 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
+ -I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -10,8 +9,7 @@ AM_CFLAGS = \
imcv_LTLIBRARIES = imc-attestation.la
imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
imc_attestation_la_SOURCES = imc_attestation.c \
imc_attestation_state.h imc_attestation_state.c \
diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index 1f12af63a..3c5017f32 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -78,7 +78,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libpts/plugins/imc_attestation
+subdir = src/libimcv/plugins/imc_attestation
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -129,8 +129,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imc_attestation_la_DEPENDENCIES = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
am_imc_attestation_la_OBJECTS = imc_attestation.lo \
imc_attestation_state.lo imc_attestation_process.lo
imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS)
@@ -234,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -418,16 +425,14 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
+ -I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
imcv_LTLIBRARIES = imc-attestation.la
imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
imc_attestation_la_SOURCES = imc_attestation.c \
imc_attestation_state.h imc_attestation_state.c \
@@ -447,9 +452,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index 74bbc468f..0dd88b6a7 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -23,14 +24,10 @@
#include <ietf/ietf_attr_product_info.h>
#include <ietf/ietf_attr_string_version.h>
#include <ietf/ietf_attr_assess_result.h>
-#include <os_info/os_info.h>
-
-#include <libpts.h>
-
-#include <pts/pts_error.h>
-
#include <tcg/pts/tcg_pts_attr_proto_caps.h>
#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <os_info/os_info.h>
+#include <pts/pts_error.h>
#include <tncif_pa_subtypes.h>
@@ -90,7 +87,6 @@ TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
imc_attestation = NULL;
return TNC_RESULT_FATAL;
}
- libpts_init();
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
{
@@ -164,13 +160,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -217,7 +216,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
if (result == TNC_RESULT_SUCCESS)
{
- /* send PA-TNC message with the excl flag set */
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
@@ -315,9 +314,6 @@ TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
return TNC_RESULT_NOT_INITIALIZED;
}
-
- libpts_deinit();
-
imc_attestation->destroy(imc_attestation);
imc_attestation = NULL;
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
index fbe81ee48..2fc2998e1 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -446,6 +446,10 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
msg->add_attribute(msg, attr);
break;
}
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ case TCG_SEG_NEXT_SEG_REQ:
+ break;
+
/* TODO: Not implemented yet */
case TCG_PTS_REQ_INTEG_MEAS_LOG:
/* Attributes using XML */
@@ -468,8 +472,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
case TCG_PTS_FILE_MEAS:
case TCG_PTS_INTEG_MEAS_LOG:
default:
- DBG1(DBG_IMC, "received unsupported attribute '%N'",
- tcg_attr_names, attr->get_type(attr));
+ DBG1(DBG_IMC, "received unsupported attribute '%N/%N'",
+ pen_names, PEN_TCG, tcg_attr_names, attr_type.type);
break;
}
return TRUE;
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h
index a2f1b4e3c..a2f1b4e3c 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.h
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
index 4fcbdfa8a..0b594cb10 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,7 +16,7 @@
#include "imc_attestation_state.h"
-#include <libpts.h>
+#include <imcv.h>
#include <tncif_names.h>
@@ -66,6 +67,11 @@ struct private_imc_attestation_state_t {
u_int32_t max_msg_len;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* PTS object
*/
pts_t *pts;
@@ -119,6 +125,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
{
@@ -151,6 +163,7 @@ METHOD(imc_state_t, destroy, void,
offsetof(pts_component_t, destroy));
this->list->destroy_offset(this->list,
offsetof(pts_comp_evidence_t, destroy));
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -181,7 +194,8 @@ METHOD(imc_attestation_state_t, create_component, pts_component_t*,
if (!found)
{
- component = pts_components->create(pts_components, name, depth, NULL);
+ component = imcv_pts_components->create(imcv_pts_components,
+ name, depth, NULL);
if (!component)
{
return NULL;
@@ -220,6 +234,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -233,6 +248,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
.pts = pts_create(TRUE),
.components = linked_list_create(),
.list = linked_list_create(),
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
index 4b93931c3..854c8825b 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.h
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
@@ -15,7 +15,7 @@
/**
* @defgroup imc_attestation imc_attestation
- * @ingroup libpts_plugins
+ * @ingroup libimcv_plugins
*
* @defgroup imc_attestation_state_t imc_attestation_state
* @{ @ingroup imc_attestation
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 2f0b85404..3f4cf41a9 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index c624d26b1..86d2e09ca 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -30,7 +30,6 @@
#include <ita/ita_attr.h>
#include <ita/ita_attr_get_settings.h>
#include <ita/ita_attr_settings.h>
-#include <ita/ita_attr_angel.h>
#include <ita/ita_attr_device_id.h>
#include <tncif_pa_subtypes.h>
@@ -341,69 +340,24 @@ static void add_device_id(imc_msg_t *msg)
*/
static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
{
- pa_tnc_attr_t *attr = NULL, *attr_angel;
+ pa_tnc_attr_t *attr;
ietf_attr_installed_packages_t *attr_cast;
enumerator_t *enumerator;
chunk_t name, version;
- size_t max_attr_size, attr_size, entry_size;
- bool first = TRUE;
-
- /**
- * Compute the maximum IETF Installed Packages attribute size
- * leaving space for an additional ITA Angel attribute
- */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
- /* At least one IETF Installed Packages attribute is sent */
attr = ietf_attr_installed_packages_create();
- attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
enumerator = os->create_package_enumerator(os);
- if (enumerator)
+ while (enumerator->enumerate(enumerator, &name, &version))
{
- while (enumerator->enumerate(enumerator, &name, &version))
- {
- DBG2(DBG_IMC, "package '%.*s' (%.*s)",
- name.len, name.ptr, version.len, version.ptr);
-
- entry_size = 2 + name.len + version.len;
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple ITA Installed Package attributes follow.
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next IETF Installed Packages attribute */
- attr = ietf_attr_installed_packages_create();
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- IETF_INSTALLED_PACKAGES_MIN_SIZE;
- }
- attr_cast = (ietf_attr_installed_packages_t*)attr;
- attr_cast->add(attr_cast, name, version);
- attr_size += entry_size;
- }
- enumerator->destroy(enumerator);
+ DBG2(DBG_IMC, "package '%.*s' (%.*s)",
+ name.len, name.ptr, version.len, version.ptr);
+ attr_cast = (ietf_attr_installed_packages_t*)attr;
+ attr_cast->add(attr_cast, name, version);
}
- msg->add_attribute(msg, attr);
+ enumerator->destroy(enumerator);
- if (!first)
- {
- /**
- * If we sent an ITA Start Angel attribute in the first place,
- * terminate by appending a matching ITA Stop Angel attribute.
- */
- attr_angel = ita_attr_angel_create(FALSE);
- msg->add_attribute(msg, attr_angel);
- }
+ msg->add_attribute(msg, attr);
}
/**
@@ -491,13 +445,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -582,6 +539,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
}
else
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c
index f49959ab9..139ab0597 100644
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_os_state_t {
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_os_state_t *this, TNC_ConnectionState new_state)
{
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
METHOD(imc_state_t, destroy, void,
private_imc_os_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -145,6 +157,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index c66bb1afa..a192b0a41 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 2be6a87df..0478841cb 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -299,13 +299,16 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -352,6 +355,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
}
else if (result == TNC_RESULT_SUCCESS)
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
index b5a6cdd20..d357859fa 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_scanner_state_t {
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
METHOD(imc_state_t, destroy, void,
private_imc_scanner_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -145,6 +157,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am
index ddf596465..c1cdb988a 100644
--- a/src/libpts/plugins/imc_swid/Makefile.am
+++ b/src/libimcv/plugins/imc_swid/Makefile.am
@@ -21,7 +21,6 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
-DSWID_DIRECTORY=\"${prefix}/share\"
AM_CFLAGS = \
@@ -31,7 +30,6 @@ imcv_LTLIBRARIES = imc-swid.la
imc_swid_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index 6c3923ae2..f1859a2cb 100644
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -79,7 +79,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libpts/plugins/imc_swid
+subdir = src/libimcv/plugins/imc_swid
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -130,7 +130,6 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \
"$(DESTDIR)$(swiddir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo
imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS)
@@ -234,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -427,7 +434,6 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
-DSWID_DIRECTORY=\"${prefix}/share\"
AM_CFLAGS = \
@@ -436,7 +442,6 @@ AM_CFLAGS = \
imcv_LTLIBRARIES = imc-swid.la
imc_swid_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
@@ -454,9 +459,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c
index ef3a6a3e3..40f352ad9 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libimcv/plugins/imc_swid/imc_swid.c
@@ -15,17 +15,15 @@
#include "imc_swid_state.h"
-#include "libpts.h"
-#include "swid/swid_inventory.h"
-#include "swid/swid_error.h"
+#include <imc/imc_agent.h>
+#include <imc/imc_msg.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include "tcg/swid/tcg_swid_attr_req.h"
#include "tcg/swid/tcg_swid_attr_tag_inv.h"
#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-
-#include <imc/imc_agent.h>
-#include <imc/imc_msg.h>
-#include <ita/ita_attr.h>
-#include <ita/ita_attr_angel.h>
+#include "swid/swid_inventory.h"
+#include "swid/swid_error.h"
#include <tncif_pa_subtypes.h>
@@ -63,9 +61,6 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
{
return TNC_RESULT_FATAL;
}
-
- libpts_init();
-
if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
{
DBG1(DBG_IMC, "no common IF-IMC version");
@@ -117,6 +112,14 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
TNC_ConnectionID connection_id)
{
imc_state_t *state;
+ imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ char buf[BUF_LEN];
+ TNC_Result result = TNC_RESULT_SUCCESS;
if (!imc_swid)
{
@@ -128,7 +131,30 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
- return TNC_RESULT_SUCCESS;
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMV */
+ contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+ TRUE, imc_id, TRUE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+ /* send PA-TNC message with the excl flag not set */
+ out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
+ TNC_IMVID_ANY, msg_types[0]);
+ out_msg->add_attribute(out_msg, attr);
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
}
/**
@@ -138,13 +164,12 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
uint32_t request_id, bool full_tags,
swid_inventory_t *targets)
{
- pa_tnc_attr_t *attr, *attr_angel, *attr_error;
+ pa_tnc_attr_t *attr, *attr_error;
imc_swid_state_t *swid_state;
swid_inventory_t *swid_inventory;
char *swid_directory, *swid_generator;
uint32_t eid_epoch;
- size_t max_attr_size, attr_size, entry_size;
- bool first = TRUE, swid_pretty, swid_full;
+ bool swid_pretty, swid_full;
enumerator_t *enumerator;
swid_directory = lib->settings->get_str(lib->settings,
@@ -177,63 +202,19 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
swid_state = (imc_swid_state_t*)state;
eid_epoch = swid_state->get_eid_epoch(swid_state);
- /**
- * Compute the maximum TCG SWID Tag [ID] Inventory attribute size
- * leaving space for an additional ITA Angel attribute
- */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
-
if (full_tags)
{
tcg_swid_attr_tag_inv_t *swid_attr;
swid_tag_t *tag;
- chunk_t encoding, tag_file_path;
- /* At least one TCG Tag Inventory attribute is sent */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
+ /* Send a TCG SWID Tag Inventory attribute */
attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+ swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
enumerator = swid_inventory->create_enumerator(swid_inventory);
while (enumerator->enumerate(enumerator, &tag))
{
- tag_file_path = tag->get_tag_file_path(tag);
- encoding = tag->get_encoding(tag);
- entry_size = 2 + tag_file_path.len + 4 + encoding.len;
-
- /* Check for oversize tags that cannot be transported */
- if (PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE +
- entry_size > max_attr_size)
- {
- attr_error = swid_error_create(TCG_SWID_RESPONSE_TOO_LARGE,
- request_id, max_attr_size,
- "oversize SWID tag omitted");
- msg->add_attribute(msg, attr_error);
- continue;
- }
-
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple TGC SWID Tag Inventory attributes follow
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next TCG SWID Tag Inventory attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_TAG_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
- }
- swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
swid_attr->add(swid_attr, tag->get_ref(tag));
- attr_size += entry_size;
}
enumerator->destroy(enumerator);
}
@@ -241,59 +222,22 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
{
tcg_swid_attr_tag_id_inv_t *swid_id_attr;
swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
- /* At least one TCG Tag ID Inventory attribute is sent */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
+ /* Send a TCG SWID Tag ID Inventory attribute */
attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
enumerator = swid_inventory->create_enumerator(swid_inventory);
while (enumerator->enumerate(enumerator, &tag_id))
{
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
- entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
- 2 + tag_file_path.len;
-
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple TGC SWID Tag ID Inventory attributes follow
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next TCG SWID Tag ID Inventory attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_TAG_ID_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
- }
- swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
- attr_size += entry_size;
}
enumerator->destroy(enumerator);
}
+
msg->add_attribute(msg, attr);
swid_inventory->destroy(swid_inventory);
- if (!first)
- {
- /**
- * If we sent an ITA Start Angel attribute in the first place,
- * terminate by appending a matching ITA Stop Angel attribute.
- */
- attr_angel = ita_attr_angel_create(FALSE);
- msg->add_attribute(msg, attr_angel);
- }
-
return TRUE;
}
@@ -306,13 +250,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -358,6 +305,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
}
else
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
@@ -455,9 +403,6 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
return TNC_RESULT_NOT_INITIALIZED;
}
-
- libpts_deinit();
-
imc_swid->destroy(imc_swid);
imc_swid = NULL;
diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c
index 11f467303..65c279b3f 100644
--- a/src/libpts/plugins/imc_swid/imc_swid_state.c
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -62,6 +62,11 @@ struct private_imc_swid_state_t {
u_int32_t max_msg_len;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* Event ID Epoch
*/
u_int32_t eid_epoch;
@@ -104,6 +109,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_swid_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_swid_state_t *this, TNC_ConnectionState new_state)
{
@@ -131,6 +142,7 @@ METHOD(imc_state_t, get_result, bool,
METHOD(imc_state_t, destroy, void,
private_imc_swid_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -169,6 +181,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -179,6 +192,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.eid_epoch = eid_epoch,
);
diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
index cb3ac4589..cb3ac4589 100644
--- a/src/libpts/plugins/imc_swid/imc_swid_state.h
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h
diff --git a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
index 8b7b50fdf..8b7b50fdf 100644
--- a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
+++ b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 1702574f9..3e1d0232f 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c
index ee982d93b..d38ace140 100644
--- a/src/libimcv/plugins/imc_test/imc_test.c
+++ b/src/libimcv/plugins/imc_test/imc_test.c
@@ -181,7 +181,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
}
}
-static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
+static void create_message(imc_state_t *state, imc_msg_t *out_msg)
{
imc_test_state_t *test_state;
pa_tnc_attr_t *attr;
@@ -196,9 +196,6 @@ static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
attr = ita_attr_command_create(test_state->get_command(test_state));
attr->set_noskip_flag(attr, TRUE);
out_msg->add_attribute(out_msg, attr);
-
- /* send PA-TNC message with the excl flag set */
- return out_msg->send(out_msg, TRUE);
}
/**
@@ -224,10 +221,11 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
- /* send PA message for primary IMC ID */
+ /* send PA message for primary IMC ID with the EXCL flag set */
out_msg = imc_msg_create(imc_test, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
/* Exit if there are no additional IMC IDs */
@@ -253,7 +251,8 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
additional_id = (TNC_UInt32)pointer;
out_msg = imc_msg_create(imc_test, state, connection_id, additional_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
}
enumerator->destroy(enumerator);
@@ -267,13 +266,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
pen_type_t attr_type;
- TNC_Result result;
+ TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -308,16 +311,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
if (fatal_error)
{
- return TNC_RESULT_FATAL;
+ result = TNC_RESULT_FATAL;
}
-
- /* if no assessment result is known then repeat the measurement */
- if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ else
{
- return TNC_RESULT_SUCCESS;
+ /* if no assessment result is known then repeat the measurement */
+ if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ {
+ create_message(state, out_msg);
+ }
+ result = out_msg->send(out_msg, TRUE);
}
- out_msg = imc_msg_create_as_reply(in_msg);
- result = send_message(state, out_msg);
out_msg->destroy(out_msg);
return result;
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c
index e7beca0aa..d3f6805ad 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -64,6 +64,11 @@ struct private_imc_test_state_t {
u_int32_t max_msg_len;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* Command to transmit to IMV
*/
char *command;
@@ -130,6 +135,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
@@ -195,6 +206,7 @@ METHOD(imc_state_t, destroy, void,
private_imc_test_state_t *this)
{
this->results->destroy_function(this->results, free);
+ this->contracts->destroy(this->contracts);
free(this->command);
free(this);
}
@@ -261,6 +273,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -275,6 +288,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.results = linked_list_create(),
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.command = strdup(command),
.dummy_size = dummy_size,
.first_handshake = TRUE,
diff --git a/src/libpts/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am
index 8dc74fd54..6c5bf8913 100644
--- a/src/libpts/plugins/imv_attestation/Makefile.am
+++ b/src/libimcv/plugins/imv_attestation/Makefile.am
@@ -2,7 +2,6 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
-DPLUGINS=\""${attest_plugins}\""
AM_CFLAGS = \
@@ -12,8 +11,7 @@ imcv_LTLIBRARIES = imv-attestation.la
imv_attestation_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
imv_attestation_la_SOURCES = imv_attestation.c \
imv_attestation_state.h imv_attestation_state.c \
@@ -29,7 +27,6 @@ attest_SOURCES = attest.c \
attest_db.h attest_db.c
attest_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
attest.o : $(top_builddir)/config.status
diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index b0e3787ae..3ba7c8c88 100644
--- a/src/libpts/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -80,7 +80,7 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = attest$(EXEEXT)
-subdir = src/libpts/plugins/imv_attestation
+subdir = src/libimcv/plugins/imv_attestation
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -131,8 +131,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imv_attestation_la_DEPENDENCIES = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
am_imv_attestation_la_OBJECTS = imv_attestation.lo \
imv_attestation_state.lo imv_attestation_agent.lo \
imv_attestation_process.lo imv_attestation_build.lo
@@ -150,7 +149,6 @@ am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \
attest_db.$(OBJEXT)
attest_OBJECTS = $(am_attest_OBJECTS)
attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -244,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -304,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -369,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -416,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -429,7 +435,6 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
-DPLUGINS=\""${attest_plugins}\""
AM_CFLAGS = \
@@ -438,8 +443,7 @@ AM_CFLAGS = \
imcv_LTLIBRARIES = imv-attestation.la
imv_attestation_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
imv_attestation_la_SOURCES = imv_attestation.c \
imv_attestation_state.h imv_attestation_state.c \
@@ -454,7 +458,6 @@ attest_SOURCES = attest.c \
attest_LDADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
EXTRA_DIST = build-database.sh
@@ -471,9 +474,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libimcv/plugins/imv_attestation/attest.c
index 63c0023a7..1143a0356 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libimcv/plugins/imv_attestation/attest.c
@@ -28,7 +28,6 @@
#include <utils/debug.h>
#include <imcv.h>
-#include <libpts.h>
#include <pts/pts_meas_algo.h>
#include "attest_db.h"
@@ -96,7 +95,6 @@ attest_db_t *attest;
static void cleanup(void)
{
attest->destroy(attest);
- libpts_deinit();
libimcv_deinit();
#ifdef HAVE_SYSLOG
closelog();
@@ -479,7 +477,6 @@ int main(int argc, char *argv[])
}
atexit(cleanup);
libimcv_init(FALSE);
- libpts_init();
do_args(argc, argv);
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
index d7f45ad29..f85a02b3d 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -23,7 +23,7 @@
#include "attest_db.h"
-#include "libpts.h"
+#include "imcv.h"
#include "pts/pts_meas_algo.h"
#include "pts/pts_file_meas.h"
#include "pts/components/pts_comp_func_name.h"
@@ -187,9 +187,10 @@ char* print_cfn(pts_comp_func_name_t *cfn)
qualifier = cfn->get_qualifier(cfn);
n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
- names = pts_components->get_comp_func_names(pts_components, vid);
- types = pts_components->get_qualifier_type_names(pts_components, vid);
- type = pts_components->get_qualifier(pts_components, cfn, flags);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid);
+ types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components,
+ vid);
+ type = imcv_pts_components->get_qualifier(imcv_pts_components, cfn, flags);
if (names && types)
{
n = snprintf(buf + n, BUF_LEN - n, " %N/%N [%s] %N",
diff --git a/src/libpts/plugins/imv_attestation/attest_db.h b/src/libimcv/plugins/imv_attestation/attest_db.h
index 07e55cce7..ab3d046b3 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.h
+++ b/src/libimcv/plugins/imv_attestation/attest_db.h
@@ -15,7 +15,7 @@
/**
* @defgroup attest_db_t attest_db
- * @{ @ingroup libpts
+ * @{ @ingroup libimcv
*/
#ifndef ATTEST_DB_H_
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c
index 8f4afdbad..8f4afdbad 100644
--- a/src/libpts/plugins/imv_attestation/attest_usage.c
+++ b/src/libimcv/plugins/imv_attestation/attest_usage.c
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.h b/src/libimcv/plugins/imv_attestation/attest_usage.h
index bce801e9d..bce801e9d 100644
--- a/src/libpts/plugins/imv_attestation/attest_usage.h
+++ b/src/libimcv/plugins/imv_attestation/attest_usage.h
diff --git a/src/libpts/plugins/imv_attestation/build-database.sh b/src/libimcv/plugins/imv_attestation/build-database.sh
index f16b5d152..ca2939b49 100755
--- a/src/libpts/plugins/imv_attestation/build-database.sh
+++ b/src/libimcv/plugins/imv_attestation/build-database.sh
@@ -2,7 +2,7 @@
p="Ubuntu 14.04 x86_64"
a="x86_64-linux-gnu"
-k="3.13.0-30-generic"
+k="3.13.0-37-generic"
for hash in sha1 sha256
do
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
index 542a561aa..542a561aa 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
index fcfee31c1..8e3736857 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
@@ -34,19 +34,17 @@
#include <ietf/ietf_attr_string_version.h>
#include <ita/ita_attr.h>
#include <ita/ita_attr_device_id.h>
-
-#include <libpts.h>
-
-#include <pts/pts.h>
-#include <pts/pts_database.h>
-#include <pts/pts_creds.h>
-#include <pts/components/ita/ita_comp_func_name.h>
-
#include <tcg/tcg_attr.h>
#include <tcg/pts/tcg_pts_attr_meas_algo.h>
#include <tcg/pts/tcg_pts_attr_proto_caps.h>
#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include <pts/pts.h>
+#include <pts/pts_database.h>
+#include <pts/pts_creds.h>
+#include <pts/components/ita/ita_comp_func_name.h>
#include <tncif_pa_subtypes.h>
@@ -55,6 +53,8 @@
#include <credentials/credential_manager.h>
#include <collections/linked_list.h>
+#define FILE_MEAS_MAX_ATTR_SIZE 100000000
+
typedef struct private_imv_attestation_agent_t private_imv_attestation_agent_t;
/* Subscribed PA-TNC message subtypes */
@@ -176,19 +176,21 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this,
chunk_t os_name, os_version;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+ out_msg->set_msg_type(out_msg, msg_types[0]);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
session = state->get_session(state);
os_info = session->get_os_info(session);
- out_msg = imv_msg_create_as_reply(in_msg);
- out_msg->set_msg_type(out_msg, msg_types[0]);
-
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
while (enumerator->enumerate(enumerator, &attr))
@@ -305,16 +307,16 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
-
- /* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
out_msg->destroy(out_msg);
return result;
@@ -467,12 +469,35 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (handshake_state == IMV_ATTESTATION_STATE_INIT)
{
+ size_t max_attr_size = FILE_MEAS_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
pa_tnc_attr_t *attr;
pts_proto_caps_flag_t flags;
+ char buf[BUF_LEN];
out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
msg_types[0]);
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
/* Send Request Protocol Capabilities attribute */
flags = pts->get_proto_caps(pts);
attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
@@ -840,7 +865,6 @@ METHOD(imv_agent_if_t, destroy, void,
DESTROY_IF(this->pts_credmgr);
DESTROY_IF(this->agent);
free(this);
- libpts_deinit();
}
/**
@@ -888,8 +912,6 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
.pts_db = pts_database_create(imcv_db),
);
- libpts_init();
-
if (!pts_meas_algo_probe(&this->supported_algorithms) ||
!pts_dh_group_probe(&this->supported_dh_groups, mandatory_dh_groups) ||
!pts_meas_algo_update(hash_alg, &this->supported_algorithms) ||
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.h b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.h
index cc421a29a..cc421a29a 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.h
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.h
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
index 120fe3eaa..c39fe8d47 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -98,6 +98,11 @@ bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
uint32_t depth;
bool first_component = TRUE;
+ if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK))
+ {
+ break;
+ }
+
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h
index 88538b198..88538b198 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index 26a57d15c..89a1f02cf 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -218,6 +218,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
}
session->get_session_id(session, NULL, &aik_id);
pts->set_aik(pts, aik, aik_id);
+ state->set_action_flags(state, IMV_ATTESTATION_AIK);
break;
}
case TCG_PTS_FILE_MEAS:
@@ -529,6 +530,9 @@ quote_error:
}
break;
}
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ case TCG_SEG_ATTR_SEG_ENV:
+ break;
/* TODO: Not implemented yet */
case TCG_PTS_INTEG_MEAS_LOG:
@@ -554,8 +558,8 @@ quote_error:
case TCG_PTS_REQ_FILE_MEAS:
case TCG_PTS_REQ_INTEG_MEAS_LOG:
default:
- DBG1(DBG_IMV, "received unsupported attribute '%N'",
- tcg_attr_names, attr->get_type(attr));
+ DBG1(DBG_IMV, "received unsupported attribute '%N/%N'",
+ pen_names, PEN_TCG, tcg_attr_names, attr_type.type);
break;
}
return TRUE;
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.h b/src/libimcv/plugins/imv_attestation/imv_attestation_process.h
index af8666b66..af8666b66 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.h
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.h
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
index 11afbc29d..1c3b91aeb 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -16,8 +16,7 @@
#include "imv_attestation_state.h"
-#include <libpts.h>
-
+#include <imcv.h>
#include <imv/imv_lang_string.h>
#include "imv/imv_reason_string.h"
@@ -76,6 +75,11 @@ struct private_imv_attestation_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV Attestation handshake state
*/
imv_attestation_handshake_state_t handshake_state;
@@ -240,6 +244,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
@@ -335,6 +345,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->reason_string);
this->components->destroy_function(this->components, (void *)free_func_comp);
this->pts->destroy(this->pts);
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -392,7 +403,8 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
}
else
{
- component = pts_components->create(pts_components, name, depth, pts_db);
+ component = imcv_pts_components->create(imcv_pts_components,
+ name, depth, pts_db);
if (!component)
{
/* unsupported component */
@@ -513,6 +525,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -538,6 +551,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.handshake_state = IMV_ATTESTATION_STATE_INIT,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
.components = linked_list_create(),
.pts = pts_create(FALSE),
);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
index b72857552..39a8eee9c 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
@@ -15,7 +15,7 @@
/**
* @defgroup imv_attestation imv_attestation
- * @ingroup libpts_plugins
+ * @ingroup libimcv_plugins
*
* @defgroup imv_attestation_state_t imv_attestation_state
* @{ @ingroup imv_attestation
@@ -49,8 +49,9 @@ enum imv_attestation_flag_t {
IMV_ATTESTATION_ATTR_REQ = (1<<3),
IMV_ATTESTATION_ALGO = (1<<4),
IMV_ATTESTATION_DH_NONCE = (1<<5),
- IMV_ATTESTATION_FILE_MEAS = (1<<6),
- IMV_ATTESTATION_REC = (1<<7)
+ IMV_ATTESTATION_AIK = (1<<6),
+ IMV_ATTESTATION_FILE_MEAS = (1<<7),
+ IMV_ATTESTATION_REC = (1<<8)
};
/**
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index cae6dbe84..36e708fc9 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index ca8bac6ca..f0b1936ab 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -37,8 +37,9 @@
#include <ita/ita_attr.h>
#include <ita/ita_attr_get_settings.h>
#include <ita/ita_attr_settings.h>
-#include <ita/ita_attr_angel.h>
#include <ita/ita_attr_device_id.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
@@ -46,6 +47,8 @@
#include <pen/pen.h>
#include <utils/debug.h>
+#define INSTALLED_PACKAGES_MAX_ATTR_SIZE 100000000
+
typedef struct private_imv_os_agent_t private_imv_os_agent_t;
typedef enum imv_os_attr_t imv_os_attr_t;
@@ -166,20 +169,23 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
chunk_t os_name = chunk_empty;
chunk_t os_version = chunk_empty;
bool fatal_error = FALSE, assessment = FALSE;
+ uint16_t missing;
os_state = (imv_os_state_t*)state;
session = state->get_session(state);
os_info = session->get_os_info(session);
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg,out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imv_msg_create_as_reply(in_msg);
-
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
while (enumerator->enumerate(enumerator, &attr))
@@ -323,6 +329,9 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
TNC_IMV_EVALUATION_RESULT_ERROR);
assessment = TRUE;
}
+ missing = attr_cast->get_count(attr_cast);
+ os_state->set_missing(os_state, missing);
+ attr_cast->clear_packages(attr_cast);
break;
}
default:
@@ -369,12 +378,6 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
session->set_device_id(session, value);
break;
}
- case ITA_ATTR_START_ANGEL:
- os_state->set_angel_count(os_state, TRUE);
- break;
- case ITA_ATTR_STOP_ANGEL:
- os_state->set_angel_count(os_state, FALSE);
- break;
default:
break;
}
@@ -394,20 +397,20 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
{
os_state->set_handshake_state(os_state, IMV_OS_STATE_END);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
-
- /* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
out_msg->destroy(out_msg);
return result;
- }
+}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
private_imv_os_agent_t *this, TNC_ConnectionID id,
@@ -529,6 +532,30 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (handshake_state == IMV_OS_STATE_INIT)
{
+ size_t max_attr_size = INSTALLED_PACKAGES_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST)
{
/* create attribute request for missing mandatory attributes */
@@ -671,7 +698,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
int count, count_update, count_blacklist, count_ok;
if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
- os_state->get_angel_count(os_state) > 0)
+ os_state->get_missing(os_state) > 0)
{
continue;
}
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index dc8474ac9..ac826a77c 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -76,6 +76,11 @@ struct private_imv_os_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -136,9 +141,9 @@ struct private_imv_os_state_t {
u_int os_settings;
/**
- * Angel count
+ * Number of installed packages still missing
*/
- int angel_count;
+ uint16_t missing;
};
@@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, get_recommendation, void,
private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
TNC_IMV_Evaluation_Result *eval)
@@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
this->update_packages->destroy_function(this->update_packages, free);
this->remove_packages->destroy_function(this->remove_packages, free);
free(this);
@@ -523,16 +535,16 @@ METHOD(imv_os_state_t, get_os_settings, u_int,
return this->os_settings;
}
-METHOD(imv_os_state_t, set_angel_count, void,
- private_imv_os_state_t *this, bool start)
+METHOD(imv_os_state_t, set_missing, void,
+ private_imv_os_state_t *this, uint16_t missing)
{
- this->angel_count += start ? 1 : -1;
+ this->missing = missing;
}
-METHOD(imv_os_state_t, get_angel_count, int,
+METHOD(imv_os_state_t, get_missing, uint16_t,
private_imv_os_state_t *this)
{
- return this->angel_count;
+ return this->missing;
}
METHOD(imv_os_state_t, add_bad_package, void,
@@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -585,14 +598,15 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.get_count = _get_count,
.set_os_settings = _set_os_settings,
.get_os_settings = _get_os_settings,
- .set_angel_count = _set_angel_count,
- .get_angel_count = _get_angel_count,
+ .set_missing = _set_missing,
+ .get_missing = _get_missing,
.add_bad_package = _add_bad_package,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.update_packages = linked_list_create(),
.remove_packages = linked_list_create(),
);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 82ebb6cc9..aa9b64076 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -114,18 +114,18 @@ struct imv_os_state_t {
u_int (*get_os_settings)(imv_os_state_t *this);
/**
- * Increase/Decrease the ITA Angel count
+ * Set number of installed packages still missing
*
- * @param start TRUE increases and FALSE decreases count by one
+ * @param missing Number of missing installed packages
*/
- void (*set_angel_count)(imv_os_state_t *this, bool start);
+ void (*set_missing)(imv_os_state_t *this, uint16_t missing);
/**
- * Get the ITA Angel count
+ * Get number of installed packages still missing
*
- * @return ITA Angel count
+ * @return Number of missing installed packages
*/
- int (*get_angel_count)(imv_os_state_t *this);
+ uint16_t (*get_missing)(imv_os_state_t *this);
/**
* Store a bad package that has to be updated or removed
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 18446e73a..2677b339a 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 85ef23b80..cbabc80bf 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
ietf_attr_port_filter_t *port_filter_attr;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -121,17 +125,20 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 24a49a76c..8f9593f17 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -71,6 +71,11 @@ struct private_imv_scanner_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
@@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->contracts->destroy(this->contracts);
this->violating_ports->destroy_function(this->violating_ports, free);
free(this);
}
@@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.violating_ports = linked_list_create(),
);
diff --git a/src/libpts/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am
index 77f33e6c6..3a63b67d2 100644
--- a/src/libpts/plugins/imv_swid/Makefile.am
+++ b/src/libimcv/plugins/imv_swid/Makefile.am
@@ -1,19 +1,17 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
+ -I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
+ $(PLUGIN_CFLAGS) $(json_CFLAGS)
imcv_LTLIBRARIES = imv-swid.la
imv_swid_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- -ljson
+ $(json_LIBS)
imv_swid_la_SOURCES = \
imv_swid.c imv_swid_state.h imv_swid_state.c \
diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index bd89a6f90..815722f9c 100644
--- a/src/libpts/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -78,7 +78,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libpts/plugins/imv_swid
+subdir = src/libimcv/plugins/imv_swid
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -127,9 +127,10 @@ am__uninstall_files_from_dir = { \
}
am__installdirs = "$(DESTDIR)$(imcvdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
+am__DEPENDENCIES_1 =
imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(am__DEPENDENCIES_1)
am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \
imv_swid_agent.lo imv_swid_rest.lo
imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS)
@@ -232,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -416,18 +425,16 @@ xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
+ -I$(top_srcdir)/src/libimcv
AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
+ $(PLUGIN_CFLAGS) $(json_CFLAGS)
imcv_LTLIBRARIES = imv-swid.la
imv_swid_la_LIBADD = \
$(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- -ljson
+ $(json_LIBS)
imv_swid_la_SOURCES = \
imv_swid.c imv_swid_state.h imv_swid_state.c \
@@ -448,9 +455,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/src/libpts/plugins/imv_swid/imv_swid.c b/src/libimcv/plugins/imv_swid/imv_swid.c
index cab011580..cab011580 100644
--- a/src/libpts/plugins/imv_swid/imv_swid.c
+++ b/src/libimcv/plugins/imv_swid/imv_swid.c
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
index 3053b2643..5bebf32c0 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_agent.c
+++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
@@ -20,19 +20,17 @@
#include "imv_swid_state.h"
#include "imv_swid_rest.h"
-#include "libpts.h"
-#include "swid/swid_error.h"
-#include "swid/swid_inventory.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-
#include <imcv.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
#include <imv/imv_agent.h>
#include <imv/imv_msg.h>
-#include <ita/ita_attr.h>
-#include <ita/ita_attr_angel.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/swid/tcg_swid_attr_req.h"
+#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
+#include "swid/swid_error.h"
+#include "swid/swid_inventory.h"
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
@@ -115,10 +113,14 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -179,20 +181,6 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
reader->destroy(reader);
}
}
- else if (type.vendor_id == PEN_ITA)
- {
- switch (type.type)
- {
- case ITA_ATTR_START_ANGEL:
- swid_state->set_angel_count(swid_state, TRUE);
- continue;
- case ITA_ATTR_STOP_ANGEL:
- swid_state->set_angel_count(swid_state, FALSE);
- continue;
- default:
- continue;
- }
- }
else if (type.vendor_id != PEN_TCG)
{
continue;
@@ -203,6 +191,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
case TCG_SWID_TAG_ID_INVENTORY:
{
tcg_swid_attr_tag_id_inv_t *attr_cast;
+ uint32_t missing;
int tag_id_count;
state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
@@ -212,11 +201,14 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
inventory = attr_cast->get_inventory(attr_cast);
tag_id_count = inventory->get_count(inventory);
+ missing = attr_cast->get_tag_id_count(attr_cast);
+ swid_state->set_missing(swid_state, missing);
DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
- "for request %d at eid %d of epoch 0x%08x",
- tag_id_count, (tag_id_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch);
+ "for request %d at eid %d of epoch 0x%08x, %d item%s to "
+ "follow", tag_id_count, (tag_id_count == 1) ? "" : "s",
+ request_id, last_eid, eid_epoch, missing,
+ (missing == 1) ? "" : "s");
if (request_id == swid_state->get_request_id(swid_state))
{
@@ -228,6 +220,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
"with request ID %d", request_id);
}
+ attr_cast->clear_inventory(attr_cast);
break;
}
case TCG_SWID_TAG_INVENTORY:
@@ -237,6 +230,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
chunk_t tag_encoding;
json_object *jobj, *jarray, *jstring;
char *tag_str;
+ uint32_t missing;
int tag_count;
enumerator_t *e;
@@ -247,12 +241,13 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
inventory = attr_cast->get_inventory(attr_cast);
tag_count = inventory->get_count(inventory);
+ missing = attr_cast->get_tag_count(attr_cast);
+ swid_state->set_missing(swid_state, missing);
DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
- "request %d at eid %d of epoch 0x%08x",
- tag_count, (tag_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch);
-
+ "request %d at eid %d of epoch 0x%08x, %d item%s to follow",
+ tag_count, (tag_count == 1) ? "" : "s", request_id,
+ last_eid, eid_epoch, missing, (missing == 1) ? "" : "s");
if (request_id == swid_state->get_request_id(swid_state))
{
@@ -289,9 +284,11 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
"with request ID %d", request_id);
}
+ attr_cast->clear_inventory(attr_cast);
+ break;
}
default:
- continue;
+ break;
}
}
enumerator->destroy(enumerator);
@@ -301,17 +298,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
@@ -411,6 +411,12 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (handshake_state == IMV_SWID_STATE_INIT &&
session->get_policy_started(session))
{
+ size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+
enumerator = session->create_workitem_enumerator(session);
if (enumerator)
{
@@ -435,6 +441,27 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
flags |= TCG_SWID_ATTR_REQ_FLAG_C;
}
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Issue a SWID request */
request_id = workitem->get_id(workitem);
swid_state->set_request_id(swid_state, request_id);
attr = tcg_swid_attr_req_create(flags, request_id, 0);
@@ -442,7 +469,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
workitem->set_imv_id(workitem, imv_id);
no_workitems = FALSE;
DBG2(DBG_IMV, "IMV %d issues SWID request %d",
- imv_id, request_id);
+ imv_id, request_id);
break;
}
enumerator->destroy(enumerator);
@@ -464,14 +491,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
(received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
- swid_state->get_angel_count(swid_state) <= 0)
+ swid_state->get_missing(swid_state) == 0)
{
TNC_IMV_Evaluation_Result eval;
TNC_IMV_Action_Recommendation rec;
char result_str[BUF_LEN], *error_str = "", *command;
char *target, *separator;
int tag_id_count, tag_count, i;
- size_t max_attr_size, attr_size, entry_size;
chunk_t tag_creator, unique_sw_id;
json_object *jrequest, *jresponse, *jvalue;
tcg_swid_attr_req_t *cast_attr;
@@ -541,18 +567,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
break;
}
- /* Compute the maximum TCG SWID Request attribute size */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE;
-
- /* Create the [first] TCG SWID Request attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_REQ_MIN_SIZE;
+ /* Create a TCG SWID Request attribute */
attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
swid_state->get_request_id(swid_state), 0);
-
tag_id_count = json_object_array_length(jresponse);
DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
(tag_id_count == 1) ? "" : "s");
+ swid_state->set_missing(swid_state, tag_id_count);
for (i = 0; i < tag_id_count; i++)
{
@@ -581,18 +602,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
tag_creator.len - 1);
tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
chunk_empty);
- entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len;
-
- /* Have we reached the maximum attribute size? */
- if (attr_size + entry_size > max_attr_size)
- {
- out_msg->add_attribute(out_msg, attr);
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_REQ_MIN_SIZE;
- attr = tcg_swid_attr_req_create(
- TCG_SWID_ATTR_REQ_FLAG_NONE,
- swid_state->get_request_id(swid_state), 0);
- }
cast_attr = (tcg_swid_attr_req_t*)attr;
cast_attr->add_target(cast_attr, tag_id);
}
@@ -668,7 +677,6 @@ METHOD(imv_agent_if_t, destroy, void,
DESTROY_IF(this->rest_api);
this->agent->destroy(this->agent);
free(this);
- libpts_deinit();
}
/**
@@ -688,6 +696,8 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
{
return NULL;
}
+ agent->add_non_fatal_attr_type(agent,
+ pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
INIT(this,
.public = {
@@ -710,7 +720,6 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
{
this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout);
}
- libpts_init();
return &this->public;
}
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h
index 4218040bc..4218040bc 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_agent.h
+++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.h
diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c
index 143b0b239..143b0b239 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_rest.c
+++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.c
diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.h b/src/libimcv/plugins/imv_swid/imv_swid_rest.h
index 93e3d6ab9..32392cbe6 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_rest.h
+++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.h
@@ -26,7 +26,7 @@
#include <library.h>
-#include <json/json.h>
+#include <json.h>
typedef struct imv_swid_rest_t imv_swid_rest_t;
diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c
index c68b57e4d..04364b030 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_state.c
+++ b/src/libimcv/plugins/imv_swid/imv_swid_state.c
@@ -68,11 +68,16 @@ struct private_imv_swid_state_t {
uint32_t action_flags;
/**
- * IMV database session associatied with TNCCS connection
+ * IMV database session associated with TNCCS connection
*/
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -113,6 +118,11 @@ struct private_imv_swid_state_t {
int tag_count;
/**
+ * Number of missing SWID Tags or Tag IDs
+ */
+ uint32_t missing;
+
+ /**
* Top level JSON object
*/
json_object *jobj;
@@ -122,11 +132,6 @@ struct private_imv_swid_state_t {
*/
json_object *jarray;
- /**
- * Angel count
- */
- int angel_count;
-
};
METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
@@ -190,6 +195,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_swid_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_swid_state_t *this, TNC_ConnectionState new_state)
{
@@ -241,6 +252,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -301,6 +313,18 @@ METHOD(imv_swid_state_t, get_swid_inventory, json_object*,
return this->jobj;
}
+METHOD(imv_swid_state_t, set_missing, void,
+ private_imv_swid_state_t *this, uint32_t count)
+{
+ this->missing = count;
+}
+
+METHOD(imv_swid_state_t, get_missing, uint32_t,
+ private_imv_swid_state_t *this)
+{
+ return this->missing;
+}
+
METHOD(imv_swid_state_t, set_count, void,
private_imv_swid_state_t *this, int tag_id_count, int tag_count)
{
@@ -321,18 +345,6 @@ METHOD(imv_swid_state_t, get_count, void,
}
}
-METHOD(imv_swid_state_t, set_angel_count, void,
- private_imv_swid_state_t *this, bool start)
-{
- this->angel_count += start ? 1 : -1;
-}
-
-METHOD(imv_swid_state_t, get_angel_count, int,
- private_imv_swid_state_t *this)
-{
- return this->angel_count;
-}
-
/**
* Described in header.
*/
@@ -353,6 +365,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -367,15 +380,16 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
.get_request_id = _get_request_id,
.set_swid_inventory = _set_swid_inventory,
.get_swid_inventory = _get_swid_inventory,
+ .set_missing = _set_missing,
+ .get_missing = _get_missing,
.set_count = _set_count,
.get_count = _get_count,
- .set_angel_count = _set_angel_count,
- .get_angel_count = _get_angel_count,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.jobj = json_object_new_object(),
.jarray = json_object_new_array(),
);
diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h
index 7ffabfd26..af5d95c9d 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_state.h
+++ b/src/libimcv/plugins/imv_swid/imv_swid_state.h
@@ -28,7 +28,7 @@
#include <swid/swid_inventory.h>
#include <library.h>
-#include <json/json.h>
+#include <json.h>
typedef struct imv_swid_state_t imv_swid_state_t;
typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t;
@@ -96,35 +96,34 @@ struct imv_swid_state_t {
json_object* (*get_swid_inventory)(imv_swid_state_t *this);
/**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ * Set the number of still missing SWID Tags or Tag IDs
*
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
+ * @param count Number of missing SWID Tags or Tag IDs
*/
- void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count);
+ void (*set_missing)(imv_swid_state_t *this, uint32_t count);
/**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ * Get the number of still missing SWID Tags or Tag IDs
*
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
+ * @result Number of missing SWID Tags or Tag IDs
*/
- void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
+ uint32_t (*get_missing)(imv_swid_state_t *this);
/**
- * Increase/Decrease the ITA Angel count
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
*
- * @param start TRUE increases and FALSE decreases count by one
+ * @param tag_id_count Number of received SWID Tag IDs
+ * @param tag_count Number of received SWID Tags
*/
- void (*set_angel_count)(imv_swid_state_t *this, bool start);
+ void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count);
/**
- * Get the ITA Angel count
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
*
- * @return ITA Angel count
+ * @param tag_id_count Number of received SWID Tag IDs
+ * @param tag_count Number of received SWID Tags
*/
- int (*get_angel_count)(imv_swid_state_t *this);
-
+ void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
};
/**
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 5ac6a8f7b..66da75a1e 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c
index 42630003b..5e4b4866a 100644
--- a/src/libimcv/plugins/imv_test/imv_test_agent.c
+++ b/src/libimcv/plugins/imv_test/imv_test_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
int rounds;
bool fatal_error = FALSE, received_command = FALSE, retry = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -172,14 +176,12 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
+ return result;
}
/* request a handshake retry ? */
@@ -195,7 +197,6 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
/* repeat the measurement ? */
if (test_state->another_round(test_state, in_msg->get_src_id(in_msg)))
{
- out_msg = imv_msg_create_as_reply(in_msg);
attr = ita_attr_command_create("repeat");
out_msg->add_attribute(out_msg, attr);
@@ -208,19 +209,20 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (received_command)
{
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
else
{
- return TNC_RESULT_SUCCESS;
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
}
+ out_msg->destroy(out_msg);
+
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 3564456a8..c20d00bd1 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -66,6 +66,11 @@ struct private_imv_test_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -162,6 +167,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
@@ -220,6 +231,7 @@ METHOD(imv_state_t, destroy, void,
{
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
+ this->contracts->destroy(this->contracts);
this->imcs->destroy_function(this->imcs, free);
free(this);
}
@@ -307,6 +319,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.get_max_msg_len = _get_max_msg_len,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -323,6 +336,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.imcs = linked_list_create(),
);
diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.c b/src/libimcv/pts/components/ita/ita_comp_func_name.c
index a593281ba..a593281ba 100644
--- a/src/libpts/pts/components/ita/ita_comp_func_name.c
+++ b/src/libimcv/pts/components/ita/ita_comp_func_name.c
diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.h b/src/libimcv/pts/components/ita/ita_comp_func_name.h
index eb2f363f3..eb2f363f3 100644
--- a/src/libpts/pts/components/ita/ita_comp_func_name.h
+++ b/src/libimcv/pts/components/ita/ita_comp_func_name.h
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libimcv/pts/components/ita/ita_comp_ima.c
index be8aa40ad..3f92b04b1 100644
--- a/src/libpts/pts/components/ita/ita_comp_ima.c
+++ b/src/libimcv/pts/components/ita/ita_comp_ima.c
@@ -16,7 +16,7 @@
#include "ita_comp_ima.h"
#include "ita_comp_func_name.h"
-#include "libpts.h"
+#include "imcv.h"
#include "pts/pts_pcr.h"
#include "pts/pts_ima_bios_list.h"
#include "pts/pts_ima_event_list.h"
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h
index 546d0a4b2..546d0a4b2 100644
--- a/src/libpts/pts/components/ita/ita_comp_ima.h
+++ b/src/libimcv/pts/components/ita/ita_comp_ima.h
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c
index 67be1ca3a..273c18f31 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c
@@ -16,7 +16,7 @@
#include "ita_comp_tboot.h"
#include "ita_comp_func_name.h"
-#include "libpts.h"
+#include "imcv.h"
#include "pts/components/pts_component.h"
#include <utils/debug.h>
@@ -215,7 +215,7 @@ METHOD(pts_component_t, verify, status_t,
}
vid = this->name->get_vendor_id(this->name);
name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid);
if (this->count)
{
@@ -320,7 +320,8 @@ METHOD(pts_component_t, destroy, void,
this->cid, this->aik_id);
vid = this->name->get_vendor_id(this->name);
name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components,
+ vid);
DBG1(DBG_PTS, "deleted %d registered %N '%N' functional component "
"evidence measurements", count, pen_names, vid, names, name);
}
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h
index 1e1a14831..1e1a14831 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.h
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h
diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c
index 097e4c89c..097e4c89c 100644
--- a/src/libpts/pts/components/ita/ita_comp_tgrub.c
+++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c
diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h
index 59913c82d..59913c82d 100644
--- a/src/libpts/pts/components/ita/ita_comp_tgrub.h
+++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h
diff --git a/src/libpts/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c
index 08c3d5e9a..08c3d5e9a 100644
--- a/src/libpts/pts/components/pts_comp_evidence.c
+++ b/src/libimcv/pts/components/pts_comp_evidence.c
diff --git a/src/libpts/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h
index 55776ce8b..55776ce8b 100644
--- a/src/libpts/pts/components/pts_comp_evidence.h
+++ b/src/libimcv/pts/components/pts_comp_evidence.h
diff --git a/src/libpts/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c
index 6c630f8fb..e12522ed1 100644
--- a/src/libpts/pts/components/pts_comp_func_name.c
+++ b/src/libimcv/pts/components/pts_comp_func_name.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
*
* HSR Hochschule fuer Technik Rapperswil
*
@@ -14,7 +14,7 @@
* for more details.
*/
-#include "libpts.h"
+#include "imcv.h"
#include "pts/components/pts_comp_func_name.h"
#include <utils/debug.h>
@@ -108,9 +108,12 @@ METHOD(pts_comp_func_name_t, log_, void,
char flags[8];
int type;
- names = pts_components->get_comp_func_names(pts_components, this->vid);
- types = pts_components->get_qualifier_type_names(pts_components, this->vid);
- type = pts_components->get_qualifier(pts_components, &this->public, flags);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components,
+ this->vid);
+ types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components,
+ this->vid);
+ type = imcv_pts_components->get_qualifier(imcv_pts_components,
+ &this->public, flags);
if (names && types)
{
diff --git a/src/libpts/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h
index 90ad7083f..90ad7083f 100644
--- a/src/libpts/pts/components/pts_comp_func_name.h
+++ b/src/libimcv/pts/components/pts_comp_func_name.h
diff --git a/src/libpts/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h
index 71b1ad59c..71b1ad59c 100644
--- a/src/libpts/pts/components/pts_component.h
+++ b/src/libimcv/pts/components/pts_component.h
diff --git a/src/libpts/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c
index 9c1375b79..9c1375b79 100644
--- a/src/libpts/pts/components/pts_component_manager.c
+++ b/src/libimcv/pts/components/pts_component_manager.c
diff --git a/src/libpts/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h
index 61055ec74..61055ec74 100644
--- a/src/libpts/pts/components/pts_component_manager.h
+++ b/src/libimcv/pts/components/pts_component_manager.h
diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.c b/src/libimcv/pts/components/tcg/tcg_comp_func_name.c
index a70c84e48..a70c84e48 100644
--- a/src/libpts/pts/components/tcg/tcg_comp_func_name.c
+++ b/src/libimcv/pts/components/tcg/tcg_comp_func_name.c
diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.h b/src/libimcv/pts/components/tcg/tcg_comp_func_name.h
index 9708ad09d..9708ad09d 100644
--- a/src/libpts/pts/components/tcg/tcg_comp_func_name.h
+++ b/src/libimcv/pts/components/tcg/tcg_comp_func_name.h
diff --git a/src/libpts/pts/pts.c b/src/libimcv/pts/pts.c
index 2fff4c901..2fff4c901 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libimcv/pts/pts.c
diff --git a/src/libpts/pts/pts.h b/src/libimcv/pts/pts.h
index fead588ae..be32a3464 100644
--- a/src/libpts/pts/pts.h
+++ b/src/libimcv/pts/pts.h
@@ -16,7 +16,7 @@
/**
* @defgroup pts pts
- * @{ @ingroup libpts
+ * @{ @ingroup libimcv
*/
#ifndef PTS_H_
diff --git a/src/libpts/pts/pts_creds.c b/src/libimcv/pts/pts_creds.c
index bc483eb84..bc483eb84 100644
--- a/src/libpts/pts/pts_creds.c
+++ b/src/libimcv/pts/pts_creds.c
diff --git a/src/libpts/pts/pts_creds.h b/src/libimcv/pts/pts_creds.h
index eb9c39537..eb9c39537 100644
--- a/src/libpts/pts/pts_creds.h
+++ b/src/libimcv/pts/pts_creds.h
diff --git a/src/libpts/pts/pts_database.c b/src/libimcv/pts/pts_database.c
index d7b85c138..d7b85c138 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libimcv/pts/pts_database.c
diff --git a/src/libpts/pts/pts_database.h b/src/libimcv/pts/pts_database.h
index a6c9fb3b6..a6c9fb3b6 100644
--- a/src/libpts/pts/pts_database.h
+++ b/src/libimcv/pts/pts_database.h
diff --git a/src/libpts/pts/pts_dh_group.c b/src/libimcv/pts/pts_dh_group.c
index 305b4ec4f..305b4ec4f 100644
--- a/src/libpts/pts/pts_dh_group.c
+++ b/src/libimcv/pts/pts_dh_group.c
diff --git a/src/libpts/pts/pts_dh_group.h b/src/libimcv/pts/pts_dh_group.h
index f5d951e9a..f5d951e9a 100644
--- a/src/libpts/pts/pts_dh_group.h
+++ b/src/libimcv/pts/pts_dh_group.h
diff --git a/src/libpts/pts/pts_error.c b/src/libimcv/pts/pts_error.c
index 1e79689f9..1e79689f9 100644
--- a/src/libpts/pts/pts_error.c
+++ b/src/libimcv/pts/pts_error.c
diff --git a/src/libpts/pts/pts_error.h b/src/libimcv/pts/pts_error.h
index 9a53abd98..9a53abd98 100644
--- a/src/libpts/pts/pts_error.h
+++ b/src/libimcv/pts/pts_error.h
diff --git a/src/libpts/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c
index 478892aea..478892aea 100644
--- a/src/libpts/pts/pts_file_meas.c
+++ b/src/libimcv/pts/pts_file_meas.c
diff --git a/src/libpts/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h
index 4bf28e280..4bf28e280 100644
--- a/src/libpts/pts/pts_file_meas.h
+++ b/src/libimcv/pts/pts_file_meas.h
diff --git a/src/libpts/pts/pts_file_meta.c b/src/libimcv/pts/pts_file_meta.c
index 9cca0a5a5..9cca0a5a5 100644
--- a/src/libpts/pts/pts_file_meta.c
+++ b/src/libimcv/pts/pts_file_meta.c
diff --git a/src/libpts/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h
index 3f1813306..3f1813306 100644
--- a/src/libpts/pts/pts_file_meta.h
+++ b/src/libimcv/pts/pts_file_meta.h
diff --git a/src/libpts/pts/pts_file_type.c b/src/libimcv/pts/pts_file_type.c
index fe849dea4..fe849dea4 100644
--- a/src/libpts/pts/pts_file_type.c
+++ b/src/libimcv/pts/pts_file_type.c
diff --git a/src/libpts/pts/pts_file_type.h b/src/libimcv/pts/pts_file_type.h
index c1d236888..c1d236888 100644
--- a/src/libpts/pts/pts_file_type.h
+++ b/src/libimcv/pts/pts_file_type.h
diff --git a/src/libpts/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c
index 5051b6c2d..5051b6c2d 100644
--- a/src/libpts/pts/pts_ima_bios_list.c
+++ b/src/libimcv/pts/pts_ima_bios_list.c
diff --git a/src/libpts/pts/pts_ima_bios_list.h b/src/libimcv/pts/pts_ima_bios_list.h
index ad162e15a..ad162e15a 100644
--- a/src/libpts/pts/pts_ima_bios_list.h
+++ b/src/libimcv/pts/pts_ima_bios_list.h
diff --git a/src/libpts/pts/pts_ima_event_list.c b/src/libimcv/pts/pts_ima_event_list.c
index 9bff4654b..9bff4654b 100644
--- a/src/libpts/pts/pts_ima_event_list.c
+++ b/src/libimcv/pts/pts_ima_event_list.c
diff --git a/src/libpts/pts/pts_ima_event_list.h b/src/libimcv/pts/pts_ima_event_list.h
index bf5478a51..bf5478a51 100644
--- a/src/libpts/pts/pts_ima_event_list.h
+++ b/src/libimcv/pts/pts_ima_event_list.h
diff --git a/src/libpts/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c
index c06371123..c06371123 100644
--- a/src/libpts/pts/pts_meas_algo.c
+++ b/src/libimcv/pts/pts_meas_algo.c
diff --git a/src/libpts/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h
index eec7e7981..eec7e7981 100644
--- a/src/libpts/pts/pts_meas_algo.h
+++ b/src/libimcv/pts/pts_meas_algo.h
diff --git a/src/libpts/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c
index 0af93b608..0af93b608 100644
--- a/src/libpts/pts/pts_pcr.c
+++ b/src/libimcv/pts/pts_pcr.c
diff --git a/src/libpts/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h
index f638b5ee4..f638b5ee4 100644
--- a/src/libpts/pts/pts_pcr.h
+++ b/src/libimcv/pts/pts_pcr.h
diff --git a/src/libpts/pts/pts_proto_caps.h b/src/libimcv/pts/pts_proto_caps.h
index 4346d9b79..4346d9b79 100644
--- a/src/libpts/pts/pts_proto_caps.h
+++ b/src/libimcv/pts/pts_proto_caps.h
diff --git a/src/libpts/pts/pts_req_func_comp_evid.h b/src/libimcv/pts/pts_req_func_comp_evid.h
index bbf5bbf5b..bbf5bbf5b 100644
--- a/src/libpts/pts/pts_req_func_comp_evid.h
+++ b/src/libimcv/pts/pts_req_func_comp_evid.h
diff --git a/src/libpts/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h
index 0c8dea0cc..0c8dea0cc 100644
--- a/src/libpts/pts/pts_simple_evid_final.h
+++ b/src/libimcv/pts/pts_simple_evid_final.h
diff --git a/src/libimcv/seg/seg_contract.c b/src/libimcv/seg/seg_contract.c
new file mode 100644
index 000000000..7db702a08
--- /dev/null
+++ b/src/libimcv/seg/seg_contract.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract.h"
+#include "seg_env.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+
+#include <utils/debug.h>
+#include <bio/bio_writer.h>
+
+#include <tncif_pa_subtypes.h>
+
+typedef struct private_seg_contract_t private_seg_contract_t;
+
+/**
+ * Private data of a seg_contract_t object.
+ */
+struct private_seg_contract_t {
+
+ /**
+ * Public seg_contract_t interface.
+ */
+ seg_contract_t public;
+
+ /**
+ * PA-TNC message type
+ */
+ pen_type_t msg_type;
+
+ /**
+ * Maximum PA-TNC attribute size
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t last_base_attr_id;
+
+ /**
+ * List of attribute segment envelopes
+ */
+
+ linked_list_t *seg_envs;
+
+ /**
+ * Is this a null contract?
+ */
+ bool is_null;
+
+ /**
+ * Contract role
+ */
+ bool is_issuer;
+
+ /**
+ * Issuer ID (either IMV or IMC ID)
+ */
+ TNC_UInt32 issuer_id;
+
+ /**
+ * Responder ID (either IMC or IMV ID)
+ */
+ TNC_UInt32 responder_id;
+
+ /**
+ * IMC/IMV role
+ */
+ bool is_imc;
+
+};
+
+METHOD(seg_contract_t, get_msg_type, pen_type_t,
+ private_seg_contract_t *this)
+{
+ return this->msg_type;
+}
+
+METHOD(seg_contract_t, set_max_size, void,
+ private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size)
+{
+ this->max_attr_size = max_attr_size;
+ this->max_seg_size = max_seg_size;
+ this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE;
+}
+
+METHOD(seg_contract_t, get_max_size, void,
+ private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+METHOD(seg_contract_t, check_size, bool,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr, bool *oversize)
+{
+ chunk_t attr_value;
+ size_t attr_len;
+
+ *oversize = FALSE;
+
+ if (this->is_null)
+ {
+ /* null segmentation contract */
+ return FALSE;
+ }
+ attr->build(attr);
+ attr_value = attr->get_value(attr);
+ attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
+
+ if (attr_len > this->max_attr_size)
+ {
+ /* oversize attribute */
+ *oversize = TRUE;
+ return FALSE;
+ }
+ if (this->max_seg_size == SEG_CONTRACT_NO_FRAGMENTATION)
+ {
+ /* no fragmentation wanted */
+ return FALSE;
+ }
+ return attr_value.len > this->max_seg_size + TCG_SEG_ATTR_SEG_ENV_HEADER;
+}
+
+METHOD(seg_contract_t, first_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr)
+{
+ seg_env_t *seg_env;
+
+ seg_env = seg_env_create(++this->last_base_attr_id, attr,
+ this->max_seg_size);
+ if (!seg_env)
+ {
+ return NULL;
+ }
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+
+ return seg_env->first_segment(seg_env);
+}
+
+METHOD(seg_contract_t, next_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, uint32_t base_attr_id)
+{
+ pa_tnc_attr_t *seg_env_attr = NULL;
+ seg_env_t *seg_env;
+ bool last_segment = FALSE;
+ enumerator_t *enumerator;
+
+ enumerator = this->seg_envs->create_enumerator(this->seg_envs);
+ while (enumerator->enumerate(enumerator, &seg_env))
+ {
+ if (seg_env->get_base_attr_id(seg_env) == base_attr_id)
+ {
+ seg_env_attr = seg_env->next_segment(seg_env, &last_segment);
+ if (!seg_env_attr)
+ {
+ break;
+ }
+ if (last_segment)
+ {
+ this->seg_envs->remove_at(this->seg_envs, enumerator);
+ seg_env->destroy(seg_env);
+ }
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_contract_t, add_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr, pa_tnc_attr_t **error,
+ bool *more)
+{
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ seg_env_t *current, *seg_env = NULL;
+ pa_tnc_attr_t *base_attr;
+ pen_type_t error_code;
+ uint32_t base_attr_id;
+ uint8_t flags;
+ chunk_t segment_data, msg_info;
+ enumerator_t *enumerator;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ segment_data = seg_env_attr->get_segment(seg_env_attr, &flags);
+ *more = flags & SEG_ENV_FLAG_MORE;
+ *error = NULL;
+
+ enumerator = this->seg_envs->create_enumerator(this->seg_envs);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (current->get_base_attr_id(current) == base_attr_id)
+ {
+ seg_env = current;
+ this->seg_envs->remove_at(this->seg_envs, enumerator);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (flags & SEG_ENV_FLAG_START)
+ {
+ if (seg_env)
+ {
+ DBG1(DBG_TNC, "base attribute ID %d is already in use",
+ base_attr_id);
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+ return NULL;
+ }
+ DBG2(DBG_TNC, "received first segment for base attribute ID %d "
+ "(%d bytes)", base_attr_id, segment_data.len);
+ seg_env = seg_env_create_from_data(base_attr_id, segment_data,
+ this->max_seg_size, error);
+ if (!seg_env)
+ {
+ return NULL;
+ }
+ }
+ else
+ {
+ if (!seg_env)
+ {
+ DBG1(DBG_TNC, "base attribute ID %d not found", base_attr_id);
+ return NULL;
+ }
+ DBG2(DBG_TNC, "received %s segment for base attribute ID %d "
+ "(%d bytes)", (*more) ? "next" : "last", base_attr_id,
+ segment_data.len);
+ if (!seg_env->add_segment(seg_env, segment_data, error))
+ {
+ seg_env->destroy(seg_env);
+ return NULL;
+ }
+ }
+ base_attr = seg_env->get_base_attr(seg_env);
+
+ if (*more)
+ {
+ /* reinsert into list since more segments are to come */
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+ }
+ else
+ {
+ /* added the last segment */
+ if (!base_attr)
+ {
+ /* base attribute waits for more data */
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
+ msg_info = seg_env->get_base_attr_info(seg_env);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_INFO_SIZE);
+ }
+ seg_env->destroy(seg_env);
+ }
+ return base_attr;
+}
+
+METHOD(seg_contract_t, is_issuer, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_issuer;
+}
+
+METHOD(seg_contract_t, is_null, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_null;
+}
+
+METHOD(seg_contract_t, set_responder, void,
+ private_seg_contract_t *this, TNC_UInt32 responder_id)
+{
+ this->responder_id = responder_id;
+}
+
+METHOD(seg_contract_t, get_responder, TNC_UInt32,
+ private_seg_contract_t *this)
+{
+ return this->responder_id;
+}
+
+METHOD(seg_contract_t, get_issuer, TNC_UInt32,
+ private_seg_contract_t *this)
+{
+ return this->issuer_id;
+}
+
+METHOD(seg_contract_t, clone_, seg_contract_t*,
+ private_seg_contract_t *this)
+{
+ private_seg_contract_t *clone;
+
+ clone = malloc_thing(private_seg_contract_t);
+ memcpy(clone, this, sizeof(private_seg_contract_t));
+ clone->seg_envs = linked_list_create();
+
+ return &clone->public;
+}
+
+METHOD(seg_contract_t, get_info_string, void,
+ private_seg_contract_t *this, char *buf, size_t len, bool request)
+{
+ enum_name_t *pa_subtype_names;
+ uint32_t msg_vid, msg_subtype;
+ char *pos = buf;
+ int written;
+
+ /* nul-terminate the string buffer */
+ buf[--len] = '\0';
+
+ if (this->is_issuer && request)
+ {
+ written = snprintf(pos, len, "%s %d requests",
+ this->is_imc ? "IMC" : "IMV", this->issuer_id);
+ }
+ else
+ {
+ written = snprintf(pos, len, "%s %d received",
+ this->is_imc ? "IMC" : "IMV",
+ this->is_issuer ? this->issuer_id :
+ this->responder_id);
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ written = snprintf(pos, len, " a %ssegmentation contract%s ",
+ this->is_null ? "null" : "", request ?
+ (this->is_issuer ? "" : " request") : " response");
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if ((!this->is_issuer && this->issuer_id != TNC_IMVID_ANY) ||
+ ( this->is_issuer && this->responder_id != TNC_IMVID_ANY))
+ {
+ written = snprintf(pos, len, "from %s %d ",
+ this->is_imc ? "IMV" : "IMC",
+ this->is_issuer ? this->responder_id :
+ this->issuer_id);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+ }
+
+ msg_vid = this->msg_type.vendor_id;
+ msg_subtype = this->msg_type.type;
+ pa_subtype_names = get_pa_subtype_names(msg_vid);
+ if (pa_subtype_names)
+ {
+ written = snprintf(pos, len, "for PA message type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ pa_subtype_names, msg_subtype, msg_vid,
+ msg_subtype);
+ }
+ else
+ {
+ written = snprintf(pos, len, "for PA message type '%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ msg_vid, msg_subtype);
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (!this->is_null)
+ {
+ written = snprintf(pos, len, "\n maximum attribute size of %u bytes "
+ "with ", this->max_attr_size);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE)
+ {
+ written = snprintf(pos, len, "no segmentation");
+ }
+ else
+ {
+ written = snprintf(pos, len, "maximum segment size of %u bytes",
+ this->max_seg_size);
+ }
+ }
+}
+
+METHOD(seg_contract_t, destroy, void,
+ private_seg_contract_t *this)
+{
+ this->seg_envs->destroy_offset(this->seg_envs, offsetof(seg_env_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_t *seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc)
+{
+ private_seg_contract_t *this;
+
+ INIT(this,
+ .public = {
+ .get_msg_type = _get_msg_type,
+ .set_max_size = _set_max_size,
+ .get_max_size = _get_max_size,
+ .check_size = _check_size,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .is_issuer = _is_issuer,
+ .is_null = _is_null,
+ .set_responder = _set_responder,
+ .get_responder = _get_responder,
+ .get_issuer = _get_issuer,
+ .clone = _clone_,
+ .get_info_string = _get_info_string,
+ .destroy = _destroy,
+ },
+ .msg_type = msg_type,
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .seg_envs = linked_list_create(),
+ .is_issuer = is_issuer,
+ .issuer_id = issuer_id,
+ .responder_id = is_imc ? TNC_IMVID_ANY : TNC_IMCID_ANY,
+ .is_imc = is_imc,
+ .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_contract.h b/src/libimcv/seg/seg_contract.h
new file mode 100644
index 000000000..23676a9f4
--- /dev/null
+++ b/src/libimcv/seg/seg_contract.h
@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract seg_contract
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_CONTRACT_H_
+#define SEG_CONTRACT_H_
+
+typedef struct seg_contract_t seg_contract_t;
+
+#include "pa_tnc/pa_tnc_attr.h"
+
+#include <library.h>
+#include <pen/pen.h>
+
+#include <tncif.h>
+
+#define SEG_CONTRACT_MAX_SIZE_VALUE 0xffffffff
+#define SEG_CONTRACT_NO_FRAGMENTATION SEG_CONTRACT_MAX_SIZE_VALUE
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract
+ *
+ */
+struct seg_contract_t {
+
+ /**
+ * Get the PA-TNC message type.
+ *
+ * @return PA-TNC Message type
+ */
+ pen_type_t (*get_msg_type)(seg_contract_t *this);
+
+ /**
+ * Set maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size,
+ uint32_t max_seg_size);
+
+ /**
+ * Get maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size);
+
+ /**
+ * Check if a PA-TNC attribute must be segmented or is oversized
+ *
+ * @param attr PA-TNC attribute to be checked
+ * @param oversize PA-TNC attribute is larger than maximum size
+ * @return TRUE if PA-TNC attribute must be segmented
+ */
+ bool (*check_size)(seg_contract_t *this, pa_tnc_attr_t *attr,
+ bool *oversize);
+
+ /**
+ * Generate first segment of a PA-TNC attribute according to the contract
+ *
+ * @param attr PA-TNC attribute to be segmented
+ * @return First segment envelope attribute
+ */
+ pa_tnc_attr_t* (*first_segment)(seg_contract_t *this, pa_tnc_attr_t *attr);
+
+ /**
+ * Generate next segment of a PA-TNC attribute according to the contract
+ *
+ * @param base_attr_id Base Attribute ID
+ * @return Next segment envelope attribute
+ */
+ pa_tnc_attr_t* (*next_segment)(seg_contract_t *this, uint32_t base_attr_id);
+
+ /**
+ * Add an attribute segments until the PA-TNC attribute is reconstructed
+ *
+ * @param attr Segment envelope attribute
+ * @param error Error attribute if an error occurred or NULL
+ * @param more Need more segments
+ * @return Completed PA-TNC attribute or NULL
+ */
+ pa_tnc_attr_t* (*add_segment)(seg_contract_t *this,
+ pa_tnc_attr_t *attr, pa_tnc_attr_t **error,
+ bool *more);
+
+ /**
+ * Get contract role
+ *
+ * @return TRUE: contracting party (issuer),
+ * FALSE: contracted party
+ */
+ bool (*is_issuer)(seg_contract_t *this);
+
+ /**
+ * Is this a null contract ?
+ *
+ * @return TRUE if null contract
+ */
+ bool (*is_null)(seg_contract_t *this);
+
+ /**
+ * Set the responder ID
+ *
+ * @param responder IMC or IMV ID of responder
+ */
+ void (*set_responder)(seg_contract_t *this, TNC_UInt32 responder);
+
+ /**
+ * Get the responder ID
+ *
+ * @return IMC or IMV ID of responder
+ */
+ TNC_UInt32 (*get_responder)(seg_contract_t *this);
+
+ /**
+ * Get the issuer ID
+ *
+ * @return IMC or IMV ID of issuer
+ */
+ TNC_UInt32 (*get_issuer)(seg_contract_t *this);
+
+ /**
+ * Clone a contract
+ *
+ * @return Cloned contract
+ */
+ seg_contract_t* (*clone)(seg_contract_t *this);
+
+ /**
+ * Get an info string about the contract
+ *
+ * @param buf String buffer of at least size len
+ * @param len Size of string buffer
+ * @param request TRUE if contract request, FALSE if response
+ */
+ void (*get_info_string)(seg_contract_t *this, char *buf, size_t len,
+ bool request);
+
+ /**
+ * Destroys a seg_contract_t object.
+ */
+ void (*destroy)(seg_contract_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract
+ *
+ * @param msg_type PA-TNC message type
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ * @param is_issuer TRUE if issuer of the contract
+ * @param issuer_id IMC or IMV ID of issuer
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ */
+seg_contract_t* seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc);
+
+#endif /** SEG_CONTRACT_H_ @}*/
diff --git a/src/libimcv/seg/seg_contract_manager.c b/src/libimcv/seg/seg_contract_manager.c
new file mode 100644
index 000000000..604c51134
--- /dev/null
+++ b/src/libimcv/seg/seg_contract_manager.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract_manager.h"
+
+typedef struct private_seg_contract_manager_t private_seg_contract_manager_t;
+
+/**
+ * Private data of a seg_contract_manager_t object.
+ *
+ */
+struct private_seg_contract_manager_t {
+
+ /**
+ * Public seg_contract_manager_t interface.
+ */
+ seg_contract_manager_t public;
+
+ /**
+ * List of PA-TNC segmentation contracts
+ */
+ linked_list_t *contracts;
+
+};
+
+METHOD(seg_contract_manager_t, add_contract, void,
+ private_seg_contract_manager_t *this, seg_contract_t *contract)
+{
+ this->contracts->insert_last(this->contracts, contract);
+}
+
+METHOD(seg_contract_manager_t, get_contract, seg_contract_t*,
+ private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer,
+ TNC_UInt32 id)
+{
+ enumerator_t *enumerator;
+ seg_contract_t *contract, *found = NULL;
+
+ enumerator = this->contracts->create_enumerator(this->contracts);
+ while (enumerator->enumerate(enumerator, &contract))
+ {
+ if (contract->is_issuer(contract) == is_issuer &&
+ pen_type_equals(contract->get_msg_type(contract), msg_type) &&
+ id == (is_issuer ? contract->get_responder(contract) :
+ contract->get_issuer(contract)))
+ {
+ found = contract;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return found;
+}
+
+METHOD(seg_contract_manager_t, destroy, void,
+ private_seg_contract_manager_t *this)
+{
+ this->contracts->destroy_offset(this->contracts,
+ offsetof(seg_contract_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_manager_t *seg_contract_manager_create(void)
+{
+ private_seg_contract_manager_t *this;
+
+ INIT(this,
+ .public = {
+ .add_contract = _add_contract,
+ .get_contract = _get_contract,
+ .destroy = _destroy,
+ },
+ .contracts = linked_list_create(),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_contract_manager.h b/src/libimcv/seg/seg_contract_manager.h
new file mode 100644
index 000000000..fa9d23c0f
--- /dev/null
+++ b/src/libimcv/seg/seg_contract_manager.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract_manager seg_contract_manager
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_CONTRACT_MANAGER_H_
+#define SEG_CONTRACT_MANAGER_H_
+
+typedef struct seg_contract_manager_t seg_contract_manager_t;
+
+#include "seg_contract.h"
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract manager
+ *
+ */
+struct seg_contract_manager_t {
+
+ /**
+ * Add segmentation contract
+ *
+ * @param contract Segmentation contract to be added
+ */
+ void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract);
+
+ /**
+ * Get segmentation contract
+ *
+ * @param msg_type PA-TNC message type governed by contract
+ * @param is_issuer If TRUE get only issuer contracts
+ * @param id Match either issuer or responder ID
+ */
+ seg_contract_t* (*get_contract)(seg_contract_manager_t *this,
+ pen_type_t msg_type, bool is_issuer,
+ TNC_UInt32 id);
+
+ /**
+ * Destroys a seg_contract_manager_t object.
+ */
+ void (*destroy)(seg_contract_manager_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract manager
+ */
+seg_contract_manager_t* seg_contract_manager_create();
+
+#endif /** SEG_CONTRACT_MANAGER_H_ @}*/
diff --git a/src/libimcv/seg/seg_env.c b/src/libimcv/seg/seg_env.c
new file mode 100644
index 000000000..c47ce2934
--- /dev/null
+++ b/src/libimcv/seg/seg_env.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_env.h"
+
+#include "imcv.h"
+#include "pa_tnc/pa_tnc_msg.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+
+#include <utils/debug.h>
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
+
+#define BASE_ATTR_ID_PREFIX 0xFF
+
+typedef struct private_seg_env_t private_seg_env_t;
+
+/**
+ * Private data of a seg_env_t object.
+ */
+struct private_seg_env_t {
+
+ /**
+ * Public seg_env_t interface.
+ */
+ seg_env_t public;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Base Attribute
+ */
+ pa_tnc_attr_t *base_attr;
+
+ /**
+ * Base Attribute Info to be used for PA-TNC error messages
+ */
+ u_char base_attr_info[8];
+
+ /**
+ * Base Attribute needs more segment data
+ */
+ bool need_more;
+
+ /**
+ * Pointer to remaining attribute data to be sent
+ */
+ chunk_t data;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t max_seg_size;
+
+};
+
+METHOD(seg_env_t, get_base_attr_id, uint32_t,
+ private_seg_env_t *this)
+{
+ return this->base_attr_id;
+}
+
+METHOD(seg_env_t, get_base_attr, pa_tnc_attr_t*,
+ private_seg_env_t *this)
+{
+ return this->need_more ? NULL : this->base_attr->get_ref(this->base_attr);
+}
+
+METHOD(seg_env_t, get_base_attr_info, chunk_t,
+ private_seg_env_t *this)
+{
+ return chunk_create(this->base_attr_info, 8);
+}
+
+METHOD(seg_env_t, first_segment, pa_tnc_attr_t*,
+ private_seg_env_t *this)
+{
+ pa_tnc_attr_t *seg_env_attr;
+ bio_writer_t *writer;
+ pen_type_t type;
+ chunk_t segment_data, value;
+ uint8_t flags, seg_env_flags;
+
+ /* get components of base attribute header and data */
+ flags = this->base_attr->get_noskip_flag(this->base_attr) ?
+ PA_TNC_ATTR_FLAG_NOSKIP : PA_TNC_ATTR_FLAG_NONE;
+ type = this->base_attr->get_type(this->base_attr);
+
+ /* attribute data going into the first segment */
+ segment_data = this->data;
+ segment_data.len = this->max_seg_size - PA_TNC_ATTR_HEADER_SIZE;
+
+ /* build encoding of the base attribute header and first segment data */
+ writer = bio_writer_create(this->max_seg_size);
+ writer->write_uint8 (writer, flags);
+ writer->write_uint24(writer, type.vendor_id);
+ writer->write_uint32(writer, type.type);
+ writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + this->data.len);
+ writer->write_data (writer, segment_data);
+ value = writer->extract_buf(writer);
+ writer->destroy(writer);
+ this->data = chunk_skip(this->data, segment_data.len);
+
+ DBG2(DBG_TNC, "creating first segment for base attribute ID %d (%d bytes)",
+ this->base_attr_id, this->max_seg_size);
+
+ seg_env_flags = SEG_ENV_FLAG_START | SEG_ENV_FLAG_MORE;
+ seg_env_attr = tcg_seg_attr_seg_env_create(value, seg_env_flags,
+ this->base_attr_id);
+ chunk_free(&value);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_env_t, next_segment, pa_tnc_attr_t*,
+ private_seg_env_t *this, bool *last)
+{
+ pa_tnc_attr_t *seg_env_attr;
+ chunk_t segment_data;
+ uint8_t seg_env_flags;
+ bool is_last_segment;
+
+ if (this->data.len == 0)
+ {
+ /* no more attribute data to segment available */
+ return NULL;
+ }
+
+ /* attribute data going into the next segment */
+ segment_data = this->data;
+ segment_data.len = min(this->max_seg_size, this->data.len);
+ this->data = chunk_skip(this->data, segment_data.len);
+
+ is_last_segment = (this->data.len == 0);
+ if (last)
+ {
+ *last = is_last_segment;
+ }
+ DBG2(DBG_TNC, "creating %s segment for base attribute ID %d (%d bytes)",
+ is_last_segment ? "last" : "next", this->base_attr_id,
+ segment_data.len);
+
+ seg_env_flags = is_last_segment ? SEG_ENV_FLAG_NONE : SEG_ENV_FLAG_MORE;
+ seg_env_attr = tcg_seg_attr_seg_env_create(segment_data, seg_env_flags,
+ this->base_attr_id);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_env_t, add_segment, bool,
+ private_seg_env_t *this, chunk_t segment, pa_tnc_attr_t **error)
+{
+ pen_type_t type, error_code;
+ uint32_t attr_offset;
+ chunk_t msg_info;
+ status_t status;
+
+ this->base_attr->add_segment(this->base_attr, segment);
+ status = this->base_attr->process(this->base_attr, &attr_offset);
+
+ if (status != SUCCESS && status != NEED_MORE)
+ {
+ type = this->base_attr->get_type(this->base_attr);
+ if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
+ {
+ /* error while processing a PA-TNC error attribute - abort */
+ return FALSE;
+ }
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ msg_info = get_base_attr_info(this);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ return FALSE;
+ }
+ this->need_more = (status == NEED_MORE);
+
+ return TRUE;
+}
+
+METHOD(seg_env_t, destroy, void,
+ private_seg_env_t *this)
+{
+ DESTROY_IF(this->base_attr);
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_env_t *seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
+ uint32_t max_seg_size)
+{
+ private_seg_env_t *this;
+ chunk_t value;
+
+ base_attr->build(base_attr);
+ value = base_attr->get_value(base_attr);
+
+ /**
+ * The PA-TNC attribute header must not be segmented and
+ * there must be at least a first and one next segment
+ */
+ if (max_seg_size < PA_TNC_ATTR_HEADER_SIZE ||
+ max_seg_size >= PA_TNC_ATTR_HEADER_SIZE + value.len)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_base_attr_id = _get_base_attr_id,
+ .get_base_attr = _get_base_attr,
+ .get_base_attr_info = _get_base_attr_info,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .destroy = _destroy,
+ },
+ .base_attr_id = base_attr_id,
+ .base_attr = base_attr->get_ref(base_attr),
+ .max_seg_size = max_seg_size,
+ .data = base_attr->get_value(base_attr),
+ );
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+seg_env_t *seg_env_create_from_data(uint32_t base_attr_id, chunk_t data,
+ uint32_t max_seg_size, pa_tnc_attr_t** error)
+{
+ private_seg_env_t *this;
+ pen_type_t type, error_code;
+ bio_reader_t *reader;
+ chunk_t msg_info;
+ uint32_t offset = 0, attr_offset;
+ status_t status;
+
+ INIT(this,
+ .public = {
+ .get_base_attr_id = _get_base_attr_id,
+ .get_base_attr = _get_base_attr,
+ .get_base_attr_info = _get_base_attr_info,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .destroy = _destroy,
+ },
+ .base_attr_id = base_attr_id,
+ .max_seg_size = max_seg_size,
+ );
+
+ /* create info field to be used by PA-TNC error messages */
+ memset(this->base_attr_info, 0xff, 4);
+ htoun32(this->base_attr_info + 4, base_attr_id);
+ msg_info = get_base_attr_info(this);
+
+ /* extract from base attribute segment from data */
+ reader = bio_reader_create(data);
+ this->base_attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
+ reader, TRUE, &offset, msg_info, error);
+ reader->destroy(reader);
+
+ if (!this->base_attr)
+ {
+ destroy(this);
+ return NULL;
+ }
+ status = this->base_attr->process(this->base_attr, &attr_offset);
+
+ if (status != SUCCESS && status != NEED_MORE)
+ {
+ type = this->base_attr->get_type(this->base_attr);
+ if (!(type.vendor_id == PEN_IETF &&
+ type.type == IETF_ATTR_PA_TNC_ERROR))
+ {
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ }
+ destroy(this);
+ return NULL;
+ }
+ this->need_more = (status == NEED_MORE);
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_env.h b/src/libimcv/seg/seg_env.h
new file mode 100644
index 000000000..08d33d752
--- /dev/null
+++ b/src/libimcv/seg/seg_env.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_env seg_env
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_ENV_H_
+#define SEG_ENV_H_
+
+typedef struct seg_env_t seg_env_t;
+typedef enum seg_env_flags_t seg_env_flags_t;
+
+#include <library.h>
+
+#include <pa_tnc/pa_tnc_attr.h>
+
+/**
+ * Segment Envelope flags
+ */
+enum seg_env_flags_t {
+ SEG_ENV_FLAG_NONE = 0,
+ SEG_ENV_FLAG_MORE = (1<<7),
+ SEG_ENV_FLAG_START = (1<<6)
+};
+
+/**
+ * Interface for a PA-TNC attribute segment envelope object
+ */
+struct seg_env_t {
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(seg_env_t *this);
+
+ /**
+ * Get Base Attribute if it contains processed [incremental] data
+ *
+ * @return Base Attribute (must be destroyed) or NULL
+ */
+ pa_tnc_attr_t* (*get_base_attr)(seg_env_t *this);
+
+ /**
+ * Base Attribute Info to be used by PA-TNC error messages
+ *
+ * @return Message info string
+ */
+ chunk_t (*get_base_attr_info)(seg_env_t *this);
+
+ /**
+ * Generate the first segment envelope of the base attribute
+ *
+ * @return First attribute segment envelope
+ */
+ pa_tnc_attr_t* (*first_segment)(seg_env_t *this);
+
+ /**
+ * Generate the next segment envelope of the base attribute
+ *
+ * @param last TRUE if last segment
+ * @return Next attribute segment envelope
+ */
+ pa_tnc_attr_t* (*next_segment)(seg_env_t *this, bool *last);
+
+ /**
+ * Generate the first segment envelope of the base attribute
+ *
+ * @param segment Attribute segment to be added
+ * @param error Error attribute if a parsing error occurred
+ * return TRUE if segment was successfully added
+ */
+ bool (*add_segment)(seg_env_t *this, chunk_t segment,
+ pa_tnc_attr_t** error);
+
+ /**
+ * Destroys a seg_env_t object.
+ */
+ void (*destroy)(seg_env_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segment envelope object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param base_attr Base Attribute to be segmented
+ * @param max_seg_size Maximum segment size
+ */
+seg_env_t* seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
+ uint32_t max_seg_size);
+
+/**
+ * Create a PA-TNC attribute segment envelope object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param data First attribute segment
+ * @param max_seg_size Maximum segment size
+ * @param error Error attribute if a parsing error occurred
+ */
+seg_env_t* seg_env_create_from_data(uint32_t base_attr_id, chunk_t data,
+ uint32_t max_seg_size,
+ pa_tnc_attr_t** error);
+
+#endif /** SEG_ENV_H_ @}*/
diff --git a/src/libimcv/suites/test_imcv_seg.c b/src/libimcv/suites/test_imcv_seg.c
new file mode 100644
index 000000000..469b1110d
--- /dev/null
+++ b/src/libimcv/suites/test_imcv_seg.c
@@ -0,0 +1,738 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <imcv.h>
+#include <pa_tnc/pa_tnc_attr.h>
+#include <seg/seg_env.h>
+#include <seg/seg_contract.h>
+#include <seg/seg_contract_manager.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_command.h>
+#include <ita/ita_attr_dummy.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
+
+#include <tncif_pa_subtypes.h>
+
+static struct {
+ uint32_t max_seg_size, next_segs, last_seg_size;
+} seg_env_tests[] = {
+ { 0, 0, 0 },
+ { 11, 0, 0 },
+ { 12, 3, 12 },
+ { 13, 3, 9 },
+ { 15, 3, 3 },
+ { 16, 2, 16 },
+ { 17, 2, 14 },
+ { 23, 2, 2 },
+ { 24, 1, 24 },
+ { 25, 1, 23 },
+ { 47, 1, 1 },
+ { 48, 0, 0 },
+};
+
+static char command[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static uint32_t id = 0x123456;
+
+START_TEST(test_imcv_seg_env)
+{
+ pa_tnc_attr_t *attr, *attr1, *base_attr, *base_attr1, *error;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ ita_attr_command_t *ita_attr;
+ seg_env_t *seg_env, *seg_env1;
+ pen_type_t type;
+ uint32_t base_attr_id, max_seg_size, last_seg_size, seg_size, offset;
+ uint8_t flags;
+ bool last, last_seg;
+ chunk_t value, segment, seg;
+ int n;
+
+ libimcv_init(FALSE);
+ max_seg_size = seg_env_tests[_i].max_seg_size;
+ last_seg_size = seg_env_tests[_i].last_seg_size;
+ base_attr = ita_attr_command_create(command);
+ base_attr->build(base_attr);
+
+ seg_env = seg_env_create(id, base_attr, max_seg_size);
+ if (seg_env_tests[_i].next_segs == 0)
+ {
+ ck_assert(seg_env == NULL);
+ }
+ else
+ {
+ ck_assert(seg_env->get_base_attr_id(seg_env) == id);
+ base_attr1 = seg_env->get_base_attr(seg_env);
+ ck_assert(base_attr == base_attr1);
+ base_attr1->destroy(base_attr1);
+
+ for (n = 0; n <= seg_env_tests[_i].next_segs; n++)
+ {
+ last_seg = (n == seg_env_tests[_i].next_segs);
+ seg_size = (last_seg) ? last_seg_size : max_seg_size;
+ if (n == 0)
+ {
+ /* create first segment */
+ attr = seg_env->first_segment(seg_env);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ if (max_seg_size > 12)
+ {
+ seg = chunk_create(command, seg_size - 12);
+ ck_assert(chunk_equals(seg, chunk_skip(segment, 12)));
+ }
+ ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START));
+ }
+ else
+ {
+ /* create next segments */
+ attr = seg_env->next_segment(seg_env, &last);
+ ck_assert(last == last_seg);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ seg = chunk_create(command + n * max_seg_size - 12, seg_size);
+ ck_assert(chunk_equals(seg, segment));
+ ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE);
+ }
+
+ /* check built segment envelope attribute */
+ value = attr->get_value(attr);
+ ck_assert(value.len == 4 + seg_size);
+ ck_assert(segment.len == seg_size);
+ ck_assert(seg_env_attr->get_base_attr_id(seg_env_attr) == id);
+
+ /* create parse segment envelope attribute from data */
+ attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value);
+ ck_assert(attr1->process(attr1, &offset) == SUCCESS);
+ attr->destroy(attr);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr1;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == id);
+
+ /* create and update seg_env object on the receiving side */
+ if (n == 0)
+ {
+ ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START));
+ seg_env1 = seg_env_create_from_data(base_attr_id, segment,
+ max_seg_size, &error);
+ }
+ else
+ {
+ ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE);
+ seg_env1->add_segment(seg_env1, segment, &error);
+ }
+ attr1->destroy(attr1);
+ }
+
+ /* check reconstructed base attribute */
+ base_attr1 = seg_env1->get_base_attr(seg_env1);
+ ck_assert(base_attr1);
+ type = base_attr1->get_type(base_attr1);
+ ck_assert(type.vendor_id == PEN_ITA);
+ ck_assert(type.type == ITA_ATTR_COMMAND);
+ ita_attr = (ita_attr_command_t*)base_attr1;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+
+ seg_env->destroy(seg_env);
+ seg_env1->destroy(seg_env1);
+ base_attr1->destroy(base_attr1);
+ }
+ base_attr->destroy(base_attr);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_env_special)
+{
+ pa_tnc_attr_t *attr, *attr1, *base_attr;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pen_type_t type;
+ seg_env_t *seg_env;
+ chunk_t segment, value;
+ uint32_t max_seg_size = 47;
+ uint32_t last_seg_size = 1;
+ uint32_t offset = 12;
+
+ base_attr = ita_attr_command_create(command);
+ base_attr->build(base_attr);
+
+ /* set noskip flag in base attribute */
+ base_attr->set_noskip_flag(base_attr, TRUE);
+
+ seg_env = seg_env_create(id, base_attr, max_seg_size);
+ attr = seg_env->first_segment(seg_env);
+ attr->destroy(attr);
+
+ /* don't return last segment indicator */
+ attr = seg_env->next_segment(seg_env, NULL);
+
+ /* build attribute */
+ attr->build(attr);
+
+ /* don't return flags */
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, NULL);
+ ck_assert(segment.len == last_seg_size);
+
+ /* get segment envelope attribute reference and destroy it */
+ attr1 = attr->get_ref(attr);
+ attr1->destroy(attr1);
+
+ /* check some standard methods */
+ type = attr->get_type(attr);
+ ck_assert(type.vendor_id == PEN_TCG);
+ ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV);
+ ck_assert(attr->get_noskip_flag(attr) == FALSE);
+ attr->set_noskip_flag(attr, TRUE);
+ ck_assert(attr->get_noskip_flag(attr) == TRUE);
+
+ /* request next segment which does not exist */
+ ck_assert(seg_env->next_segment(seg_env, NULL) == NULL);
+
+ /* create and parse a too short segment envelope attribute */
+ attr1 = tcg_seg_attr_seg_env_create_from_data(0, chunk_empty);
+ ck_assert(attr1->process(attr1, &offset) == FAILED);
+ ck_assert(offset == 0);
+ attr1->destroy(attr1);
+
+ /* create and parse correct segment envelope attribute */
+ value = attr->get_value(attr);
+ attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value);
+ ck_assert(attr1->process(attr1, &offset) == SUCCESS);
+ type = attr1->get_type(attr1);
+ ck_assert(type.vendor_id == PEN_TCG);
+ ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV);
+ attr1->destroy(attr1);
+
+ /* cleanup */
+ attr->destroy(attr);
+ seg_env->destroy(seg_env);
+ base_attr->destroy(base_attr);
+}
+END_TEST
+
+static struct {
+ pa_tnc_error_code_t error_code;
+ chunk_t segment;
+} env_invalid_tests[] = {
+ { PA_ERROR_INVALID_PARAMETER, { NULL, 0 } },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xf0, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x0a)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, chunk_from_chars(
+ 0x80, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_RESERVED, chunk_from_chars(
+ 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_RESERVED, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0c)
+ }
+};
+
+START_TEST(test_imcv_seg_env_invalid)
+{
+ seg_env_t *seg_env;
+ pen_type_t error_code;
+ pa_tnc_attr_t*error;
+ ietf_attr_pa_tnc_error_t *error_attr;
+
+ libimcv_init(FALSE);
+ seg_env = seg_env_create_from_data(id, env_invalid_tests[_i].segment, 20,
+ &error);
+ ck_assert(seg_env == NULL);
+ if (env_invalid_tests[_i].error_code == PA_ERROR_RESERVED)
+ {
+ ck_assert(error == NULL);
+ }
+ else
+ {
+ ck_assert(error);
+ error->build(error);
+ error_attr = (ietf_attr_pa_tnc_error_t*)error;
+ error_code = error_attr->get_error_code(error_attr);
+ ck_assert(error_code.vendor_id == PEN_IETF);
+ ck_assert(error_code.type == env_invalid_tests[_i].error_code);
+ error->destroy(error);
+ }
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract)
+{
+ seg_contract_t *contract_i, *contract_r;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ ita_attr_command_t *ita_attr;
+ pa_tnc_attr_t *attr, *base_attr_i, *base_attr_r, *error;
+ pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ uint32_t max_seg_size, max_attr_size = 1000, issuer_id = 1;
+ uint32_t base_attr_id;
+ bool more;
+
+ libimcv_init(FALSE);
+ max_seg_size = seg_env_tests[_i].max_seg_size;
+ base_attr_r = ita_attr_command_create(command);
+ base_attr_r->build(base_attr_r);
+ contract_i = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ TRUE, issuer_id, FALSE);
+ contract_r = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ FALSE, issuer_id, TRUE);
+ attr = contract_r->first_segment(contract_r, base_attr_r);
+
+ if (seg_env_tests[_i].next_segs == 0)
+ {
+ ck_assert(attr == NULL);
+ }
+ else
+ {
+ ck_assert(attr);
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == 1);
+ base_attr_i = contract_i->add_segment(contract_i, attr, &error, &more);
+ ck_assert(base_attr_i == NULL);
+ attr->destroy(attr);
+ ck_assert(more);
+ while (more)
+ {
+ attr = contract_r->next_segment(contract_r, base_attr_id);
+ ck_assert(attr);
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == 1);
+ base_attr_i = contract_i->add_segment(contract_i, attr, &error,
+ &more);
+ attr->destroy(attr);
+ }
+ ck_assert(base_attr_i);
+ ck_assert(error == NULL);
+ type = base_attr_i->get_type(base_attr_i);
+ ck_assert(pen_type_equals(type, base_attr_r->get_type(base_attr_r)));
+ ita_attr = (ita_attr_command_t*)base_attr_i;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+ base_attr_i->destroy(base_attr_i);
+ }
+ contract_i->destroy(contract_i);
+ contract_r->destroy(contract_r);
+ base_attr_r->destroy(base_attr_r);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract_special)
+{
+ seg_contract_t *contract_i, *contract_r;
+ tcg_seg_attr_seg_env_t *seg_env_attr1, *seg_env_attr2;
+ ita_attr_command_t *ita_attr;
+ pa_tnc_attr_t *base_attr1_i, *base_attr2_i, *base_attr1_r, *base_attr2_r;
+ pa_tnc_attr_t *attr1_f, *attr2_f, *attr1_n, *attr2_n, *attr3, *error;
+ pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ uint32_t max_seg_size, max_attr_size, issuer_id = 1;
+ uint32_t base_attr1_id, base_attr2_id;
+ char info[512];
+ bool oversize, more;
+
+ libimcv_init(FALSE);
+
+ /* create two base attributes to be segmented */
+ base_attr1_r = ita_attr_command_create(command);
+ base_attr2_r = ita_attr_dummy_create(129);
+ base_attr1_r->build(base_attr1_r);
+ base_attr2_r->build(base_attr2_r);
+
+ /* create an issuer contract*/
+ contract_i = seg_contract_create(msg_type, 1000, 47,
+ TRUE, issuer_id, FALSE);
+ ck_assert(pen_type_equals(contract_i->get_msg_type(contract_i), msg_type));
+ ck_assert(contract_i->is_issuer(contract_i));
+ ck_assert(!contract_i->is_null(contract_i));
+
+ /* set null contract */
+ contract_i->set_max_size(contract_i, SEG_CONTRACT_MAX_SIZE_VALUE,
+ SEG_CONTRACT_MAX_SIZE_VALUE);
+ ck_assert(contract_i->is_null(contract_i));
+
+ /* set and get maximum attribute and segment sizes */
+ contract_i->set_max_size(contract_i, 1000, 47);
+ contract_i->get_max_size(contract_i, NULL, NULL);
+ contract_i->get_max_size(contract_i, &max_attr_size, &max_seg_size);
+ contract_i->get_info_string(contract_i, info, sizeof(info), TRUE);
+ ck_assert(max_attr_size == 1000 && max_seg_size == 47);
+ ck_assert(!contract_i->is_null(contract_i));
+
+ /* create a null responder contract*/
+ contract_r = seg_contract_create(msg_type, SEG_CONTRACT_MAX_SIZE_VALUE,
+ SEG_CONTRACT_MAX_SIZE_VALUE,
+ FALSE, issuer_id, TRUE);
+ ck_assert(!contract_r->is_issuer(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* allow no fragmentation */
+ contract_r->set_max_size(contract_r, 1000, SEG_CONTRACT_MAX_SIZE_VALUE);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* no maximum size limit and no fragmentation needed */
+ contract_r->set_max_size(contract_r, SEG_CONTRACT_MAX_SIZE_VALUE, 141);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* oversize base attribute */
+ contract_r->set_max_size(contract_r, 140, 47);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(oversize);
+
+ /* set final maximum attribute and segment sizes */
+ contract_r->set_max_size(contract_r, 141, 47);
+ contract_r->get_info_string(contract_r, info, sizeof(info), TRUE);
+ ck_assert(contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* get first segment of each base attribute */
+ attr1_f = contract_r->first_segment(contract_r, base_attr1_r);
+ attr2_f = contract_r->first_segment(contract_r, base_attr2_r);
+ ck_assert(attr1_f);
+ ck_assert(attr2_f);
+ seg_env_attr1 = (tcg_seg_attr_seg_env_t*)attr1_f;
+ seg_env_attr2 = (tcg_seg_attr_seg_env_t*)attr2_f;
+ base_attr1_id = seg_env_attr1->get_base_attr_id(seg_env_attr1);
+ base_attr2_id = seg_env_attr2->get_base_attr_id(seg_env_attr2);
+ ck_assert(base_attr1_id == 1);
+ ck_assert(base_attr2_id == 2);
+
+ /* get second segment of each base attribute */
+ attr1_n = contract_r->next_segment(contract_r, 1);
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr1_n);
+ ck_assert(attr2_n);
+
+ /* process first segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more);
+ ck_assert(base_attr1_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* reapply first segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more);
+ ck_assert(base_attr1_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* process stray second segment of second attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* process first segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_f, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* try to get a segment of a non-existing base-attribute */
+ attr3 = contract_r->next_segment(contract_r, 3);
+ ck_assert(attr3 == NULL);
+
+ /* process second segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_n, &error, &more);
+ ck_assert(base_attr1_i);
+ ck_assert(error == NULL);
+ ck_assert(!more);
+
+ /* process second segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* destroy first and second segments */
+ attr1_f->destroy(attr1_f);
+ attr2_f->destroy(attr2_f);
+ attr1_n->destroy(attr1_n);
+ attr2_n->destroy(attr2_n);
+
+ /* request surplus segment of first base attribute */
+ attr1_n = contract_r->next_segment(contract_r, 1);
+ ck_assert(attr1_n == NULL);
+
+ /* get last segment of second base attribute */
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr2_n);
+
+ /* process last segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ attr2_n->destroy(attr2_n);
+ ck_assert(base_attr2_i);
+ ck_assert(error == NULL);
+ ck_assert(!more);
+
+ /* request surplus segment of second base attribute */
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr2_n == NULL);
+
+ /* compare original with reconstructed base attributes */
+ type = base_attr1_i->get_type(base_attr1_i);
+ ck_assert(pen_type_equals(type, base_attr1_r->get_type(base_attr1_r)));
+ ita_attr = (ita_attr_command_t*)base_attr1_i;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+
+ type = base_attr2_i->get_type(base_attr2_i);
+ ck_assert(pen_type_equals(type, base_attr2_r->get_type(base_attr2_r)));
+ ck_assert(chunk_equals(base_attr2_i->get_value(base_attr2_i),
+ base_attr2_r->get_value(base_attr2_r)));
+
+ /* cleanup */
+ base_attr1_r->destroy(base_attr1_r);
+ base_attr2_r->destroy(base_attr2_r);
+ base_attr1_i->destroy(base_attr1_i);
+ base_attr2_i->destroy(base_attr2_i);
+ contract_i->destroy(contract_i);
+ contract_r->destroy(contract_r);
+ libimcv_deinit();
+}
+END_TEST
+
+static struct {
+ bool err_f;
+ chunk_t frag_f;
+ bool err_n;
+ bool base_attr;
+ chunk_t frag_n;
+} contract_invalid_tests[] = {
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x01, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x0d),
+ FALSE, TRUE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x01, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x02, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x0e),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x02, 0x01 )
+ },
+ { TRUE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x03, 0x00, 0x00, 0x55, 0x97, 0x00, 0x00, 0x00, 0x23,
+ 0x00, 0x00, 0x00, 0x0d),
+ FALSE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x03, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x00, 0x00, 0x00, 0x14),
+ FALSE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x0f),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x00, 0x00, 0x00, 0x11),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0xff )
+ }
+};
+
+START_TEST(test_imcv_seg_contract_invalid)
+{
+ uint32_t max_seg_size = 12, max_attr_size = 100, issuer_id = 1;
+ pen_type_t msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ pa_tnc_attr_t *attr_f, *attr_n, *base_attr, *error;
+ chunk_t value_f, value_n;
+ seg_contract_t *contract;
+ uint32_t offset;
+ bool more;
+
+ libimcv_init(FALSE);
+ value_f = contract_invalid_tests[_i].frag_f;
+ value_n = contract_invalid_tests[_i].frag_n;
+ attr_f = tcg_seg_attr_seg_env_create_from_data(value_f.len, value_f);
+ attr_n = tcg_seg_attr_seg_env_create_from_data(value_n.len, value_n);
+ ck_assert(attr_f->process(attr_f, &offset) == SUCCESS);
+ ck_assert(attr_n->process(attr_n, &offset) == SUCCESS);
+
+ contract = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ TRUE, issuer_id, FALSE);
+ base_attr = contract->add_segment(contract, attr_f, &error, &more);
+ ck_assert(base_attr == NULL);
+
+ if (contract_invalid_tests[_i].err_f)
+ {
+ ck_assert(error);
+ error->destroy(error);
+ }
+ else
+ {
+ ck_assert(error == NULL);
+ ck_assert(more);
+ base_attr = contract->add_segment(contract, attr_n, &error, &more);
+ if (contract_invalid_tests[_i].err_n)
+ {
+ ck_assert(error);
+ error->destroy(error);
+ }
+ else
+ {
+ ck_assert(error == NULL);
+ }
+ if (contract_invalid_tests[_i].base_attr)
+ {
+ ck_assert(base_attr);
+ base_attr->destroy(base_attr);
+ }
+ }
+
+ /* cleanup */
+ attr_f->destroy(attr_f);
+ attr_n->destroy(attr_n);
+ contract->destroy(contract);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract_mgr)
+{
+ char buf[BUF_LEN];
+ uint32_t max_seg_size = 12, max_attr_size = 100;
+ pen_type_t msg_type1 = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ pen_type_t msg_type2 = { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM };
+ seg_contract_manager_t *contracts;
+ seg_contract_t *cx, *c1, *c2, *c3, *c4;
+
+ contracts = seg_contract_manager_create();
+
+ /* add contract template as issuer */
+ c1 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ TRUE, 1, FALSE);
+ c1->get_info_string(c1, buf, BUF_LEN, TRUE);
+
+ contracts->add_contract(contracts, c1);
+
+ /* received contract request for msg_type1 as responder */
+ cx = contracts->get_contract(contracts, msg_type1, FALSE, 2);
+ ck_assert(cx == NULL);
+
+ /* add directed contract as responder */
+ c2 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ FALSE, 2, FALSE);
+ c2->set_responder(c2, 1);
+ c2->get_info_string(c2, buf, BUF_LEN, TRUE);
+ contracts->add_contract(contracts, c2);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type1, FALSE, 2);
+ ck_assert(cx == c2);
+
+ /* received directed contract response as issuer */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, 3);
+ ck_assert(cx == NULL);
+
+ /* get contract template */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, TNC_IMCID_ANY);
+ ck_assert(cx == c1);
+
+ /* clone the contract template and as it as a directed contract */
+ c3 = cx->clone(cx);
+ c3->set_responder(c3, 3);
+ c3->get_info_string(c3, buf, BUF_LEN, FALSE);
+ contracts->add_contract(contracts, c3);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, 3);
+ ck_assert(cx == c3);
+
+ /* received contract request for msg_type2 as responder */
+ cx = contracts->get_contract(contracts, msg_type2, FALSE, 2);
+ ck_assert(cx == NULL);
+
+ /* add directed contract as responder */
+ c4 = seg_contract_create(msg_type2, max_attr_size, max_seg_size,
+ FALSE, 2, FALSE);
+ c4->set_responder(c4, 1);
+ contracts->add_contract(contracts, c4);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type2, FALSE, 2);
+ ck_assert(cx == c4);
+
+ contracts->destroy(contracts);
+}
+END_TEST
+
+Suite *imcv_seg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("imcv_seg");
+
+ tc = tcase_create("env");
+ tcase_add_loop_test(tc, test_imcv_seg_env, 0, countof(seg_env_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env_special");
+ tcase_add_test(tc, test_imcv_seg_env_special);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env_invalid");
+ tcase_add_loop_test(tc, test_imcv_seg_env_invalid, 0,
+ countof(env_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract");
+ tcase_add_loop_test(tc, test_imcv_seg_contract, 0, countof(seg_env_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_special");
+ tcase_add_test(tc, test_imcv_seg_contract_special);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_invalid");
+ tcase_add_loop_test(tc, test_imcv_seg_contract_invalid, 0,
+ countof(contract_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_mgr");
+ tcase_add_test(tc, test_imcv_seg_contract_mgr);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libpts/swid/swid_error.c b/src/libimcv/swid/swid_error.c
index 7f3c34476..7f3c34476 100644
--- a/src/libpts/swid/swid_error.c
+++ b/src/libimcv/swid/swid_error.c
diff --git a/src/libpts/swid/swid_error.h b/src/libimcv/swid/swid_error.h
index 1da6148ff..b459ba686 100644
--- a/src/libpts/swid/swid_error.h
+++ b/src/libimcv/swid/swid_error.h
@@ -15,7 +15,7 @@
/**
* @defgroup swid_error swid_error
- * @{ @ingroup swid
+ * @{ @ingroup libimcv_swid
*/
#ifndef SWID_ERROR_H_
diff --git a/src/libpts/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c
index a9f081efa..a49286954 100644
--- a/src/libpts/swid/swid_inventory.c
+++ b/src/libimcv/swid/swid_inventory.c
@@ -60,28 +60,25 @@ static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file)
swid_tag_t *tag;
bio_writer_t *writer;
chunk_t tag_encoding, tag_file_path = chunk_empty;
- bool more_tags = TRUE, last_newline, end_of_tag;
+ bool more_tags = TRUE, last_newline;
char line[8192];
size_t len;
while (more_tags)
{
last_newline = TRUE;
- end_of_tag = FALSE;
writer = bio_writer_create(512);
- do
+ while (TRUE)
{
if (!fgets(line, sizeof(line), file))
{
more_tags = FALSE;
- end_of_tag = TRUE;
break;
}
len = strlen(line);
if (last_newline && line[0] == '\n')
{
- end_of_tag = TRUE;
break;
}
else
@@ -90,7 +87,6 @@ static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file)
writer->write_data(writer, chunk_create(line, len));
}
}
- while (!end_of_tag);
tag_encoding = writer->get_buf(writer);
diff --git a/src/libpts/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h
index 7de8bb221..04029070e 100644
--- a/src/libpts/swid/swid_inventory.h
+++ b/src/libimcv/swid/swid_inventory.h
@@ -15,7 +15,7 @@
/**
* @defgroup swid_inventory swid_inventory
- * @{ @ingroup pts
+ * @{ @ingroup libimcv_swid
*/
#ifndef SWID_INVENTORY_H_
@@ -23,6 +23,9 @@
#include <library.h>
+/* Maximum size of a SWID Tag Inventory: 100 MB */
+#define SWID_MAX_ATTR_SIZE 100000000
+
typedef struct swid_inventory_t swid_inventory_t;
/**
diff --git a/src/libpts/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c
index c71d5d2bd..c77c75700 100644
--- a/src/libpts/swid/swid_tag.c
+++ b/src/libimcv/swid/swid_tag.c
@@ -34,9 +34,9 @@ struct private_swid_tag_t {
chunk_t encoding;
/**
- * Optional Tag File Path
+ * Optional Tag Identifier Instance ID
*/
- chunk_t tag_file_path;
+ chunk_t instance_id;
/**
* Reference count
@@ -50,10 +50,10 @@ METHOD(swid_tag_t, get_encoding, chunk_t,
return this->encoding;
}
-METHOD(swid_tag_t, get_tag_file_path, chunk_t,
+METHOD(swid_tag_t, get_instance_id, chunk_t,
private_swid_tag_t *this)
{
- return this->tag_file_path;
+ return this->instance_id;
}
METHOD(swid_tag_t, get_ref, swid_tag_t*,
@@ -69,7 +69,7 @@ METHOD(swid_tag_t, destroy, void,
if (ref_put(&this->ref))
{
free(this->encoding.ptr);
- free(this->tag_file_path.ptr);
+ free(this->instance_id.ptr);
free(this);
}
}
@@ -77,14 +77,14 @@ METHOD(swid_tag_t, destroy, void,
/**
* See header
*/
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
+swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id)
{
private_swid_tag_t *this;
INIT(this,
.public = {
.get_encoding = _get_encoding,
- .get_tag_file_path = _get_tag_file_path,
+ .get_instance_id = _get_instance_id,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -92,9 +92,9 @@ swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
.ref = 1,
);
- if (tag_file_path.len > 0)
+ if (instance_id.len > 0)
{
- this->tag_file_path = chunk_clone(tag_file_path);
+ this->instance_id = chunk_clone(instance_id);
}
return &this->public;
diff --git a/src/libpts/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h
index e20c538ea..22c14b1aa 100644
--- a/src/libpts/swid/swid_tag.h
+++ b/src/libimcv/swid/swid_tag.h
@@ -15,7 +15,7 @@
/**
* @defgroup swid_tag swid_tag
- * @{ @ingroup swid
+ * @{ @ingroup libimcv_swid
*/
#ifndef SWID_TAG_H_
@@ -39,11 +39,11 @@ struct swid_tag_t {
chunk_t (*get_encoding)(swid_tag_t *this);
/**
- * Get th Optional Tag File Path
+ * Get the optional Tag Identifier Instance ID
*
- * @return Optional Tag File Path
+ * @return Optional Tag Identifier Instance ID
*/
- chunk_t (*get_tag_file_path)(swid_tag_t *this);
+ chunk_t (*get_instance_id)(swid_tag_t *this);
/**
* Get a new reference to the swid_tag object
@@ -63,8 +63,8 @@ struct swid_tag_t {
* Creates a swid_tag_t object
*
* @param encoding XML encoding of SWID tag
- * @param tag_file_path Tag File Path or empty chunk
+ * @param instance_id Tag Identifier Instance ID or empty chunk
*/
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
+swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id);
#endif /** SWID_TAG_H_ @}*/
diff --git a/src/libpts/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c
index 8bede28a0..2dc6e3141 100644
--- a/src/libpts/swid/swid_tag_id.c
+++ b/src/libimcv/swid/swid_tag_id.c
@@ -39,9 +39,9 @@ struct private_swid_tag_id_t {
chunk_t unique_sw_id;
/**
- * Tag File Path
+ * Optional Tag Identifier Instance ID
*/
- chunk_t tag_file_path;
+ chunk_t instance_id;
/**
* Reference count
@@ -56,11 +56,11 @@ METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
}
METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
- private_swid_tag_id_t *this, chunk_t *tag_file_path)
+ private_swid_tag_id_t *this, chunk_t *instance_id)
{
- if (tag_file_path)
+ if (instance_id)
{
- *tag_file_path = this->tag_file_path;
+ *instance_id = this->instance_id;
}
return this->unique_sw_id;
}
@@ -79,7 +79,7 @@ METHOD(swid_tag_id_t, destroy, void,
{
free(this->tag_creator.ptr);
free(this->unique_sw_id.ptr);
- free(this->tag_file_path.ptr);
+ free(this->instance_id.ptr);
free(this);
}
}
@@ -88,7 +88,7 @@ METHOD(swid_tag_id_t, destroy, void,
* See header
*/
swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t tag_file_path)
+ chunk_t instance_id)
{
private_swid_tag_id_t *this;
@@ -104,9 +104,9 @@ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
.ref = 1,
);
- if (tag_file_path.len > 0)
+ if (instance_id.len > 0)
{
- this->tag_file_path = chunk_clone(tag_file_path);
+ this->instance_id = chunk_clone(instance_id);
}
return &this->public;
diff --git a/src/libpts/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h
index d2a783b35..a2be290ae 100644
--- a/src/libpts/swid/swid_tag_id.h
+++ b/src/libimcv/swid/swid_tag_id.h
@@ -15,7 +15,7 @@
/**
* @defgroup swid_tag_id swid_tag_id
- * @{ @ingroup swid
+ * @{ @ingroup libimcv_swid
*/
#ifndef SWID_TAG_ID_H_
@@ -41,10 +41,10 @@ struct swid_tag_id_t {
/**
* Get the Unique Software ID and optional Tag File Path
*
- * @param Optional Tag File Path
+ * @param instance_id Optional Tag Identifier Instance ID
* @return Unique Software ID
*/
- chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
+ chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id);
/**
* Get a new reference to the swid_tag_id object
@@ -65,9 +65,9 @@ struct swid_tag_id_t {
*
* @param tag_creator Tag Creator
* @param unique_sw_id Unique Software ID
- * @param tag_file_path Tag File Path or empty chunk
+ * @param instance_id Tag Identifier Instance ID or empty chunk
*/
swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t tag_file_path);
+ chunk_t instance_id);
#endif /** SWID_TAG_ID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
index 17a8db5d6..194cf1b68 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_aik.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,7 +55,12 @@ struct private_tcg_pts_attr_aik_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -124,6 +130,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint8(writer, flags);
writer->write_data (writer, aik_blob);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
free(aik_blob.ptr);
}
@@ -136,10 +143,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
certificate_type_t type;
chunk_t aik_blob;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_AIK_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -161,6 +173,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_aik_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_aik_t *this)
{
@@ -201,6 +219,7 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -218,7 +237,7 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(size_t length, chunk_t data)
{
private_tcg_pts_attr_aik_t *this;
@@ -231,12 +250,14 @@ pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_aik = _get_aik,
},
.type = { PEN_TCG, TCG_PTS_AIK },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h
index 0962432e9..b524ff321 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_aik.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -58,8 +59,9 @@ pa_tnc_attr_t* tcg_pts_attr_aik_create(certificate_t *aik);
/**
* Creates an tcg_pts_attr_aik_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(size_t length, chunk_t value);
#endif /** TCG_PTS_ATTR_AIK_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
index 6119b4973..2a1506898 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -58,7 +59,12 @@ struct private_tcg_pts_attr_dh_nonce_finish_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -129,6 +135,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->initiator_nonce);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -139,10 +146,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t reserved, nonce_len;
u_int16_t hash_algo;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_DH_NONCE_FINISH_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Finish");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -160,6 +172,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_finish_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_dh_nonce_finish_t *this)
{
@@ -216,6 +234,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -236,7 +255,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length,
+ chunk_t value)
{
private_tcg_pts_attr_dh_nonce_finish_t *this;
@@ -249,6 +269,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -257,6 +278,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value)
.get_initiator_value = _get_initiator_value,
},
.type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH },
+ .length = length,
.value = chunk_clone(value),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
index efe6fd153..78b5025bc 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -82,8 +83,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(
/**
* Creates an tcg_pts_attr_dh_nonce_finish_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_DH_NONCE_FINISH_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
index 7761b977d..0349ce53e 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,7 +55,12 @@ struct private_tcg_pts_attr_dh_nonce_params_req_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -118,6 +124,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, this->dh_groups);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -128,10 +135,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t reserved;
u_int16_t dh_groups;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_DH_NONCE_PARAMS_REQ_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Request");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -144,6 +156,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_dh_nonce_params_req_t *this)
{
@@ -190,6 +208,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -208,7 +227,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length,
+ chunk_t value)
{
private_tcg_pts_attr_dh_nonce_params_req_t *this;
@@ -221,6 +241,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -228,6 +249,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value)
.get_dh_groups = _get_dh_groups,
},
.type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ },
+ .length = length,
.value = chunk_clone(value),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
index 024648abb..4396bf687 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -65,8 +66,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
/**
* Creates an tcg_pts_attr_dh_nonce_params_req_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
index eb0d0e533..fa1dbdd3a 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,7 +61,12 @@ struct private_tcg_pts_attr_dh_nonce_params_resp_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -137,6 +143,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->responder_value);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -148,10 +155,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t nonce_len;
u_int16_t dh_group, hash_algo_set;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Response");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -170,6 +182,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_dh_nonce_params_resp_t *this)
{
@@ -232,6 +250,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -254,7 +273,8 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value)
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length,
+ chunk_t value)
{
private_tcg_pts_attr_dh_nonce_params_resp_t *this;
@@ -267,6 +287,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -276,6 +297,7 @@ pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value)
.get_responder_value = _get_responder_value,
},
.type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP },
+ .length = length,
.value = chunk_clone(value),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
index 72046d2ed..b548a81f0 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -86,8 +87,10 @@ pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
/**
* Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
index b9095f5be..5b4cc273b 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -69,16 +70,46 @@ struct private_tcg_pts_attr_file_meas_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
*/
chunk_t value;
/**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
* Noskip flag
*/
bool noskip_flag;
/**
+ * Request ID
+ */
+ uint16_t request_id;
+
+ /**
+ * Measurement Length
+ */
+ uint16_t meas_len;
+
+ /**
+ * Number of Files in attribute
+ */
+ uint64_t count;
+
+ /**
* PTS File Measurements
*/
pts_file_meas_t *measurements;
@@ -118,7 +149,7 @@ METHOD(pa_tnc_attr_t, build, void,
{
bio_writer_t *writer;
enumerator_t *enumerator;
- u_int64_t number_of_files;
+ u_int64_t count;
u_int16_t request_id;
char *filename;
chunk_t measurement;
@@ -128,11 +159,11 @@ METHOD(pa_tnc_attr_t, build, void,
{
return;
}
- number_of_files = this->measurements->get_file_count(this->measurements);
+ count = this->measurements->get_file_count(this->measurements);
request_id = this->measurements->get_request_id(this->measurements);
writer = bio_writer_create(PTS_FILE_MEAS_SIZE);
- writer->write_uint64(writer, number_of_files);
+ writer->write_uint64(writer, count);
writer->write_uint16(writer, request_id);
enumerator = this->measurements->create_enumerator(this->measurements);
@@ -155,6 +186,8 @@ METHOD(pa_tnc_attr_t, build, void,
}
this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -162,48 +195,59 @@ METHOD(pa_tnc_attr_t, process, status_t,
private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
- u_int64_t number_of_files;
- u_int16_t request_id, meas_len;
chunk_t measurement, filename;
- size_t len;
+ status_t status = NEED_MORE;
char buf[BUF_LEN];
- status_t status = FAILED;
+ size_t len;
- if (this->value.len < PTS_FILE_MEAS_SIZE)
+ if (this->offset == 0)
{
- DBG1(DBG_TNC, "insufficient data for PTS file measurement header");
- *offset = 0;
- return FAILED;
+ if (this->length < PTS_FILE_MEAS_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < PTS_FILE_MEAS_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint64(reader, &this->count);
+ reader->read_uint16(reader, &this->request_id);
+ reader->read_uint16(reader, &this->meas_len);
+ this->offset = PTS_FILE_MEAS_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
}
+ this->measurements = pts_file_meas_create(this->request_id);
reader = bio_reader_create(this->value);
- reader->read_uint64(reader, &number_of_files);
- reader->read_uint16(reader, &request_id);
- reader->read_uint16(reader, &meas_len);
- *offset = PTS_FILE_MEAS_SIZE;
-
- this->measurements = pts_file_meas_create(request_id);
- while (number_of_files--)
+ while (this->count)
{
- if (!reader->read_data(reader, meas_len, &measurement))
- {
- DBG1(DBG_TNC, "insufficient data for PTS file measurement");
- goto end;
- }
- *offset += meas_len;
-
- if (!reader->read_data16(reader, &filename))
+ if (!reader->read_data(reader, this->meas_len, &measurement) ||
+ !reader->read_data16(reader, &filename))
{
- DBG1(DBG_TNC, "insufficient data for filename");
goto end;
}
- *offset += 2 + filename.len;
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
len = min(filename.len, BUF_LEN-1);
memcpy(buf, filename.ptr, len);
buf[len] = '\0';
this->measurements->add(this->measurements, buf, measurement);
+ this->count--;
+ }
+
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
}
status = SUCCESS;
@@ -212,6 +256,14 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_file_meas_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_file_meas_t *this)
{
@@ -224,7 +276,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
if (ref_put(&this->ref))
{
DESTROY_IF(this->measurements);
- free(this->value.ptr);
+ free(this->segment.ptr);
free(this);
}
}
@@ -251,12 +303,15 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_measurements = _get_measurements,
},
.type = { PEN_TCG, TCG_PTS_FILE_MEAS },
+ .request_id = measurements->get_request_id(measurements),
+ .count = measurements->get_file_count(measurements),
.measurements = measurements,
.ref = 1,
);
@@ -268,7 +323,8 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_file_meas_t *this;
@@ -281,15 +337,20 @@ pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_measurements = _get_measurements,
},
.type = { PEN_TCG, TCG_PTS_FILE_MEAS },
- .value = chunk_clone(data),
+ .length = length,
+ .segment = chunk_clone(data),
.ref = 1,
);
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
return &this->public.pa_tnc_attribute;
}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h
index 4f155f05b..d399fecbb 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -58,8 +59,10 @@ pa_tnc_attr_t* tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements);
/**
* Creates an tcg_pts_attr_file_meas_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_FILE_MEAS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
index f263747a3..b7b4d7e3f 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -55,7 +56,12 @@ struct private_tcg_pts_attr_gen_attest_evid_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +113,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32 (writer, PTS_GEN_ATTEST_EVID_RESERVED);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -116,10 +123,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
u_int32_t reserved;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_GEN_ATTEST_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Generate Attestation Evidence");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -129,6 +141,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_gen_attest_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_gen_attest_evid_t *this)
{
@@ -162,6 +180,7 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create()
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -177,7 +196,8 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create()
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_gen_attest_evid_t *this;
@@ -190,11 +210,13 @@ pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h
index 38909b025..971abd2a3 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -46,8 +47,10 @@ pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create();
/**
* Creates an tcg_pts_attr_gen_attest_evid_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_GEN_ATTEST_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
index cf944d2a9..8fda2b1f5 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -52,7 +53,12 @@ struct private_tcg_pts_attr_get_aik_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -104,19 +110,31 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32 (writer, PTS_GET_AIK_RESERVED);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_get_aik_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, process, status_t,
private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset)
{
bio_reader_t *reader;
u_int32_t reserved;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_GET_AIK_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Get AIK");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -159,6 +177,7 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create()
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -174,7 +193,8 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create()
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_get_aik_t *this;
@@ -187,11 +207,13 @@ pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = { PEN_TCG, TCG_PTS_GET_AIK },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h
index 120100e59..923fd039f 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -46,8 +47,10 @@ pa_tnc_attr_t* tcg_pts_attr_get_aik_create();
/**
* Creates an tcg_pts_attr_get_aik_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_GET_AIK_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
index 647c426ed..a4c9dba87 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -55,7 +56,12 @@ struct private_tcg_pts_attr_get_tpm_version_info_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +113,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32 (writer, PTS_GET_TPM_VER_INFO_RESERVED);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -116,10 +123,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
u_int32_t reserved;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_GET_TPM_VER_INFO_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Get TPM Version Information");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -129,6 +141,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_get_tpm_version_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_get_tpm_version_info_t *this)
{
@@ -162,6 +180,7 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create()
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -177,7 +196,8 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create()
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_get_tpm_version_info_t *this;
@@ -190,11 +210,13 @@ pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
index 711a1d50c..19fb5a4e8 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -47,8 +48,10 @@ pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create();
/**
* Creates an tcg_pts_attr_get_tpm_version_info_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
index a4dac9070..8b0502a91 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -53,7 +54,12 @@ struct private_tcg_pts_attr_meas_algo_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -110,6 +116,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, PTS_MEAS_ALGO_RESERVED);
writer->write_uint16(writer, this->algorithms);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -119,10 +126,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
u_int16_t reserved, algorithms;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_MEAS_ALGO_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS Measurement Algorithm");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -134,14 +146,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_meas_algo_t *this)
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_meas_algo_t *this, chunk_t segment)
{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
+ this->value = chunk_cat("mc", this->value, segment);
}
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
@@ -151,6 +159,16 @@ METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
return &this->public.pa_tnc_attribute;
}
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
METHOD(tcg_pts_attr_meas_algo_t, get_algorithms, pts_meas_algorithms_t,
private_tcg_pts_attr_meas_algo_t *this)
{
@@ -174,6 +192,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -192,7 +211,8 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data,
+pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(size_t length,
+ chunk_t data,
bool selection)
{
private_tcg_pts_attr_meas_algo_t *this;
@@ -206,6 +226,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -213,6 +234,7 @@ pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data,
},
.type = { PEN_TCG,
selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h
index 88d1be0aa..bc15a9bb4 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -59,10 +60,12 @@ pa_tnc_attr_t* tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
/**
* Creates an tcg_pts_attr_meas_algo_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
* @param selection TRUE if a selection
*/
-pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(chunk_t value,
+pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(size_t length,
+ chunk_t value,
bool selection);
#endif /** TCG_PTS_ATTR_MEAS_ALGO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
index 6473ea808..0a562c0bc 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -52,8 +53,14 @@ struct private_tcg_pts_attr_proto_caps_t {
*/
pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
/**
- * Attribute value
+ * Attribute value or segment
*/
chunk_t value;
@@ -111,6 +118,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, this->flags);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -120,10 +128,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
u_int16_t reserved, flags;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_PROTO_CAPS_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS Protocol Capabilities");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -135,14 +148,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_proto_caps_t *this)
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_proto_caps_t *this, chunk_t segment)
{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
+ this->value = chunk_cat("mc", this->value, segment);
}
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
@@ -152,6 +161,16 @@ METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
return &this->public.pa_tnc_attribute;
}
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
METHOD(tcg_pts_attr_proto_caps_t, get_flags, pts_proto_caps_flag_t,
private_tcg_pts_attr_proto_caps_t *this)
{
@@ -175,6 +194,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -192,7 +212,8 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data,
+pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(size_t length,
+ chunk_t data,
bool request)
{
private_tcg_pts_attr_proto_caps_t *this;
@@ -206,6 +227,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -213,6 +235,7 @@ pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data,
},
.type = { PEN_TCG,
request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h
index c2478da0b..11ed22810 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -58,10 +59,12 @@ pa_tnc_attr_t* tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
/**
* Creates an tcg_pts_attr_proto_caps_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
* @param request TRUE for a PTS protocol capabilities request
*/
-pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(chunk_t value,
+pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(size_t length,
+ chunk_t value,
bool request);
#endif /** TCG_PTS_ATTR_PROTO_CAPS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
index c5a2f4b8a..a3c3ce56e 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -62,7 +63,12 @@ struct private_tcg_pts_attr_req_file_meas_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -145,6 +151,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32(writer, this->delimiter);
writer->write_data (writer, pathname);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -156,10 +163,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t reserved;
chunk_t pathname;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_REQ_FILE_MEAS_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Request File Measurement");
- *offset = 0;
return FAILED;
}
@@ -178,6 +190,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_file_meas_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_req_file_meas_t *this)
{
@@ -239,6 +257,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -262,7 +281,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_req_file_meas_t *this;
@@ -275,6 +295,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -284,6 +305,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data)
.get_pathname = _get_pathname,
},
.type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
index 135c088bf..20a54dfaf 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -83,8 +84,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag,
/**
* Creates an tcg_pts_attr_req_file_meas_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_REQ_FILE_MEAS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
index 8d703af65..f6befa8b9 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,7 +61,12 @@ struct private_tcg_pts_attr_req_file_meta_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -138,6 +144,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, pathname);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -149,11 +156,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int16_t reserved;
chunk_t pathname;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_REQ_FILE_META_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Request File Metadata");
- *offset = 0;
- return FAILED;
}
reader = bio_reader_create(this->value);
@@ -171,6 +182,19 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_file_meta_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
METHOD(pa_tnc_attr_t, destroy, void,
private_tcg_pts_attr_req_file_meta_t *this)
{
@@ -182,13 +206,6 @@ METHOD(pa_tnc_attr_t, destroy, void,
}
}
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool,
private_tcg_pts_attr_req_file_meta_t *this)
{
@@ -225,6 +242,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -246,7 +264,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_req_file_meta_t *this;
@@ -259,6 +278,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -267,6 +287,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data)
.get_pathname = _get_pathname,
},
.type = { PEN_TCG, TCG_PTS_REQ_FILE_META },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
index 9aa1b93d6..c2f1cca74 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -74,8 +75,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag,
/**
* Creates an tcg_pts_attr_req_file_meta_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_REQ_FILE_META_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
index e10845bbb..03891104c 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -78,7 +79,12 @@ struct private_tcg_pts_attr_req_func_comp_evid_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -184,6 +190,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -196,11 +203,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
status_t status = FAILED;
entry_t *entry = NULL;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_REQ_FUNC_COMP_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Request Functional "
"Component Evidence");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -259,6 +271,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_req_func_comp_evid_t *this)
{
@@ -319,6 +337,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -337,7 +356,8 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_req_func_comp_evid_t *this;
@@ -350,6 +370,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -358,6 +379,7 @@ pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID },
+ .length = length,
.list = linked_list_create(),
.value = chunk_clone(data),
.ref = 1,
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
index 2c0b8a974..2f8657ed2 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -73,8 +74,10 @@ pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create(void);
/**
* Creates a tcg_pts_attr_req_func_comp_evid_t object from received data
*
- * @param value Unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
index 40f380ab4..d94ee89a5 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -105,7 +106,12 @@ struct private_tcg_pts_attr_simple_comp_evid_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -243,6 +249,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data(writer, measurement);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -307,11 +314,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bool has_pcr_info = FALSE, has_validation = FALSE;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
- *offset = 0;
- return FAILED;
}
reader = bio_reader_create(this->value);
@@ -427,6 +438,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_simple_comp_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_simple_comp_evid_t *this)
{
@@ -467,6 +484,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -484,7 +502,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_simple_comp_evid_t *this;
@@ -497,12 +516,14 @@ pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_comp_evidence = _get_comp_evidence,
},
.type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h
index 628fad621..c08adb8c9 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -57,8 +58,10 @@ pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid);
/**
* Creates an tcg_pts_attr_simple_comp_evid_t object from received data
*
- * @param value Unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
index baadd943f..cfeaec6e9 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -63,7 +64,12 @@ struct private_tcg_pts_attr_simple_evid_final_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -126,6 +132,12 @@ METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
return this->noskip_flag;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, set_noskip_flag,void,
private_tcg_pts_attr_simple_evid_final_t *this, bool noskip)
{
@@ -195,6 +207,7 @@ METHOD(pa_tnc_attr_t, build, void,
}
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -207,10 +220,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Simple Evidence Final");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -332,6 +350,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -354,7 +373,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_simple_evid_final_t *this;
@@ -367,6 +387,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -375,6 +396,7 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data)
.set_evid_sig = _set_evid_sig,
},
.type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
index 1fac2e1ce..8343b5b30 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -86,8 +87,10 @@ pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create(
/**
* Creates an tcg_pts_attr_simple_evid_final_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
index b776cb662..db877e9c5 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,7 +55,12 @@ struct private_tcg_pts_attr_tpm_version_info_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -111,6 +117,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data(writer, this->tpm_version_info);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -119,10 +126,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_TPM_VER_INFO_SIZE)
{
DBG1(DBG_TNC, "insufficient data for TPM Version Information");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -133,6 +145,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_tpm_version_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_tpm_version_info_t *this)
{
@@ -180,6 +198,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -198,7 +217,8 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_tpm_version_info_t *this;
@@ -211,6 +231,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -218,6 +239,7 @@ pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data)
.set_tpm_version_info = _set_tpm_version_info,
},
.type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h
index e03b57f79..d87d72b22 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -63,8 +64,10 @@ pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info);
/**
* Creates an tcg_pts_attr_tpm_version_info_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
index eff64c229..7c176fdf6 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -88,7 +89,12 @@ struct private_tcg_pts_attr_file_meta_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -168,6 +174,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -183,10 +190,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
chunk_t filename;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PTS_FILE_META_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PTS Unix-Style file metadata header");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -266,6 +278,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_file_meta_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_pts_attr_file_meta_t *this)
{
@@ -306,6 +324,7 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -323,7 +342,8 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata)
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_pts_attr_file_meta_t *this;
@@ -336,12 +356,14 @@ pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_metadata = _get_metadata,
},
.type = { PEN_TCG, TCG_PTS_UNIX_FILE_META },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h
index 2118d3920..d08261cc9 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -58,8 +59,10 @@ pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata);
/**
* Creates an tcg_pts_attr_file_meta_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_PTS_ATTR_UNIX_FILE_META_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
new file mode 100644
index 000000000..010eaf83d
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
@@ -0,0 +1,254 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_max_size.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t;
+
+/**
+ * Maximum Attribute Size Request/Response
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Attribute Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Segment Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_max_size_t object.
+ */
+struct private_tcg_seg_attr_max_size_t {
+
+ /**
+ * Public members of tcg_seg_attr_max_size_t
+ */
+ tcg_seg_attr_max_size_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Maximum IF-M attribute size in octets
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum IF-M attribute segment size in octets
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_max_size_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE);
+ writer->write_uint32(writer, this->max_attr_size);
+ writer->write_uint32(writer, this->max_seg_size);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_max_size_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32(reader, &this->max_attr_size);
+ reader->read_uint32(reader, &this->max_seg_size);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_max_size_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_max_size_t, get_attr_size, void,
+ private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(size_t length,
+ chunk_t data,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h
new file mode 100644
index 000000000..72660acd5
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_MAX_SIZE_H_
+#define TCG_SEG_ATTR_MAX_SIZE_H_
+
+typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_MAX_SIZE_SIZE 8
+
+/**
+ * Class implementing the TCG Segmentation Maximum Attribute Size Attribute
+ */
+struct tcg_seg_attr_max_size_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get maximum IF-M attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ */
+ void (*get_attr_size)(tcg_seg_attr_max_size_t *this,
+ uint32_t *max_attr_size, uint32_t *max_seg_size);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request);
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(size_t length,
+ chunk_t value,
+ bool request);
+
+#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
new file mode 100644
index 000000000..995f64cad
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_next_seg.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_next_seg_t private_tcg_seg_attr_next_seg_t;
+
+typedef enum {
+ NEXT_SEG_FLAG_NONE = 0,
+ NEXT_SEG_FLAG_CANCEL = 1
+} next_seg_flags_t;
+
+/**
+ * Next Segment
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |C| Reserved | Base Attribute ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_next_seg_t object.
+ */
+struct private_tcg_seg_attr_next_seg_t {
+
+ /**
+ * Public members of tcg_seg_attr_next_seg_t
+ */
+ tcg_seg_attr_next_seg_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Cancel flag
+ */
+ bool cancel_flag;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_next_seg_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(TCG_SEG_ATTR_NEXT_SEG_SIZE);
+ writer->write_uint8 (writer, this->cancel_flag ? NEXT_SEG_FLAG_CANCEL :
+ NEXT_SEG_FLAG_NONE);
+ writer->write_uint24(writer, this->base_attr_id);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ uint8_t flags;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ DBG1(DBG_TNC, "segmentation not allowed for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ if (this->value.len < TCG_SEG_ATTR_NEXT_SEG_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &this->base_attr_id);
+ reader->destroy(reader);
+
+ this->cancel_flag = (flags & NEXT_SEG_FLAG_CANCEL);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_next_seg_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_next_seg_t, get_base_attr_id, uint32_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->base_attr_id;
+}
+
+METHOD(tcg_seg_attr_next_seg_t, get_cancel_flag, bool,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->cancel_flag;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel)
+{
+ private_tcg_seg_attr_next_seg_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_cancel_flag = _get_cancel_flag,
+ },
+ .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ },
+ .base_attr_id = base_attr_id,
+ .cancel_flag = cancel,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_next_seg_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_seg_attr_next_seg_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_cancel_flag = _get_cancel_flag,
+ },
+ .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h
new file mode 100644
index 000000000..49a4d3666
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_next_seg tcg_seg_attr_next_seg
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_NEXT_SEG_H_
+#define TCG_SEG_ATTR_NEXT_SEG_H_
+
+typedef struct tcg_seg_attr_next_seg_t tcg_seg_attr_next_seg_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_NEXT_SEG_SIZE 4
+
+/**
+ * Class implementing the TCG Segmentation Next Segment Attribute
+ */
+struct tcg_seg_attr_next_seg_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(tcg_seg_attr_next_seg_t *this);
+
+ /**
+ * Get the Cancel flag
+ *
+ * @return Cancel flag
+ */
+ bool (*get_cancel_flag)(tcg_seg_attr_next_seg_t *this);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_next_seg_t object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param cancel If TRUE set Cancel flag
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel);
+
+/**
+ * Creates an tcg_seg_attr_next_seg_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SEG_ATTR_NEXT_SEG_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
new file mode 100644
index 000000000..4f767539c
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
@@ -0,0 +1,257 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_seg_env.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_seg_env_t private_tcg_seg_attr_seg_env_t;
+
+/**
+ * Attribute Segment Envelope
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |M|S| Reserved | Base Attribute ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Segment Value (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_seg_env_t object.
+ */
+struct private_tcg_seg_attr_seg_env_t {
+
+ /**
+ * Public members of tcg_seg_attr_seg_env_t
+ */
+ tcg_seg_attr_seg_env_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * PA-TNC segmentation flags
+ */
+ uint8_t flags;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Attribute value
+ */
+ chunk_t segment;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_seg_env_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ /* constructor already allocated and built value */
+ this->length = this->value.len;
+ return;
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ DBG1(DBG_TNC, "segmentation not allowed for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ return FAILED;
+ }
+ if (this->value.len < TCG_SEG_ATTR_SEG_ENV_HEADER)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &this->flags);
+ reader->read_uint24(reader, &this->base_attr_id);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_seg_env_t *this, chunk_t segment)
+{
+ /* no segments are expected */
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_seg_env_t, get_segment, chunk_t,
+ private_tcg_seg_attr_seg_env_t *this, uint8_t *flags)
+{
+ if (flags)
+ {
+ *flags = this->flags;
+ }
+ return chunk_skip(this->value, TCG_SEG_ATTR_SEG_ENV_HEADER);
+}
+
+METHOD(tcg_seg_attr_seg_env_t, get_base_attr_id, uint32_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->base_attr_id;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags,
+ uint32_t base_attr_id)
+{
+ private_tcg_seg_attr_seg_env_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_segment = _get_segment,
+ },
+ .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV },
+ .flags = flags,
+ .base_attr_id = base_attr_id,
+ .value = chunk_alloc(TCG_SEG_ATTR_SEG_ENV_HEADER + segment.len),
+ .ref = 1,
+ );
+
+ htoun32(this->value.ptr, base_attr_id);
+ *this->value.ptr = flags;
+ memcpy(this->value.ptr + TCG_SEG_ATTR_SEG_ENV_HEADER,
+ segment.ptr, segment.len);
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_seg_env_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_seg_attr_seg_env_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_segment = _get_segment,
+ },
+ .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h
new file mode 100644
index 000000000..a8b3d7c34
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_SEG_ENV_H_
+#define TCG_SEG_ATTR_SEG_ENV_H_
+
+typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_SEG_ENV_HEADER 4
+
+/**
+ * Class implementing the TCG Segmentation Envelope Attribute
+ */
+struct tcg_seg_attr_seg_env_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get enveloped attribute segment
+ *
+ * @param flags Segmentation flags
+ * @return Segment
+ */
+ chunk_t (*get_segment)(tcg_seg_attr_seg_env_t *this, uint8_t *flags);
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(tcg_seg_attr_seg_env_t *this);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object
+ *
+ * @param segment Attribute segment
+ * @param flags Segmentation flags
+ * @param base_attr_id Base Attribute ID
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags,
+ uint32_t base_attr_id);
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
index c403d06f9..561242758 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_req.c
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * |Reserved |C|S|R| Tag ID Count |
+ * |R|S|C| Reserved| Tag ID Count |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Request ID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -44,7 +44,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-#define SWID_REQ_RESERVED_MASK 0x03
+#define SWID_REQ_RESERVED_MASK 0xE0
/**
* Private data of an tcg_swid_attr_req_t object.
@@ -62,7 +62,13 @@ struct private_tcg_swid_attr_req_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -151,6 +157,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -162,10 +169,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
chunk_t tag_creator, unique_sw_id;
swid_tag_id_t *tag_id;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < TCG_SWID_REQ_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for SWID Request");
- *offset = 0;
return FAILED;
}
@@ -208,6 +220,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_req_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_tcg_swid_attr_req_t *this)
{
@@ -273,6 +291,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -296,7 +315,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data)
{
private_tcg_swid_attr_req_t *this;
@@ -309,6 +328,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -319,6 +339,7 @@ pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data)
.get_targets = _get_targets,
},
.type = { PEN_TCG, TCG_SWID_REQUEST },
+ .length = length,
.value = chunk_clone(data),
.targets = swid_inventory_create(FALSE),
.ref = 1,
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
index 59b597d84..fd2ccdc4f 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_req.h
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
@@ -28,9 +28,9 @@ typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t;
enum tcg_swid_attr_req_flag_t {
TCG_SWID_ATTR_REQ_FLAG_NONE = 0,
- TCG_SWID_ATTR_REQ_FLAG_R = (1 << 0),
- TCG_SWID_ATTR_REQ_FLAG_S = (1 << 1),
- TCG_SWID_ATTR_REQ_FLAG_C = (1 << 2)
+ TCG_SWID_ATTR_REQ_FLAG_R = (1 << 7),
+ TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6),
+ TCG_SWID_ATTR_REQ_FLAG_C = (1 << 5)
};
#include "tcg/tcg_attr.h"
@@ -98,8 +98,9 @@ pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
/**
* Creates an tcg_swid_attr_req_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value);
#endif /** TCG_SWID_ATTR_REQ_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
index 33aa16d53..560d5878f 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
@@ -42,7 +42,7 @@ typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_i
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Unique Software ID Length |Unique Software ID (var length)|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag File Path Length | Tag File Path (var. length) |
+ * | Instance ID Length | Instance ID (variable length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
@@ -64,11 +64,26 @@ struct private_tcg_swid_attr_tag_id_inv_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
*/
chunk_t value;
/**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
* Noskip flag
*/
bool noskip_flag;
@@ -89,6 +104,11 @@ struct private_tcg_swid_attr_tag_id_inv_t {
uint32_t last_eid;
/**
+ * Number of SWID Tag IDs in attribute
+ */
+ uint32_t tag_id_count;
+
+ /**
* SWID Tag ID Inventory
*/
swid_inventory_t *inventory;
@@ -128,7 +148,7 @@ METHOD(pa_tnc_attr_t, build, void,
{
bio_writer_t *writer;
swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
+ chunk_t tag_creator, unique_sw_id, instance_id;
enumerator_t *enumerator;
if (this->value.ptr)
@@ -147,14 +167,16 @@ METHOD(pa_tnc_attr_t, build, void,
while (enumerator->enumerate(enumerator, &tag_id))
{
tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id);
writer->write_data16(writer, tag_creator);
writer->write_data16(writer, unique_sw_id);
- writer->write_data16(writer, tag_file_path);
+ writer->write_data16(writer, instance_id);
}
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -162,55 +184,74 @@ METHOD(pa_tnc_attr_t, process, status_t,
private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t tag_id_count;
uint8_t reserved;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
+ chunk_t tag_creator, unique_sw_id, instance_id;
swid_tag_id_t *tag_id;
+ status_t status = NEED_MORE;
- if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
+ if (this->offset == 0)
{
- DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- *offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
-
- while (tag_id_count--)
- {
- if (!reader->read_data16(reader, &tag_creator))
+ if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE)
{
- DBG1(DBG_TNC, "insufficient data for Tag Creator field");
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
return FAILED;
}
- *offset += 2 + tag_creator.len;
-
- if (!reader->read_data16(reader, &unique_sw_id))
+ if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
{
- DBG1(DBG_TNC, "insufficient data for Unique Software ID");
- return FAILED;
+ return NEED_MORE;
}
- *offset += 2 + unique_sw_id.len;
-
- if (!reader->read_data16(reader, &tag_file_path))
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &this->tag_id_count);
+ reader->read_uint32(reader, &this->request_id);
+ reader->read_uint32(reader, &this->eid_epoch);
+ reader->read_uint32(reader, &this->last_eid);
+ this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
+ }
+
+ reader = bio_reader_create(this->value);
+
+ while (this->tag_id_count)
+ {
+ if (!reader->read_data16(reader, &tag_creator) ||
+ !reader->read_data16(reader, &unique_sw_id) ||
+ !reader->read_data16(reader, &instance_id))
{
- DBG1(DBG_TNC, "insufficient data for Tag File Path");
- return FAILED;
+ goto end;
}
- *offset += 2 + tag_file_path.len;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id);
this->inventory->add(this->inventory, tag_id);
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
+
+ /* at least one tag ID was processed */
+ status = SUCCESS;
+ this->tag_id_count--;
}
+
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
+ }
+
+end:
reader->destroy(reader);
+ return status;
+}
- return SUCCESS;
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
}
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
@@ -226,7 +267,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
if (ref_put(&this->ref))
{
this->inventory->destroy(this->inventory);
- free(this->value.ptr);
+ free(this->segment.ptr);
free(this);
}
}
@@ -253,12 +294,25 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
return this->last_eid;
}
+METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->tag_id_count;
+}
+
METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
private_tcg_swid_attr_tag_id_inv_t *this)
{
return this->inventory;
}
+METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ this->inventory->destroy(this->inventory);
+ this->inventory = swid_inventory_create(FALSE);
+}
+
/**
* Described in header.
*/
@@ -277,13 +331,16 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
+ .get_tag_id_count = _get_tag_id_count,
.get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
},
.type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
.request_id = request_id,
@@ -300,7 +357,8 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_swid_attr_tag_id_inv_t *this;
@@ -313,19 +371,26 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
+ .get_tag_id_count = _get_tag_id_count,
.get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
},
.type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .value = chunk_clone(data),
+ .length = length,
+ .segment = chunk_clone(data),
.inventory = swid_inventory_create(FALSE),
.ref = 1,
);
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
return &this->public.pa_tnc_attribute;
}
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
index c4ade904e..e9db9b3c6 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
@@ -66,12 +66,24 @@ struct tcg_swid_attr_tag_id_inv_t {
uint32_t *eid_epoch);
/**
+ * Get count of remaining SWID tag IDs
+ *
+ * @return SWID Tag ID count
+ */
+ uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this);
+
+ /**
* Get Inventory of SWID tag IDs
*
* @result SWID Tag ID Inventory
*/
swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
+ /**
+ * Remove all SWID Tag IDs from the Inventory
+ */
+ void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this);
+
};
/**
@@ -88,8 +100,10 @@ pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
/**
* Creates an tcg_swid_attr_tag_id_inv_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
index fbb94c6c2..013482441 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
@@ -38,7 +38,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Last EID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag File Path Length | Tag File Path (var length) |
+ * | Instance ID Length | Instance ID (var. length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Tag Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -64,11 +64,26 @@ struct private_tcg_swid_attr_tag_inv_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
*/
chunk_t value;
/**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
* Noskip flag
*/
bool noskip_flag;
@@ -89,6 +104,11 @@ struct private_tcg_swid_attr_tag_inv_t {
uint32_t last_eid;
/**
+ * Number of SWID Tags in attribute
+ */
+ uint32_t tag_count;
+
+ /**
* SWID Tag Inventory
*/
swid_inventory_t *inventory;
@@ -145,12 +165,14 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator = this->inventory->create_enumerator(this->inventory);
while (enumerator->enumerate(enumerator, &tag))
{
- writer->write_data16(writer, tag->get_tag_file_path(tag));
+ writer->write_data16(writer, tag->get_instance_id(tag));
writer->write_data32(writer, tag->get_encoding(tag));
}
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -158,48 +180,73 @@ METHOD(pa_tnc_attr_t, process, status_t,
private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t tag_count;
uint8_t reserved;
- chunk_t tag_encoding, tag_file_path;
+ chunk_t tag_encoding, instance_id;
swid_tag_t *tag;
+ status_t status = NEED_MORE;
- if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
+ if (this->offset == 0)
{
- DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
- *offset = 0;
- return FAILED;
+ if (this->length < TCG_SWID_TAG_INV_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &this->tag_count);
+ reader->read_uint32(reader, &this->request_id);
+ reader->read_uint32(reader, &this->eid_epoch);
+ reader->read_uint32(reader, &this->last_eid);
+ this->offset = TCG_SWID_TAG_INV_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
}
reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &tag_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- *offset = TCG_SWID_TAG_INV_MIN_SIZE;
-
- while (tag_count--)
+
+ while (this->tag_count)
{
- if (!reader->read_data16(reader, &tag_file_path))
+ if (!reader->read_data16(reader, &instance_id) ||
+ !reader->read_data32(reader, &tag_encoding))
{
- DBG1(DBG_TNC, "insufficient data for Tag File Path");
- return FAILED;
+ goto end;
}
- *offset += 2 + tag_file_path.len;
+ tag = swid_tag_create(tag_encoding, instance_id);
+ this->inventory->add(this->inventory, tag);
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
- if (!reader->read_data32(reader, &tag_encoding))
- {
- DBG1(DBG_TNC, "insufficient data for Tag");
- return FAILED;
- }
- *offset += 4 + tag_encoding.len;
+ /* at least one tag was processed */
+ status = SUCCESS;
+ this->tag_count--;
+ }
- tag = swid_tag_create(tag_encoding, tag_file_path);
- this->inventory->add(this->inventory, tag);
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
}
+
+end:
reader->destroy(reader);
+ return status;
+}
- return SUCCESS;
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_tag_inv_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
}
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
@@ -215,7 +262,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
if (ref_put(&this->ref))
{
this->inventory->destroy(this->inventory);
- free(this->value.ptr);
+ free(this->segment.ptr);
free(this);
}
}
@@ -242,12 +289,25 @@ METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
return this->last_eid;
}
+METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->tag_count;
+}
+
METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
private_tcg_swid_attr_tag_inv_t *this)
{
return this->inventory;
}
+METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ this->inventory->destroy(this->inventory);
+ this->inventory = swid_inventory_create(TRUE);
+}
+
/**
* Described in header.
*/
@@ -265,13 +325,16 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
+ .get_tag_count = _get_tag_count,
.get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
},
.type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
.request_id = request_id,
@@ -284,11 +347,11 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
return &this->public.pa_tnc_attribute;
}
-
/**
* Described in header.
*/
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length,
+ chunk_t data)
{
private_tcg_swid_attr_tag_inv_t *this;
@@ -301,19 +364,26 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.get_request_id = _get_request_id,
.get_last_eid = _get_last_eid,
+ .get_tag_count = _get_tag_count,
.get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
},
.type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .value = chunk_clone(data),
+ .length = length,
+ .segment = chunk_clone(data),
.inventory = swid_inventory_create(TRUE),
.ref = 1,
);
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
return &this->public.pa_tnc_attribute;
}
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
index 69966c7d6..43ebd9e2a 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
@@ -65,12 +65,24 @@ struct tcg_swid_attr_tag_inv_t {
uint32_t *eid_epoch);
/**
+ * Get count of remaining SWID tags
+ *
+ * @return SWID Tag count
+ */
+ uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this);
+
+ /**
* Get Inventory of SWID tags
*
* @result SWID Tag Inventory
*/
swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
+ /**
+ * Remove all SWID Tags from the Inventory
+ */
+ void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this);
+
};
/**
@@ -87,8 +99,10 @@ pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
/**
* Creates an tcg_swid_attr_tag_inv_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(chunk_t value);
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length,
+ chunk_t value);
#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/
diff --git a/src/libpts/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index f9c6c46cf..79492913b 100644
--- a/src/libpts/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -33,6 +34,9 @@
#include "tcg/swid/tcg_swid_attr_req.h"
#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES,
TCG_SCAP_SUMMARY_RESULTS,
@@ -50,9 +54,17 @@ ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST,
"SWID Tag Identifier Events",
"SWID Tag Inventory",
"SWID Tag Events");
+ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ,
+ TCG_SEG_CANCEL_SEG_EXCH,
+ TCG_SWID_TAG_EVENTS,
+ "Max Attribute Size Request",
+ "Max Attribute Size Response",
+ "Attribute Segment Envelope",
+ "Next Segment Request",
+ "Cancel Segment Exchange");
ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID,
TCG_PTS_REQ_FUNC_COMP_EVID,
- TCG_SWID_TAG_EVENTS,
+ TCG_SEG_CANCEL_SEG_EXCH,
"Request Functional Component Evidence");
ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID,
TCG_PTS_GEN_ATTEST_EVID,
@@ -171,54 +183,73 @@ ENUM_END(tcg_attr_names, TCG_PTS_AIK);
/**
* See header
*/
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value)
+pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value)
{
switch (type)
{
case TCG_SWID_REQUEST:
- return tcg_swid_attr_req_create_from_data(value);
+ return tcg_swid_attr_req_create_from_data(length, value);
case TCG_SWID_TAG_ID_INVENTORY:
- return tcg_swid_attr_tag_id_inv_create_from_data(value);
+ return tcg_swid_attr_tag_id_inv_create_from_data(length, value);
case TCG_SWID_TAG_INVENTORY:
- return tcg_swid_attr_tag_inv_create_from_data(value);
+ return tcg_swid_attr_tag_inv_create_from_data(length, value);
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ return tcg_seg_attr_max_size_create_from_data(length, value, TRUE);
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ return tcg_seg_attr_max_size_create_from_data(length, value, FALSE);
+ case TCG_SEG_ATTR_SEG_ENV:
+ return tcg_seg_attr_seg_env_create_from_data(length, value);
+ case TCG_SEG_NEXT_SEG_REQ:
+ return tcg_seg_attr_next_seg_create_from_data(length, value);
case TCG_PTS_REQ_PROTO_CAPS:
- return tcg_pts_attr_proto_caps_create_from_data(value, TRUE);
+ return tcg_pts_attr_proto_caps_create_from_data(length, value,
+ TRUE);
case TCG_PTS_PROTO_CAPS:
- return tcg_pts_attr_proto_caps_create_from_data(value, FALSE);
+ return tcg_pts_attr_proto_caps_create_from_data(length, value,
+ FALSE);
case TCG_PTS_DH_NONCE_PARAMS_REQ:
- return tcg_pts_attr_dh_nonce_params_req_create_from_data(value);
+ return tcg_pts_attr_dh_nonce_params_req_create_from_data(length,
+ value);
case TCG_PTS_DH_NONCE_PARAMS_RESP:
- return tcg_pts_attr_dh_nonce_params_resp_create_from_data(value);
+ return tcg_pts_attr_dh_nonce_params_resp_create_from_data(length,
+ value);
case TCG_PTS_DH_NONCE_FINISH:
- return tcg_pts_attr_dh_nonce_finish_create_from_data(value);
+ return tcg_pts_attr_dh_nonce_finish_create_from_data(length, value);
case TCG_PTS_MEAS_ALGO:
- return tcg_pts_attr_meas_algo_create_from_data(value, FALSE);
+ return tcg_pts_attr_meas_algo_create_from_data(length, value,
+ FALSE);
case TCG_PTS_MEAS_ALGO_SELECTION:
- return tcg_pts_attr_meas_algo_create_from_data(value, TRUE);
+ return tcg_pts_attr_meas_algo_create_from_data(length, value,
+ TRUE);
case TCG_PTS_GET_TPM_VERSION_INFO:
- return tcg_pts_attr_get_tpm_version_info_create_from_data(value);
+ return tcg_pts_attr_get_tpm_version_info_create_from_data(length,
+ value);
case TCG_PTS_TPM_VERSION_INFO:
- return tcg_pts_attr_tpm_version_info_create_from_data(value);
+ return tcg_pts_attr_tpm_version_info_create_from_data(length,
+ value);
case TCG_PTS_GET_AIK:
- return tcg_pts_attr_get_aik_create_from_data(value);
+ return tcg_pts_attr_get_aik_create_from_data(length, value);
case TCG_PTS_AIK:
- return tcg_pts_attr_aik_create_from_data(value);
+ return tcg_pts_attr_aik_create_from_data(length, value);
case TCG_PTS_REQ_FUNC_COMP_EVID:
- return tcg_pts_attr_req_func_comp_evid_create_from_data(value);
+ return tcg_pts_attr_req_func_comp_evid_create_from_data(length,
+ value);
case TCG_PTS_GEN_ATTEST_EVID:
- return tcg_pts_attr_gen_attest_evid_create_from_data(value);
+ return tcg_pts_attr_gen_attest_evid_create_from_data(length, value);
case TCG_PTS_SIMPLE_COMP_EVID:
- return tcg_pts_attr_simple_comp_evid_create_from_data(value);
+ return tcg_pts_attr_simple_comp_evid_create_from_data(length,
+ value);
case TCG_PTS_SIMPLE_EVID_FINAL:
- return tcg_pts_attr_simple_evid_final_create_from_data(value);
+ return tcg_pts_attr_simple_evid_final_create_from_data(length,
+ value);
case TCG_PTS_REQ_FILE_MEAS:
- return tcg_pts_attr_req_file_meas_create_from_data(value);
+ return tcg_pts_attr_req_file_meas_create_from_data(length, value);
case TCG_PTS_FILE_MEAS:
- return tcg_pts_attr_file_meas_create_from_data(value);
+ return tcg_pts_attr_file_meas_create_from_data(length, value);
case TCG_PTS_REQ_FILE_META:
- return tcg_pts_attr_req_file_meta_create_from_data(value);
+ return tcg_pts_attr_req_file_meta_create_from_data(length, value);
case TCG_PTS_UNIX_FILE_META:
- return tcg_pts_attr_unix_file_meta_create_from_data(value);
+ return tcg_pts_attr_unix_file_meta_create_from_data(length, value);
/* unsupported TCG/SWID attributes */
case TCG_SWID_TAG_ID_EVENTS:
case TCG_SWID_TAG_EVENTS:
diff --git a/src/libpts/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h
index 085dae650..9523f8e18 100644
--- a/src/libpts/tcg/tcg_attr.h
+++ b/src/libimcv/tcg/tcg_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,7 @@
/**
* @defgroup tcg_attr tcg_attr
- * @{ @ingroup libpts
+ * @{ @ingroup libimcv
*/
#ifndef TCG_ATTR_H_
@@ -46,6 +46,13 @@ enum tcg_attr_t {
TCG_SWID_TAG_INVENTORY = 0x00000014,
TCG_SWID_TAG_EVENTS = 0x00000015,
+ /* IF-M Attribute Segmentation */
+ TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021,
+ TCG_SEG_MAX_ATTR_SIZE_RESP = 0x00000022,
+ TCG_SEG_ATTR_SEG_ENV = 0x00000023,
+ TCG_SEG_NEXT_SEG_REQ = 0x00000024,
+ TCG_SEG_CANCEL_SEG_EXCH = 0x00000025,
+
/* PTS Protocol Negotiations */
TCG_PTS_REQ_PROTO_CAPS = 0x01000000,
TCG_PTS_PROTO_CAPS = 0x02000000,
@@ -89,8 +96,10 @@ extern enum_name_t *tcg_attr_names;
* Create a TCG PA-TNC attribute from data
*
* @param type attribute type
- * @param value attribute value
+ * @param length attribute length
+ * @param value attribute value or segment
*/
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value);
+pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
#endif /** TCG_ATTR_H_ @}*/
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 31494edaf..3663cf825 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -272,6 +272,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -332,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -397,6 +399,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -444,6 +448,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 181cb88db..0998efa9d 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,33 @@
#include <netinet/ip6.h>
#endif
+/**
+ * TCP header, defined here because platforms disagree regarding member names
+ * and unfortunately Android does not define a variant with BSD names.
+ */
+struct tcphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int32_t seq;
+ u_int32_t ack_seq;
+ u_int16_t flags;
+ u_int16_t window;
+ u_int16_t check;
+ u_int16_t urg_ptr;
+} __attribute__((packed));
+
+/**
+ * UDP header, similar to the TCP header the system headers disagree on member
+ * names. Linux uses a union and on Android we could define __FAVOR_BSD to get
+ * the BSD member names, but this is simpler and more consistent with the above.
+ */
+struct udphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int16_t len;
+ u_int16_t check;
+} __attribute__((packed));
+
typedef struct private_ip_packet_t private_ip_packet_t;
/**
@@ -54,6 +81,11 @@ struct private_ip_packet_t {
chunk_t packet;
/**
+ * IP payload (points into packet)
+ */
+ chunk_t payload;
+
+ /**
* IP version
*/
u_int8_t version;
@@ -89,6 +121,12 @@ METHOD(ip_packet_t, get_encoding, chunk_t,
return this->packet;
}
+METHOD(ip_packet_t, get_payload, chunk_t,
+ private_ip_packet_t *this)
+{
+ return this->payload;
+}
+
METHOD(ip_packet_t, get_next_header, u_int8_t,
private_ip_packet_t *this)
{
@@ -111,13 +149,57 @@ METHOD(ip_packet_t, destroy, void,
}
/**
+ * Parse transport protocol header
+ */
+static bool parse_transport_header(chunk_t packet, u_int8_t proto,
+ u_int16_t *sport, u_int16_t *dport)
+{
+ switch (proto)
+ {
+ case IPPROTO_UDP:
+ {
+ struct udphdr *udp;
+
+ if (packet.len < sizeof(*udp))
+ {
+ DBG1(DBG_ESP, "UDP packet too short");
+ return FALSE;
+ }
+ udp = (struct udphdr*)packet.ptr;
+ *sport = ntohs(udp->source);
+ *dport = ntohs(udp->dest);
+ break;
+ }
+ case IPPROTO_TCP:
+ {
+ struct tcphdr *tcp;
+
+ if (packet.len < sizeof(*tcp))
+ {
+ DBG1(DBG_ESP, "TCP packet too short");
+ return FALSE;
+ }
+ tcp = (struct tcphdr*)packet.ptr;
+ *sport = ntohs(tcp->source);
+ *dport = ntohs(tcp->dest);
+ break;
+ }
+ default:
+ break;
+ }
+ return TRUE;
+}
+
+/**
* Described in header.
*/
ip_packet_t *ip_packet_create(chunk_t packet)
{
private_ip_packet_t *this;
u_int8_t version, next_header;
+ u_int16_t sport = 0, dport = 0;
host_t *src, *dst;
+ chunk_t payload;
if (packet.len < 1)
{
@@ -141,11 +223,15 @@ ip_packet_t *ip_packet_create(chunk_t packet)
ip = (struct ip*)packet.ptr;
/* remove any RFC 4303 TFC extra padding */
packet.len = min(packet.len, untoh16(&ip->ip_len));
-
+ payload = chunk_skip(packet, ip->ip_hl * 4);
+ if (!parse_transport_header(payload, ip->ip_p, &sport, &dport))
+ {
+ goto failed;
+ }
src = host_create_from_chunk(AF_INET,
- chunk_from_thing(ip->ip_src), 0);
+ chunk_from_thing(ip->ip_src), sport);
dst = host_create_from_chunk(AF_INET,
- chunk_from_thing(ip->ip_dst), 0);
+ chunk_from_thing(ip->ip_dst), dport);
next_header = ip->ip_p;
break;
}
@@ -154,19 +240,25 @@ ip_packet_t *ip_packet_create(chunk_t packet)
{
struct ip6_hdr *ip;
- if (packet.len < sizeof(struct ip6_hdr))
+ if (packet.len < sizeof(*ip))
{
DBG1(DBG_ESP, "IPv6 packet too short");
goto failed;
}
ip = (struct ip6_hdr*)packet.ptr;
/* remove any RFC 4303 TFC extra padding */
- packet.len = min(packet.len, untoh16(&ip->ip6_plen));
-
+ packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
+ /* we only handle packets without extension headers, just skip the
+ * basic IPv6 header */
+ payload = chunk_skip(packet, 40);
+ if (!parse_transport_header(payload, ip->ip6_nxt, &sport, &dport))
+ {
+ goto failed;
+ }
src = host_create_from_chunk(AF_INET6,
- chunk_from_thing(ip->ip6_src), 0);
+ chunk_from_thing(ip->ip6_src), sport);
dst = host_create_from_chunk(AF_INET6,
- chunk_from_thing(ip->ip6_dst), 0);
+ chunk_from_thing(ip->ip6_dst), dport);
next_header = ip->ip6_nxt;
break;
}
@@ -183,12 +275,14 @@ ip_packet_t *ip_packet_create(chunk_t packet)
.get_destination = _get_destination,
.get_next_header = _get_next_header,
.get_encoding = _get_encoding,
+ .get_payload = _get_payload,
.clone = _clone_,
.destroy = _destroy,
},
.src = src,
.dst = dst,
.packet = packet,
+ .payload = payload,
.version = version,
.next_header = next_header,
);
@@ -198,3 +292,189 @@ failed:
chunk_free(&packet);
return NULL;
}
+
+/**
+ * Calculate the checksum for the pseudo IP header
+ */
+static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst,
+ u_int8_t proto, chunk_t payload)
+{
+ switch (src->get_family(src))
+ {
+ case AF_INET:
+ {
+ struct __attribute__((packed)) {
+ u_int32_t src;
+ u_int32_t dst;
+ u_char zero;
+ u_char proto;
+ u_int16_t len;
+ } pseudo = {
+ .proto = proto,
+ .len = htons(payload.len),
+ };
+ memcpy(&pseudo.src, src->get_address(src).ptr,
+ sizeof(pseudo.src));
+ memcpy(&pseudo.dst, dst->get_address(dst).ptr,
+ sizeof(pseudo.dst));
+ return chunk_internet_checksum(chunk_from_thing(pseudo));
+ }
+ case AF_INET6:
+ {
+ struct __attribute__((packed)) {
+ u_char src[16];
+ u_char dst[16];
+ u_int32_t len;
+ u_char zero[3];
+ u_char next_header;
+ } pseudo = {
+ .next_header = proto,
+ .len = htons(payload.len),
+ };
+ memcpy(&pseudo.src, src->get_address(src).ptr,
+ sizeof(pseudo.src));
+ memcpy(&pseudo.dst, dst->get_address(dst).ptr,
+ sizeof(pseudo.dst));
+ return chunk_internet_checksum(chunk_from_thing(pseudo));
+ }
+ }
+ return 0xffff;
+}
+
+/**
+ * Apply transport ports and calculate header checksums
+ */
+static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto,
+ chunk_t payload)
+{
+ u_int16_t sum = 0, sport, dport;
+
+ sport = src->get_port(src);
+ dport = dst->get_port(dst);
+
+ switch (proto)
+ {
+ case IPPROTO_UDP:
+ {
+ struct udphdr *udp;
+
+ if (payload.len < sizeof(*udp))
+ {
+ return;
+ }
+ udp = (struct udphdr*)payload.ptr;
+ if (sport != 0)
+ {
+ udp->source = htons(sport);
+ }
+ if (dport != 0)
+ {
+ udp->dest = htons(dport);
+ }
+ udp->check = 0;
+ sum = pseudo_header_checksum(src, dst, proto, payload);
+ udp->check = chunk_internet_checksum_inc(payload, sum);
+ break;
+ }
+ case IPPROTO_TCP:
+ {
+ struct tcphdr *tcp;
+
+ if (payload.len < sizeof(*tcp))
+ {
+ return;
+ }
+ tcp = (struct tcphdr*)payload.ptr;
+ if (sport != 0)
+ {
+ tcp->source = htons(sport);
+ }
+ if (dport != 0)
+ {
+ tcp->dest = htons(dport);
+ }
+ tcp->check = 0;
+ sum = pseudo_header_checksum(src, dst, proto, payload);
+ tcp->check = chunk_internet_checksum_inc(payload, sum);
+ break;
+ }
+ default:
+ break;
+ }
+}
+
+/**
+ * Described in header.
+ */
+ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
+ u_int8_t next_header, chunk_t data)
+{
+ chunk_t packet;
+ int family;
+
+ family = src->get_family(src);
+ if (family != dst->get_family(dst))
+ {
+ DBG1(DBG_ESP, "address family does not match");
+ return NULL;
+ }
+
+ switch (family)
+ {
+ case AF_INET:
+ {
+ struct ip ip = {
+ .ip_v = 4,
+ .ip_hl = 5,
+ .ip_len = htons(20 + data.len),
+ .ip_ttl = 0x80,
+ .ip_p = next_header,
+ };
+ memcpy(&ip.ip_src, src->get_address(src).ptr, sizeof(ip.ip_src));
+ memcpy(&ip.ip_dst, dst->get_address(dst).ptr, sizeof(ip.ip_dst));
+ ip.ip_sum = chunk_internet_checksum(chunk_from_thing(ip));
+
+ packet = chunk_cat("cc", chunk_from_thing(ip), data);
+ fix_transport_header(src, dst, next_header, chunk_skip(packet, 20));
+ return ip_packet_create(packet);
+ }
+#ifdef HAVE_NETINET_IP6_H
+ case AF_INET6:
+ {
+ struct ip6_hdr ip = {
+ .ip6_flow = htonl(6),
+ .ip6_plen = htons(40 + data.len),
+ .ip6_nxt = next_header,
+ .ip6_hlim = 0x80,
+ };
+ memcpy(&ip.ip6_src, src->get_address(src).ptr, sizeof(ip.ip6_src));
+ memcpy(&ip.ip6_dst, dst->get_address(dst).ptr, sizeof(ip.ip6_dst));
+
+ packet = chunk_cat("cc", chunk_from_thing(ip), data);
+ fix_transport_header(src, dst, next_header, chunk_skip(packet, 40));
+ return ip_packet_create(packet);
+ }
+#endif /* HAVE_NETINET_IP6_H */
+ default:
+ DBG1(DBG_ESP, "unsupported address family");
+ return NULL;
+ }
+}
+
+/**
+ * Described in header.
+ */
+ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst,
+ chunk_t data)
+{
+ struct udphdr udp = {
+ .len = htons(8 + data.len),
+ .check = 0,
+ };
+ ip_packet_t *packet;
+
+ data = chunk_cat("cc", chunk_from_thing(udp), data);
+ packet = ip_packet_create_from_data(src, dst, IPPROTO_UDP, data);
+ chunk_free(&data);
+ return packet;
+}
diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h
index de817e23e..fa38eac2c 100644
--- a/src/libipsec/ip_packet.h
+++ b/src/libipsec/ip_packet.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -68,6 +68,13 @@ struct ip_packet_t {
chunk_t (*get_encoding)(ip_packet_t *this);
/**
+ * Get only the payload
+ *
+ * @return IP payload (internal data)
+ */
+ chunk_t (*get_payload)(ip_packet_t *this);
+
+ /**
* Clone the IP packet
*
* @return clone of the packet
@@ -93,4 +100,30 @@ struct ip_packet_t {
*/
ip_packet_t *ip_packet_create(chunk_t packet);
+/**
+ * Encode an IP packet from the given data.
+ *
+ * If src and/or dst have ports set they are applied to UDP/TCP headers found
+ * in the packet.
+ *
+ * @param src source address and optional port (cloned)
+ * @param dst destination address and optional port (cloned)
+ * @param next_header the protocol (IPv4) or next header (IPv6)
+ * @param data complete data after basic IP header (cloned)
+ * @return ip_packet_t instance, or NULL if invalid
+ */
+ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
+ u_int8_t next_header, chunk_t data);
+
+/**
+ * Encode a UDP packet from the given data.
+ *
+ * @param src source address and port (cloned)
+ * @param dst destination address and port (cloned)
+ * @param data UDP data (cloned)
+ * @return ip_packet_t instance, or NULL if invalid
+ */
+ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst,
+ chunk_t data);
+
#endif /** IP_PACKET_H_ @}*/
diff --git a/src/libpts/Android.mk b/src/libpts/Android.mk
deleted file mode 100644
index ce328c52c..000000000
--- a/src/libpts/Android.mk
+++ /dev/null
@@ -1,78 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-# copy-n-paste from Makefile.am
-libpts_la_SOURCES := \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-LOCAL_SRC_FILES := $(filter %.c,$(libpts_la_SOURCES))
-
-# build libpts -----------------------------------------------------------------
-
-LOCAL_C_INCLUDES += \
- $(strongswan_PATH)/src/libtncif \
- $(strongswan_PATH)/src/libimcv \
- $(strongswan_PATH)/src/libstrongswan
-
-LOCAL_CFLAGS := $(strongswan_CFLAGS)
-
-LOCAL_MODULE := libpts
-
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_ARM_MODE := arm
-
-LOCAL_PRELINK_MODULE := false
-
-LOCAL_SHARED_LIBRARIES += libstrongswan libimcv
-
-include $(BUILD_SHARED_LIBRARY)
diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am
deleted file mode 100644
index ea685d837..000000000
--- a/src/libpts/Makefile.am
+++ /dev/null
@@ -1,94 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
-
-AM_LDFLAGS = \
- -no-undefined
-
-ipseclib_LTLIBRARIES = libpts.la
-
-libpts_la_LIBADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la
-
-if USE_WINDOWS
- libpts_la_LIBADD += -lws2_32
-endif
-
-if USE_TROUSERS
- libpts_la_LIBADD += -ltspi
-endif
-
-libpts_la_SOURCES = \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-EXTRA_DIST = Android.mk
-
-SUBDIRS = .
-
-if USE_IMC_ATTESTATION
- SUBDIRS += plugins/imc_attestation
-endif
-
-if USE_IMV_ATTESTATION
- SUBDIRS += plugins/imv_attestation
-endif
-
-if USE_IMC_SWID
- SUBDIRS += plugins/imc_swid
-endif
-
-if USE_IMV_SWID
- SUBDIRS += plugins/imv_swid
-endif
diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in
deleted file mode 100644
index 405b5f7ce..000000000
--- a/src/libpts/Makefile.in
+++ /dev/null
@@ -1,1181 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@USE_WINDOWS_TRUE@am__append_1 = -lws2_32
-@USE_TROUSERS_TRUE@am__append_2 = -ltspi
-@USE_IMC_ATTESTATION_TRUE@am__append_3 = plugins/imc_attestation
-@USE_IMV_ATTESTATION_TRUE@am__append_4 = plugins/imv_attestation
-@USE_IMC_SWID_TRUE@am__append_5 = plugins/imc_swid
-@USE_IMV_SWID_TRUE@am__append_6 = plugins/imv_swid
-subdir = src/libpts
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(ipseclibdir)"
-LTLIBRARIES = $(ipseclib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libpts_la_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
-am__dirstamp = $(am__leading_dot)dirstamp
-am_libpts_la_OBJECTS = libpts.lo pts/pts.lo pts/pts_error.lo \
- pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \
- pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \
- pts/pts_file_type.lo pts/pts_ima_bios_list.lo \
- pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \
- pts/components/pts_component_manager.lo \
- pts/components/pts_comp_evidence.lo \
- pts/components/pts_comp_func_name.lo \
- pts/components/ita/ita_comp_func_name.lo \
- pts/components/ita/ita_comp_ima.lo \
- pts/components/ita/ita_comp_tboot.lo \
- pts/components/ita/ita_comp_tgrub.lo \
- pts/components/tcg/tcg_comp_func_name.lo swid/swid_error.lo \
- swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \
- tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \
- tcg/pts/tcg_pts_attr_meas_algo.lo \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \
- tcg/pts/tcg_pts_attr_tpm_version_info.lo \
- tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \
- tcg/pts/tcg_pts_attr_gen_attest_evid.lo \
- tcg/pts/tcg_pts_attr_simple_comp_evid.lo \
- tcg/pts/tcg_pts_attr_simple_evid_final.lo \
- tcg/pts/tcg_pts_attr_req_file_meas.lo \
- tcg/pts/tcg_pts_attr_file_meas.lo \
- tcg/pts/tcg_pts_attr_req_file_meta.lo \
- tcg/pts/tcg_pts_attr_unix_file_meta.lo \
- tcg/swid/tcg_swid_attr_req.lo \
- tcg/swid/tcg_swid_attr_tag_id_inv.lo \
- tcg/swid/tcg_swid_attr_tag_inv.lo
-libpts_la_OBJECTS = $(am_libpts_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libpts_la_SOURCES)
-DIST_SOURCES = $(libpts_la_SOURCES)
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = . plugins/imc_attestation plugins/imv_attestation \
- plugins/imc_swid plugins/imv_swid
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
-
-AM_LDFLAGS = \
- -no-undefined
-
-ipseclib_LTLIBRARIES = libpts.la
-libpts_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la $(am__append_1) \
- $(am__append_2)
-libpts_la_SOURCES = \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-EXTRA_DIST = Android.mk
-SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
- $(am__append_6)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \
- }
-
-uninstall-ipseclibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \
- done
-
-clean-ipseclibLTLIBRARIES:
- -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES)
- @list='$(ipseclib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-pts/$(am__dirstamp):
- @$(MKDIR_P) pts
- @: > pts/$(am__dirstamp)
-pts/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/$(DEPDIR)
- @: > pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_meas.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_meta.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_type.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_meas_algo.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/components/$(am__dirstamp):
- @$(MKDIR_P) pts/components
- @: > pts/components/$(am__dirstamp)
-pts/components/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/$(DEPDIR)
- @: > pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_component_manager.lo: \
- pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/$(am__dirstamp):
- @$(MKDIR_P) pts/components/ita
- @: > pts/components/ita/$(am__dirstamp)
-pts/components/ita/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/ita/$(DEPDIR)
- @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_func_name.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_ima.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_tboot.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_tgrub.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/tcg/$(am__dirstamp):
- @$(MKDIR_P) pts/components/tcg
- @: > pts/components/tcg/$(am__dirstamp)
-pts/components/tcg/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/tcg/$(DEPDIR)
- @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
-pts/components/tcg/tcg_comp_func_name.lo: \
- pts/components/tcg/$(am__dirstamp) \
- pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
-swid/$(am__dirstamp):
- @$(MKDIR_P) swid
- @: > swid/$(am__dirstamp)
-swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) swid/$(DEPDIR)
- @: > swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_error.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_inventory.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag_id.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-tcg/$(am__dirstamp):
- @$(MKDIR_P) tcg
- @: > tcg/$(am__dirstamp)
-tcg/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/$(DEPDIR)
- @: > tcg/$(DEPDIR)/$(am__dirstamp)
-tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/$(am__dirstamp):
- @$(MKDIR_P) tcg/pts
- @: > tcg/pts/$(am__dirstamp)
-tcg/pts/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/pts/$(DEPDIR)
- @: > tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid
- @: > tcg/swid/$(am__dirstamp)
-tcg/swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid/$(DEPDIR)
- @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-
-libpts.la: $(libpts_la_OBJECTS) $(libpts_la_DEPENDENCIES) $(EXTRA_libpts_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libpts_la_OBJECTS) $(libpts_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
- -rm -f pts/*.$(OBJEXT)
- -rm -f pts/*.lo
- -rm -f pts/components/*.$(OBJEXT)
- -rm -f pts/components/*.lo
- -rm -f pts/components/ita/*.$(OBJEXT)
- -rm -f pts/components/ita/*.lo
- -rm -f pts/components/tcg/*.$(OBJEXT)
- -rm -f pts/components/tcg/*.lo
- -rm -f swid/*.$(OBJEXT)
- -rm -f swid/*.lo
- -rm -f tcg/*.$(OBJEXT)
- -rm -f tcg/*.lo
- -rm -f tcg/pts/*.$(OBJEXT)
- -rm -f tcg/pts/*.lo
- -rm -f tcg/swid/*.$(OBJEXT)
- -rm -f tcg/swid/*.lo
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpts.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_creds.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_database.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_dh_group.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_error.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meas.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_meta.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_file_type.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_bios_list.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_ima_event_list.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_meas_algo.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/$(DEPDIR)/pts_pcr.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_evidence.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_comp_func_name.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/$(DEPDIR)/pts_component_manager.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
- -rm -rf pts/.libs pts/_libs
- -rm -rf pts/components/.libs pts/components/_libs
- -rm -rf pts/components/ita/.libs pts/components/ita/_libs
- -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs
- -rm -rf swid/.libs swid/_libs
- -rm -rf tcg/.libs tcg/_libs
- -rm -rf tcg/pts/.libs tcg/pts/_libs
- -rm -rf tcg/swid/.libs tcg/swid/_libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-recursive
-all-am: Makefile $(LTLIBRARIES)
-installdirs: installdirs-recursive
-installdirs-am:
- for dir in "$(DESTDIR)$(ipseclibdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
- -rm -f pts/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/$(am__dirstamp)
- -rm -f pts/components/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/$(am__dirstamp)
- -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/ita/$(am__dirstamp)
- -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/tcg/$(am__dirstamp)
- -rm -f swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f swid/$(am__dirstamp)
- -rm -f tcg/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/$(am__dirstamp)
- -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/pts/$(am__dirstamp)
- -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/swid/$(am__dirstamp)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-ipseclibLTLIBRARIES
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am: uninstall-ipseclibLTLIBRARIES
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-ipseclibLTLIBRARIES \
- clean-libtool cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
- install-ipseclibLTLIBRARIES install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs installdirs-am \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-ipseclibLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/libpts.c b/src/libpts/libpts.c
deleted file mode 100644
index 95110823c..000000000
--- a/src/libpts/libpts.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "libpts.h"
-#include "tcg/tcg_attr.h"
-#include "pts/components/pts_component.h"
-#include "pts/components/pts_component_manager.h"
-#include "pts/components/tcg/tcg_comp_func_name.h"
-#include "pts/components/ita/ita_comp_func_name.h"
-#include "pts/components/ita/ita_comp_ima.h"
-#include "pts/components/ita/ita_comp_tboot.h"
-#include "pts/components/ita/ita_comp_tgrub.h"
-
-#include <imcv.h>
-#include <utils/debug.h>
-
-/**
- * PTS Functional Component manager
- */
-pts_component_manager_t *pts_components;
-
-/**
- * Reference count for IMC/IMV instances
- */
-static refcount_t libpts_ref = 0;
-
-/**
- * Described in header.
- */
-bool libpts_init(void)
-{
- if (libpts_ref == 0)
- {
- if (!imcv_pa_tnc_attributes)
- {
- return FALSE;
- }
- imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
- tcg_attr_create_from_data, tcg_attr_names);
-
- pts_components = pts_component_manager_create();
- pts_components->add_vendor(pts_components, PEN_TCG,
- pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
- pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
- pts_components->add_vendor(pts_components, PEN_ITA,
- pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
- pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
-
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_TGRUB,
- pts_ita_comp_tgrub_create);
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_TBOOT,
- pts_ita_comp_tboot_create);
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_IMA,
- pts_ita_comp_ima_create);
-
- DBG1(DBG_LIB, "libpts initialized");
- }
- ref_get(&libpts_ref);
-
- return TRUE;
-}
-
-/**
- * Described in header.
- */
-void libpts_deinit(void)
-{
- if (ref_put(&libpts_ref))
- {
- pts_components->remove_vendor(pts_components, PEN_TCG);
- pts_components->remove_vendor(pts_components, PEN_ITA);
- pts_components->destroy(pts_components);
-
- if (!imcv_pa_tnc_attributes)
- {
- return;
- }
- imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
- DBG1(DBG_LIB, "libpts terminated");
- }
-}
-
diff --git a/src/libpts/libpts.h b/src/libpts/libpts.h
deleted file mode 100644
index e3814e97d..000000000
--- a/src/libpts/libpts.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup libpts libpts
- *
- * @defgroup libpts_plugins plugins
- * @ingroup libpts
- *
- * @defgroup swid swid
- * @ingroup libpts
- *
- * @addtogroup libpts
- * @{
- */
-
-#ifndef LIBPTS_H_
-#define LIBPTS_H_
-
-#include "pts/components/pts_component_manager.h"
-
-#include <library.h>
-
-/**
- * Initialize libpts.
- *
- * @return FALSE if initialization failed
- */
-bool libpts_init(void);
-
-/**
- * Deinitialize libpts.
- */
-void libpts_deinit(void);
-
-/**
- * PTS Functional Component manager
- */
-extern pts_component_manager_t* pts_components;
-
-#endif /** LIBPTS_H_ @}*/
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index ff380ced1..74cd8084a 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 76c9f964f..faaae70fe 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index cbfb8c06b..a16991927 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index 3ddd42f11..9b775f9b3 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -37,7 +37,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \
settings/settings_parser.c settings/settings_lexer.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/parser_helper.c utils/test.c utils/utils/strerror.c
+utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c
libstrongswan_la_SOURCES += \
threading/thread.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 3fb57de5a..0083ffe6b 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -35,7 +35,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \
settings/settings_parser.y settings/settings_lexer.l \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/parser_helper.c utils/test.c utils/utils/strerror.c
+utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c
if !USE_WINDOWS
libstrongswan_la_SOURCES += \
@@ -102,7 +102,7 @@ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
utils/leak_detective.h utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \
-utils/utils/strerror.h
+utils/process.h utils/utils/strerror.h
endif
library.lo : $(top_builddir)/config.status
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 9e8cd3e03..40678cbde 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -334,9 +334,9 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/parser_helper.c \
- utils/test.c utils/utils/strerror.c threading/thread.c \
- threading/thread_value.c threading/mutex.c threading/rwlock.c \
- threading/spinlock.c threading/semaphore.c \
+ utils/test.c utils/process.c utils/utils/strerror.c \
+ threading/thread.c threading/thread_value.c threading/mutex.c \
+ threading/rwlock.c threading/spinlock.c threading/semaphore.c \
networking/streams/stream_unix.c \
networking/streams/stream_service_unix.c \
threading/windows/thread.c threading/windows/thread_value.c \
@@ -412,10 +412,10 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
utils/utils.lo utils/chunk.lo utils/debug.lo utils/enum.lo \
utils/identification.lo utils/lexparser.lo \
utils/optionsfrom.lo utils/capabilities.lo utils/backtrace.lo \
- utils/parser_helper.lo utils/test.lo utils/utils/strerror.lo \
- $(am__objects_1) $(am__objects_2) $(am__objects_3) \
- $(am__objects_4) $(am__objects_5) $(am__objects_6) \
- $(am__objects_7)
+ utils/parser_helper.lo utils/test.lo utils/process.lo \
+ utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3) $(am__objects_4) $(am__objects_5) \
+ $(am__objects_6) $(am__objects_7)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -549,7 +549,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
utils/printf_hook/printf_hook_vstr.h \
utils/printf_hook/printf_hook_builtin.h utils/parser_helper.h \
utils/test.h utils/integrity_checker.h utils/windows.h \
- utils/utils/strerror.h
+ utils/process.h utils/utils/strerror.h
HEADERS = $(nobase_strongswan_include_HEADERS) $(noinst_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -648,6 +648,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -708,6 +709,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -773,6 +775,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -820,6 +824,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -875,9 +883,10 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/parser_helper.c \
- utils/test.c utils/utils/strerror.c $(am__append_1) \
- $(am__append_3) $(am__append_8) $(am__append_11) \
- $(am__append_12) $(am__append_14) $(am__append_16)
+ utils/test.c utils/process.c utils/utils/strerror.c \
+ $(am__append_1) $(am__append_3) $(am__append_8) \
+ $(am__append_11) $(am__append_12) $(am__append_14) \
+ $(am__append_16)
# private header files
noinst_HEADERS = \
@@ -931,7 +940,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@utils/leak_detective.h utils/printf_hook/printf_hook.h \
@USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
@USE_DEV_HEADERS_TRUE@utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \
-@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h
+@USE_DEV_HEADERS_TRUE@utils/process.h utils/utils/strerror.h
libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \
$(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \
@@ -1457,6 +1466,8 @@ utils/backtrace.lo: utils/$(am__dirstamp) \
utils/parser_helper.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/process.lo: utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
utils/utils/$(am__dirstamp):
@$(MKDIR_P) utils/utils
@: > utils/utils/$(am__dirstamp)
@@ -1707,6 +1718,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/lexparser.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/optionsfrom.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/parser_helper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/process.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/test.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/utils.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/windows.Plo@am__quote@
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 05be574de..dca12bd54 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -123,6 +123,24 @@ chunk_t asn1_build_known_oid(int n)
return oid;
}
+/**
+ * Returns the number of bytes required to encode the given OID node
+ */
+static int bytes_required(u_int val)
+{
+ int shift, required = 1;
+
+ /* sufficient to handle 32 bit node numbers */
+ for (shift = 28; shift; shift -= 7)
+ {
+ if (val >> shift)
+ { /* do not encode leading zeroes */
+ required++;
+ }
+ }
+ return required;
+}
+
/*
* Defined in header.
*/
@@ -132,14 +150,15 @@ chunk_t asn1_oid_from_string(char *str)
size_t buf_len = 64;
u_char buf[buf_len];
char *end;
- int i = 0, pos = 0, shift;
- u_int val, shifted_val, first = 0;
+ int i = 0, pos = 0, req, shift;
+ u_int val, first = 0;
enumerator = enumerator_create_token(str, ".", "");
while (enumerator->enumerate(enumerator, &str))
{
val = strtoul(str, &end, 10);
- if (end == str || pos > buf_len-4)
+ req = bytes_required(val);
+ if (end == str || pos + req > buf_len)
{
pos = 0;
break;
@@ -153,15 +172,9 @@ chunk_t asn1_oid_from_string(char *str)
buf[pos++] = first * 40 + val;
break;
default:
- shift = 28; /* sufficient to handle 32 bit node numbers */
- while (shift)
+ for (shift = (req - 1) * 7; shift; shift -= 7)
{
- shifted_val = val >> shift;
- shift -= 7;
- if (shifted_val) /* do not encode leading zeroes */
- {
- buf[pos++] = 0x80 | (shifted_val & 0x7F);
- }
+ buf[pos++] = 0x80 | ((val >> shift) & 0x7F);
}
buf[pos++] = val & 0x7F;
}
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index 8d619116a..61c696bc1 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -361,16 +361,16 @@ bool array_remove(array_t *array, int idx, void *data)
{
return FALSE;
}
+ if (idx < 0)
+ {
+ idx = array_count(array) - 1;
+ }
if (idx > array_count(array) / 2)
{
remove_tail(array, idx);
}
else
{
- if (idx < 0)
- {
- idx = array_count(array) - 1;
- }
remove_head(array, idx);
}
if (array->head + array->tail > ARRAY_MAX_UNUSED)
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index ce702ebfa..0659c70bd 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -100,6 +100,11 @@ enumerator_t* array_create_enumerator(array_t *array);
/**
* Remove an element at enumerator position.
*
+ * @warning For **value based** arrays don't use the pointer returned by
+ * enumerate() anymore after calling this function. For performance reasons
+ * that pointer will point to internal data structures that get modified when
+ * this function is called.
+ *
* @param array array to remove element in
* @param enumerator enumerator position, from array_create_enumerator()
*/
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index aeeb4198f..db08c6b96 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -998,8 +998,8 @@ METHOD(auth_cfg_t, purge, void,
{
if (!keep_ca || entry->type != AUTH_RULE_CA_CERT)
{
- array_remove_at(this->entries, enumerator);
destroy_entry_value(entry);
+ array_remove_at(this->entries, enumerator);
}
}
enumerator->destroy(enumerator);
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 3ec0714b6..b0c8e48ba 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1279,7 +1279,7 @@ METHOD(credential_manager_t, add_validator, void,
private_credential_manager_t *this, cert_validator_t *vdtr)
{
this->lock->write_lock(this->lock);
- this->sets->insert_last(this->validators, vdtr);
+ this->validators->insert_last(this->validators, vdtr);
this->lock->unlock(this->lock);
}
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 5c1d08de2..87c9b21f8 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -66,6 +66,7 @@ static struct {
} dh_params[] = {
{
.group = MODP_768_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -74,10 +75,10 @@ static struct {
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -88,10 +89,10 @@ static struct {
0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1536_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -106,10 +107,10 @@ static struct {
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_2048_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -128,10 +129,10 @@ static struct {
0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_3072_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -158,10 +159,10 @@ static struct {
0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_4096_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -196,10 +197,10 @@ static struct {
0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_6144_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -250,10 +251,10 @@ static struct {
0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_8192_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -320,10 +321,10 @@ static struct {
0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_160, .opt_exp = 20, .public = {
+ .exp_len = 20,
.subgroup = chunk_from_chars(
0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
0x49,0x46,0x23,0x53),
@@ -348,6 +349,7 @@ static struct {
},
}, {
.group = MODP_2048_224, .opt_exp = 28, .public = {
+ .exp_len = 28,
.subgroup = chunk_from_chars(
0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
@@ -388,6 +390,7 @@ static struct {
},
},{
.group = MODP_2048_256, .opt_exp = 32, .public = {
+ .exp_len = 32,
.subgroup = chunk_from_chars(
0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
@@ -430,6 +433,23 @@ static struct {
};
/**
+ * See header.
+ */
+void diffie_hellman_init()
+{
+ int i;
+
+ if (lib->settings->get_int(lib->settings,
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
+ {
+ for (i = 0; i < countof(dh_params); i++)
+ {
+ dh_params[i].public.exp_len = dh_params[i].public.prime.len;
+ }
+ }
+}
+
+/**
* Described in header.
*/
diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 00d700314..105db22f1 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -149,8 +149,16 @@ struct diffie_hellman_params_t {
};
/**
+ * Initialize diffie hellman parameters during startup.
+ */
+void diffie_hellman_init();
+
+/**
* Get the parameters associated with the specified diffie hellman group.
*
+ * Before calling this method, use diffie_hellman_init() to initialize the
+ * DH group table. This is usually done by library_init().
+ *
* @param group DH group
* @return The parameters or NULL, if the group is not supported
*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index e3ad16411..dc73ccc68 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -29,6 +29,10 @@
#define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
+#ifndef STRONGSWAN_CONF
+#define STRONGSWAN_CONF NULL
+#endif
+
typedef struct private_library_t private_library_t;
/**
@@ -149,6 +153,7 @@ void library_deinit()
utils_deinit();
threads_deinit();
+ free(this->public.conf);
free((void*)this->public.ns);
free(this);
lib = NULL;
@@ -258,6 +263,7 @@ bool library_init(char *settings, const char *namespace)
.get = _get,
.set = _set,
.ns = strdup(namespace ?: "libstrongswan"),
+ .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
},
.ref = 1,
);
@@ -304,13 +310,7 @@ bool library_init(char *settings, const char *namespace)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
-#ifdef STRONGSWAN_CONF
- if (!settings)
- {
- settings = STRONGSWAN_CONF;
- }
-#endif
- this->public.settings = settings_create(settings);
+ this->public.settings = settings_create(this->public.conf);
/* all namespace settings may fall back to libstrongswan */
lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
@@ -351,5 +351,7 @@ bool library_init(char *settings, const char *namespace)
#endif /* INTEGRITY_TEST */
}
+ diffie_hellman_init();
+
return !this->integrity_failed;
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 37a83fa2f..2bd5e3523 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -147,6 +147,11 @@ struct library_t {
const char *ns;
/**
+ * Main configuration file passed to library_init(), the default, or NULL
+ */
+ char *conf;
+
+ /**
* Printf hook registering facility
*/
printf_hook_t *printf_hook;
diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h
index a96a4b84f..1492dd0b9 100644
--- a/src/libstrongswan/networking/packet.h
+++ b/src/libstrongswan/networking/packet.h
@@ -29,6 +29,11 @@ typedef struct packet_t packet_t;
#include <networking/host.h>
/**
+ * Maximum packet size we handle by default
+ */
+#define PACKET_MAX_DEFAULT 10000
+
+/**
* Abstraction of an IP/UDP-Packet, contains data, sender and receiver.
*/
struct packet_t {
diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c
index 7358c580e..09138c76a 100644
--- a/src/libstrongswan/networking/streams/stream_service.c
+++ b/src/libstrongswan/networking/streams/stream_service.c
@@ -68,6 +68,11 @@ struct private_stream_service_t {
u_int active;
/**
+ * Currently running jobs
+ */
+ u_int running;
+
+ /**
* mutex to lock active counter
*/
mutex_t *mutex;
@@ -76,8 +81,29 @@ struct private_stream_service_t {
* Condvar to wait for callback termination
*/
condvar_t *condvar;
+
+ /**
+ * TRUE when the service is terminated
+ */
+ bool terminated;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
};
+static void destroy_service(private_stream_service_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ close(this->fd);
+ this->mutex->destroy(this->mutex);
+ this->condvar->destroy(this->condvar);
+ free(this);
+ }
+}
+
/**
* Data to pass to async accept job
*/
@@ -93,6 +119,11 @@ typedef struct {
} async_data_t;
/**
+ * Forward declaration
+ */
+static bool watch(private_stream_service_t *this, int fd, watcher_event_t event);
+
+/**
* Clean up accept data
*/
static void destroy_async_data(async_data_t *data)
@@ -100,14 +131,15 @@ static void destroy_async_data(async_data_t *data)
private_stream_service_t *this = data->this;
this->mutex->lock(this->mutex);
- if (this->active-- == this->cncrncy)
+ if (this->active-- == this->cncrncy && !this->terminated)
{
/* leaving concurrency limit, restart accept()ing. */
- this->public.on_accept(&this->public, this->cb, this->data,
- this->prio, this->cncrncy);
+ lib->watcher->add(lib->watcher, this->fd,
+ WATCHER_READ, (watcher_cb_t)watch, this);
}
this->condvar->signal(this->condvar);
this->mutex->unlock(this->mutex);
+ destroy_service(this);
if (data->fd != -1)
{
@@ -117,19 +149,45 @@ static void destroy_async_data(async_data_t *data)
}
/**
+ * Reduce running counter
+ */
+CALLBACK(reduce_running, void,
+ async_data_t *data)
+{
+ private_stream_service_t *this = data->this;
+
+ this->mutex->lock(this->mutex);
+ this->running--;
+ this->condvar->signal(this->condvar);
+ this->mutex->unlock(this->mutex);
+}
+
+/**
* Async processing of accepted connection
*/
static job_requeue_t accept_async(async_data_t *data)
{
+ private_stream_service_t *this = data->this;
stream_t *stream;
+ this->mutex->lock(this->mutex);
+ if (this->terminated)
+ {
+ this->mutex->unlock(this->mutex);
+ return JOB_REQUEUE_NONE;
+ }
+ this->running++;
+ this->mutex->unlock(this->mutex);
+
stream = stream_create_from_fd(data->fd);
if (stream)
{
/* FD is now owned by stream, don't close it during cleanup */
data->fd = -1;
+ thread_cleanup_push(reduce_running, data);
thread_cleanup_push((void*)stream->destroy, stream);
thread_cleanup_pop(!data->cb(data->data, stream));
+ thread_cleanup_pop(TRUE);
}
return JOB_REQUEUE_NONE;
}
@@ -149,7 +207,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event)
.this = this,
);
- if (data->fd != -1)
+ if (data->fd != -1 && !this->terminated)
{
this->mutex->lock(this->mutex);
if (++this->active == this->cncrncy)
@@ -158,6 +216,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event)
keep = FALSE;
}
this->mutex->unlock(this->mutex);
+ ref_get(&this->ref);
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((void*)accept_async, data,
@@ -177,6 +236,12 @@ METHOD(stream_service_t, on_accept, void,
{
this->mutex->lock(this->mutex);
+ if (this->terminated)
+ {
+ this->mutex->unlock(this->mutex);
+ return;
+ }
+
/* wait for all callbacks to return */
while (this->active)
{
@@ -208,11 +273,15 @@ METHOD(stream_service_t, on_accept, void,
METHOD(stream_service_t, destroy, void,
private_stream_service_t *this)
{
- on_accept(this, NULL, NULL, this->prio, this->cncrncy);
- close(this->fd);
- this->mutex->destroy(this->mutex);
- this->condvar->destroy(this->condvar);
- free(this);
+ this->mutex->lock(this->mutex);
+ lib->watcher->remove(lib->watcher, this->fd);
+ this->terminated = TRUE;
+ while (this->running)
+ {
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ this->mutex->unlock(this->mutex);
+ destroy_service(this);
}
/**
@@ -231,6 +300,7 @@ stream_service_t *stream_service_create_from_fd(int fd)
.prio = JOB_PRIO_MEDIUM,
.mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .ref = 1,
);
return &this->public;
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index eb148e7af..425e8f1a9 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index dfe411745..11dcf2907 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index c338356e3..279000d88 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index d009bafd2..c8e8112c5 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 396f3a0d8..33e5958ed 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index a1489318e..43bdf1fc5 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index cb7965aca..7c5674045 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 34cc2aae5..39469368c 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 85829370e..4b397e85d 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index c34d34903..2e221c8b4 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 620cf74f3..7653c1986 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -86,6 +86,7 @@ METHOD(fetcher_t, fetch, status_t,
private_curl_fetcher_t *this, char *uri, void *userdata)
{
char error[CURL_ERROR_SIZE], *enc_uri;
+ CURLcode curl_status;
status_t status;
long result = 0;
cb_data_t data = {
@@ -123,7 +124,8 @@ METHOD(fetcher_t, fetch, status_t,
}
DBG2(DBG_LIB, " sending http request to '%s'...", uri);
- switch (curl_easy_perform(this->curl))
+ curl_status = curl_easy_perform(this->curl);
+ switch (curl_status)
{
case CURLE_UNSUPPORTED_PROTOCOL:
status = NOT_SUPPORTED;
@@ -138,7 +140,8 @@ METHOD(fetcher_t, fetch, status_t,
status = (result >= 200 && result < 300) ? SUCCESS : FAILED;
break;
default:
- DBG1(DBG_LIB, "libcurl http request failed: %s", error);
+ DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status,
+ error);
status = FAILED;
break;
}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 062fe129f..89296677e 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -32,8 +32,107 @@ struct private_curl_plugin_t {
* public functions
*/
curl_plugin_t public;
+
+ /**
+ * Supported features, CURL protocols + 1
+ */
+ plugin_feature_t *features;
+
+ /**
+ * Number of supported features
+ */
+ int count;
};
+/**
+ * Append a feature to supported feature list
+ */
+static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
+{
+ this->features = realloc(this->features, ++this->count * sizeof(f));
+ this->features[this->count - 1] = f;
+}
+
+/**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+ char *proto, plugin_feature_t f)
+{
+ /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+ if (strpfx(ssl, "OpenSSL"))
+ {
+ add_feature(this, f);
+ add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+ }
+ else if (strpfx(ssl, "GnuTLS"))
+ {
+ add_feature(this, f);
+ add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+ }
+ else if (strpfx(ssl, "NSS"))
+ {
+ add_feature(this, f);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+ ssl, proto);
+ }
+}
+
+/**
+ * Get supported protocols, build plugin feature set
+ */
+static bool query_protocols(private_curl_plugin_t *this)
+{
+
+ struct {
+ /* protocol we are interested in, suffixed with "://" */
+ char *name;
+ /* require SSL library initialization? */
+ bool ssl;
+ } protos[] = {
+ { "file://", FALSE, },
+ { "http://", FALSE, },
+ { "https://", TRUE, },
+ { "ftp://", FALSE, },
+ };
+ curl_version_info_data *info;
+ char *name;
+ int i, j;
+
+ add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
+
+ info = curl_version_info(CURLVERSION_NOW);
+
+ for (i = 0; info->protocols[i]; i++)
+ {
+ for (j = 0; j < countof(protos); j++)
+ {
+ name = protos[j].name;
+ if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
+ {
+ if (strneq(info->protocols[i], name,
+ strlen(name) - strlen("://")))
+ {
+ if (protos[j].ssl)
+ {
+ add_feature_with_ssl(this, info->ssl_version, name,
+ PLUGIN_PROVIDE(FETCHER, name));
+ }
+ else
+ {
+ add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+ }
+ }
+ }
+ }
+ }
+
+ return this->count > 1;
+}
+
METHOD(plugin_t, get_name, char*,
private_curl_plugin_t *this)
{
@@ -43,21 +142,15 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, get_features, int,
private_curl_plugin_t *this, plugin_feature_t *features[])
{
- static plugin_feature_t f[] = {
- PLUGIN_REGISTER(FETCHER, curl_fetcher_create),
- PLUGIN_PROVIDE(FETCHER, "file://"),
- PLUGIN_PROVIDE(FETCHER, "http://"),
- PLUGIN_PROVIDE(FETCHER, "https://"),
- PLUGIN_PROVIDE(FETCHER, "ftp://"),
- };
- *features = f;
- return countof(f);
+ *features = this->features;
+ return this->count;
}
METHOD(plugin_t, destroy, void,
private_curl_plugin_t *this)
{
curl_global_cleanup();
+ free(this->features);
free(this);
}
@@ -79,7 +172,12 @@ plugin_t *curl_plugin_create()
},
);
- res = curl_global_init(CURL_GLOBAL_NOTHING);
+ res = curl_global_init(CURL_GLOBAL_SSL);
+ if (res != CURLE_OK)
+ {
+ /* no SSL support? Try without */
+ res = curl_global_init(CURL_GLOBAL_NOTHING);
+ }
if (res != CURLE_OK)
{
DBG1(DBG_LIB, "global libcurl initializing failed: %s",
@@ -87,6 +185,13 @@ plugin_t *curl_plugin_create()
destroy(this);
return NULL;
}
+
+ if (!query_protocols(this))
+ {
+ DBG1(DBG_LIB, "no usable CURL protocols found, curl disabled");
+ destroy(this);
+ return NULL;
+ }
+
return &this->public.plugin;
}
-
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 2f8eb857d..0025a2b20 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index bd6e64bc5..0b30923a5 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index cc146d8da..64ae66559 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index 4e0e86c9c..511bfc365 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 90990cf23..0c7d22d71 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index f4254bb93..480c083c0 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -58,6 +58,8 @@ METHOD(plugin_t, get_features, int,
private_gcrypt_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
+ /* we provide threading-safe initialization of libgcrypt */
+ PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
/* crypters */
PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index c13f4e55c..eab4a0047 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index cdfa94c27..bf34e4c9f 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 2a968b81a..17faa569d 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index b8e1b4902..332a587c9 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 3de733c87..91fe8c45f 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 1636b9660..ba6cb0cf6 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index ebd0d90d8..bca4562d6 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index f75fbe21e..0d15d7c2e 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index fa10c8371..e57a3673e 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 6f0a3bfaf..ac0db0150 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 12f264267..bc7884c99 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -181,17 +181,7 @@ METHOD(private_key_t, decrypt, bool,
METHOD(private_key_t, get_keysize, int,
private_openssl_ec_private_key_t *this)
{
- switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
- {
- case NID_X9_62_prime256v1:
- return 256;
- case NID_secp384r1:
- return 384;
- case NID_secp521r1:
- return 521;
- default:
- return 0;
- }
+ return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec));
}
METHOD(private_key_t, get_type, key_type_t,
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 382c55418..21dcb0120 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -179,17 +179,7 @@ METHOD(public_key_t, encrypt, bool,
METHOD(public_key_t, get_keysize, int,
private_openssl_ec_public_key_t *this)
{
- switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
- {
- case NID_X9_62_prime256v1:
- return 256;
- case NID_secp384r1:
- return 384;
- case NID_secp521r1:
- return 521;
- default:
- return 0;
- }
+ return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec));
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a426cdcb3..e48efe3e9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int,
private_openssl_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
+ /* we provide OpenSSL threading callbacks */
+ PLUGIN_PROVIDE(CUSTOM, "openssl-threading"),
/* crypters */
PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
#ifndef OPENSSL_NO_AES
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 39ee77314..4bd958784 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 28d0f84ab..f9c5b9b52 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 29387a3f4..8e351c273 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index edaa8c3eb..445bc2d24 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 55df26922..34e8d0caa 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index f4d399c66..d90cd3532 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 4b60cad46..f6534f087 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index bf0a0ccbc..0756db856 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index c23f2f03f..1fec1b3ea 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -218,6 +218,16 @@ typedef struct {
char *name;
/**
+ * Optional reload function for features
+ */
+ bool (*reload)(void *data);
+
+ /**
+ * User data to pass to reload function
+ */
+ void *reload_data;
+
+ /**
* Static plugin features
*/
plugin_feature_t *features;
@@ -242,6 +252,16 @@ METHOD(plugin_t, get_static_features, int,
return this->count;
}
+METHOD(plugin_t, static_reload, bool,
+ static_features_t *this)
+{
+ if (this->reload)
+ {
+ return this->reload(this->reload_data);
+ }
+ return FALSE;
+}
+
METHOD(plugin_t, static_destroy, void,
static_features_t *this)
{
@@ -254,7 +274,8 @@ METHOD(plugin_t, static_destroy, void,
* Create a wrapper around static plugin features.
*/
static plugin_t *static_features_create(const char *name,
- plugin_feature_t features[], int count)
+ plugin_feature_t features[], int count,
+ bool (*reload)(void*), void *reload_data)
{
static_features_t *this;
@@ -262,9 +283,12 @@ static plugin_t *static_features_create(const char *name,
.public = {
.get_name = _get_static_name,
.get_features = _get_static_features,
+ .reload = _static_reload,
.destroy = _static_destroy,
},
.name = strdup(name),
+ .reload = reload,
+ .reload_data = reload_data,
.features = calloc(count, sizeof(plugin_feature_t)),
.count = count,
);
@@ -904,12 +928,13 @@ static void purge_plugins(private_plugin_loader_t *this)
METHOD(plugin_loader_t, add_static_features, void,
private_plugin_loader_t *this, const char *name,
- plugin_feature_t features[], int count, bool critical)
+ plugin_feature_t features[], int count, bool critical,
+ bool (*reload)(void*), void *reload_data)
{
plugin_entry_t *entry;
plugin_t *plugin;
- plugin = static_features_create(name, features, count);
+ plugin = static_features_create(name, features, count, reload, reload_data);
INIT(entry,
.plugin = plugin,
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index fec57ce98..6be6a909c 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -44,6 +44,9 @@ struct plugin_loader_t {
* If critical is TRUE load() will fail if any of the added features could
* not be loaded.
*
+ * If a reload callback function is given, it gets invoked for the
+ * registered feature set when reload() is invoked on the plugin_loader.
+ *
* @note The name should be unique otherwise a plugin with the same name is
* not loaded.
*
@@ -51,10 +54,13 @@ struct plugin_loader_t {
* @param features array of plugin features
* @param count number of features in the array
* @param critical TRUE if the features are critical
+ * @param reload feature reload callback, or NULL
+ * @param reload_data user data to pass to reload callback
*/
void (*add_static_features) (plugin_loader_t *this, const char *name,
struct plugin_feature_t *features, int count,
- bool critical);
+ bool critical, bool (*reload)(void*),
+ void *reload_data);
/**
* Load a list of plugins.
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 2dc355ba2..fcdbe9450 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index e90c3213b..fb6c9ae43 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index dd49ea65f..d84b1ba17 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 44dce24c5..967e8625d 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index cb185e72c..127482635 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index f07b768ce..70a98b006 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index ab95f8aa4..f7d11beb1 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index ef85abd73..ee96f08c2 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index f7be0e43c..b9f949bcf 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index ed86fcaba..b66302e1a 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index f517eb433..8d7c667d8 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 166891784..02f4ccd8a 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 4e4fd5725..fb87917a2 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 02f2b2b52..23a6b3ba3 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3c3fa0766..ffcee547c 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index 3518dfdae..d4de2a907 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -52,9 +52,9 @@ struct private_watcher_t {
bool pending;
/**
- * Is watcher running?
+ * Running state of watcher
*/
- bool running;
+ watcher_state_t state;
/**
* Lock to access FD list
@@ -239,7 +239,7 @@ static void activate_all(private_watcher_t *this)
entry->in_callback = 0;
}
enumerator->destroy(enumerator);
- this->running = FALSE;
+ this->state = WATCHER_STOPPED;
this->condvar->broadcast(this->condvar);
this->mutex->unlock(this->mutex);
}
@@ -263,10 +263,14 @@ static job_requeue_t watch(private_watcher_t *this)
if (this->fds->get_count(this->fds) == 0)
{
- this->running = FALSE;
+ this->state = WATCHER_STOPPED;
this->mutex->unlock(this->mutex);
return JOB_REQUEUE_NONE;
}
+ if (this->state == WATCHER_QUEUED)
+ {
+ this->state = WATCHER_RUNNING;
+ }
if (this->notify[0] != -1)
{
@@ -407,9 +411,9 @@ METHOD(watcher_t, add, void,
this->mutex->lock(this->mutex);
this->fds->insert_last(this->fds, entry);
- if (!this->running)
+ if (this->state == WATCHER_STOPPED)
{
- this->running = TRUE;
+ this->state = WATCHER_QUEUED;
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((void*)watch, this,
NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
@@ -437,7 +441,7 @@ METHOD(watcher_t, remove_, void,
{
if (entry->fd == fd)
{
- if (this->running && entry->in_callback)
+ if (this->state != WATCHER_STOPPED && entry->in_callback)
{
is_in_callback = TRUE;
break;
@@ -458,6 +462,18 @@ METHOD(watcher_t, remove_, void,
this->mutex->unlock(this->mutex);
}
+METHOD(watcher_t, get_state, watcher_state_t,
+ private_watcher_t *this)
+{
+ watcher_state_t state;
+
+ this->mutex->lock(this->mutex);
+ state = this->state;
+ this->mutex->unlock(this->mutex);
+
+ return state;
+}
+
METHOD(watcher_t, destroy, void,
private_watcher_t *this)
{
@@ -535,6 +551,7 @@ watcher_t *watcher_create()
.public = {
.add = _add,
.remove = _remove_,
+ .get_state = _get_state,
.destroy = _destroy,
},
.fds = linked_list_create(),
@@ -542,6 +559,7 @@ watcher_t *watcher_create()
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
.jobs = linked_list_create(),
.notify = {-1, -1},
+ .state = WATCHER_STOPPED,
);
if (!create_notify(this))
diff --git a/src/libstrongswan/processing/watcher.h b/src/libstrongswan/processing/watcher.h
index 6e158cec2..f07cabf1a 100644
--- a/src/libstrongswan/processing/watcher.h
+++ b/src/libstrongswan/processing/watcher.h
@@ -23,6 +23,7 @@
typedef struct watcher_t watcher_t;
typedef enum watcher_event_t watcher_event_t;
+typedef enum watcher_state_t watcher_state_t;
#include <library.h>
@@ -57,6 +58,18 @@ enum watcher_event_t {
};
/**
+ * State the watcher currently is in
+ */
+enum watcher_state_t {
+ /** no watcher thread running or queued */
+ WATCHER_STOPPED = 0,
+ /** a job has been queued for watching, but not yet started */
+ WATCHER_QUEUED,
+ /** a watcher thread is active, dispatching socket events */
+ WATCHER_RUNNING,
+};
+
+/**
* Watch multiple file descriptors using select().
*/
struct watcher_t {
@@ -86,6 +99,13 @@ struct watcher_t {
void (*remove)(watcher_t *this, int fd);
/**
+ * Get the current watcher state
+ *
+ * @return currently active watcher state
+ */
+ watcher_state_t (*get_state)(watcher_t *this);
+
+ /**
* Destroy a watcher_t.
*/
void (*destroy)(watcher_t *this);
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index e235e3c51..acf9160d2 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -856,7 +856,7 @@ static bool load_files_internal(private_settings_t *this, section_t *parent,
if (pattern == NULL || !pattern[0])
{ /* TODO: Clear parent if merge is FALSE? */
- return FALSE;
+ return TRUE;
}
section = settings_section_create(NULL);
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 23e552d8c..be805efc9 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -1716,13 +1716,11 @@ bool settings_parser_parse_file(section_t *root, char *name)
helper->file_include(helper, name);
if (!settings_parser_open_next_file(helper))
{
-#ifdef STRONGSWAN_CONF
- if (streq(name, STRONGSWAN_CONF))
+ if (lib->conf && streq(name, lib->conf))
{
DBG2(DBG_CFG, "failed to open config file '%s'", name);
}
else
-#endif
{
DBG1(DBG_CFG, "failed to open config file '%s'", name);
}
diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y
index b79faf6b7..d95a24b2a 100644
--- a/src/libstrongswan/settings/settings_parser.y
+++ b/src/libstrongswan/settings/settings_parser.y
@@ -259,13 +259,11 @@ bool settings_parser_parse_file(section_t *root, char *name)
helper->file_include(helper, name);
if (!settings_parser_open_next_file(helper))
{
-#ifdef STRONGSWAN_CONF
- if (streq(name, STRONGSWAN_CONF))
+ if (lib->conf && streq(name, lib->conf))
{
DBG2(DBG_CFG, "failed to open config file '%s'", name);
}
else
-#endif
{
DBG1(DBG_CFG, "failed to open config file '%s'", name);
}
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index e8e8090f3..7ecba19da 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -30,6 +30,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hashtable.c \
suites/test_identification.c \
suites/test_threading.c \
+ suites/test_process.c \
suites/test_watcher.c \
suites/test_stream.c \
suites/test_fetch_http.c \
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 1d2d5ebd1..3268b5488 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -126,6 +126,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \
suites/tests-test_hashtable.$(OBJEXT) \
suites/tests-test_identification.$(OBJEXT) \
suites/tests-test_threading.$(OBJEXT) \
+ suites/tests-test_process.$(OBJEXT) \
suites/tests-test_watcher.$(OBJEXT) \
suites/tests-test_stream.$(OBJEXT) \
suites/tests-test_fetch_http.$(OBJEXT) \
@@ -265,6 +266,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -325,6 +327,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -390,6 +393,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -437,6 +442,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -472,6 +481,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hashtable.c \
suites/test_identification.c \
suites/test_threading.c \
+ suites/test_process.c \
suites/test_watcher.c \
suites/test_stream.c \
suites/test_fetch_http.c \
@@ -595,6 +605,8 @@ suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_process.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \
@@ -671,6 +683,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ntru.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_pen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_process.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_rsa.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_settings.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_stream.Po@am__quote@
@@ -880,6 +893,20 @@ suites/tests-test_threading.obj: suites/test_threading.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+suites/tests-test_process.o: suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.o -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+
+suites/tests-test_process.obj: suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+
suites/tests-test_watcher.o: suites/test_watcher.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
index b33d70ec7..d71e010a2 100644
--- a/src/libstrongswan/tests/suites/test_chunk.c
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -784,6 +784,51 @@ START_TEST(test_chunk_hash_static)
END_TEST
/*******************************************************************************
+ * test for chunk_internet_checksum[_inc]()
+ */
+
+START_TEST(test_chunk_internet_checksum)
+{
+ chunk_t chunk;
+ u_int16_t sum;
+
+ chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06,
+ 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b);
+
+ sum = chunk_internet_checksum(chunk);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10));
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 10), sum);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ /* need to compensate for even/odd alignment */
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9));
+ sum = ntohs(sum);
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 11), sum);
+ sum = ntohs(sum);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06,
+ 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e);
+
+ sum = chunk_internet_checksum(chunk);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10));
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 9), sum);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+
+ /* need to compensate for even/odd alignment */
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9));
+ sum = ntohs(sum);
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 10), sum);
+ sum = ntohs(sum);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+}
+END_TEST
+
+/*******************************************************************************
* test for chunk_map and friends
*/
@@ -1018,6 +1063,10 @@ Suite *chunk_suite_create()
tcase_add_test(tc, test_chunk_hash_static);
suite_add_tcase(s, tc);
+ tc = tcase_create("chunk_internet_checksum");
+ tcase_add_test(tc, test_chunk_internet_checksum);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("chunk_map");
tcase_add_test(tc, test_chunk_map);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_process.c b/src/libstrongswan/tests/suites/test_process.c
new file mode 100644
index 000000000..9b1c57539
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_process.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+#include <utils/process.h>
+
+START_TEST(test_retval_true)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "exit 0",
+#else
+ "/bin/sh",
+ "-c",
+ "true",
+#endif
+ NULL
+ };
+ int retval;
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_retval_false)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "exit 1",
+#else
+ "/bin/sh",
+ "-c",
+ "false",
+#endif
+ NULL
+ };
+ int retval;
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert(retval != 0);
+}
+END_TEST
+
+START_TEST(test_not_found)
+{
+ process_t *process;
+ char *argv[] = {
+ "/bin/does-not-exist",
+ NULL
+ };
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ /* both is acceptable behavior */
+ ck_assert(process == NULL || !process->wait(process, NULL));
+}
+END_TEST
+
+START_TEST(test_echo)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\more.com",
+#else
+ "/bin/sh",
+ "-c",
+ "cat",
+#endif
+ NULL
+ };
+ int retval, in, out;
+ char *msg = "test";
+ char buf[strlen(msg) + 1];
+
+ memset(buf, 0, strlen(msg) + 1);
+
+ process = process_start(argv, NULL, &in, &out, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg));
+ ck_assert(close(in) == 0);
+ ck_assert_int_eq(read(out, buf, strlen(msg) + 1), strlen(msg));
+ ck_assert_str_eq(buf, msg);
+ ck_assert(close(out) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_echo_err)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "1>&2 C:\\Windows\\system32\\more.com",
+#else
+ "/bin/sh",
+ "-c",
+ "1>&2 cat",
+#endif
+ NULL
+ };
+ int retval, in, err;
+ char *msg = "a longer test message";
+ char buf[strlen(msg) + 1];
+
+ memset(buf, 0, strlen(msg) + 1);
+
+ process = process_start(argv, NULL, &in, NULL, &err, TRUE);
+ ck_assert(process != NULL);
+ ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg));
+ ck_assert(close(in) == 0);
+ ck_assert_int_eq(read(err, buf, strlen(msg) + 1), strlen(msg));
+ ck_assert_str_eq(buf, msg);
+ ck_assert(close(err) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_env)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "echo %A% %B%",
+#else
+ "/bin/sh",
+ "-c",
+ "/bin/echo -n $A $B",
+#endif
+ NULL
+ };
+ char *envp[] = {
+ "A=atest",
+ "B=bstring",
+ NULL
+ };
+ int retval, out;
+ char buf[64] = {};
+
+ process = process_start(argv, envp, NULL, &out, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(read(out, buf, sizeof(buf)) > 0);
+#ifdef WIN32
+ ck_assert_str_eq(buf, "atest bstring\r\n");
+#else
+ ck_assert_str_eq(buf, "atest bstring");
+#endif
+ ck_assert(close(out) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_shell)
+{
+ process_t *process;
+ int retval;
+
+ process = process_start_shell(NULL, NULL, NULL, NULL, "exit %d", 3);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 3);
+}
+END_TEST
+
+Suite *process_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("process");
+
+ tc = tcase_create("return values");
+ tcase_add_test(tc, test_retval_true);
+ tcase_add_test(tc, test_retval_false);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("echo");
+ tcase_add_test(tc, test_echo);
+ tcase_add_test(tc, test_echo_err);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env");
+ tcase_add_test(tc, test_env);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("shell");
+ tcase_add_test(tc, test_shell);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c
index 0526d9d6e..47e448484 100644
--- a/src/libstrongswan/tests/suites/test_threading.c
+++ b/src/libstrongswan/tests/suites/test_threading.c
@@ -980,7 +980,8 @@ START_TEST(test_detach)
sched_yield();
}
/* no checks done here, but we check that thread state gets cleaned
- * up with leak detective. */
+ * up with leak detective. give the threads time to clean up. */
+ usleep(10000);
}
END_TEST
@@ -1015,7 +1016,8 @@ START_TEST(test_detach_exit)
sched_yield();
}
/* no checks done here, but we check that thread state gets cleaned
- * up with leak detective. */
+ * up with leak detective. give the threads time to clean up. */
+ usleep(10000);
}
END_TEST
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index 8f2e9855e..b77302820 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -58,41 +58,58 @@ static void destroy_suite(test_suite_t *suite)
}
/**
- * Removes and destroys test suites that are not selected.
+ * Filter loaded test suites, either remove suites listed (exclude=TRUE), or all
+ * that are not listed (exclude=FALSE).
*/
-static void filter_suites(array_t *loaded)
+static void apply_filter(array_t *loaded, char *filter, bool exclude)
{
enumerator_t *enumerator, *names;
- hashtable_t *selected;
+ hashtable_t *listed;
test_suite_t *suite;
- char *suites, *name;
+ char *name;
- suites = getenv("TESTS_SUITES");
- if (!suites)
- {
- return;
- }
- selected = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8);
- names = enumerator_create_token(suites, ",", " ");
+ listed = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8);
+ names = enumerator_create_token(filter, ",", " ");
while (names->enumerate(names, &name))
{
- selected->put(selected, name, name);
+ listed->put(listed, name, name);
}
enumerator = array_create_enumerator(loaded);
while (enumerator->enumerate(enumerator, &suite))
{
- if (!selected->get(selected, suite->name))
+ if ((exclude && listed->get(listed, suite->name)) ||
+ (!exclude && !listed->get(listed, suite->name)))
{
array_remove_at(loaded, enumerator);
destroy_suite(suite);
}
}
enumerator->destroy(enumerator);
- selected->destroy(selected);
+ listed->destroy(listed);
names->destroy(names);
}
/**
+ * Removes and destroys test suites that are not selected or
+ * explicitly excluded.
+ */
+static void filter_suites(array_t *loaded)
+{
+ char *filter;
+
+ filter = getenv("TESTS_SUITES");
+ if (filter)
+ {
+ apply_filter(loaded, filter, FALSE);
+ }
+ filter = getenv("TESTS_SUITES_EXCLUDE");
+ if (filter)
+ {
+ apply_filter(loaded, filter, TRUE);
+ }
+}
+
+/**
* Load all available test suites, or optionally only selected ones.
*/
static array_t *load_suites(test_configuration_t configs[],
diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h
index de87a1f0f..7250f8a00 100644
--- a/src/libstrongswan/tests/test_runner.h
+++ b/src/libstrongswan/tests/test_runner.h
@@ -70,6 +70,7 @@ struct test_configuration_t {
* - TESTS_VERBOSITY: Numerical loglevel for debug log
* - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf
* - TESTS_SUITES: Run specific test suites only
+ * - TESTS_SUITES_EXCLUDE: Don't run specific test suites
* - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only
*
* @param name name of test runner
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index ab0f642e4..586227800 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -24,6 +24,7 @@ TEST_SUITE(hashtable_suite_create)
TEST_SUITE(array_suite_create)
TEST_SUITE(identification_suite_create)
TEST_SUITE(threading_suite_create)
+TEST_SUITE(process_suite_create)
TEST_SUITE(watcher_suite_create)
TEST_SUITE(stream_suite_create)
TEST_SUITE(utils_suite_create)
diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c
index f86e781c5..10cf04542 100644
--- a/src/libstrongswan/threading/mutex.c
+++ b/src/libstrongswan/threading/mutex.c
@@ -23,6 +23,7 @@
#include <library.h>
#include <utils/debug.h>
+#include "thread.h"
#include "condvar.h"
#include "mutex.h"
#include "lock_profiler.h"
@@ -70,7 +71,7 @@ struct private_r_mutex_t {
/**
* thread which currently owns mutex
*/
- pthread_t thread;
+ thread_t *thread;
/**
* times the current thread locked the mutex
@@ -125,16 +126,16 @@ METHOD(mutex_t, unlock, void,
METHOD(mutex_t, lock_r, void,
private_r_mutex_t *this)
{
- pthread_t self = pthread_self();
+ thread_t *self = thread_current();
- if (pthread_equal(this->thread, self))
+ if (cas_ptr(&this->thread, self, self))
{
this->times++;
}
else
{
lock(&this->generic);
- this->thread = self;
+ cas_ptr(&this->thread, NULL, self);
this->times = 1;
}
}
@@ -144,7 +145,7 @@ METHOD(mutex_t, unlock_r, void,
{
if (--this->times == 0)
{
- memset(&this->thread, 0, sizeof(this->thread));
+ cas_ptr(&this->thread, thread_current(), NULL);
unlock(&this->generic);
}
}
@@ -220,14 +221,15 @@ METHOD(condvar_t, wait_, void,
if (mutex->recursive)
{
private_r_mutex_t* recursive = (private_r_mutex_t*)mutex;
+ thread_t *self = thread_current();
u_int times;
/* keep track of the number of times this thread locked the mutex */
times = recursive->times;
/* mutex owner gets cleared during condvar wait */
- memset(&recursive->thread, 0, sizeof(recursive->thread));
+ cas_ptr(&recursive->thread, self, NULL);
pthread_cond_wait(&this->condvar, &mutex->mutex);
- recursive->thread = pthread_self();
+ cas_ptr(&recursive->thread, NULL, self);
recursive->times = times;
}
else
@@ -253,13 +255,14 @@ METHOD(condvar_t, timed_wait_abs, bool,
if (mutex->recursive)
{
private_r_mutex_t* recursive = (private_r_mutex_t*)mutex;
+ thread_t *self = thread_current();
u_int times;
times = recursive->times;
- memset(&recursive->thread, 0, sizeof(recursive->thread));
+ cas_ptr(&recursive->thread, self, NULL);
timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex,
&ts) == ETIMEDOUT;
- recursive->thread = pthread_self();
+ cas_ptr(&recursive->thread, NULL, self);
recursive->times = times;
}
else
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 8d3c30e9b..6abb83411 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -189,4 +189,32 @@ void threads_init();
*/
void threads_deinit();
+
+#ifdef __APPLE__
+
+/*
+ * While select() is a cancellation point, it seems that OS X does not honor
+ * pending cancellation points when entering the function. We manually test for
+ * and honor pending cancellation requests, but this obviously can't prevent
+ * some race conditions where the the cancellation happens after the check,
+ * but before the select.
+ */
+static inline int precancellable_select(int nfds, fd_set *restrict readfds,
+ fd_set *restrict writefds, fd_set *restrict errorfds,
+ struct timeval *restrict timeout)
+{
+ if (thread_cancelability(TRUE))
+ {
+ thread_cancellation_point();
+ }
+ else
+ {
+ thread_cancelability(FALSE);
+ }
+ return select(nfds, readfds, writefds, errorfds, timeout);
+}
+#define select precancellable_select
+
+#endif /* __APPLE__ */
+
#endif /** THREADING_THREAD_H_ @} */
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index e694caec7..6dd68d60e 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -319,6 +319,7 @@ static bfd_entry_t *get_bfd_entry(char *filename)
if (size == 0)
{
size = bfd_get_dynamic_symtab_upper_bound(entry->abfd);
+ dynamic = TRUE;
}
if (size >= 0)
{
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index 1a9674f4d..4b24b37c2 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -990,6 +990,37 @@ u_int32_t chunk_hash_static(chunk_t chunk)
/**
* Described in header.
*/
+u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
+{
+ u_int32_t sum = ntohs(~checksum);
+
+ while (data.len > 1)
+ {
+ sum += untoh16(data.ptr);
+ data = chunk_skip(data, 2);
+ }
+ if (data.len)
+ {
+ sum += (u_int16_t)*data.ptr << 8;
+ }
+ while (sum >> 16)
+ {
+ sum = (sum & 0xffff) + (sum >> 16);
+ }
+ return htons(~sum);
+}
+
+/**
+ * Described in header.
+ */
+u_int16_t chunk_internet_checksum(chunk_t data)
+{
+ return chunk_internet_checksum_inc(data, 0xffff);
+}
+
+/**
+ * Described in header.
+ */
int chunk_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
const void *const *args)
{
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index 9951ff31f..48405b77e 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -412,6 +412,31 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash);
u_int64_t chunk_mac(chunk_t chunk, u_char *key);
/**
+ * Calculate the Internet Checksum according to RFC 1071 for the given chunk.
+ *
+ * If the result is used with chunk_internet_checksum_inc() and the data length
+ * is not a multiple of 16 bit the checksum bytes have to be swapped to
+ * compensate the even/odd alignment.
+ *
+ * @param data data to process
+ * @return checksum (one's complement, network order)
+ */
+u_int16_t chunk_internet_checksum(chunk_t data);
+
+/**
+ * Extend the given Internet Checksum (one's complement, in network byte order)
+ * with the given data.
+ *
+ * If data is not a multiple of 16 bits the checksum may have to be swapped to
+ * compensate even/odd alignment (see chunk_internet_checksum()).
+ *
+ * @param data data to process
+ * @param checksum previous checksum (one's complement, network order)
+ * @return checksum (one's complement, network order)
+ */
+u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum);
+
+/**
* printf hook function for chunk_t.
*
* Arguments are:
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index a2bca193d..bc8432aea 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -561,6 +561,8 @@ char *whitelist[] = {
"ECDSA_do_sign_ex",
"ECDSA_verify",
"RSA_new_method",
+ /* OpenSSL libssl */
+ "SSL_COMP_get_compression_methods",
/* NSPR */
"PR_CallOnce",
/* libapr */
diff --git a/src/libstrongswan/utils/process.c b/src/libstrongswan/utils/process.c
new file mode 100644
index 000000000..c863bdd10
--- /dev/null
+++ b/src/libstrongswan/utils/process.c
@@ -0,0 +1,592 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/* vasprintf() */
+#define _GNU_SOURCE
+#include "process.h"
+
+#include <library.h>
+#include <utils/debug.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+typedef struct private_process_t private_process_t;
+
+/**
+ * Ends of a pipe()
+ */
+enum {
+ PIPE_READ = 0,
+ PIPE_WRITE = 1,
+ PIPE_ENDS,
+};
+
+#ifndef WIN32
+
+#include <unistd.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <signal.h>
+
+/**
+ * Private data of an process_t object.
+ */
+struct private_process_t {
+
+ /**
+ * Public process_t interface.
+ */
+ process_t public;
+
+ /**
+ * child stdin pipe
+ */
+ int in[PIPE_ENDS];
+
+ /**
+ * child stdout pipe
+ */
+ int out[PIPE_ENDS];
+
+ /**
+ * child stderr pipe
+ */
+ int err[PIPE_ENDS];
+
+ /**
+ * child process
+ */
+ int pid;
+};
+
+/**
+ * Close a file descriptor if it is not -1
+ */
+static void close_if(int *fd)
+{
+ if (*fd != -1)
+ {
+ close(*fd);
+ *fd = -1;
+ }
+}
+
+/**
+ * Destroy a process structure, close all pipes
+ */
+static void process_destroy(private_process_t *this)
+{
+ close_if(&this->in[PIPE_READ]);
+ close_if(&this->in[PIPE_WRITE]);
+ close_if(&this->out[PIPE_READ]);
+ close_if(&this->out[PIPE_WRITE]);
+ close_if(&this->err[PIPE_READ]);
+ close_if(&this->err[PIPE_WRITE]);
+ free(this);
+}
+
+METHOD(process_t, wait_, bool,
+ private_process_t *this, int *code)
+{
+ int status, ret;
+
+ ret = waitpid(this->pid, &status, 0);
+ process_destroy(this);
+ if (ret == -1)
+ {
+ return FALSE;
+ }
+ if (!WIFEXITED(status))
+ {
+ return FALSE;
+ }
+ if (code)
+ {
+ *code = WEXITSTATUS(status);
+ }
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all)
+{
+ private_process_t *this;
+ char *empty[] = { NULL };
+
+ INIT(this,
+ .public = {
+ .wait = _wait_,
+ },
+ .in = { -1, -1 },
+ .out = { -1, -1 },
+ .err = { -1, -1 },
+ );
+
+ if (in && pipe(this->in) != 0)
+ {
+ DBG1(DBG_LIB, "creating stdin pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+ if (out && pipe(this->out) != 0)
+ {
+ DBG1(DBG_LIB, "creating stdout pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+ if (err && pipe(this->err) != 0)
+ {
+ DBG1(DBG_LIB, "creating stderr pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+
+ this->pid = fork();
+ switch (this->pid)
+ {
+ case -1:
+ DBG1(DBG_LIB, "forking process failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ case 0:
+ /* child */
+ close_if(&this->in[PIPE_WRITE]);
+ close_if(&this->out[PIPE_READ]);
+ close_if(&this->err[PIPE_READ]);
+ if (this->in[PIPE_READ] != -1)
+ {
+ if (dup2(this->in[PIPE_READ], 0) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (this->out[PIPE_WRITE] != -1)
+ {
+ if (dup2(this->out[PIPE_WRITE], 1) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (this->err[PIPE_WRITE] != -1)
+ {
+ if (dup2(this->err[PIPE_WRITE], 2) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (close_all)
+ {
+ closefrom(3);
+ }
+ if (execve(argv[0], argv, envp ?: empty) == -1)
+ {
+ raise(SIGKILL);
+ }
+ /* not reached */
+ default:
+ /* parent */
+ close_if(&this->in[PIPE_READ]);
+ close_if(&this->out[PIPE_WRITE]);
+ close_if(&this->err[PIPE_WRITE]);
+ if (in)
+ {
+ *in = this->in[PIPE_WRITE];
+ this->in[PIPE_WRITE] = -1;
+ }
+ if (out)
+ {
+ *out = this->out[PIPE_READ];
+ this->out[PIPE_READ] = -1;
+ }
+ if (err)
+ {
+ *err = this->err[PIPE_READ];
+ this->err[PIPE_READ] = -1;
+ }
+ return &this->public;
+ }
+}
+
+/**
+ * See header
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...)
+{
+ char *argv[] = {
+ "/bin/sh",
+ "-c",
+ NULL,
+ NULL
+ };
+ process_t *process;
+ va_list args;
+ int len;
+
+ va_start(args, fmt);
+ len = vasprintf(&argv[2], fmt, args);
+ va_end(args);
+ if (len < 0)
+ {
+ return NULL;
+ }
+
+ process = process_start(argv, envp, in, out, err, TRUE);
+ free(argv[2]);
+ return process;
+}
+
+#else /* WIN32 */
+
+/**
+ * Private data of an process_t object.
+ */
+struct private_process_t {
+
+ /**
+ * Public process_t interface.
+ */
+ process_t public;
+
+ /**
+ * child stdin pipe
+ */
+ HANDLE in[PIPE_ENDS];
+
+ /**
+ * child stdout pipe
+ */
+ HANDLE out[PIPE_ENDS];
+
+ /**
+ * child stderr pipe
+ */
+ HANDLE err[PIPE_ENDS];
+
+ /**
+ * child process information
+ */
+ PROCESS_INFORMATION pi;
+};
+
+/**
+ * Clean up state associated to child process
+ */
+static void process_destroy(private_process_t *this)
+{
+ if (this->in[PIPE_READ])
+ {
+ CloseHandle(this->in[PIPE_READ]);
+ }
+ if (this->in[PIPE_WRITE])
+ {
+ CloseHandle(this->in[PIPE_WRITE]);
+ }
+ if (this->out[PIPE_READ])
+ {
+ CloseHandle(this->out[PIPE_READ]);
+ }
+ if (this->out[PIPE_WRITE])
+ {
+ CloseHandle(this->out[PIPE_WRITE]);
+ }
+ if (this->err[PIPE_READ])
+ {
+ CloseHandle(this->err[PIPE_READ]);
+ }
+ if (this->err[PIPE_WRITE])
+ {
+ CloseHandle(this->err[PIPE_WRITE]);
+ }
+ if (this->pi.hProcess)
+ {
+ CloseHandle(this->pi.hProcess);
+ CloseHandle(this->pi.hThread);
+ }
+ free(this);
+}
+
+METHOD(process_t, wait_, bool,
+ private_process_t *this, int *code)
+{
+ DWORD ec;
+
+ if (WaitForSingleObject(this->pi.hProcess, INFINITE) != WAIT_OBJECT_0)
+ {
+ DBG1(DBG_LIB, "waiting for child process failed: 0x%08x",
+ GetLastError());
+ process_destroy(this);
+ return FALSE;
+ }
+ if (code)
+ {
+ if (!GetExitCodeProcess(this->pi.hProcess, &ec))
+ {
+ DBG1(DBG_LIB, "getting child process exit code failed: 0x%08x",
+ GetLastError());
+ process_destroy(this);
+ return FALSE;
+ }
+ *code = ec;
+ }
+ process_destroy(this);
+ return TRUE;
+}
+
+/**
+ * Append a command line argument to buf, optionally quoted
+ */
+static void append_arg(char *buf, u_int len, char *arg, char *quote)
+{
+ char *space = "";
+ int current;
+
+ current = strlen(buf);
+ if (current)
+ {
+ space = " ";
+ }
+ snprintf(buf + current, len - current, "%s%s%s%s", space, quote, arg, quote);
+}
+
+/**
+ * Append a null-terminate env string to buf
+ */
+static void append_env(char *buf, u_int len, char *env)
+{
+ char *pos = buf;
+ int current;
+
+ while (TRUE)
+ {
+ pos += strlen(pos);
+ if (!pos[1])
+ {
+ if (pos == buf)
+ {
+ current = 0;
+ }
+ else
+ {
+ current = pos - buf + 1;
+ }
+ snprintf(buf + current, len - current, "%s", env);
+ break;
+ }
+ pos++;
+ }
+}
+
+/**
+ * See header
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all)
+{
+ private_process_t *this;
+ char arg[32768], env[32768];
+ SECURITY_ATTRIBUTES sa = {
+ .nLength = sizeof(SECURITY_ATTRIBUTES),
+ .bInheritHandle = TRUE,
+ };
+ STARTUPINFO sui = {
+ .cb = sizeof(STARTUPINFO),
+ };
+ int i;
+
+ memset(arg, 0, sizeof(arg));
+ memset(env, 0, sizeof(env));
+
+ for (i = 0; argv[i]; i++)
+ {
+ if (!strchr(argv[i], ' '))
+ { /* no spaces, fine for appending */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "");
+ }
+ else if (argv[i][0] == '"' &&
+ argv[i][strlen(argv[i]) - 1] == '"' &&
+ strchr(argv[i] + 1, '"') == argv[i] + strlen(argv[i]) - 1)
+ { /* already properly quoted */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "");
+ }
+ else if (strchr(argv[i], ' ') && !strchr(argv[i], '"'))
+ { /* spaces, but no quotes; append quoted */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "\"");
+ }
+ else
+ {
+ DBG1(DBG_LIB, "invalid command line argument: %s", argv[i]);
+ return NULL;
+ }
+ }
+ if (envp)
+ {
+ for (i = 0; envp[i]; i++)
+ {
+ append_env(env, sizeof(env) - 1, envp[i]);
+ }
+ }
+
+ INIT(this,
+ .public = {
+ .wait = _wait_,
+ },
+ );
+
+ if (in)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->in[PIPE_READ], &this->in[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->in[PIPE_WRITE], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdInput = this->in[PIPE_READ];
+ *in = _open_osfhandle((uintptr_t)this->in[PIPE_WRITE], 0);
+ if (*in == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+ if (out)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->out[PIPE_READ], &this->out[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->out[PIPE_READ], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdOutput = this->out[PIPE_WRITE];
+ *out = _open_osfhandle((uintptr_t)this->out[PIPE_READ], 0);
+ if (*out == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+ if (err)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->err[PIPE_READ], &this->err[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->err[PIPE_READ], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdError = this->err[PIPE_WRITE];
+ *err = _open_osfhandle((uintptr_t)this->err[PIPE_READ], 0);
+ if (*err == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+
+ if (!CreateProcess(argv[0], arg, NULL, NULL, TRUE,
+ NORMAL_PRIORITY_CLASS, env, NULL, &sui, &this->pi))
+ {
+ DBG1(DBG_LIB, "creating process '%s' failed: 0x%08x",
+ argv[0], GetLastError());
+ process_destroy(this);
+ return NULL;
+ }
+
+ /* close child process end of pipes */
+ if (this->in[PIPE_READ])
+ {
+ CloseHandle(this->in[PIPE_READ]);
+ this->in[PIPE_READ] = NULL;
+ }
+ if (this->out[PIPE_WRITE])
+ {
+ CloseHandle(this->out[PIPE_WRITE]);
+ this->out[PIPE_WRITE] = NULL;
+ }
+ if (this->err[PIPE_WRITE])
+ {
+ CloseHandle(this->err[PIPE_WRITE]);
+ this->err[PIPE_WRITE] = NULL;
+ }
+ /* our side gets closed over the osf_handle closed by caller */
+ this->in[PIPE_WRITE] = NULL;
+ this->out[PIPE_READ] = NULL;
+ this->err[PIPE_READ] = NULL;
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...)
+{
+ char path[MAX_PATH], *exe = "system32\\cmd.exe";
+ char *argv[] = {
+ path,
+ "/C",
+ NULL,
+ NULL
+ };
+ process_t *process;
+ va_list args;
+ int len;
+
+ len = GetSystemWindowsDirectory(path, sizeof(path));
+ if (len == 0 || len >= sizeof(path) - strlen(exe))
+ {
+ DBG1(DBG_LIB, "resolving Windows directory failed: 0x%08x",
+ GetLastError());
+ return NULL;
+ }
+ if (path[len + 1] != '\\')
+ {
+ strncat(path, "\\", sizeof(path) - len++);
+ }
+ strncat(path, exe, sizeof(path) - len);
+
+ va_start(args, fmt);
+ len = vasprintf(&argv[2], fmt, args);
+ va_end(args);
+ if (len < 0)
+ {
+ return NULL;
+ }
+
+ process = process_start(argv, envp, in, out, err, TRUE);
+ free(argv[2]);
+ return process;
+}
+
+#endif /* WIN32 */
diff --git a/src/libstrongswan/utils/process.h b/src/libstrongswan/utils/process.h
new file mode 100644
index 000000000..81719201c
--- /dev/null
+++ b/src/libstrongswan/utils/process.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup process process
+ * @{ @ingroup utils
+ */
+
+#ifndef PROCESS_H_
+#define PROCESS_H_
+
+#include <utils/utils.h>
+
+typedef struct process_t process_t;
+
+/**
+ * Child process spawning abstraction
+ */
+struct process_t {
+
+ /**
+ * Wait for a started process to terminate.
+ *
+ * The process object gets destroyed by this call, regardless of the
+ * return value.
+ *
+ * The returned code is the exit code, not the status returned by waitpid().
+ * If the program could not be executed or has terminated abnormally
+ * (by signals etc.), FALSE is returned.
+ *
+ * @param code process exit code, set only if TRUE returned
+ * @return TRUE if program exited normally through exit()
+ */
+ bool (*wait)(process_t *this, int *code);
+};
+
+/**
+ * Spawn a child process with redirected I/O.
+ *
+ * Forks the current process, optionally redirects stdin/out/err to the current
+ * process, and executes the provided program with arguments.
+ *
+ * The process to execute is specified as argv[0], followed by the process
+ * arguments, followed by NULL. envp[] has a NULL terminated list of arguments
+ * to invoke the process with.
+ *
+ * If any of in/out/err is given, stdin/out/err from the child process get
+ * connected over pipe()s to the caller. If close_all is TRUE, all other
+ * open file descriptors get closed, regardless of any CLOEXEC setting.
+ *
+ * A caller must close all of the returned file descriptors to avoid file
+ * descriptor leaks.
+ *
+ * A non-NULL return value does not guarantee that the process has been
+ * invoked successfully.
+ *
+ * @param argv NULL terminated process arguments, with argv[0] as program
+ * @param envp NULL terminated list of environment variables
+ * @param in pipe fd returned for redirecting data to child stdin
+ * @param out pipe fd returned to redirect child stdout data to
+ * @param err pipe fd returned to redirect child stderr data to
+ * @param close_all close all open file descriptors above 2 before execve()
+ * @return process, NULL on failure
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all);
+
+/**
+ * Spawn a command in a shell child process.
+ *
+ * Same as process_start(), but passes a single command to a shell, such as
+ * "sh -c". See process_start() for I/O redirection notes.
+ *
+ * @param envp NULL terminated list of environment variables
+ * @param in pipe fd returned for redirecting data to child stdin
+ * @param out pipe fd returned to redirect child stdout data to
+ * @param err pipe fd returned to redirect child stderr data to
+ * @param fmt printf format string for command
+ * @param ... arguments for fmt
+ * @return process, NULL on failure
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...);
+
+#endif /** PROCESS_H_ @}*/
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index 1b822dd61..da253cc35 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -60,6 +60,20 @@
#define BUF_LEN 512
/**
+ * Build assertion macro for integer expressions, evaluates to 0
+ */
+#define BUILD_ASSERT(x) (sizeof(char[(x) ? 0 : -1]))
+
+/**
+ * Build time check to assert a is an array, evaluates to 0
+ *
+ * The address of an array element has a pointer type, which is not compatible
+ * to the array type.
+ */
+#define BUILD_ASSERT_ARRAY(a) \
+ BUILD_ASSERT(!__builtin_types_compatible_p(typeof(a), typeof(&(a)[0])))
+
+/**
* General purpose boolean type.
*/
#ifdef HAVE_STDBOOL_H
@@ -342,7 +356,8 @@ static inline void *memset_noop(void *s, int c, size_t n)
/**
* Get the number of elements in an array
*/
-#define countof(array) (sizeof(array)/sizeof(array[0]))
+#define countof(array) (sizeof(array)/sizeof((array)[0]) \
+ + BUILD_ASSERT_ARRAY(array))
/**
* Ignore result of functions tagged with warn_unused_result attributes
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 85f13d0c8..426d8bcb3 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -284,6 +284,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -344,6 +345,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -409,6 +411,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -456,6 +460,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index bbc364970..2e44fb4a5 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c
index 1d0779dc0..67cfd3a75 100644
--- a/src/libtls/tls_aead.c
+++ b/src/libtls/tls_aead.c
@@ -82,6 +82,7 @@ METHOD(tls_aead_t, encrypt, bool,
assoc = chunk_from_thing(hdr);
if (!this->aead->encrypt(this->aead, plain, assoc, iv, NULL))
{
+ chunk_free(&encrypted);
return FALSE;
}
chunk_free(data);
diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 5e4d33e14..80b0db38c 100644
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -91,7 +91,6 @@ METHOD(tls_aead_t, encrypt, bool,
/* encrypt inline */
if (!this->crypter->encrypt(this->crypter, *data, iv, NULL))
{
- free(data->ptr);
return FALSE;
}
/* prepend IV */
@@ -106,6 +105,7 @@ METHOD(tls_aead_t, decrypt, bool,
chunk_t assoc, mac, iv;
u_int8_t bs, padlen;
sigheader_t hdr;
+ size_t i;
iv.len = this->crypter->get_iv_size(this->crypter);
if (data->len < iv.len)
@@ -126,6 +126,13 @@ METHOD(tls_aead_t, decrypt, bool,
padlen = data->ptr[data->len - 1];
if (padlen < data->len)
{ /* If padding looks valid, remove it */
+ for (i = data->len - padlen - 1; i < data->len - 1; i++)
+ {
+ if (data->ptr[i] != padlen)
+ {
+ return FALSE;
+ }
+ }
data->len -= padlen + 1;
}
diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c
index fb14026e0..d529ceba7 100644
--- a/src/libtls/tls_aead_impl.c
+++ b/src/libtls/tls_aead_impl.c
@@ -100,6 +100,7 @@ METHOD(tls_aead_t, decrypt, bool,
chunk_t assoc, mac, iv;
u_int8_t bs, padlen;
sigheader_t hdr;
+ size_t i;
bs = this->crypter->get_block_size(this->crypter);
if (data->len < bs || data->len < this->iv.len || data->len % bs)
@@ -116,6 +117,13 @@ METHOD(tls_aead_t, decrypt, bool,
padlen = data->ptr[data->len - 1];
if (padlen < data->len)
{ /* If padding looks valid, remove it */
+ for (i = data->len - padlen - 1; i < data->len - 1; i++)
+ {
+ if (data->ptr[i] != padlen)
+ {
+ return FALSE;
+ }
+ }
data->len -= padlen + 1;
}
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index d3c0196d9..b0bfdf20d 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -289,6 +289,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -349,6 +350,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -414,6 +416,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -461,6 +465,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 3ba06f965..2b76aabe6 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 97c05c127..06e7b0480 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index adbbf6cf0..8910fe761 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 92f3b087a..ea6ac5546 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 230440b87..90c804710 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -248,6 +248,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -308,6 +309,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -373,6 +375,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -420,6 +424,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index ee3f72d1e..6a03df994 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index ee54a68b7..efa06b927 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -199,6 +199,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -259,6 +260,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -324,6 +326,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -371,6 +375,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 00575262c..79ee9c7b8 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -251,6 +251,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -311,6 +312,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -376,6 +378,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -423,6 +427,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index a895b0256..3de9153cf 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 8349a77f8..5f7a1bc26 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index 4c0efd5a7..c288015de 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -187,6 +187,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -247,6 +248,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -312,6 +314,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -359,6 +363,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index 54a1a8491..4f753a0bb 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index efbba98d2..7ee25c007 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index 8b41ae25e..a8d45b54f 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -227,7 +227,7 @@ static void init()
options = options_create();
lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
{
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 27a6b8220..6a947efa6 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 8beb47c30..88d362f6c 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -277,6 +277,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -337,6 +338,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -402,6 +404,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -449,6 +453,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 17dca66a1..de9099a1b 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -658,6 +658,7 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
static void confread_free_ca(starter_ca_t *ca)
{
free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca);
+ free(ca);
}
/*
@@ -668,6 +669,7 @@ static void confread_free_conn(starter_conn_t *conn)
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left);
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right);
free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn);
+ free(conn);
}
/*
@@ -686,7 +688,6 @@ void confread_free(starter_config_t *cfg)
conn = conn->next;
confread_free_conn(conn_aux);
- free(conn_aux);
}
while (ca != NULL)
@@ -695,7 +696,6 @@ void confread_free(starter_config_t *cfg)
ca = ca->next;
confread_free_ca(ca_aux);
- free(ca_aux);
}
free(cfg);
@@ -746,6 +746,9 @@ starter_config_t* confread_load(const char *file)
if (cfg->err > previous_err)
{
+ total_err = cfg->err - previous_err;
+ DBG1(DBG_APP, "# ignored ca '%s' due to %d parsing error%s", name,
+ total_err, (total_err > 1) ? "s" : "");
confread_free_ca(ca);
cfg->non_fatal_err += cfg->err - previous_err;
cfg->err = previous_err;
@@ -784,6 +787,9 @@ starter_config_t* confread_load(const char *file)
if (cfg->err > previous_err)
{
+ total_err = cfg->err - previous_err;
+ DBG1(DBG_APP, "# ignored conn '%s' due to %d parsing error%s", name,
+ total_err, (total_err > 1) ? "s" : "");
confread_free_conn(conn);
cfg->non_fatal_err += cfg->err - previous_err;
cfg->err = previous_err;
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index d981f6c17..5d95305cb 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -201,6 +201,15 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
default:
/* father */
_charon_pid = pid;
+ while (attach_gdb)
+ {
+ /* wait indefinitely if gdb is attached */
+ usleep(10000);
+ if (stat(pid_file, &stb) == 0)
+ {
+ return 0;
+ }
+ }
for (i = 0; i < 500 && _charon_pid; i++)
{
/* wait for charon for a maximum of 500 x 20 ms = 10 s */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index ef5780843..74b5b5286 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -261,10 +261,14 @@ static void fatal_signal_handler(int signal)
#ifdef GENERATE_SELFCERT
static void generate_selfcert()
{
+ const char *secrets_file;
struct stat stb;
+ secrets_file = lib->settings->get_str(lib->settings,
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
+
/* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
+ if (stat(secrets_file, &stb) != 0)
{
mode_t oldmask;
FILE *f;
@@ -302,7 +306,7 @@ static void generate_selfcert()
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
- f = fopen(SECRETS_FILE, "w");
+ f = fopen(secrets_file, "w");
if (f)
{
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
@@ -310,7 +314,7 @@ static void generate_selfcert()
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
- ignore_result(chown(SECRETS_FILE, uid, gid));
+ ignore_result(chown(secrets_file, uid, gid));
umask(oldmask);
}
}
@@ -485,7 +489,8 @@ int main (int argc, char **argv)
}
if (!config_file)
{
- config_file = CONFIG_FILE;
+ config_file = lib->settings->get_str(lib->settings,
+ "starter.config_file", CONFIG_FILE);
}
init_log("ipsec_starter");
@@ -612,7 +617,6 @@ int main (int argc, char **argv)
int fnull;
close_log();
- closefrom(3);
fnull = open("/dev/null", O_RDWR);
if (fnull >= 0)
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index c72f23e34..d42a0d286 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 1741b6403..9c041dfbf 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 385737ad4..b84d70587 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -10,12 +10,14 @@ swanctl_SOURCES = \
commands/list_conns.c \
commands/list_certs.c \
commands/list_pools.c \
- commands/load_conns.c \
- commands/load_creds.c \
- commands/load_pools.c \
+ commands/load_all.c \
+ commands/load_conns.c commands/load_conns.h \
+ commands/load_creds.c commands/load_creds.h \
+ commands/load_pools.c commands/load_pools.h \
commands/log.c \
commands/version.c \
commands/stats.c \
+ commands/reload_settings.c \
swanctl.c swanctl.h
swanctl_LDADD = \
@@ -44,7 +46,7 @@ CLEANFILES = $(man_MANS)
swanctl.conf.5.main: swanctl.opt
$(AM_V_GEN) \
- $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@
+ $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@
swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail
$(AM_V_GEN) \
@@ -54,7 +56,7 @@ maintainer-clean-local:
cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
install-data-local: swanctl.conf
- test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
+ test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index 149159770..649e6d8ae 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -108,10 +108,11 @@ am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \
commands/terminate.$(OBJEXT) commands/install.$(OBJEXT) \
commands/list_sas.$(OBJEXT) commands/list_pols.$(OBJEXT) \
commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \
- commands/list_pools.$(OBJEXT) commands/load_conns.$(OBJEXT) \
- commands/load_creds.$(OBJEXT) commands/load_pools.$(OBJEXT) \
- commands/log.$(OBJEXT) commands/version.$(OBJEXT) \
- commands/stats.$(OBJEXT) swanctl.$(OBJEXT)
+ commands/list_pools.$(OBJEXT) commands/load_all.$(OBJEXT) \
+ commands/load_conns.$(OBJEXT) commands/load_creds.$(OBJEXT) \
+ commands/load_pools.$(OBJEXT) commands/log.$(OBJEXT) \
+ commands/version.$(OBJEXT) commands/stats.$(OBJEXT) \
+ commands/reload_settings.$(OBJEXT) swanctl.$(OBJEXT)
swanctl_OBJECTS = $(am_swanctl_OBJECTS)
swanctl_DEPENDENCIES = \
$(top_builddir)/src/libcharon/plugins/vici/libvici.la \
@@ -243,6 +244,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +305,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +371,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +420,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -434,12 +443,14 @@ swanctl_SOURCES = \
commands/list_conns.c \
commands/list_certs.c \
commands/list_pools.c \
- commands/load_conns.c \
- commands/load_creds.c \
- commands/load_pools.c \
+ commands/load_all.c \
+ commands/load_conns.c commands/load_conns.h \
+ commands/load_creds.c commands/load_creds.h \
+ commands/load_pools.c commands/load_pools.h \
commands/log.c \
commands/version.c \
commands/stats.c \
+ commands/reload_settings.c \
swanctl.c swanctl.h
swanctl_LDADD = \
@@ -571,6 +582,8 @@ commands/list_certs.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/list_pools.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
+commands/load_all.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
commands/load_conns.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/load_creds.$(OBJEXT): commands/$(am__dirstamp) \
@@ -583,6 +596,8 @@ commands/version.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/stats.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
+commands/reload_settings.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
swanctl$(EXEEXT): $(swanctl_OBJECTS) $(swanctl_DEPENDENCIES) $(EXTRA_swanctl_DEPENDENCIES)
@rm -f swanctl$(EXEEXT)
@@ -604,10 +619,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_pols.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_pools.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_sas.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_all.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_conns.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_creds.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/load_pools.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/log.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/reload_settings.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/stats.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/terminate.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/version.Po@am__quote@
@@ -955,7 +972,7 @@ swanctl.o : $(top_builddir)/config.status
swanctl.conf.5.main: swanctl.opt
$(AM_V_GEN) \
- $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@
+ $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@
swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail
$(AM_V_GEN) \
@@ -965,7 +982,7 @@ maintainer-clean-local:
cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
install-data-local: swanctl.conf
- test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
+ test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
diff --git a/src/swanctl/command.c b/src/swanctl/command.c
index e488273bf..1c079ec3a 100644
--- a/src/swanctl/command.c
+++ b/src/swanctl/command.c
@@ -220,7 +220,7 @@ int command_usage(char *error, ...)
{
for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++)
{
- fprintf(out, " swanctl --%-10s (-%c) %s\n",
+ fprintf(out, " swanctl --%-15s (-%c) %s\n",
cmds[i].cmd, cmds[i].op, cmds[i].description);
}
}
@@ -267,9 +267,10 @@ static int call_command(command_t *cmd)
conn = vici_connect(uri);
if (!conn)
{
+ ret = errno;
command_usage("connecting to '%s' URI failed: %s",
uri ?: "default", strerror(errno));
- return errno;
+ return ret;
}
ret = cmd->call(conn);
vici_disconnect(conn);
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 8510fa44d..2d78a24da 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 16
+#define MAX_COMMANDS 18
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index 080dc4131..eb7b6adbd 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -71,8 +71,9 @@ static int initiate(vici_conn_t *conn)
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("initiate");
if (child)
@@ -87,8 +88,9 @@ static int initiate(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "initiate request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/install.c b/src/swanctl/commands/install.c
index e8727d573..59c5c24ab 100644
--- a/src/swanctl/commands/install.c
+++ b/src/swanctl/commands/install.c
@@ -55,8 +55,9 @@ static int manage_policy(vici_conn_t *conn, char *label)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "%s request failed: %s\n", label, strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_certs.c b/src/swanctl/commands/list_certs.c
index bee5fda27..ecb65289a 100644
--- a/src/swanctl/commands/list_certs.c
+++ b/src/swanctl/commands/list_certs.c
@@ -590,6 +590,7 @@ static int list_certs(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *subject = NULL, *type = NULL;
+ int ret;
while (TRUE)
{
@@ -621,9 +622,10 @@ static int list_certs(vici_conn_t *conn)
}
if (vici_register(conn, "list-cert", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for certificates failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-certs");
if (type)
@@ -637,8 +639,9 @@ static int list_certs(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-certs request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index ec5da4bef..31ab9c40a 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -183,6 +183,7 @@ static int list_conns(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg;
+ int ret;
while (TRUE)
{
@@ -205,16 +206,18 @@ static int list_conns(vici_conn_t *conn)
}
if (vici_register(conn, "list-conn", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for connections failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-conns");
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-conns request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_pols.c b/src/swanctl/commands/list_pols.c
index 2317b2542..f2ae22172 100644
--- a/src/swanctl/commands/list_pols.c
+++ b/src/swanctl/commands/list_pols.c
@@ -116,6 +116,7 @@ static int list_pols(vici_conn_t *conn)
bool trap = FALSE, drop = FALSE, pass = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL;
+ int ret;
while (TRUE)
{
@@ -154,9 +155,10 @@ static int list_pols(vici_conn_t *conn)
}
if (vici_register(conn, "list-policy", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for policies failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-policies");
if (child)
@@ -178,8 +180,9 @@ static int list_pols(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-policies request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_pools.c b/src/swanctl/commands/list_pools.c
index 17ea539a9..155771657 100644
--- a/src/swanctl/commands/list_pools.c
+++ b/src/swanctl/commands/list_pools.c
@@ -68,8 +68,9 @@ static int list_pools(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "get-pools request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 80c279ce8..35e7469a9 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -283,7 +283,7 @@ static int list_sas(vici_conn_t *conn)
bool noblock = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *ike = NULL;
- int ike_id = 0;
+ int ike_id = 0, ret;
while (TRUE)
{
@@ -315,8 +315,9 @@ static int list_sas(vici_conn_t *conn)
}
if (vici_register(conn, "list-sa", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for SAs failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-sas");
if (ike)
@@ -334,8 +335,9 @@ static int list_sas(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-sas request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
new file mode 100644
index 000000000..f47fee5b4
--- /dev/null
+++ b/src/swanctl/commands/load_all.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "command.h"
+#include "swanctl.h"
+#include "load_creds.h"
+#include "load_pools.h"
+#include "load_conns.h"
+
+static int load_all(vici_conn_t *conn)
+{
+ bool clear = FALSE, noprompt = FALSE;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ int ret = 0;
+ char *arg;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'c':
+ clear = TRUE;
+ continue;
+ case 'n':
+ noprompt = TRUE;
+ continue;
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-all option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ if (ret == 0)
+ {
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
+ }
+ if (ret == 0)
+ {
+ ret = load_pools_cfg(conn, format, cfg);
+ }
+ if (ret == 0)
+ {
+ ret = load_conns_cfg(conn, format, cfg);
+ }
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ load_all, 'q', "load-all", "load credentials, pools and connections",
+ {"[--raw|--pretty] [--clear] [--noprompt]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"clear", 'c', 0, "clear previously loaded credentials"},
+ {"noprompt", 'n', 0, "do not prompt for passwords"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 7383f7a1e..de30d8eb4 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_conns.h"
/**
* Check if we should handle a key as a list of comma separated values
@@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
return ret;
}
-static int load_conns(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
u_int found = 0, loaded = 0, unloaded = 0;
- command_format_options_t format = COMMAND_FORMAT_NONE;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *conns;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-conns option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
conns = list_conns(conn, format);
@@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all connection in daemon, but not in file */
while (conns->remove_first(conns, (void**)&section) == SUCCESS)
{
@@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
return EINVAL;
}
+static int load_conns(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-conns option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_conns_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
diff --git a/src/swanctl/commands/load_conns.h b/src/swanctl/commands/load_conns.h
new file mode 100644
index 000000000..1e7abdea4
--- /dev/null
+++ b/src/swanctl/commands/load_conns.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all connections from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index f77084c60..86ee3c179 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -21,6 +21,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_creds.h"
#include <credentials/sets/mem_cred.h>
#include <credentials/sets/callback_cred.h>
@@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
return TRUE;
}
+/**
+ * See header.
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt)
+{
+ enumerator_t *enumerator;
+ char *section;
+
+ if (clear)
+ {
+ if (!clear_creds(conn, format))
+ {
+ return ECONNREFUSED;
+ }
+ }
+
+ load_certs(conn, format, "x509", SWANCTL_X509DIR);
+ load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+ load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+ load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+ load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+
+ load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+ load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+ load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
+
+ enumerator = cfg->create_section_enumerator(cfg, "secrets");
+ while (enumerator->enumerate(enumerator, &section))
+ {
+ load_secret(conn, cfg, section, format);
+ }
+ enumerator->destroy(enumerator);
+
+ return 0;
+}
+
static int load_creds(vici_conn_t *conn)
{
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
- enumerator_t *enumerator;
settings_t *cfg;
- char *arg, *section;
+ char *arg;
+ int ret;
while (TRUE)
{
@@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
break;
}
- if (clear)
- {
- if (!clear_creds(conn, format))
- {
- return ECONNREFUSED;
- }
- }
-
cfg = settings_create(SWANCTL_CONF);
if (!cfg)
{
@@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
return EINVAL;
}
- load_certs(conn, format, "x509", SWANCTL_X509DIR);
- load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
- load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
- load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
- load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
-
- load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
- load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
- load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
-
- enumerator = cfg->create_section_enumerator(cfg, "secrets");
- while (enumerator->enumerate(enumerator, &section))
- {
- load_secret(conn, cfg, section, format);
- }
- enumerator->destroy(enumerator);
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
cfg->destroy(cfg);
- return 0;
+ return ret;
}
/**
@@ -562,7 +577,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
load_creds, 's', "load-creds", "(re-)load credentials",
- {"[--raw|--pretty]"},
+ {"[--raw|--pretty] [--clear] [--noprompt]"},
{
{"help", 'h', 0, "show usage information"},
{"clear", 'c', 0, "clear previously loaded credentials"},
diff --git a/src/swanctl/commands/load_creds.h b/src/swanctl/commands/load_creds.h
new file mode 100644
index 000000000..7f689ad71
--- /dev/null
+++ b/src/swanctl/commands/load_creds.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all credentials from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ * @param clear TRUE to clear existing credentials
+ * @param noprompt TRUE to skip any password prompt
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt);
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index 0ec56cc43..d7fbd1341 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_pools.h"
/**
* Add a vici list from a comma separated string value
@@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
return ret;
}
-static int load_pools(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
- command_format_options_t format = COMMAND_FORMAT_NONE;
u_int found = 0, loaded = 0, unloaded = 0;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *pools;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-pools option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
pools = list_pools(conn, format);
@@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all pools in daemon, but not in file */
while (pools->remove_first(pools, (void**)&section) == SUCCESS)
{
@@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
return EINVAL;
}
+static int load_pools(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-pools option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_pools_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
@@ -282,7 +297,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
load_pools, 'a', "load-pools", "(re-)load pool configuration",
- {"[--raw|--pretty"},
+ {"[--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
diff --git a/src/swanctl/commands/load_pools.h b/src/swanctl/commands/load_pools.h
new file mode 100644
index 000000000..f424db9f1
--- /dev/null
+++ b/src/swanctl/commands/load_pools.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all pool definitions from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/commands/log.c b/src/swanctl/commands/log.c
index 99ba328a7..d7082bfca 100644
--- a/src/swanctl/commands/log.c
+++ b/src/swanctl/commands/log.c
@@ -50,6 +50,7 @@ static int logcmd(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg;
+ int ret;
while (TRUE)
{
@@ -73,8 +74,9 @@ static int logcmd(vici_conn_t *conn)
if (vici_register(conn, "log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
wait_sigint();
diff --git a/src/swanctl/commands/reload_settings.c b/src/swanctl/commands/reload_settings.c
new file mode 100644
index 000000000..efad1300f
--- /dev/null
+++ b/src/swanctl/commands/reload_settings.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <errno.h>
+
+static int reload_settings(vici_conn_t *conn)
+{
+ vici_req_t *req;
+ vici_res_t *res;
+ char *arg;
+ int ret = 0;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --reload-settings option");
+ }
+ break;
+ }
+
+ req = vici_begin("reload-settings");
+ res = vici_submit(req, conn);
+ if (!res)
+ {
+ ret = errno;
+ fprintf(stderr, "reload-settings request failed: %s\n", strerror(errno));
+ return ret;
+ }
+ if (format & COMMAND_FORMAT_RAW)
+ {
+ vici_dump(res, "reload-settings reply",
+ format & COMMAND_FORMAT_PRETTY, stdout);
+ }
+ else
+ {
+ if (!streq(vici_find_str(res, "no", "success"), "yes"))
+ {
+ fprintf(stderr, "reload-settings failed: %s\n",
+ vici_find_str(res, "", "errmsg"));
+ ret = 1;
+ }
+ }
+ vici_free_res(res);
+ return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ reload_settings, 'r', "reload-settings", "reload daemon strongswan.conf",
+ {"[--raw|--pretty]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/stats.c b/src/swanctl/commands/stats.c
index b5425f504..a28ca83ba 100644
--- a/src/swanctl/commands/stats.c
+++ b/src/swanctl/commands/stats.c
@@ -23,6 +23,7 @@ static int stats(vici_conn_t *conn)
vici_res_t *res;
char *arg;
command_format_options_t format = COMMAND_FORMAT_NONE;
+ int ret;
while (TRUE)
{
@@ -48,8 +49,9 @@ static int stats(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "stats request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
index 689ba4d50..8b3233c89 100644
--- a/src/swanctl/commands/terminate.c
+++ b/src/swanctl/commands/terminate.c
@@ -80,8 +80,9 @@ static int terminate(vici_conn_t *conn)
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("terminate");
if (child)
@@ -108,8 +109,9 @@ static int terminate(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "terminate request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/version.c b/src/swanctl/commands/version.c
index 4f24a0fc2..0c499e4cc 100644
--- a/src/swanctl/commands/version.c
+++ b/src/swanctl/commands/version.c
@@ -24,6 +24,7 @@ static int version(vici_conn_t *conn)
char *arg;
bool daemon = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
+ int ret;
while (TRUE)
{
@@ -58,8 +59,9 @@ static int version(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "version request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
index d7abae67a..543c10a67 100644
--- a/src/swanctl/swanctl.8.in
+++ b/src/swanctl/swanctl.8.in
@@ -62,6 +62,9 @@ list stored certificates
.B "\-A, \-\-list\-pools"
list loaded pool configurations
.TP
+.B "\-q, \-\-load\-all"
+(re\-)load credentials, pools and connections
+.TP
.B "\-c, \-\-load\-conns"
(re\-)load connection configuration
.TP
@@ -74,6 +77,12 @@ list loaded pool configurations
.B "\-T, \-\-log"
trace logging output
.TP
+.B "\-S, \-\-stats"
+show daemon infos and statistics
+.TP
+.B "\-r, \-\-reload-settings"
+reload strongswan.conf(5) configuration
+.TP
.B "\-v, \-\-version"
show daemon version information
.TP
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 8cff81feb..0808cf58b 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -49,7 +49,7 @@
# Send certificate requests payloads (yes or no).
# send_certreq = yes
- # Send certificate payloads (yes, no or ifasked).
+ # Send certificate payloads (always, never or ifasked).
# send_cert = ifasked
# Number of retransmission sequences to perform during initial connect.
@@ -113,7 +113,7 @@
# Comma separated list of CA certificates to accept for
# authentication.
- # cacert =
+ # cacerts =
# Certificate revocation policy, (strict, ifuri or relaxed).
# revocation = relaxed
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 3d0b0e827..8943b62db 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -181,11 +181,12 @@ default of
.RI "" "ifasked" ""
the daemon sends certificate payloads only if certificate
requests have been received.
-.RI "" "no" ""
-disables sending of certificate payloads,
-.RI "" "yes" ""
-always sends certificate payloads whenever certificate authentication is
-used.
+.RI "" "never" ""
+disables sending of certificate payloads
+altogether,
+.RI "" "always" ""
+causes certificate payloads to be sent unconditionally
+whenever certificate authentication is used.
.TP
.BR connections.<conn>.keyingtries " [1]"
@@ -221,6 +222,14 @@ To compare connections for uniqueness, the remote IKE identity is used. If EAP
or XAuth authentication is involved, the EAP\-Identity or XAuth username is used
to enforce the uniqueness policy instead.
+On initiators this setting specifies whether an INITIAL_CONTACT notify is sent
+during IKE_AUTH if no existing connection is found with the remote peer
+(determined by the identities of the first authentication round). Only if set to
+.RI "" "keep" ""
+or
+.RI "" "replace" ""
+will the client send a notify.
+
.TP
.BR connections.<conn>.reauth_time " [0s]"
Time to schedule IKE reauthentication. IKE reauthentication recreates the
@@ -409,7 +418,7 @@ directory, or
an absolute path.
.TP
-.BR connections.<conn>.remote<suffix>.cacert " []"
+.BR connections.<conn>.remote<suffix>.cacerts " []"
Comma separated list of CA certificates to accept for authentication. The
certificates may use a relative path from the
.RB "" "swanctl" ""
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index e136ffb5b..f1e47a9e4 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes
of the initial IKE packets.
connections.<conn>.send_cert = ifasked
- Send certificate payloads (_yes_, _no_ or _ifasked_).
+ Send certificate payloads (_always_, _never_ or _ifasked_).
Send certificate payloads when using certificate authentication. With the
default of _ifasked_ the daemon sends certificate payloads only if
- certificate requests have been received. _no_ disables sending of
- certificate payloads, _yes_ always sends certificate payloads whenever
- certificate authentication is used.
+ certificate requests have been received. _never_ disables sending of
+ certificate payloads altogether, _always_ causes certificate payloads to be
+ sent unconditionally whenever certificate authentication is used.
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
@@ -194,6 +194,11 @@ connections.<conn>.unique = no
EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
is used to enforce the uniqueness policy instead.
+ On initiators this setting specifies whether an INITIAL_CONTACT notify is
+ sent during IKE_AUTH if no existing connection is found with the remote
+ peer (determined by the identities of the first authentication round).
+ Only if set to _keep_ or _replace_ will the client send a notify.
+
connections.<conn>.reauth_time = 0s
Time to schedule IKE reauthentication.
@@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs =
The certificates may use a relative path from the **swanctl** _x509_
directory, or an absolute path.
-connections.<conn>.remote<suffix>.cacert =
+connections.<conn>.remote<suffix>.cacerts =
Comma separated list of CA certificates to accept for authentication.
Comma separated list of CA certificates to accept for authentication.