diff options
508 files changed, 20354 insertions, 1995 deletions
diff --git a/Android.common.mk b/Android.common.mk index 130212326..1243e26f7 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.5.3" +strongswan_VERSION := "5.6.0" diff --git a/Makefile.in b/Makefile.in index 07528a723..b08cb7bef 100644 --- a/Makefile.in +++ b/Makefile.in @@ -342,8 +342,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -444,6 +442,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -472,6 +472,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1,3 +1,45 @@ +strongswan-5.6.0 +---------------- + +- Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient + input validation when verifying RSA signatures, which requires decryption + with the operation m^e mod n, where m is the signature, and e and n are the + exponent and modulus of the public key. The value m is an integer between + 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the + calculation results in 0, in which case mpz_export() returns NULL. This + result wasn't handled properly causing a null-pointer dereference. + This vulnerability has been registered as CVE-2017-11185. + +- New SWIMA IMC/IMV pair implements the "draft-ietf-sacm-nea-swima-patnc" + Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon. + +- The IMV database template has been adapted to achieve full compliance + with the ISO 19770-2:2015 SWID tag standard. + +- The sw-collector tool extracts software events from apt history logs + and stores them in an SQLite database to be used by the SWIMA IMC. + The tool can also generate SWID tags both for installed and removed + package versions. + +- The pt-tls-client can attach and use TPM 2.0 protected private keys + via the --keyid parameter. + +- libtpmtss supports Intel's TSS2 Architecture Broker and Resource + Manager interface (tcti-tabrmd). + +- The new eap-aka-3gpp plugin implements the 3GPP MILENAGE algorithms + in software. K (optionally concatenated with OPc) may be configured as + binary EAP secret. + +- CHILD_SA rekeying was fixed in charon-tkm and was slightly changed: The + switch to the new outbound IPsec SA now happens via SPI on the outbound + policy on Linux, and in case of lost rekey collisions no outbound SA/policy + is temporarily installed for the redundant CHILD_SA. + +- The new %unique-dir value for mark* settings allocates separate unique marks + for each CHILD_SA direction (in/out). + + strongswan-5.5.3 ---------------- @@ -894,7 +936,7 @@ strongswan-5.0.0 keying protocols. The feature-set of IKEv1 in charon is almost on par with pluto, but currently does not support AH or bundled AH+ESP SAs. Beside RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication - mode. Informations for interoperability and migration is available at + mode. Information for interoperability and migration is available at http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1. - Charon's bus_t has been refactored so that loggers and other listeners are diff --git a/conf/Makefile.am b/conf/Makefile.am index eb5c9c2eb..87319db22 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -24,7 +24,8 @@ options = \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ - options/tnc.opt + options/tnc.opt \ + options/sw-collector.opt plugins = \ plugins/addrblock.opt \ @@ -35,11 +36,13 @@ plugins = \ plugins/bypass-lan.opt \ plugins/certexpire.opt \ plugins/coupling.opt \ + plugins/curl.opt \ plugins/dhcp.opt \ plugins/dnscert.opt \ plugins/duplicheck.opt \ plugins/eap-aka.opt \ - plugins/eap-aka-3ggp2.opt \ + plugins/eap-aka-3gpp.opt \ + plugins/eap-aka-3gpp2.opt \ plugins/eap-dynamic.opt \ plugins/eap-gtc.opt \ plugins/eap-peap.opt \ @@ -59,11 +62,13 @@ plugins = \ plugins/imc-os.opt \ plugins/imc-scanner.opt \ plugins/imc-swid.opt \ + plugins/imc-swima.opt \ plugins/imc-test.opt \ plugins/imv-attestation.opt \ plugins/imv-os.opt \ plugins/imv-scanner.opt \ plugins/imv-swid.opt \ + plugins/imv-swima.opt \ plugins/imv-test.opt \ plugins/ipseckey.opt \ plugins/led.opt \ diff --git a/conf/Makefile.in b/conf/Makefile.in index 9a85514ed..b403c727d 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -265,8 +265,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -367,6 +365,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -395,6 +395,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -424,7 +428,8 @@ options = \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ - options/tnc.opt + options/tnc.opt \ + options/sw-collector.opt plugins = \ plugins/addrblock.opt \ @@ -435,11 +440,13 @@ plugins = \ plugins/bypass-lan.opt \ plugins/certexpire.opt \ plugins/coupling.opt \ + plugins/curl.opt \ plugins/dhcp.opt \ plugins/dnscert.opt \ plugins/duplicheck.opt \ plugins/eap-aka.opt \ - plugins/eap-aka-3ggp2.opt \ + plugins/eap-aka-3gpp.opt \ + plugins/eap-aka-3gpp2.opt \ plugins/eap-dynamic.opt \ plugins/eap-gtc.opt \ plugins/eap-peap.opt \ @@ -459,11 +466,13 @@ plugins = \ plugins/imc-os.opt \ plugins/imc-scanner.opt \ plugins/imc-swid.opt \ + plugins/imc-swima.opt \ plugins/imc-test.opt \ plugins/imv-attestation.opt \ plugins/imv-os.opt \ plugins/imv-scanner.opt \ plugins/imv-swid.opt \ + plugins/imv-swima.opt \ plugins/imv-test.opt \ plugins/ipseckey.opt \ plugins/led.opt \ diff --git a/conf/format-options.py b/conf/format-options.py index 307394399..592bf6706 100755 --- a/conf/format-options.py +++ b/conf/format-options.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -# Copyright (C) 2014-2015 Tobias Brunner -# Hochschule fuer Technik Rapperswil +# Copyright (C) 2014-2017 Tobias Brunner +# HSR Hochschule fuer Technik Rapperswil # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the @@ -49,6 +49,12 @@ full.section.name {[#]} If a # is added between the curly braces the section header will be commented out in the configuration file snippet, which is useful for example sections. +To add include statements to generated config files (ignored when generating +man pages) the following format can be used: + +full.section.name.include files/to/include + Description of this include statement + Dots in section/option names may be escaped with a backslash. For instance, with the following section description @@ -62,17 +68,18 @@ import sys import re from textwrap import TextWrapper from optparse import OptionParser -from operator import attrgetter +from functools import cmp_to_key class ConfigOption: """Representing a configuration option or described section in strongswan.conf""" - def __init__(self, path, default = None, section = False, commented = False): + def __init__(self, path, default = None, section = False, commented = False, include = False): self.path = path self.name = path[-1] self.fullname = '.'.join(path) self.default = default self.section = section self.commented = commented + self.include = include self.desc = [] self.options = [] @@ -99,6 +106,13 @@ class ConfigOption: self.commented = other.commented self.desc = other.desc + @staticmethod + def cmp(a, b): + # order options before sections and includes last + if a.include or b.include: + return a.include - b.include + return a.section - b.section + class Parser: """Parses one or more files of configuration options""" def __init__(self, sort = True): @@ -135,6 +149,14 @@ class Parser: self.__current = ConfigOption(path, section = True, commented = m.group('comment')) return + # include definition + m = re.match(r'^(?P<name>\S+\.include|include)\s+(?P<pattern>\S+)\s*$', line) + if m: + if self.__current: + self.__add_option(self.__current) + path = self.__split_name(m.group('name')) + self.__current = ConfigOption(path, m.group('pattern'), include = True) + return # paragraph separator m = re.match(r'^\s*$', line) if m and self.__current: @@ -195,7 +217,7 @@ class TagReplacer: return re.compile(r''' (^|\s|(?P<brack>[(\[])) # prefix with optional opening bracket (?P<tag>''' + tag + r''') # start tag - (?P<text>\w|\S.*?\S) # text + (?P<text>\S|\S.*?\S) # text ''' + tag + r''' # end tag (?P<punct>([.,!:)\]]|\(\d+\))*) # punctuation (?=$|\s) # suffix (don't consume it so that subsequent tags can match) @@ -248,7 +270,9 @@ class ConfFormatter: """Print a single option with description and default value""" comment = "# " if commented or opt.commented else "" self.__print_description(opt, indent) - if opt.default: + if opt.include: + print('{0}{1} {2}'.format(self.__indent * indent, opt.name, opt.default)) + elif opt.default: print('{0}{1}{2} = {3}'.format(self.__indent * indent, comment, opt.name, opt.default)) else: print('{0}{1}{2} ='.format(self.__indent * indent, comment, opt.name)) @@ -261,7 +285,7 @@ class ConfFormatter: self.__print_description(section, indent) print('{0}{1}{2} {{'.format(self.__indent * indent, comment, section.name)) print('') - for o in sorted(section.options, key=attrgetter('section')): + for o in sorted(section.options, key=cmp_to_key(ConfigOption.cmp)): if o.section: self.__print_section(o, indent + 1, commented) else: @@ -273,7 +297,7 @@ class ConfFormatter: """Print a list of options""" if not options: return - for option in sorted(options, key=attrgetter('section')): + for option in sorted(options, key=cmp_to_key(ConfigOption.cmp)): if option.section: self.__print_section(option, 0, False) else: @@ -297,6 +321,8 @@ class ManFormatter: """Print a single option""" if option.section and not len(option.desc): return + if option.include: + return if option.section: print('.TP\n.B {0}\n.br'.format(option.fullname)) else: diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 7ccb74939..f0d084bed 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -168,7 +168,7 @@ charon { # will be allocated. # port_nat_t = 4500 - # Wether to prefer updating SAs to the path with the best route. + # Whether to prefer updating SAs to the path with the best route. # prefer_best_path = no # Prefer locally configured proposals for IKE/IPsec over supplied ones as diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 3593c6a5f..900b9b46b 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -271,7 +271,7 @@ charon.port_nat_t = 4500 port will be allocated. charon.prefer_best_path = no - Wether to prefer updating SAs to the path with the best route. + Whether to prefer updating SAs to the path with the best route. By default, charon keeps SAs on the routing path with addresses it previously used if that path is still usable. By setting this option to diff --git a/conf/options/imcv.conf b/conf/options/imcv.conf index bc1f183fc..ede2d9db4 100644 --- a/conf/options/imcv.conf +++ b/conf/options/imcv.conf @@ -42,5 +42,22 @@ libimcv { # Disable output to stderr with a stand-alone libimcv library. # stderr_quiet = no + swid_gen { + + # SWID generator command to be executed. + # command = /usr/local/bin/swid_generator + + tag_creator { + + # Name of the tagCreator entity. + # name = strongSwan Project + + # regid of the tagCreator entity. + # regid = strongswan.org + + } + + } + } diff --git a/conf/options/imcv.opt b/conf/options/imcv.opt index 33ab74bd5..177781ff7 100644 --- a/conf/options/imcv.opt +++ b/conf/options/imcv.opt @@ -21,6 +21,15 @@ charon.imcv.os_info.default_password_enabled = no charon.imcv.policy_script = ipsec _imv_policy Script called for each TNC connection to generate IMV policies. +libimcv.swid_gen.command = /usr/local/bin/swid_generator + SWID generator command to be executed. + +libimcv.swid_gen.tag_creator.name = strongSwan Project + Name of the tagCreator entity. + +libimcv.swid_gen.tag_creator.regid = strongswan.org + regid of the tagCreator entity. + libimcv.debug_level = 1 Debug level for a stand-alone _libimcv_ library. diff --git a/conf/options/sw-collector.conf b/conf/options/sw-collector.conf new file mode 100644 index 000000000..6f588b41a --- /dev/null +++ b/conf/options/sw-collector.conf @@ -0,0 +1,31 @@ +# Options for the sw-collector tool. +sw-collector { + + # URI to software collector database containing event timestamps, software + # creation and deletion events and collected software identifiers. + # database = + + # Path pointing to file created when the Linux OS was installed. + # first_file = /var/log/bootstrap.log + + # Time in UTC when the Linux OS was installed. + # first_time = 0000-00-00T00:00:00Z + + # Path pointing to apt history.log file. + # history = + + # Plugins to load in sw-collector tool. + # load = + + rest_api { + + # Timeout of REST API HTTP POST transaction. + # timeout = 120 + + # HTTP URI of the central collector's REST API. + # uri = + + } + +} + diff --git a/conf/options/sw-collector.opt b/conf/options/sw-collector.opt new file mode 100644 index 000000000..976f4f497 --- /dev/null +++ b/conf/options/sw-collector.opt @@ -0,0 +1,31 @@ +sw-collector {} + Options for the sw-collector tool. + + Options for the sw-collector tool. + +sw-collector.database = + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + If it contains a password, make sure to adjust the permissions of the config + file accordingly. + +sw-collector.first_file = /var/log/bootstrap.log + Path pointing to file created when the Linux OS was installed. + +sw-collector.first_time = 0000-00-00T00:00:00Z + Time in UTC when the Linux OS was installed. + +sw-collector.history = + Path pointing to apt history.log file. + +sw-collector.rest_api.uri = + HTTP URI of the central collector's REST API. + +sw-collector.rest_api.timeout = 120 + Timeout of REST API HTTP POST transaction. + +sw-collector.load = + Plugins to load in sw-collector tool. diff --git a/conf/options/swanctl.conf b/conf/options/swanctl.conf index cb182396b..18cea486a 100644 --- a/conf/options/swanctl.conf +++ b/conf/options/swanctl.conf @@ -3,5 +3,8 @@ swanctl { # Plugins to load in swanctl. # load = + # VICI socket to connect to by default. + # socket = unix://${piddir}/charon.vici + } diff --git a/conf/options/swanctl.opt b/conf/options/swanctl.opt index f78b4bccc..f2a8a0ff7 100644 --- a/conf/options/swanctl.opt +++ b/conf/options/swanctl.opt @@ -1,2 +1,5 @@ swanctl.load = - Plugins to load in swanctl.
\ No newline at end of file + Plugins to load in swanctl. + +swanctl.socket = unix://${piddir}/charon.vici + VICI socket to connect to by default. diff --git a/conf/plugins/curl.conf b/conf/plugins/curl.conf new file mode 100644 index 000000000..9ba042097 --- /dev/null +++ b/conf/plugins/curl.conf @@ -0,0 +1,12 @@ +curl { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Maximum number of redirects followed by the plugin, set to 0 to disable + # following redirects, set to -1 for no limit. + # redir = -1 + +} + diff --git a/conf/plugins/curl.opt b/conf/plugins/curl.opt new file mode 100644 index 000000000..90efa12f4 --- /dev/null +++ b/conf/plugins/curl.opt @@ -0,0 +1,3 @@ +charon.plugins.curl.redir = -1 + Maximum number of redirects followed by the plugin, set to 0 to disable + following redirects, set to -1 for no limit. diff --git a/conf/plugins/eap-aka-3ggp2.opt b/conf/plugins/eap-aka-3ggp2.opt deleted file mode 100644 index 9e2a42b3f..000000000 --- a/conf/plugins/eap-aka-3ggp2.opt +++ /dev/null @@ -1 +0,0 @@ -charon.plugins.eap-aka-3ggp2.seq_check = diff --git a/conf/plugins/eap-aka-3gpp.conf b/conf/plugins/eap-aka-3gpp.conf new file mode 100644 index 000000000..4164535c4 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp.conf @@ -0,0 +1,12 @@ +eap-aka-3gpp { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Enable to activate sequence check of the AKA SQN values in order to + # trigger resync cycles. + # seq_check = + +} + diff --git a/conf/plugins/eap-aka-3gpp.opt b/conf/plugins/eap-aka-3gpp.opt new file mode 100644 index 000000000..1bc733ab1 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp.opt @@ -0,0 +1,3 @@ +charon.plugins.eap-aka-3gpp.seq_check = + Enable to activate sequence check of the AKA SQN values in order to trigger + resync cycles. diff --git a/conf/plugins/eap-aka-3gpp2.conf b/conf/plugins/eap-aka-3gpp2.conf new file mode 100644 index 000000000..3f329aec5 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp2.conf @@ -0,0 +1,12 @@ +eap-aka-3gpp2 { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Enable to activate sequence check of the AKA SQN values in order to + # trigger resync cycles. + # seq_check = + +} + diff --git a/conf/plugins/eap-aka-3gpp2.opt b/conf/plugins/eap-aka-3gpp2.opt new file mode 100644 index 000000000..679c386b8 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp2.opt @@ -0,0 +1,4 @@ +charon.plugins.eap-aka-3gpp2.seq_check = + Enable to activate sequence check of the AKA SQN values in order to trigger + resync cycles. + diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt index 74490c179..e622aa683 100644 --- a/conf/plugins/imc-swid.opt +++ b/conf/plugins/imc-swid.opt @@ -1,11 +1,8 @@ libimcv.plugins.imc-swid.swid_directory = ${prefix}/share Directory where SWID tags are located. -libimcv.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator - SWID generator command to be executed. - -libimcv.plugins.imc-swid.swid_pretty = FALSE +libimcv.plugins.imc-swid.swid_pretty = no Generate XML-encoded SWID tags with pretty indentation. -libimcv.plugins.imc-swid.swid_full = FALSE +libimcv.plugins.imc-swid.swid_full = no Include file information in the XML-encoded SWID tags. diff --git a/conf/plugins/eap-aka-3ggp2.conf b/conf/plugins/imc-swima.conf index c52c99609..0d1e88a5d 100644 --- a/conf/plugins/eap-aka-3ggp2.conf +++ b/conf/plugins/imc-swima.conf @@ -1,10 +1,8 @@ -eap-aka-3ggp2 { +imc-swima { # Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. load = yes - # seq_check = - } diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt new file mode 100644 index 000000000..099a3c80f --- /dev/null +++ b/conf/plugins/imc-swima.opt @@ -0,0 +1,21 @@ +libimcv.plugins.imc-swima.eid_epoch = 0x11223344 + Set 32 bit epoch value for event IDs manually if software collector database + is not available. + +libimcv.plugins.imc-swima.swid_database = + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + If it contains a password, make sure to adjust the permissions of the config + file accordingly. + +libimcv.plugins.imc-swima.swid_directory = ${prefix}/share + Directory where SWID tags are located. + +libimcv.plugins.imc-swima.swid_pretty = no + Generate XML-encoded SWID tags with pretty indentation. + +libimcv.plugins.imc-swima.swid_full = no + Include file information in the XML-encoded SWID tags. diff --git a/conf/plugins/imv-swima.conf b/conf/plugins/imv-swima.conf new file mode 100644 index 000000000..cde4e1a88 --- /dev/null +++ b/conf/plugins/imv-swima.conf @@ -0,0 +1,8 @@ +imv-swima { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + +} + diff --git a/conf/plugins/imv-swima.opt b/conf/plugins/imv-swima.opt new file mode 100644 index 000000000..a9ba96c21 --- /dev/null +++ b/conf/plugins/imv-swima.opt @@ -0,0 +1,5 @@ +libimcv.plugins.imv-swima.rest_api.uri = + HTTP URI of the SWID REST API. + +libimcv.plugins.imv-swima.rest_api.timeout = 120 + Timeout of SWID REST API HTTP POST transaction. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 4df7ce42d..4f38c9b03 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -519,6 +519,11 @@ Hashing algorithm to fingerprint coupled certificates. Maximum number of coupling entries to create. .TP +.BR charon.plugins.curl.redir " [-1]" +Maximum number of redirects followed by the plugin, set to 0 to disable +following redirects, set to \-1 for no limit. + +.TP .BR charon.plugins.dhcp.force_server_address " [no]" Always use the configured server address. This might be helpful if the DHCP server runs on the same host as strongSwan, and the DHCP daemon does not listen @@ -556,7 +561,15 @@ Socket provided by the duplicheck plugin. .TP .BR charon.plugins.eap-aka.request_identity " [yes]" .TP -.BR charon.plugins.eap-aka-3ggp2.seq_check " []" +.BR charon.plugins.eap-aka-3gpp.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + +.TP +.BR charon.plugins.eap-aka-3gpp2.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + .TP .BR charon.plugins.eap-dynamic.prefer_user " [no]" If enabled the EAP methods proposed in an EAP\-Nak message sent by the peer are @@ -2115,15 +2128,34 @@ Send open listening ports without being prompted. Directory where SWID tags are located. .TP -.BR libimcv.plugins.imc-swid.swid_full " [FALSE]" +.BR libimcv.plugins.imc-swid.swid_full " [no]" Include file information in the XML\-encoded SWID tags. .TP -.BR libimcv.plugins.imc-swid.swid_generator " [/usr/local/bin/swid_generator]" -SWID generator command to be executed. +.BR libimcv.plugins.imc-swid.swid_pretty " [no]" +Generate XML\-encoded SWID tags with pretty indentation. .TP -.BR libimcv.plugins.imc-swid.swid_pretty " [FALSE]" +.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]" +Set 32 bit epoch value for event IDs manually if software collector database is +not available. + +.TP +.BR libimcv.plugins.imc-swima.swid_database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR libimcv.plugins.imc-swima.swid_directory " [${prefix}/share]" +Directory where SWID tags are located. + +.TP +.BR libimcv.plugins.imc-swima.swid_full " [no]" +Include file information in the XML\-encoded SWID tags. + +.TP +.BR libimcv.plugins.imc-swima.swid_pretty " [no]" Generate XML\-encoded SWID tags with pretty indentation. .TP @@ -2183,6 +2215,14 @@ Timeout of SWID REST API HTTP POST transaction. HTTP URI of the SWID REST API. .TP +.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]" +Timeout of SWID REST API HTTP POST transaction. + +.TP +.BR libimcv.plugins.imv-swima.rest_api.uri " []" +HTTP URI of the SWID REST API. + +.TP .BR libimcv.plugins.imv-test.rounds " [0]" Number of IMC\-IMV retry rounds. @@ -2193,6 +2233,18 @@ Disable output to stderr with a stand\-alone library. .TP +.BR libimcv.swid_gen.command " [/usr/local/bin/swid_generator]" +SWID generator command to be executed. + +.TP +.BR libimcv.swid_gen.tag_creator.name " [strongSwan Project]" +Name of the tagCreator entity. + +.TP +.BR libimcv.swid_gen.tag_creator.regid " [strongswan.org]" +regid of the tagCreator entity. + +.TP .BR manager.database " []" Credential database URI for manager. If it contains a password, make sure to adjust the permissions of the config file accordingly. @@ -2291,6 +2343,45 @@ Location of the ipsec.conf file Disable charon plugin load option warning. .TP +.B sw-collector +.br +Options for the sw\-collector tool. + +.TP +.BR sw-collector.database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR sw-collector.first_file " [/var/log/bootstrap.log]" +Path pointing to file created when the Linux OS was installed. + +.TP +.BR sw-collector.first_time " [0000-00-00T00:00:00Z]" +Time in UTC when the Linux OS was installed. + +.TP +.BR sw-collector.history " []" +Path pointing to apt history.log file. + +.TP +.BR sw-collector.load " []" +Plugins to load in sw\-collector tool. + +.TP +.BR sw-collector.rest_api.timeout " [120]" +Timeout of REST API HTTP POST transaction. + +.TP +.BR sw-collector.rest_api.uri " []" +HTTP URI of the central collector's REST API. + +.TP .BR swanctl.load " []" Plugins to load in swanctl. +.TP +.BR swanctl.socket " [unix://${piddir}/charon.vici]" +VICI socket to connect to by default. + diff --git a/config.h.in b/config.h.in index 49aa093ec..06d399922 100644 --- a/config.h.in +++ b/config.h.in @@ -322,6 +322,12 @@ /* Define to 1 if strerror_r returns char *. */ #undef STRERROR_R_CHAR_P +/* use TCTI Sockets */ +#undef TSS2_TCTI_SOCKET + +/* use TCTI Access Broker and Resource Mamager */ +#undef TSS2_TCTI_TABRMD + /* use TrouSerS library libtspi */ #undef TSS_TROUSERS @@ -340,6 +346,9 @@ /* support for IKEv2 protocol */ #undef USE_IKEV2 +/* build code for JSON */ +#undef USE_JSON + /* use thread ID for thread identification, if available */ #undef USE_THREAD_IDS @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.5.3. +# Generated by GNU Autoconf 2.69 for strongSwan 5.6.0. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.5.3' -PACKAGE_STRING='strongSwan 5.5.3' +PACKAGE_VERSION='5.6.0' +PACKAGE_STRING='strongSwan 5.6.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -769,6 +769,10 @@ USE_IMV_HCD_FALSE USE_IMV_HCD_TRUE USE_IMC_HCD_FALSE USE_IMC_HCD_TRUE +USE_IMV_SWIMA_FALSE +USE_IMV_SWIMA_TRUE +USE_IMC_SWIMA_FALSE +USE_IMC_SWIMA_TRUE USE_IMV_SWID_FALSE USE_IMV_SWID_TRUE USE_IMC_SWID_FALSE @@ -829,6 +833,8 @@ USE_EAP_MSCHAPV2_FALSE USE_EAP_MSCHAPV2_TRUE USE_EAP_AKA_3GPP2_FALSE USE_EAP_AKA_3GPP2_TRUE +USE_EAP_AKA_3GPP_FALSE +USE_EAP_AKA_3GPP_TRUE USE_EAP_AKA_FALSE USE_EAP_AKA_TRUE USE_EAP_GTC_FALSE @@ -1078,8 +1084,8 @@ MYSQLCFLAG MYSQLCONFIG MYSQLLIB clearsilver_LIBS -RUBYLIB -RUBYINCLUDE +ruby_LIBS +ruby_CFLAGS RUBY gtk_LIBS gtk_CFLAGS @@ -1087,6 +1093,10 @@ json_LIBS json_CFLAGS tss2_LIBS tss2_CFLAGS +tss2_socket_LIBS +tss2_socket_CFLAGS +tss2_tabrmd_LIBS +tss2_tabrmd_CFLAGS systemd_journal_LIBS systemd_journal_CFLAGS systemd_daemon_LIBS @@ -1099,7 +1109,6 @@ soup_LIBS soup_CFLAGS USE_X86X64_FALSE USE_X86X64_TRUE -PLUGIN_CFLAGS USE_WINDOWS_FALSE USE_WINDOWS_TRUE OPENSSL_LIB @@ -1175,6 +1184,7 @@ CPPFLAGS LDFLAGS CFLAGS CC +PLUGIN_CFLAGS ipsec_script_upper charon_natt_port charon_udp_port @@ -1364,6 +1374,7 @@ enable_eap_sim enable_eap_sim_file enable_eap_sim_pcsc enable_eap_aka +enable_eap_aka_3gpp enable_eap_aka_3gpp2 enable_eap_simaka_sql enable_eap_simaka_pseudonym @@ -1421,6 +1432,8 @@ enable_imc_attestation enable_imv_attestation enable_imc_swid enable_imv_swid +enable_imc_swima +enable_imv_swima enable_imc_hcd enable_imv_hcd enable_tnc_ifmap @@ -1524,12 +1537,16 @@ systemd_daemon_CFLAGS systemd_daemon_LIBS systemd_journal_CFLAGS systemd_journal_LIBS -tss2_CFLAGS -tss2_LIBS +tss2_tabrmd_CFLAGS +tss2_tabrmd_LIBS +tss2_socket_CFLAGS +tss2_socket_LIBS json_CFLAGS json_LIBS gtk_CFLAGS gtk_LIBS +ruby_CFLAGS +ruby_LIBS pcsclite_CFLAGS pcsclite_LIBS nm_CFLAGS @@ -2086,7 +2103,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.5.3 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.6.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2157,7 +2174,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.5.3:";; + short | recursive ) echo "Configuration of strongSwan 5.6.0:";; esac cat <<\_ACEOF @@ -2238,6 +2255,8 @@ Optional Features: --enable-eap-sim-pcsc enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite. --enable-eap-aka enable EAP AKA authentication module. + --enable-eap-aka-3gpp enable EAP AKA backend implementing 3GPP MILENAGE + algorithms in software. --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp. --enable-eap-simaka-sql enable EAP-SIM/AKA backend based on a @@ -2313,6 +2332,8 @@ Optional Features: enable IMV attestation module. --enable-imc-swid enable IMC swid module. --enable-imv-swid enable IMV swid module. + --enable-imc-swima enable IMC swima module. + --enable-imv-swima enable IMV swima module. --enable-imc-hcd enable IMC hcd module. --enable-imv-hcd enable IMV hcd module. --enable-tnc-ifmap enable TNC IF-MAP module. Requires libxml @@ -2540,12 +2561,20 @@ Some influential environment variables: C compiler flags for systemd_journal, overriding pkg-config systemd_journal_LIBS linker flags for systemd_journal, overriding pkg-config - tss2_CFLAGS C compiler flags for tss2, overriding pkg-config - tss2_LIBS linker flags for tss2, overriding pkg-config + tss2_tabrmd_CFLAGS + C compiler flags for tss2_tabrmd, overriding pkg-config + tss2_tabrmd_LIBS + linker flags for tss2_tabrmd, overriding pkg-config + tss2_socket_CFLAGS + C compiler flags for tss2_socket, overriding pkg-config + tss2_socket_LIBS + linker flags for tss2_socket, overriding pkg-config json_CFLAGS C compiler flags for json, overriding pkg-config json_LIBS linker flags for json, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config + ruby_CFLAGS C compiler flags for ruby, overriding pkg-config + ruby_LIBS linker flags for ruby, overriding pkg-config pcsclite_CFLAGS C compiler flags for pcsclite, overriding pkg-config pcsclite_LIBS @@ -2623,7 +2652,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.5.3 +strongSwan configure 5.6.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3145,7 +3174,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.5.3, which was +It was created by strongSwan $as_me 5.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4008,7 +4037,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.5.3' + VERSION='5.6.0' cat >>confdefs.h <<_ACEOF @@ -5842,6 +5871,22 @@ fi disabled_by_default=${disabled_by_default}" eap_aka" +# Check whether --enable-eap-aka-3gpp was given. +if test "${enable_eap_aka_3gpp+set}" = set; then : + enableval=$enable_eap_aka_3gpp; eap_aka_3gpp_given=true + if test x$enableval = xyes; then + eap_aka_3gpp=true + else + eap_aka_3gpp=false + fi +else + eap_aka_3gpp=false + eap_aka_3gpp_given=false + +fi + + disabled_by_default=${disabled_by_default}" eap_aka_3gpp" + # Check whether --enable-eap-aka-3gpp2 was given. if test "${enable_eap_aka_3gpp2+set}" = set; then : enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true @@ -6758,6 +6803,38 @@ fi disabled_by_default=${disabled_by_default}" imv_swid" +# Check whether --enable-imc-swima was given. +if test "${enable_imc_swima+set}" = set; then : + enableval=$enable_imc_swima; imc_swima_given=true + if test x$enableval = xyes; then + imc_swima=true + else + imc_swima=false + fi +else + imc_swima=false + imc_swima_given=false + +fi + + disabled_by_default=${disabled_by_default}" imc_swima" + +# Check whether --enable-imv-swima was given. +if test "${enable_imv_swima+set}" = set; then : + enableval=$enable_imv_swima; imv_swima_given=true + if test x$enableval = xyes; then + imv_swima=true + else + imv_swima=false + fi +else + imv_swima=false + imv_swima_given=false + +fi + + disabled_by_default=${disabled_by_default}" imv_swima" + # Check whether --enable-imc-hcd was given. if test "${enable_imc_hcd+set}" = set; then : enableval=$enable_imc_hcd; imc_hcd_given=true @@ -7867,6 +7944,7 @@ fi if test -z "$CFLAGS"; then CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign" fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -18041,7 +18119,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t tls=true; fi -if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then imcv=true; fi @@ -19688,8 +19766,7 @@ else $as_echo "no" >&6; } # GCC, but not MinGW requires -rdynamic for plugins if test x$windows != xtrue; then - PLUGIN_CFLAGS=-rdynamic - + PLUGIN_CFLAGS="$PLUGIN_CFLAGS -rdynamic" fi @@ -20853,11 +20930,84 @@ fi if test x$tss_tss2 = xtrue; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2" >&5 -$as_echo_n "checking for tss2... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_tabrmd" >&5 +$as_echo_n "checking for tss2_tabrmd... " >&6; } + +if test -n "$tss2_tabrmd_CFLAGS"; then + pkg_cv_tss2_tabrmd_CFLAGS="$tss2_tabrmd_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-tabrmd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-tabrmd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_tabrmd_CFLAGS=`$PKG_CONFIG --cflags "tcti-tabrmd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$tss2_tabrmd_LIBS"; then + pkg_cv_tss2_tabrmd_LIBS="$tss2_tabrmd_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-tabrmd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-tabrmd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_tabrmd_LIBS=`$PKG_CONFIG --libs "tcti-tabrmd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + tss2_tabrmd_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-tabrmd" 2>&1` + else + tss2_tabrmd_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-tabrmd" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$tss2_tabrmd_PKG_ERRORS" >&5 + + tss2_tabrmd=false +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + tss2_tabrmd=false +else + tss2_tabrmd_CFLAGS=$pkg_cv_tss2_tabrmd_CFLAGS + tss2_tabrmd_LIBS=$pkg_cv_tss2_tabrmd_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + tss2_tabrmd=true; +$as_echo "#define TSS2_TCTI_TABRMD /**/" >>confdefs.h + +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_socket" >&5 +$as_echo_n "checking for tss2_socket... " >&6; } -if test -n "$tss2_CFLAGS"; then - pkg_cv_tss2_CFLAGS="$tss2_CFLAGS" +if test -n "$tss2_socket_CFLAGS"; then + pkg_cv_tss2_socket_CFLAGS="$tss2_socket_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 @@ -20865,7 +21015,7 @@ if test -n "$tss2_CFLAGS"; then ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_tss2_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null` + pkg_cv_tss2_socket_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -20873,8 +21023,8 @@ fi else pkg_failed=untried fi -if test -n "$tss2_LIBS"; then - pkg_cv_tss2_LIBS="$tss2_LIBS" +if test -n "$tss2_socket_LIBS"; then + pkg_cv_tss2_socket_LIBS="$tss2_socket_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 @@ -20882,7 +21032,7 @@ if test -n "$tss2_LIBS"; then ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_tss2_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null` + pkg_cv_tss2_socket_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -20903,52 +21053,44 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - tss2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1` + tss2_socket_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1` else - tss2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1` + tss2_socket_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$tss2_PKG_ERRORS" >&5 - - as_fn_error $? "Package requirements (tcti-socket) were not met: + echo "$tss2_socket_PKG_ERRORS" >&5 -$tss2_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables tss2_CFLAGS -and tss2_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details." "$LINENO" 5 + tss2_socket=false elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables tss2_CFLAGS -and tss2_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see <http://pkg-config.freedesktop.org/>. -See \`config.log' for more details" "$LINENO" 5; } + tss2_socket=false else - tss2_CFLAGS=$pkg_cv_tss2_CFLAGS - tss2_LIBS=$pkg_cv_tss2_LIBS + tss2_socket_CFLAGS=$pkg_cv_tss2_socket_CFLAGS + tss2_socket_LIBS=$pkg_cv_tss2_socket_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + tss2_socket=true; +$as_echo "#define TSS2_TCTI_SOCKET /**/" >>confdefs.h + +fi + if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then $as_echo "#define TSS_TSS2 /**/" >>confdefs.h -fi + tss2_CFLAGS="$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS" + tss2_LIBS="$tss2_tabrmd_LIBS $tss2_socket_LIBS" + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no TSS2 TCTI library detected +See \`config.log' for more details" "$LINENO" 5; } + fi fi -if test x$imv_swid = xtrue; then +if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5 @@ -21340,64 +21482,99 @@ fi test -n "$RUBY" && break done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Ruby header files" >&5 -$as_echo_n "checking for Ruby header files... " >&6; } - if test -n "$RUBY"; then - RUBYINCLUDE= - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["rubyhdrdir"] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - RUBYARCH=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["arch"] || ""') 2>/dev/null` - if test -n "$RUBYARCH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBYDIR" >&5 -$as_echo "$RUBYDIR" >&6; } - RUBYINCLUDE="-I$RUBYDIR -I$RUBYDIR/$RUBYARCH" - fi - else - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["archdir"] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBYDIR" >&5 -$as_echo "$RUBYDIR" >&6; } - RUBYINCLUDE="-I$RUBYDIR" - fi - fi - if test -z "$RUBYINCLUDE"; then - as_fn_error $? "ruby.h not found" "$LINENO" 5 - fi - else - as_fn_error $? "don't know how to run ruby" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libruby" >&5 -$as_echo_n "checking for libruby... " >&6; } - saved_LIBS=$LIBS - LIBS=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["LIBRUBYARG_SHARED"] || ""') 2>/dev/null` - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ruby" >&5 +$as_echo_n "checking for ruby... " >&6; } -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ruby_init (); -int -main () -{ -return ruby_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBS" >&5 -$as_echo "$LIBS" >&6; }; RUBYLIB=$LIBS +if test -n "$ruby_CFLAGS"; then + pkg_cv_ruby_CFLAGS="$ruby_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5 + ($PKG_CONFIG --exists --print-errors "ruby") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ruby_CFLAGS=`$PKG_CONFIG --cflags "ruby" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - as_fn_error $? "not found" "$LINENO" 5 + pkg_failed=yes fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext + else + pkg_failed=untried +fi +if test -n "$ruby_LIBS"; then + pkg_cv_ruby_LIBS="$ruby_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5 + ($PKG_CONFIG --exists --print-errors "ruby") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ruby_LIBS=`$PKG_CONFIG --libs "ruby" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + ruby_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "ruby" 2>&1` + else + ruby_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "ruby" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$ruby_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (ruby) were not met: + +$ruby_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables ruby_CFLAGS +and ruby_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables ruby_CFLAGS +and ruby_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see <http://pkg-config.freedesktop.org/>. +See \`config.log' for more details" "$LINENO" 5; } +else + ruby_CFLAGS=$pkg_cv_ruby_CFLAGS + ruby_LIBS=$pkg_cv_ruby_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + saved_LIBS=$LIBS + LIBS=$ruby_LIBS for ac_func in rb_errinfo do : ac_fn_c_check_func "$LINENO" "rb_errinfo" "ac_cv_func_rb_errinfo" @@ -22859,6 +23036,7 @@ fi COVERAGE_LDFLAGS="-fprofile-arcs" + PLUGIN_CFLAGS="$PLUGIN_CFLAGS $COVERAGE_CFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: coverage enabled, adding \"-g -O0\" to CFLAGS" >&5 $as_echo "$as_me: coverage enabled, adding \"-g -O0\" to CFLAGS" >&6;} @@ -23353,6 +23531,7 @@ if test x$acert = xtrue; then if test x$pubkey = xtrue; then s_plugins=${s_plugins}" pubkey" charon_plugins=${charon_plugins}" pubkey" + pki_plugins=${pki_plugins}" pubkey" cmd_plugins=${cmd_plugins}" pubkey" aikgen_plugins=${aikgen_plugins}" pubkey" @@ -23888,6 +24067,12 @@ if test x$eap_aka = xtrue; then fi +if test x$eap_aka_3gpp = xtrue; then + c_plugins=${c_plugins}" eap-aka-3gpp" + charon_plugins=${charon_plugins}" eap-aka-3gpp" + + fi + if test x$eap_aka_3gpp2 = xtrue; then c_plugins=${c_plugins}" eap-aka-3gpp2" charon_plugins=${charon_plugins}" eap-aka-3gpp2" @@ -25008,6 +25193,14 @@ else USE_EAP_AKA_FALSE= fi + if test x$eap_aka_3gpp = xtrue; then + USE_EAP_AKA_3GPP_TRUE= + USE_EAP_AKA_3GPP_FALSE='#' +else + USE_EAP_AKA_3GPP_TRUE='#' + USE_EAP_AKA_3GPP_FALSE= +fi + if test x$eap_aka_3gpp2 = xtrue; then USE_EAP_AKA_3GPP2_TRUE= USE_EAP_AKA_3GPP2_FALSE='#' @@ -25248,6 +25441,22 @@ else USE_IMV_SWID_FALSE= fi + if test x$imc_swima = xtrue; then + USE_IMC_SWIMA_TRUE= + USE_IMC_SWIMA_FALSE='#' +else + USE_IMC_SWIMA_TRUE='#' + USE_IMC_SWIMA_FALSE= +fi + + if test x$imv_swima = xtrue; then + USE_IMV_SWIMA_TRUE= + USE_IMV_SWIMA_FALSE='#' +else + USE_IMV_SWIMA_TRUE='#' + USE_IMV_SWIMA_FALSE= +fi + if test x$imc_hcd = xtrue; then USE_IMC_HCD_TRUE= USE_IMC_HCD_FALSE='#' @@ -25840,6 +26049,11 @@ if test x$fuzzing = xtrue; then $as_echo "#define USE_FUZZING /**/" >>confdefs.h fi +if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then + +$as_echo "#define USE_JSON /**/" >>confdefs.h + +fi # ==================================================== # options for enabled modules (see conf/Makefile.am) @@ -25886,6 +26100,9 @@ fi if test -z "$USE_SWANCTL_TRUE"; then : strongswan_options=${strongswan_options}" swanctl" fi +if test -z "$USE_SYSTEMD_TRUE"; then : + strongswan_options=${strongswan_options}" charon-systemd" +fi @@ -25893,14 +26110,14 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= # build man pages # ================= -ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail" +ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail src/pt-tls-client/pt-tls-client.1 src/sw-collector/sw-collector.8" cat >confcache <<\_ACEOF @@ -26465,6 +26682,10 @@ if test -z "${USE_EAP_AKA_TRUE}" && test -z "${USE_EAP_AKA_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_AKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_EAP_AKA_3GPP_TRUE}" && test -z "${USE_EAP_AKA_3GPP_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_AKA_3GPP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_EAP_AKA_3GPP2_TRUE}" && test -z "${USE_EAP_AKA_3GPP2_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_AKA_3GPP2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26585,6 +26806,14 @@ if test -z "${USE_IMV_SWID_TRUE}" && test -z "${USE_IMV_SWID_FALSE}"; then as_fn_error $? "conditional \"USE_IMV_SWID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_IMC_SWIMA_TRUE}" && test -z "${USE_IMC_SWIMA_FALSE}"; then + as_fn_error $? "conditional \"USE_IMC_SWIMA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMV_SWIMA_TRUE}" && test -z "${USE_IMV_SWIMA_FALSE}"; then + as_fn_error $? "conditional \"USE_IMV_SWIMA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_IMC_HCD_TRUE}" && test -z "${USE_IMC_HCD_FALSE}"; then as_fn_error $? "conditional \"USE_IMC_HCD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -27254,7 +27483,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.5.3, which was +This file was extended by strongSwan $as_me 5.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27320,7 +27549,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.5.3 +strongSwan config.status 5.6.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -27832,6 +28061,8 @@ do "src/libimcv/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_attestation/Makefile" ;; "src/libimcv/plugins/imc_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swid/Makefile" ;; "src/libimcv/plugins/imv_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swid/Makefile" ;; + "src/libimcv/plugins/imc_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swima/Makefile" ;; + "src/libimcv/plugins/imv_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swima/Makefile" ;; "src/libimcv/plugins/imc_hcd/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_hcd/Makefile" ;; "src/libimcv/plugins/imv_hcd/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_hcd/Makefile" ;; "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;; @@ -27842,6 +28073,7 @@ do "src/charon-systemd/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-systemd/Makefile" ;; "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;; "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;; + "src/libcharon/plugins/eap_aka_3gpp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/Makefile" ;; "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;; "src/libcharon/plugins/eap_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_dynamic/Makefile" ;; "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;; @@ -27935,6 +28167,7 @@ do "src/checksum/Makefile") CONFIG_FILES="$CONFIG_FILES src/checksum/Makefile" ;; "src/conftest/Makefile") CONFIG_FILES="$CONFIG_FILES src/conftest/Makefile" ;; "src/pt-tls-client/Makefile") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/Makefile" ;; + "src/sw-collector/Makefile") CONFIG_FILES="$CONFIG_FILES src/sw-collector/Makefile" ;; "src/swanctl/Makefile") CONFIG_FILES="$CONFIG_FILES src/swanctl/Makefile" ;; "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;; @@ -27960,6 +28193,8 @@ do "src/swanctl/swanctl.8") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.8" ;; "src/swanctl/swanctl.conf.5.head") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.conf.5.head" ;; "src/swanctl/swanctl.conf.5.tail") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.conf.5.tail" ;; + "src/pt-tls-client/pt-tls-client.1") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/pt-tls-client.1" ;; + "src/sw-collector/sw-collector.8") CONFIG_FILES="$CONFIG_FILES src/sw-collector/sw-collector.8" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac diff --git a/configure.ac b/configure.ac index 1ca254e61..45277d967 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.5.3]) +AC_INIT([strongSwan],[5.6.0]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -185,6 +185,7 @@ ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.]) ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) ARG_ENABL_SET([eap-sim-pcsc], [enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite.]) ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) +ARG_ENABL_SET([eap-aka-3gpp], [enable EAP AKA backend implementing 3GPP MILENAGE algorithms in software.]) ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.]) ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) @@ -246,6 +247,8 @@ ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.]) ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.]) ARG_ENABL_SET([imc-swid], [enable IMC swid module.]) ARG_ENABL_SET([imv-swid], [enable IMV swid module.]) +ARG_ENABL_SET([imc-swima], [enable IMC swima module.]) +ARG_ENABL_SET([imv-swima], [enable IMV swima module.]) ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.]) ARG_ENABL_SET([imv-hcd], [enable IMV hcd module.]) ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml]) @@ -350,6 +353,7 @@ fi if test -z "$CFLAGS"; then CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign" fi +AC_SUBST(PLUGIN_CFLAGS) AC_PROG_CC AM_PROG_CC_C_O @@ -420,7 +424,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t tls=true; fi -if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then imcv=true; fi @@ -877,7 +881,7 @@ AC_COMPILE_IFELSE( AC_MSG_RESULT([no]) # GCC, but not MinGW requires -rdynamic for plugins if test x$windows != xtrue; then - AC_SUBST(PLUGIN_CFLAGS, [-rdynamic]) + PLUGIN_CFLAGS="$PLUGIN_CFLAGS -rdynamic" fi ] ) @@ -994,12 +998,22 @@ if test x$tss_trousers = xtrue; then fi if test x$tss_tss2 = xtrue; then - PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])]) - AC_SUBST(tss2_CFLAGS) - AC_SUBST(tss2_LIBS) + PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd], + [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])], + [tss2_tabrmd=false]) + PKG_CHECK_MODULES(tss2_socket, [tcti-socket], + [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])], + [tss2_socket=false]) + if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then + AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries]) + AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS") + AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS") + else + AC_MSG_FAILURE([no TSS2 TCTI library detected]) + fi fi -if test x$imv_swid = xtrue; then +if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then PKG_CHECK_MODULES(json, [json-c], [], [PKG_CHECK_MODULES(json, [json])]) AC_SUBST(json_CFLAGS) @@ -1011,37 +1025,9 @@ if test x$dumm = xtrue; then AC_SUBST(gtk_CFLAGS) AC_SUBST(gtk_LIBS) AC_CHECK_PROGS(RUBY, ruby) - AC_MSG_CHECKING([for Ruby header files]) - if test -n "$RUBY"; then - RUBYINCLUDE= - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["rubyhdrdir"]] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - RUBYARCH=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["arch"]] || ""') 2>/dev/null` - if test -n "$RUBYARCH"; then - AC_MSG_RESULT([$RUBYDIR]) - RUBYINCLUDE="-I$RUBYDIR -I$RUBYDIR/$RUBYARCH" - fi - else - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["archdir"]] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - AC_MSG_RESULT([$RUBYDIR]) - RUBYINCLUDE="-I$RUBYDIR" - fi - fi - if test -z "$RUBYINCLUDE"; then - AC_MSG_ERROR([ruby.h not found]) - fi - AC_SUBST(RUBYINCLUDE) - else - AC_MSG_ERROR([don't know how to run ruby]) - fi - AC_MSG_CHECKING([for libruby]) + PKG_CHECK_MODULES(ruby, [ruby]) saved_LIBS=$LIBS - LIBS=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["LIBRUBYARG_SHARED"]] || ""') 2>/dev/null` - AC_TRY_LINK_FUNC(ruby_init, - [AC_MSG_RESULT([$LIBS]); RUBYLIB=$LIBS], - [AC_MSG_ERROR([not found])]) - AC_SUBST(RUBYLIB) + LIBS=$ruby_LIBS AC_CHECK_FUNCS(rb_errinfo) LIBS=$saved_LIBS fi @@ -1261,6 +1247,7 @@ if test x$coverage = xtrue; then COVERAGE_LDFLAGS="-fprofile-arcs" AC_SUBST(COVERAGE_CFLAGS) AC_SUBST(COVERAGE_LDFLAGS) + PLUGIN_CFLAGS="$PLUGIN_CFLAGS $COVERAGE_CFLAGS" AC_MSG_NOTICE([coverage enabled, adding "-g -O0" to CFLAGS]) CFLAGS="${CFLAGS} -g -O0" @@ -1362,7 +1349,7 @@ ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cm ADD_PLUGIN([revocation], [s charon pki nm cmd]) ADD_PLUGIN([constraints], [s charon nm cmd]) ADD_PLUGIN([acert], [s charon]) -ADD_PLUGIN([pubkey], [s charon cmd aikgen]) +ADD_PLUGIN([pubkey], [s charon pki cmd aikgen]) ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz]) ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd]) @@ -1425,6 +1412,7 @@ ADD_PLUGIN([eap-sim], [c charon]) ADD_PLUGIN([eap-sim-file], [c charon]) ADD_PLUGIN([eap-sim-pcsc], [c charon]) ADD_PLUGIN([eap-aka], [c charon]) +ADD_PLUGIN([eap-aka-3gpp], [c charon]) ADD_PLUGIN([eap-aka-3gpp2], [c charon]) ADD_PLUGIN([eap-simaka-sql], [c charon]) ADD_PLUGIN([eap-simaka-pseudonym], [c charon]) @@ -1600,6 +1588,7 @@ AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue) AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue) AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) +AM_CONDITIONAL(USE_EAP_AKA_3GPP, test x$eap_aka_3gpp = xtrue) AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue) @@ -1630,6 +1619,8 @@ AM_CONDITIONAL(USE_IMC_ATTESTATION, test x$imc_attestation = xtrue) AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue) AM_CONDITIONAL(USE_IMC_SWID, test x$imc_swid = xtrue) AM_CONDITIONAL(USE_IMV_SWID, test x$imv_swid = xtrue) +AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue) +AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue) AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue) AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) @@ -1730,6 +1721,9 @@ fi if test x$fuzzing = xtrue; then AC_DEFINE([USE_FUZZING], [], [build code for fuzzing]) fi +if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then + AC_DEFINE([USE_JSON], [], [build code for JSON]) +fi # ==================================================== # options for enabled modules (see conf/Makefile.am) @@ -1750,6 +1744,7 @@ AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"]) AM_COND_IF([USE_SCEPCLIENT], [strongswan_options=${strongswan_options}" scepclient"]) AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"]) AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"]) +AM_COND_IF([USE_SYSTEMD], [strongswan_options=${strongswan_options}" charon-systemd"]) AC_SUBST(strongswan_options) @@ -1855,6 +1850,8 @@ AC_CONFIG_FILES([ src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile + src/libimcv/plugins/imc_swima/Makefile + src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile @@ -1865,6 +1862,7 @@ AC_CONFIG_FILES([ src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile + src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile @@ -1958,6 +1956,7 @@ AC_CONFIG_FILES([ src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile + src/sw-collector/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile @@ -1990,6 +1989,8 @@ AC_CONFIG_FILES([ src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail + src/pt-tls-client/pt-tls-client.1 + src/sw-collector/sw-collector.8 ]) AC_OUTPUT diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in index ea2365fa3..8306f44ec 100644 --- a/fuzz/Makefile.in +++ b/fuzz/Makefile.in @@ -235,8 +235,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -337,6 +335,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -365,6 +365,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/Makefile.in b/init/Makefile.in index 118b62ede..a0b2b9bca 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -289,8 +289,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -391,6 +389,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -419,6 +419,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in index 432e87c0a..b68958d46 100644 --- a/init/systemd-swanctl/Makefile.in +++ b/init/systemd-swanctl/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index a551f8f6f..3e20f5c7f 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/Makefile.in b/man/Makefile.in index 22b23c0bb..795505a14 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -263,8 +263,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -365,6 +363,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -393,6 +393,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index fef44ae21..69aeba8cb 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -1037,7 +1037,10 @@ mask of .B 0xffffffff is assumed. The special value .B %unique -assigns a unique value to each newly created IPsec SA. +assigns a unique value to each newly created IPsec SA. To additionally +make the mark unique for each IPsec SA direction (in/out) the special value +.B %unique-dir +may be used. .TP .BR mark_in " = <value>[/<mask>]" sets an XFRM mark in the inbound IPsec SA and diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 2dcbe4d88..1f1c37bc5 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -371,8 +371,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -473,6 +471,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -501,6 +501,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/Makefile.am b/src/Makefile.am index df171b270..1bdb8337c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -128,6 +128,10 @@ if USE_LIBPTTLS SUBDIRS += pt-tls-client endif +if USE_IMC_SWIMA + SUBDIRS += sw-collector +endif + if USE_INTEGRITY_TEST SUBDIRS += checksum endif diff --git a/src/Makefile.in b/src/Makefile.in index 17c4a9ad7..84d2ad9a1 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -119,8 +119,9 @@ host_triplet = @host@ @USE_CMD_TRUE@am__append_30 = charon-cmd @USE_SVC_TRUE@am__append_31 = charon-svc @USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client -@USE_INTEGRITY_TEST_TRUE@am__append_33 = checksum -@USE_AIKGEN_TRUE@am__append_34 = aikgen +@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector +@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum +@USE_AIKGEN_TRUE@am__append_35 = aikgen subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -199,7 +200,7 @@ DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ libcharon starter ipsec _copyright charon charon-systemd \ charon-nm stroke _updown scepclient pki swanctl conftest dumm \ libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ - pt-tls-client checksum aikgen + pt-tls-client sw-collector checksum aikgen am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -326,8 +327,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -428,6 +427,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -456,6 +457,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -470,7 +475,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) + $(am__append_34) $(am__append_35) all: all-recursive .SUFFIXES: diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 0bea80a10..5ba747ac7 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -279,8 +279,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -381,6 +379,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -409,6 +409,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index ba891c139..c51d65dd5 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 7096dd6e4..61fcaf86c 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -280,8 +280,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -382,6 +380,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -410,6 +410,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index e4d057fc5..ea492f957 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 3efcb8f34..6733a3321 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 9c08e8a01..263c6a3fb 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -280,8 +280,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -382,6 +380,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -410,6 +410,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index 937753927..9697c426b 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -284,8 +284,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -386,6 +384,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -414,6 +414,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 9987b44b6..258f33b0f 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/src/ees/ees_callbacks.c b/src/charon-tkm/src/ees/ees_callbacks.c index f4107d90a..a36629b13 100644 --- a/src/charon-tkm/src/ees/ees_callbacks.c +++ b/src/charon-tkm/src/ees/ees_callbacks.c @@ -47,4 +47,5 @@ void charon_esa_expire(result_type *res, const sp_id_type sp_id, DBG1(DBG_KNL, "ees: expire received for reqid %u, spi %x, dst %H", sp_id, ntohl(spi_rem), dst); charon->kernel->expire(charon->kernel, protocol, spi_rem, dst, hard != 0); + dst->destroy(dst); } diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index c9be8989a..5decde92b 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -52,6 +53,12 @@ struct private_tkm_kernel_ipsec_t { }; +METHOD(kernel_ipsec_t, get_features, kernel_feature_t, + private_tkm_kernel_ipsec_t *this) +{ + return KERNEL_POLICY_SPI; +} + METHOD(kernel_ipsec_t, get_spi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, uint32_t *spi) @@ -176,15 +183,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t, tkm->chunk_map->remove(tkm->chunk_map, nonce_loc); tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nonce_loc_id); } - if (ike_esa_select(esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "error selecting new child SA (%llu)", esa_id); - if (ike_esa_reset(esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id); - } - goto failure; - } DBG1(DBG_KNL, "added child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, " "esp_spi_rem: %x, role: %s)", esa_id, esa.isa_id, ntohl(spi_loc), @@ -215,23 +213,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t, private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, kernel_ipsec_del_sa_t *data) { - esa_id_type esa_id, other_esa_id; + esa_id_type esa_id; esa_id = tkm->sad->get_esa_id(tkm->sad, id->src, id->dst, - id->spi, id->proto); + id->spi, id->proto, TRUE); if (esa_id) { - other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); - if (other_esa_id) - { - DBG1(DBG_KNL, "selecting child SA (esa: %llu)", other_esa_id); - if (ike_esa_select(other_esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "error selecting other child SA (esa: %llu)", - other_esa_id); - } - } - DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, ntohl(id->spi)); if (ike_esa_reset(esa_id) != TKM_OK) @@ -263,6 +250,43 @@ METHOD(kernel_ipsec_t, add_policy, status_t, private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, kernel_ipsec_manage_policy_t *data) { + esa_id_type esa_id; + uint32_t spi; + uint8_t proto; + + if (id->dir == POLICY_OUT && data->type == POLICY_IPSEC && + data->prio == POLICY_PRIORITY_DEFAULT) + { + if (data->sa->esp.use) + { + spi = data->sa->esp.spi; + proto = IPPROTO_ESP; + } + else if (data->sa->ah.use) + { + spi = data->sa->ah.spi; + proto = IPPROTO_AH; + } + else + { + return FAILED; + } + esa_id = tkm->sad->get_esa_id(tkm->sad, data->src, data->dst, + spi, proto, FALSE); + if (!esa_id) + { + DBG1(DBG_KNL, "unable to find esa ID for policy (spi: %x)", + ntohl(spi)); + return FAILED; + } + DBG1(DBG_KNL, "selecting child SA (esa: %llu, spi: %x)", esa_id, + ntohl(spi)); + if (ike_esa_select(esa_id) != TKM_OK) + { + DBG1(DBG_KNL, "error selecting new child SA (%llu)", esa_id); + return FAILED; + } + } return SUCCESS; } @@ -358,6 +382,7 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create() INIT(this, .public = { .interface = { + .get_features = _get_features, .get_spi = _get_spi, .get_cpi = _get_cpi, .add_sa = _add_sa, diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 97226f1ac..acc3ff10a 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -107,16 +107,23 @@ CALLBACK(sad_entry_match, bool, const host_t *src, *dst; const uint32_t *spi; const uint8_t *proto; + const bool *local; - VA_ARGS_VGET(args, src, dst, spi, proto); + VA_ARGS_VGET(args, src, dst, spi, proto, local); - if (entry->src == NULL || entry->dst == NULL) + if (entry->src == NULL || entry->dst == NULL || entry->proto != *proto) { return FALSE; } - return src->ip_equals(entry->src, (host_t *)src) && - dst->ip_equals(entry->dst, (host_t *)dst) && - entry->spi_rem == *spi && entry->proto == *proto; + if (*local) + { + return entry->src->ip_equals(entry->src, (host_t *)dst) && + entry->dst->ip_equals(entry->dst, (host_t *)src) && + entry->spi_loc == *spi; + } + return entry->src->ip_equals(entry->src, (host_t *)src) && + entry->dst->ip_equals(entry->dst, (host_t *)dst) && + entry->spi_rem == *spi; } CALLBACK(sad_entry_match_dst, bool, @@ -131,26 +138,6 @@ CALLBACK(sad_entry_match_dst, bool, entry->proto == *proto; } -CALLBACK(sad_entry_match_esa_id, bool, - sad_entry_t * const entry, va_list args) -{ - const esa_id_type *esa_id; - - VA_ARGS_VGET(args, esa_id); - return entry->esa_id == *esa_id; -} - -CALLBACK(sad_entry_match_other_esa, bool, - sad_entry_t * const entry, va_list args) -{ - const esa_id_type *esa_id; - const uint32_t *reqid; - - VA_ARGS_VGET(args, esa_id, reqid); - return entry->reqid == *reqid && - entry->esa_id != *esa_id; -} - CALLBACK(sad_entry_equal, bool, sad_entry_t * const left, va_list args) { @@ -213,7 +200,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, private_tkm_kernel_sad_t * const this, const host_t * const src, - const host_t * const dst, const uint32_t spi, const uint8_t proto) + const host_t * const dst, const uint32_t spi, const uint8_t proto, + const bool local) { esa_id_type id = 0; sad_entry_t *entry = NULL; @@ -221,51 +209,18 @@ METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, this->mutex->lock(this->mutex); const bool res = this->data->find_first(this->data, sad_entry_match, (void**)&entry, src, dst, &spi, - &proto); + &proto, &local); if (res && entry) { id = entry->esa_id; DBG3(DBG_KNL, "returning ESA id %llu of SAD entry (src: %H, dst: %H, " - "spi: %x, proto: %u)", id, src, dst, ntohl(spi), proto); - } - else - { - DBG3(DBG_KNL, "no SAD entry found for src %H, dst %H, spi %x, proto %u", - src, dst, ntohl(spi), proto); - } - this->mutex->unlock(this->mutex); - return id; -} - -METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, - private_tkm_kernel_sad_t * const this, const esa_id_type esa_id) -{ - esa_id_type id = 0; - sad_entry_t *entry = NULL; - uint32_t reqid; - bool res; - - this->mutex->lock(this->mutex); - res = this->data->find_first(this->data, sad_entry_match_esa_id, - (void**)&entry, &esa_id); - if (res && entry) - { - reqid = entry->reqid; + "%sbound spi: %x, proto: %u)", id, src, dst, local ? "in" : "out", + ntohl(spi), proto); } else { - DBG3(DBG_KNL, "no SAD entry found for ESA id %llu", esa_id); - this->mutex->unlock(this->mutex); - return id; - } - - res = this->data->find_first(this->data, sad_entry_match_other_esa, - (void**)&entry, &esa_id, &reqid); - if (res && entry) - { - id = entry->esa_id; - DBG3(DBG_KNL, "returning ESA id %llu of other SAD entry with reqid %u", - id, reqid); + DBG3(DBG_KNL, "no SAD entry found for src %H, dst %H, %sbound spi %x, " + "proto %u", src, dst, local ? "in" : "out", ntohl(spi), proto); } this->mutex->unlock(this->mutex); return id; @@ -283,7 +238,7 @@ METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, (void**)&entry, &reqid, &spi, &proto); if (res && entry) { - dst = entry->dst; + dst = entry->dst->clone(entry->dst); DBG3(DBG_KNL, "returning destination host %H of SAD entry (reqid: %u," " spi: %x, proto: %u)", dst, reqid, ntohl(spi), proto); } @@ -350,7 +305,6 @@ tkm_kernel_sad_t *tkm_kernel_sad_create() .public = { .insert = _insert, .get_esa_id = _get_esa_id, - .get_other_esa_id = _get_other_esa_id, .get_dst_host = _get_dst_host, .remove = __remove, .destroy = _destroy, diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index ba6462192..3d9f5f3f8 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -55,23 +55,14 @@ struct tkm_kernel_sad_t { * * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi Remote SPI of CHILD SA + * @param spi SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) + * @param local whether the SPI is local or remote * @return ESA id of entry if found, 0 otherwise */ esa_id_type (*get_esa_id)(tkm_kernel_sad_t * const this, const host_t * const src, const host_t * const dst, - const uint32_t spi, const uint8_t proto); - - /** - * Get ESA id for entry associated with same security policy as the - * specified ESA. - * - * @param esa_id id of ESA identifying the security policy - * @return ESA id of entry if found, 0 otherwise - */ - esa_id_type (*get_other_esa_id)(tkm_kernel_sad_t * const this, - const esa_id_type esa_id); + const uint32_t spi, const uint8_t proto, const bool local); /** * Get destination host for entry with given parameters. @@ -79,7 +70,8 @@ struct tkm_kernel_sad_t { * @param reqid reqid of CHILD SA * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) - * @return destination host of entry if found, NULL otherwise + * @return destination host of entry if found (cloned), + * NULL otherwise */ host_t * (*get_dst_host)(tkm_kernel_sad_t * const this, const uint32_t reqid, const uint32_t spi, const uint8_t proto); diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index 2a033d237..39d8a790a 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -63,50 +63,32 @@ START_TEST(test_get_esa_id) tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, + fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 23, "Error getting esa id"); sad->destroy(sad); addr->destroy(addr); } END_TEST -START_TEST(test_get_esa_id_nonexistent) -{ - host_t *addr = host_create_from_string("127.0.0.1", 1024); - tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 0, - "Got esa id for nonexistent SAD entry"); - sad->destroy(sad); - addr->destroy(addr); -} -END_TEST - -START_TEST(test_get_other_esa_id) +START_TEST(test_get_esa_id_local) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_unless(sad->insert(sad, 24, 54, addr, addr, 27, 42, 50), - "Error inserting SAD entry"); - fail_unless(sad->get_other_esa_id(sad, 23) == 24, - "Error getting other esa id"); + fail_unless(sad->get_esa_id(sad, addr, addr, 27, 50, TRUE) == 23, + "Error getting esa id"); sad->destroy(sad); addr->destroy(addr); } END_TEST -START_TEST(test_get_other_esa_id_nonexistent) +START_TEST(test_get_esa_id_nonexistent) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->get_other_esa_id(sad, 1) == 0, - "Got other esa id for nonexistent SAD entry"); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), - "Error inserting SAD entry"); - fail_unless(sad->get_other_esa_id(sad, 23) == 0, - "Got own esa id"); - + fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 0, + "Got esa id for nonexistent SAD entry"); sad->destroy(sad); addr->destroy(addr); } @@ -179,14 +161,10 @@ Suite *make_kernel_sad_tests() tc = tcase_create("get_esa_id"); tcase_add_test(tc, test_get_esa_id); + tcase_add_test(tc, test_get_esa_id_local); tcase_add_test(tc, test_get_esa_id_nonexistent); suite_add_tcase(s, tc); - tc = tcase_create("get_other_esa_id"); - tcase_add_test(tc, test_get_other_esa_id); - tcase_add_test(tc, test_get_other_esa_id_nonexistent); - suite_add_tcase(s, tc); - tc = tcase_create("get_dst_host"); tcase_add_test(tc, test_get_dst_host); tcase_add_test(tc, test_get_dst_host_nonexistent); diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index d4cec547e..9c5283cd7 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -283,8 +283,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -385,6 +383,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -413,6 +413,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 5db5b79c0..1856e2a31 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -122,6 +122,14 @@ if USE_IMV_ATTESTATION exes += $(DESTDIR)$(ipsecdir)/attest endif +if USE_LIBPTTLS + exes += $(DESTDIR)$(bindir)/pt-tls-client +endif + +if USE_IMC_SWIMA + exes += $(DESTDIR)$(sbindir)/sw-collector +endif + checksum.c : checksum_builder $(deps) $(exes) ./checksum_builder $(libs) $(exes) > checksum.c diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index e4e3a16e6..87e78a99f 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -121,6 +121,8 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_SWANCTL_TRUE@am__append_30 = $(DESTDIR)$(sbindir)/swanctl @USE_ATTR_SQL_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/pool @USE_IMV_ATTESTATION_TRUE@am__append_32 = $(DESTDIR)$(ipsecdir)/attest +@USE_LIBPTTLS_TRUE@am__append_33 = $(DESTDIR)$(bindir)/pt-tls-client +@USE_IMC_SWIMA_TRUE@am__append_34 = $(DESTDIR)$(sbindir)/sw-collector subdir = src/checksum ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -352,8 +354,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -454,6 +454,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -482,6 +484,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -521,7 +527,8 @@ libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_19) $(am__append_21) $(am__append_23) exes = $(am__append_24) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) $(am__append_32) + $(am__append_31) $(am__append_32) $(am__append_33) \ + $(am__append_34) all: all-am .SUFFIXES: diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index c7d4c6bbe..4f33d9891 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -297,8 +297,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -399,6 +397,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -427,6 +427,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/dumm/Makefile.am b/src/dumm/Makefile.am index 1c6a68f58..0d1cfb704 100644 --- a/src/dumm/Makefile.am +++ b/src/dumm/Makefile.am @@ -11,15 +11,14 @@ irdumm_SOURCES = irdumm.c libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${RUBYLIB} $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la AM_CPPFLAGS = \ -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan \ - ${RUBYINCLUDE} + -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = \ - ${gtk_CFLAGS} +dumm_CFLAGS = ${gtk_CFLAGS} +irdumm_CFLAGS = ${ruby_CFLAGS} all-local: ext diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 276ca2ef2..6c7cc4176 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -148,15 +148,21 @@ am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = PROGRAMS = $(ipsec_PROGRAMS) -am_dumm_OBJECTS = main.$(OBJEXT) +am_dumm_OBJECTS = dumm-main.$(OBJEXT) dumm_OBJECTS = $(am_dumm_OBJECTS) am__DEPENDENCIES_1 = dumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ $(top_builddir)/src/libstrongswan/libstrongswan.la -am_irdumm_OBJECTS = irdumm.$(OBJEXT) +dumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumm_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_irdumm_OBJECTS = irdumm-irdumm.$(OBJEXT) irdumm_OBJECTS = $(am_irdumm_OBJECTS) irdumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(irdumm_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -318,8 +324,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -420,6 +424,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,6 +454,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -462,15 +472,13 @@ dumm_SOURCES = main.c irdumm_SOURCES = irdumm.c libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${RUBYLIB} $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la AM_CPPFLAGS = \ -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan \ - ${RUBYINCLUDE} - -AM_CFLAGS = \ - ${gtk_CFLAGS} + -I$(top_srcdir)/src/libstrongswan +dumm_CFLAGS = ${gtk_CFLAGS} +irdumm_CFLAGS = ${ruby_CFLAGS} all: all-am .SUFFIXES: @@ -594,11 +602,11 @@ clean-ipsecPROGRAMS: dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) $(EXTRA_dumm_DEPENDENCIES) @rm -f dumm$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) + $(AM_V_CCLD)$(dumm_LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) irdumm$(EXEEXT): $(irdumm_OBJECTS) $(irdumm_DEPENDENCIES) $(EXTRA_irdumm_DEPENDENCIES) @rm -f irdumm$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS) + $(AM_V_CCLD)$(irdumm_LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -608,11 +616,11 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bridge.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cowfs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm-main.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/guest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm-irdumm.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mconsole.Plo@am__quote@ .c.o: @@ -639,6 +647,34 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +dumm-main.o: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.o -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c + +dumm-main.obj: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.obj -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` + +irdumm-irdumm.o: irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.o -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c + +irdumm-irdumm.obj: irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.obj -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` + mostlyclean-libtool: -rm -f *.lo diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c index df7ec4703..b898a2564 100644 --- a/src/dumm/ext/dumm.c +++ b/src/dumm/ext/dumm.c @@ -30,6 +30,8 @@ #undef PACKAGE_STRING #undef PACKAGE_BUGREPORT #undef PACKAGE_URL +#undef HAVE_DLADDR +#undef HAVE_QSORT_R /* avoid redefintiion of snprintf etc. */ #define RUBY_DONT_SUBST /* undef our _GNU_SOURCE, as it gets redefined by <ruby.h> */ diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c index d30973737..1a4235c9d 100644 --- a/src/dumm/irdumm.c +++ b/src/dumm/irdumm.c @@ -19,6 +19,8 @@ #undef PACKAGE_STRING #undef PACKAGE_BUGREPORT #undef PACKAGE_URL +#undef HAVE_DLADDR +#undef HAVE_QSORT_R #include <ruby.h> #ifdef HAVE_RB_ERRINFO diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 569574fc9..dde85cb09 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 1a922427b..494dc45ee 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -260,8 +260,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -362,6 +360,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -390,6 +390,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 3f4316dd6..b23b04207 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.5.3dr2" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.6.0dr1" "strongSwan" . .SH NAME . diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index ea399b8c4..65fadf2de 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -73,7 +73,7 @@ case "$1" in echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall" echo " purgecerts|purgecrls|purgeike|purgeocsp" echo " scepclient|pki" - echo " starter|stroke" + echo " stroke" echo " version" echo echo "Refer to the $IPSEC_SCRIPT(8) man page for details." diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 1a8e068d1..f381860b9 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -163,6 +163,8 @@ LOCAL_SRC_FILES += $(call add_plugin, p-cscf) LOCAL_SRC_FILES += $(call add_plugin, eap-aka) +LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp) + LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp2) ifneq ($(call plugin_enabled, eap-aka-3gpp2),) LOCAL_C_INCLUDES += $(libgmp_PATH) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 3fcaedc3b..ed2236e04 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -370,6 +370,13 @@ if MONOLITHIC endif endif +if USE_EAP_AKA_3GPP + SUBDIRS += plugins/eap_aka_3gpp +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la +endif +endif + if USE_EAP_AKA_3GPP2 SUBDIRS += plugins/eap_aka_3gpp2 if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index ef9ffd39b..fc6635826 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -201,100 +201,102 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_51 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la @USE_EAP_AKA_TRUE@am__append_52 = plugins/eap_aka @MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_53 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_54 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_55 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_56 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_57 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_58 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_59 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_60 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_61 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_62 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_DYNAMIC_TRUE@am__append_63 = plugins/eap_dynamic -@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_64 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la -@USE_EAP_RADIUS_TRUE@am__append_65 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_66 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_67 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_68 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_69 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_70 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_PEAP_TRUE@am__append_71 = plugins/eap_peap -@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_72 = plugins/eap_peap/libstrongswan-eap-peap.la -@USE_EAP_TNC_TRUE@am__append_73 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_74 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_75 = $(top_builddir)/src/libtls/libtls.la -@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_76 = $(top_builddir)/src/libradius/libradius.la -@USE_TNC_IFMAP_TRUE@am__append_77 = plugins/tnc_ifmap -@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_78 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la -@USE_TNC_PDP_TRUE@am__append_79 = plugins/tnc_pdp -@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_80 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la -@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_81 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_MEDSRV_TRUE@am__append_82 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_83 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_84 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_85 = plugins/medcli/libstrongswan-medcli.la -@USE_DHCP_TRUE@am__append_86 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_87 = plugins/dhcp/libstrongswan-dhcp.la -@USE_OSX_ATTR_TRUE@am__append_88 = plugins/osx_attr -@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_89 = plugins/osx_attr/libstrongswan-osx-attr.la -@USE_P_CSCF_TRUE@am__append_90 = plugins/p_cscf -@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_91 = plugins/p_cscf/libstrongswan-p-cscf.la -@USE_ANDROID_DNS_TRUE@am__append_92 = plugins/android_dns -@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_93 = plugins/android_dns/libstrongswan-android-dns.la -@USE_ANDROID_LOG_TRUE@am__append_94 = plugins/android_log -@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_95 = plugins/android_log/libstrongswan-android-log.la -@USE_HA_TRUE@am__append_96 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_97 = plugins/ha/libstrongswan-ha.la -@USE_KERNEL_PFKEY_TRUE@am__append_98 = plugins/kernel_pfkey -@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_99 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la -@USE_KERNEL_PFROUTE_TRUE@am__append_100 = plugins/kernel_pfroute -@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_101 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la -@USE_KERNEL_NETLINK_TRUE@am__append_102 = plugins/kernel_netlink -@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_103 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la -@USE_KERNEL_LIBIPSEC_TRUE@am__append_104 = plugins/kernel_libipsec -@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_105 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la -@USE_KERNEL_WFP_TRUE@am__append_106 = plugins/kernel_wfp -@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_107 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la -@USE_KERNEL_IPH_TRUE@am__append_108 = plugins/kernel_iph -@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_109 = plugins/kernel_iph/libstrongswan-kernel-iph.la -@USE_WHITELIST_TRUE@am__append_110 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_111 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_112 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_113 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_114 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_115 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_116 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_117 = plugins/certexpire/libstrongswan-certexpire.la -@USE_SYSTIME_FIX_TRUE@am__append_118 = plugins/systime_fix -@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_119 = plugins/systime_fix/libstrongswan-systime-fix.la -@USE_LED_TRUE@am__append_120 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_121 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_122 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_123 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_124 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_125 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_126 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_127 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_128 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_129 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_130 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_131 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_132 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_133 = plugins/unity/libstrongswan-unity.la -@USE_XAUTH_GENERIC_TRUE@am__append_134 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_135 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_136 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_137 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_138 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_139 = plugins/xauth_pam/libstrongswan-xauth-pam.la -@USE_XAUTH_NOAUTH_TRUE@am__append_140 = plugins/xauth_noauth -@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_141 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la -@USE_RESOLVE_TRUE@am__append_142 = plugins/resolve -@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_143 = plugins/resolve/libstrongswan-resolve.la -@USE_ATTR_TRUE@am__append_144 = plugins/attr -@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_145 = plugins/attr/libstrongswan-attr.la -@USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql -@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la +@USE_EAP_AKA_3GPP_TRUE@am__append_54 = plugins/eap_aka_3gpp +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_55 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_56 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_57 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_58 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_59 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_60 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_61 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_62 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_63 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_64 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_DYNAMIC_TRUE@am__append_65 = plugins/eap_dynamic +@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_66 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la +@USE_EAP_RADIUS_TRUE@am__append_67 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_68 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_69 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_70 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_71 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_72 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_73 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_74 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_75 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_76 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_77 = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_78 = $(top_builddir)/src/libradius/libradius.la +@USE_TNC_IFMAP_TRUE@am__append_79 = plugins/tnc_ifmap +@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_80 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la +@USE_TNC_PDP_TRUE@am__append_81 = plugins/tnc_pdp +@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_82 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la +@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_83 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_MEDSRV_TRUE@am__append_84 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_85 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_86 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_87 = plugins/medcli/libstrongswan-medcli.la +@USE_DHCP_TRUE@am__append_88 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_89 = plugins/dhcp/libstrongswan-dhcp.la +@USE_OSX_ATTR_TRUE@am__append_90 = plugins/osx_attr +@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_91 = plugins/osx_attr/libstrongswan-osx-attr.la +@USE_P_CSCF_TRUE@am__append_92 = plugins/p_cscf +@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_93 = plugins/p_cscf/libstrongswan-p-cscf.la +@USE_ANDROID_DNS_TRUE@am__append_94 = plugins/android_dns +@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_95 = plugins/android_dns/libstrongswan-android-dns.la +@USE_ANDROID_LOG_TRUE@am__append_96 = plugins/android_log +@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_97 = plugins/android_log/libstrongswan-android-log.la +@USE_HA_TRUE@am__append_98 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_99 = plugins/ha/libstrongswan-ha.la +@USE_KERNEL_PFKEY_TRUE@am__append_100 = plugins/kernel_pfkey +@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_101 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +@USE_KERNEL_PFROUTE_TRUE@am__append_102 = plugins/kernel_pfroute +@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_103 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +@USE_KERNEL_NETLINK_TRUE@am__append_104 = plugins/kernel_netlink +@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_105 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la +@USE_KERNEL_LIBIPSEC_TRUE@am__append_106 = plugins/kernel_libipsec +@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_107 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la +@USE_KERNEL_WFP_TRUE@am__append_108 = plugins/kernel_wfp +@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_109 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la +@USE_KERNEL_IPH_TRUE@am__append_110 = plugins/kernel_iph +@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_111 = plugins/kernel_iph/libstrongswan-kernel-iph.la +@USE_WHITELIST_TRUE@am__append_112 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_113 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_114 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_115 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_116 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_117 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_118 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_119 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_120 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_121 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_122 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_123 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_124 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_125 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_126 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_127 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_128 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_129 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_130 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_131 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_132 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_133 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_134 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_135 = plugins/unity/libstrongswan-unity.la +@USE_XAUTH_GENERIC_TRUE@am__append_136 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_137 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_138 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_139 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_140 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_141 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_142 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_143 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la +@USE_RESOLVE_TRUE@am__append_144 = plugins/resolve +@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_145 = plugins/resolve/libstrongswan-resolve.la +@USE_ATTR_TRUE@am__append_146 = plugins/attr +@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_147 = plugins/attr/libstrongswan-attr.la +@USE_ATTR_SQL_TRUE@am__append_148 = plugins/attr_sql +@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_149 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -356,12 +358,12 @@ libcharon_la_DEPENDENCIES = \ $(am__append_35) $(am__append_37) $(am__append_39) \ $(am__append_41) $(am__append_43) $(am__append_45) \ $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_56) \ + $(am__append_53) $(am__append_55) $(am__append_57) \ $(am__append_58) $(am__append_60) $(am__append_62) \ $(am__append_64) $(am__append_66) $(am__append_68) \ $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_75) $(am__append_76) $(am__append_78) \ - $(am__append_80) $(am__append_81) $(am__append_83) \ + $(am__append_76) $(am__append_77) $(am__append_78) \ + $(am__append_80) $(am__append_82) $(am__append_83) \ $(am__append_85) $(am__append_87) $(am__append_89) \ $(am__append_91) $(am__append_93) $(am__append_95) \ $(am__append_97) $(am__append_99) $(am__append_101) \ @@ -372,7 +374,7 @@ libcharon_la_DEPENDENCIES = \ $(am__append_127) $(am__append_129) $(am__append_131) \ $(am__append_133) $(am__append_135) $(am__append_137) \ $(am__append_139) $(am__append_141) $(am__append_143) \ - $(am__append_145) $(am__append_147) + $(am__append_145) $(am__append_147) $(am__append_149) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -747,7 +749,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/ext_auth plugins/eap_identity plugins/eap_sim \ plugins/eap_sim_file plugins/eap_sim_pcsc \ plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ - plugins/eap_simaka_reauth plugins/eap_aka \ + plugins/eap_simaka_reauth plugins/eap_aka plugins/eap_aka_3gpp \ plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \ plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ @@ -889,8 +891,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -991,6 +991,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -1019,6 +1021,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1151,12 +1157,12 @@ libcharon_la_LIBADD = \ $(am__append_37) $(am__append_39) $(am__append_41) \ $(am__append_43) $(am__append_45) $(am__append_47) \ $(am__append_49) $(am__append_51) $(am__append_53) \ - $(am__append_55) $(am__append_56) $(am__append_58) \ + $(am__append_55) $(am__append_57) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ - $(am__append_72) $(am__append_74) $(am__append_75) \ - $(am__append_76) $(am__append_78) $(am__append_80) \ - $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_72) $(am__append_74) $(am__append_76) \ + $(am__append_77) $(am__append_78) $(am__append_80) \ + $(am__append_82) $(am__append_83) $(am__append_85) \ $(am__append_87) $(am__append_89) $(am__append_91) \ $(am__append_93) $(am__append_95) $(am__append_97) \ $(am__append_99) $(am__append_101) $(am__append_103) \ @@ -1167,7 +1173,7 @@ libcharon_la_LIBADD = \ $(am__append_129) $(am__append_131) $(am__append_133) \ $(am__append_135) $(am__append_137) $(am__append_139) \ $(am__append_141) $(am__append_143) $(am__append_145) \ - $(am__append_147) + $(am__append_147) $(am__append_149) EXTRA_DIST = Android.mk @STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c @STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c @@ -1183,13 +1189,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \ @MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_57) \ +@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_79) \ +@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_84) \ @MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ @MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \ @@ -1205,7 +1211,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_FALSE@ $(am__append_146) tests +@MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) tests # build optional plugins ######################## @@ -1221,13 +1227,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \ @MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_57) \ +@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_79) \ +@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_84) \ @MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ @MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \ @@ -1243,7 +1249,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_TRUE@ $(am__append_146) . tests +@MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) . tests all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 77a910197..19943d060 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -827,7 +827,10 @@ METHOD(bus_t, ike_updown, void, enumerator = ike_sa->create_child_sa_enumerator(ike_sa); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { - child_updown(this, child_sa, FALSE); + if (child_sa->get_state(child_sa) != CHILD_REKEYED) + { + child_updown(this, child_sa, FALSE); + } } enumerator->destroy(enumerator); } diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index fcdd6fdeb..29f067858 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -21,7 +21,7 @@ #include <daemon.h> -#include <threading/mutex.h> +#include <threading/rwlock.h> #include <collections/linked_list.h> #include <utils/identification.h> @@ -71,9 +71,9 @@ struct private_peer_cfg_t { linked_list_t *child_cfgs; /** - * mutex to lock access to list of child_cfgs + * lock to access list of child_cfgs */ - mutex_t *mutex; + rwlock_t *lock; /** * should we send a certificate @@ -195,9 +195,9 @@ METHOD(peer_cfg_t, get_ike_cfg, ike_cfg_t*, METHOD(peer_cfg_t, add_child_cfg, void, private_peer_cfg_t *this, child_cfg_t *child_cfg) { - this->mutex->lock(this->mutex); + this->lock->write_lock(this->lock); this->child_cfgs->insert_last(this->child_cfgs, child_cfg); - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); } typedef struct { @@ -266,13 +266,13 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, removed = linked_list_create(); - other->mutex->lock(other->mutex); + other->lock->read_lock(other->lock); added = linked_list_create_from_enumerator( other->child_cfgs->create_enumerator(other->child_cfgs)); added->invoke_offset(added, offsetof(child_cfg_t, get_ref)); - other->mutex->unlock(other->mutex); + other->lock->unlock(other->lock); - this->mutex->lock(this->mutex); + this->lock->write_lock(this->lock); others = added->create_enumerator(added); mine = this->child_cfgs->create_enumerator(this->child_cfgs); while (mine->enumerate(mine, &my_cfg)) @@ -302,7 +302,7 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, } others->destroy(others); mine->destroy(mine); - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); INIT(enumerator, .public = { @@ -322,7 +322,7 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, typedef struct { enumerator_t public; enumerator_t *wrapped; - mutex_t *mutex; + rwlock_t *lock; } child_cfg_enumerator_t; METHOD(peer_cfg_t, remove_child_cfg, void, @@ -334,7 +334,7 @@ METHOD(peer_cfg_t, remove_child_cfg, void, METHOD(enumerator_t, child_cfg_enumerator_destroy, void, child_cfg_enumerator_t *this) { - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); this->wrapped->destroy(this->wrapped); free(this); } @@ -359,11 +359,11 @@ METHOD(peer_cfg_t, create_child_cfg_enumerator, enumerator_t*, .venumerate = _child_cfg_enumerate, .destroy = _child_cfg_enumerator_destroy, }, - .mutex = this->mutex, + .lock = this->lock, .wrapped = this->child_cfgs->create_enumerator(this->child_cfgs), ); - this->mutex->lock(this->mutex); + this->lock->read_lock(this->lock); return &enumerator->public; } @@ -724,7 +724,7 @@ METHOD(peer_cfg_t, destroy, void, DESTROY_IF(this->peer_id); free(this->mediated_by); #endif /* ME */ - this->mutex->destroy(this->mutex); + this->lock->destroy(this->lock); free(this->name); free(this); } @@ -790,7 +790,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, .name = strdup(name), .ike_cfg = ike_cfg, .child_cfgs = linked_list_create(), - .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .cert_policy = data->cert_policy, .unique = data->unique, .keyingtries = data->keyingtries, diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index 41aacd4ed..dee1a3f73 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -86,7 +86,7 @@ struct private_generator_t { uint8_t current_bit; /** - * Associated data struct to read informations from. + * Associated data struct to read information from. */ void *data_struct; diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 8c4372974..732fd9b54 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -312,7 +312,7 @@ struct message_t { status_t (*add_fragment)(message_t *this, message_t *fragment); /** - * Gets the source host informations. + * Gets the source host information. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. @@ -322,7 +322,7 @@ struct message_t { host_t * (*get_source) (message_t *this); /** - * Sets the source host informations. + * Sets the source host information. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_source. @@ -332,7 +332,7 @@ struct message_t { void (*set_source) (message_t *this, host_t *host); /** - * Gets the destination host informations. + * Gets the destination host information. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. @@ -342,7 +342,7 @@ struct message_t { host_t * (*get_destination) (message_t *this); /** - * Sets the destination host informations. + * Sets the destination host information. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_destination. diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 442bf7489..9ff23753a 100644 --- a/src/libcharon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h @@ -37,7 +37,7 @@ typedef struct encoding_rule_t encoding_rule_t; * Header is parsed like a payload and gets its one payload_id * from PRIVATE USE space. Also the substructures * of specific payload types get their own payload_id - * from PRIVATE_USE space. See IKEv2-Draft for more informations. + * from PRIVATE_USE space. See IKEv2-Draft for more information. */ enum encoding_type_t { diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 55641e145..c3f06391a 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -1360,10 +1360,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); if (enumerator->enumerate(enumerator, &alg, &key_size)) { + transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); alg = get_ikev1_auth_from_alg(alg); if (alg) { - transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); if (!transform && transid) { transform = transform_substructure_create_type( diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index d601ebd4e..f4f55adfe 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -77,6 +77,8 @@ enum kernel_feature_t { KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2), /** IPsec backend does not require a policy reinstall on SA updates */ KERNEL_NO_POLICY_UPDATES = (1<<3), + /** IPsec backend supports installing SPIs on policies */ + KERNEL_POLICY_SPI = (1<<4), }; /** diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 60fd19bdc..5a76c8187 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index 0533d81eb..8f5ae6ac7 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index bc402ef69..682fa15b9 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index 9fe4d946f..61570457e 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index b3ddf69b5..14a144c38 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in index 6c079481b..1c1a4523a 100644 --- a/src/libcharon/plugins/bypass_lan/Makefile.in +++ b/src/libcharon/plugins/bypass_lan/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index acbd7a858..0ae0d28d7 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index 55bc25a9f..fb432cd67 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 6d6fe25bb..06f2592f0 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index d3f4ec8bc..aaca1ec99 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index 3687f0cb7..0febca96d 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 69959d30f..db4491113 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 5fff12890..09291aff5 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am new file mode 100644 index 000000000..5e230ea3b --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am @@ -0,0 +1,22 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +else +plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +endif + +libstrongswan_eap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ + eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in new file mode 100644 index 000000000..2b73a57ce --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in @@ -0,0 +1,809 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/eap_aka_3gpp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_DEPENDENCIES = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la +am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \ + eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo \ + eap_aka_3gpp_functions.lo +libstrongswan_eap_aka_3gpp_la_OBJECTS = \ + $(am_libstrongswan_eap_aka_3gpp_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_eap_aka_3gpp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_aka_3gpp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_3gpp_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_3gpp_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ + eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-eap-aka-3gpp.la: $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_eap_aka_3gpp_la_LINK) $(am_libstrongswan_eap_aka_3gpp_la_rpath) $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_functions.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_provider.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c new file mode 100644 index 000000000..22c1181ad --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c @@ -0,0 +1,208 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_card.h" + +#include <daemon.h> + +typedef struct private_eap_aka_3gpp_card_t private_eap_aka_3gpp_card_t; + +/** + * Private data of an eap_aka_3gpp_card_t object. + */ +struct private_eap_aka_3gpp_card_t { + + /** + * Public eap_aka_3gpp_card_t interface. + */ + eap_aka_3gpp_card_t public; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *f; + + /** + * do sequence number checking? + */ + bool seq_check; + + /** + * SQN stored in this pseudo-USIM + */ + uint8_t sqn[AKA_SQN_LEN]; +}; + +METHOD(simaka_card_t, get_quintuplet, status_t, + private_eap_aka_3gpp_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len) +{ + uint8_t *amf, *mac; + uint8_t k[AKA_K_LEN], opc[AKA_OPC_LEN], ak[AKA_AK_LEN], sqn[AKA_SQN_LEN], + xmac[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FAILED; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* AUTN = SQN xor AK | AMF | MAC */ + memcpy(sqn, autn, AKA_SQN_LEN); + amf = autn + AKA_SQN_LEN; + mac = autn + AKA_SQN_LEN + AKA_AMF_LEN; + DBG3(DBG_IKE, "received AUTN %b", autn, AKA_AUTN_LEN); + DBG3(DBG_IKE, "received AMF %b", amf, AKA_AMF_LEN); + DBG3(DBG_IKE, "received MAC %b", mac, AKA_MAC_LEN); + + /* generate RES, CK, IK, AK from received RAND */ + DBG3(DBG_IKE, "received RAND %b", rand, AKA_RAND_LEN); + if (!this->f->f2345(this->f, k, opc, rand, res, ck, ik, ak)) + { + return FAILED; + } + *res_len = AKA_RES_LEN; + DBG3(DBG_IKE, "using RES %b", res, AKA_RES_LEN); + DBG3(DBG_IKE, "using CK %b", ck, AKA_CK_LEN); + DBG3(DBG_IKE, "using IK %b", ik, AKA_IK_LEN); + DBG3(DBG_IKE, "using AK %b", ak, AKA_AK_LEN); + + /* XOR anonymity key AK into SQN to decrypt it */ + memxor(sqn, ak, AKA_SQN_LEN); + DBG3(DBG_IKE, "using SQN %b", sqn, AKA_SQN_LEN); + + /* calculate expected MAC and compare against received one */ + if (!this->f->f1(this->f, k, opc, rand, sqn, amf, xmac)) + { + return FAILED; + } + if (!memeq_const(mac, xmac, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MAC does not match XMAC"); + DBG3(DBG_IKE, "MAC %b\nXMAC %b", mac, AKA_MAC_LEN, xmac, AKA_MAC_LEN); + return FAILED; + } + DBG3(DBG_IKE, "MAC equals XMAC %b", mac, AKA_MAC_LEN); + + if (this->seq_check && memcmp(this->sqn, sqn, AKA_SQN_LEN) >= 0) + { + DBG3(DBG_IKE, "received SQN %b\ncurrent SQN %b", + sqn, AKA_SQN_LEN, this->sqn, AKA_SQN_LEN); + return INVALID_STATE; + } + + /* update stored SQN to the received one */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + + return SUCCESS; +} + +METHOD(simaka_card_t, resync, bool, + private_eap_aka_3gpp_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + uint8_t amf[AKA_AMF_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN], aks[AKA_AK_LEN], + macs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b to resync AKA", + id, k, AKA_K_LEN, opc, AKA_OPC_LEN); + + /* AMF is set to zero in resync */ + memset(amf, 0, AKA_AMF_LEN); + if (!this->f->f5star(this->f, k, opc, rand, aks) || + !this->f->f1star(this->f, k, opc, rand, this->sqn, amf, macs)) + { + return FALSE; + } + /* AUTS = SQN xor AKS | MACS */ + memcpy(auts, this->sqn, AKA_SQN_LEN); + memxor(auts, aks, AKA_AK_LEN); + memcpy(auts + AKA_AK_LEN, macs, AKA_MAC_LEN); + DBG3(DBG_IKE, "generated AUTS %b", auts, AKA_AUTN_LEN); + + return TRUE; +} + +METHOD(eap_aka_3gpp_card_t, destroy, void, + private_eap_aka_3gpp_card_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_card_t *eap_aka_3gpp_card_create(eap_aka_3gpp_functions_t *f) +{ + private_eap_aka_3gpp_card_t *this; + + INIT(this, + .public = { + .card = { + .get_triplet = (void*)return_false, + .get_quintuplet = _get_quintuplet, + .resync = _resync, + .get_pseudonym = (void*)return_null, + .set_pseudonym = (void*)nop, + .get_reauth = (void*)return_null, + .set_reauth = (void*)nop, + }, + .destroy = _destroy, + }, + .f = f, + .seq_check = lib->settings->get_bool(lib->settings, + "%s.plugins.eap-aka-3gpp.seq_check", +#ifdef SEQ_CHECK /* handle legacy compile time configuration as default */ + TRUE, +#else /* !SEQ_CHECK */ + FALSE, +#endif /* SEQ_CHECK */ + lib->ns), + ); + + eap_aka_3gpp_get_sqn(this->sqn, 0); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h new file mode 100644 index 000000000..0ef90681f --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_card eap_aka_3gpp_card + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_CARD_H_ +#define EAP_AKA_3GPP_CARD_H_ + +#include "eap_aka_3gpp_functions.h" + +#include <simaka_card.h> + +typedef struct eap_aka_3gpp_card_t eap_aka_3gpp_card_t; + +/** + * SIM card implementation using a set of AKA functions. + */ +struct eap_aka_3gpp_card_t { + + /** + * Implements simaka_card_t interface + */ + simaka_card_t card; + + /** + * Destroy a eap_aka_3gpp_card_t. + */ + void (*destroy)(eap_aka_3gpp_card_t *this); +}; + +/** + * Create a eap_aka_3gpp_card instance. + * + * @param f AKA functions + */ +eap_aka_3gpp_card_t *eap_aka_3gpp_card_create(eap_aka_3gpp_functions_t *f); + +#endif /** EAP_AKA_3GPP_CARD_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c new file mode 100644 index 000000000..d017d2c99 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c @@ -0,0 +1,364 @@ +/* + * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2008-2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_functions.h" + +#include <limits.h> +#include <ctype.h> +#include <daemon.h> + +typedef struct private_eap_aka_3gpp_functions_t private_eap_aka_3gpp_functions_t; + +/** + * Private data of an eap_aka_3gpp_functions_t object. + */ +struct private_eap_aka_3gpp_functions_t { + + /** + * Public eap_aka_3gpp_functions_t interface. + */ + eap_aka_3gpp_functions_t public; + + /** + * AES instance + */ + crypter_t *crypter; +}; + +/* + * Described in header + */ +bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN], + uint8_t opc[AKA_OPC_LEN]) +{ + shared_key_t *shared; + chunk_t key; + + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL); + if (!shared) + { + return FALSE; + } + key = shared->get_key(shared); + + if (key.len == AKA_K_LEN) + { + memcpy(k, key.ptr, AKA_K_LEN); + /* set OPc to a neutral default value, harmless to XOR with */ + memset(opc, '\0', AKA_OPC_LEN); + } + else if (key.len == AKA_K_LEN + AKA_OPC_LEN) + { + memcpy(k, key.ptr, AKA_K_LEN); + memcpy(opc, key.ptr + AKA_K_LEN, AKA_OPC_LEN); + } + else + { + DBG1(DBG_IKE, "invalid EAP K or K+OPc key found for %Y to authenticate " + "with AKA, should be a %d or %d byte long binary value", id, + AKA_K_LEN, AKA_K_LEN + AKA_OPC_LEN); + shared->destroy(shared); + return FALSE; + } + shared->destroy(shared); + return TRUE; +} + +/* + * Described in header + */ +void eap_aka_3gpp_get_sqn(uint8_t sqn[AKA_SQN_LEN], int offset) +{ + timeval_t time; + + gettimeofday(&time, NULL); + /* set sqn to an integer containing 4 bytes seconds + 2 bytes usecs */ + time.tv_sec = htonl(time.tv_sec + offset); + /* usec's are never larger than 0x000f423f, so we shift the 12 first bits */ + time.tv_usec = htonl(time.tv_usec << 12); + memcpy(sqn, (uint8_t*)&time.tv_sec + sizeof(time_t) - 4, 4); + memcpy(sqn + 4, &time.tv_usec, 2); +} + +static bool f1andf1star(private_eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], uint8_t mac[16]) +{ + uint8_t i, data[16], in[16], iv[16] = { 0 }; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + + /* concatenate SQN || AMF ||SQN || AMF */ + memcpy(in, sqn, 6); + memcpy(&in[6], amf, 2); + memcpy(&in[8], in, 8); + + /* XOR opc and in, rotate by r1=64, and XOR + * on the constant c1 (which is all zeroes) and finally the output above */ + for (i = 0; i < 16; i++) + { + data[(i + 8) % 16] ^= in[i] ^ opc[i]; + } + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + memxor(data, opc, sizeof(data)); + memcpy(mac, data, 16); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f1, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + const uint8_t sqn[AKA_SQN_LEN], const uint8_t amf[AKA_AMF_LEN], + uint8_t maca[AKA_MAC_LEN]) +{ + uint8_t mac[16]; + + if (!f1andf1star(this, k, opc, rand, sqn, amf, mac)) + { + return FALSE; + } + /* only diff between f1 and f1* is here: + * f1 uses bytes 0-7 as MAC-A + * f1* uses bytes 8-15 as MAC-S */ + memcpy(maca, mac, AKA_MAC_LEN); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f1star, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + const uint8_t sqn[AKA_SQN_LEN], const uint8_t amf[AKA_AMF_LEN], + uint8_t macs[AKA_MAC_LEN]) +{ + uint8_t mac[16]; + + if (!f1andf1star(this, k, opc, rand, sqn, amf, mac)) + { + return FALSE; + } + /* only diff between f1 and f1* is here: + * f1 uses bytes 0-7 as MAC-A + * f1* uses bytes 8-15 as MAC-S */ + memcpy(macs, &mac[8], AKA_MAC_LEN); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f2345, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + uint8_t res[AKA_RES_LEN], uint8_t ck[AKA_CK_LEN], uint8_t ik[AKA_IK_LEN], + uint8_t ak[AKA_AK_LEN]) +{ + uint8_t data[16], iv[16] = { 0 }; + chunk_t temp; + uint8_t i; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), &temp)) + { + return FALSE; + } + + /* to obtain output block OUT2: XOR OPc and TEMP, + * rotate by r2=0, and XOR on the constant c2 (which is all zeroes except + * that the last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[i] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 1; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + + /* f5 output */ + memcpy(ak, data, 6); + /* f2 output */ + memcpy(res, &data[8], 8); + + /* to obtain output block OUT3: XOR OPc and TEMP, + * rotate by r3=32, and XOR on the constant c3 (which + * is all zeroes except that the next to last bit is 1) */ + for (i = 0; i < 16; i++) + { + data[(i + 12) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 2; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + + /* f3 output */ + memcpy(ck, data, 16); + + /* to obtain output block OUT4: XOR OPc and TEMP, + * rotate by r4=64, and XOR on the constant c4 (which + * is all zeroes except that the 2nd from last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[(i + 8) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 4; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + /* f4 output */ + memcpy(ik, data, 16); + chunk_free(&temp); + return TRUE; + +} + +METHOD(eap_aka_3gpp_functions_t, f5star, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + uint8_t aks[AKA_AK_LEN]) +{ + uint8_t i, data[16], iv[16] = { 0 }; + chunk_t temp; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), &temp)) + { + return FALSE; + } + + /* to obtain output block OUT5: XOR OPc and the output above, + * rotate by r5=96, and XOR on the constant c5 (which + * is all zeroes except that the 3rd from last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[(i + 4) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 8; + chunk_free(&temp); + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + memxor(data, opc, sizeof(data)); + memcpy(aks, data, 6); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, destroy, void, + private_eap_aka_3gpp_functions_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_functions_t *eap_aka_3gpp_functions_create() +{ + private_eap_aka_3gpp_functions_t *this; + + INIT(this, + .public = { + .f1 = _f1, + .f1star = _f1star, + .f2345 = _f2345, + .f5star = _f5star, + .destroy = _destroy, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16), + ); + if (!this->crypter) + { + DBG1(DBG_IKE, "%N not supported, unable to use 3GPP algorithm", + encryption_algorithm_names, ENCR_AES_CBC); + free(this); + return NULL; + } + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h new file mode 100644 index 000000000..c089cd385 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_functions eap_aka_3gpp_functions + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_FUNCTIONS_H_ +#define EAP_AKA_3GPP_FUNCTIONS_H_ + +#include <credentials/keys/shared_key.h> +#include <simaka_manager.h> +#include "eap_aka_3gpp_plugin.h" + +#define AKA_SQN_LEN 6 +#define AKA_K_LEN 16 +#define AKA_OPC_LEN 16 +#define AKA_MAC_LEN 8 +#define AKA_AK_LEN 6 +#define AKA_AMF_LEN 2 +#define AKA_RES_LEN 8 + +typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t; + +/** + * Get a shared key K and OPc of a particular user from the credential database. + * + * @param id user identity + * @param[out] k (16 byte) scratchpad to receive secret key K + * @param[out] opc (16 byte) scratchpad to receive operator variant key + * derivate OPc + */ +bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN], + uint8_t opc[AKA_OPC_LEN]); + +/** + * Get SQN using current time. Only used when creating/initializing + * an eap_aka_3gpp_card_t or eap_aka_3gpp_provider_t object. + * + * @param offset time offset to add to current time to avoid initial + * SQN resync + * @param[out] sqn (6 byte) scratchpad to receive generated SQN + */ +void eap_aka_3gpp_get_sqn(uint8_t sqn[AKA_SQN_LEN], int offset); + +/** + * f1, f1*(), f2345() and f5*() functions from 3GPP as specified + * in the TS 35.205, .206, .207, .208 standards. + */ +struct eap_aka_3gpp_functions_t { + + /** + * f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param sqn (48 bit) sequence number SQN + * @param amf (16 bit) authentication management field AMF + * @param[out] maca (64 bit) scratchpad to receive network auth code MAC-A + * @return TRUE if calculations successful + */ + bool (*f1)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], + uint8_t maca[AKA_MAC_LEN]); + + + /** + * f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param sqn (48 bit) sequence number SQN + * @param amf (16 bit) authentication management field AMF + * @param[out] macs (64 bit) scratchpad to receive resync auth code MAC-S + * @return TRUE if calculations successful + */ + bool (*f1star)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], + uint8_t macs[AKA_MAC_LEN]); + + /** + * f2345 : Do f2, f3, f4 and f5 in a single scoop, where: + * f2 : Calculates RES from RAND using K and OPc + * f3 : Calculates CK from RAND using K and OPc + * f4 : Calculates IK from RAND using K and OPc + * f5 : Calculates AK from RAND using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param[out] res (64 bit) scratchpad to receive signed response RES + * @param[out] ck (128 bit) scratchpad to receive encryption key CK + * @param[out] ik (128 bit) scratchpad to receive integrity key IK + * @param[out] ak (48 bit) scratchpad to receive anonymity key AK + * @return TRUE if calculations successful + */ + bool (*f2345)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], + uint8_t res[AKA_RES_LEN], uint8_t ck[AKA_CK_LEN], + uint8_t ik[AKA_IK_LEN], uint8_t ak[AKA_AK_LEN]); + + + /** + * f5* : Calculates resync AKS from RAND using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param[out] aks (48 bit) scratchpad to receive resync anonymity key AKS + * @return TRUE if calculations successful + */ + bool (*f5star)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], + uint8_t aks[AKA_AK_LEN]); + + /** + * Destroy a eap_aka_3gpp_functions_t. + */ + void (*destroy)(eap_aka_3gpp_functions_t *this); +}; + +/** + * Create a eap_aka_3gpp_functions instance. + * + * @return function set, NULL on error + */ +eap_aka_3gpp_functions_t *eap_aka_3gpp_functions_create(); + +#endif /** EAP_AKA_3GPP_FUNCTIONS_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c new file mode 100644 index 000000000..3d0e06146 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_plugin.h" +#include "eap_aka_3gpp_card.h" +#include "eap_aka_3gpp_provider.h" +#include "eap_aka_3gpp_functions.h" + +#include <daemon.h> + +typedef struct private_eap_aka_3gpp_t private_eap_aka_3gpp_t; + +/** + * Private data of an eap_aka_3gpp_t object. + */ +struct private_eap_aka_3gpp_t { + + /** + * Public eap_aka_3gpp_plugin_t interface. + */ + eap_aka_3gpp_plugin_t public; + + /** + * USIM/EAP-AKA card + */ + eap_aka_3gpp_card_t *card; + + /** + * EAP-AKA provider + */ + eap_aka_3gpp_provider_t *provider; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *functions; +}; + +METHOD(plugin_t, get_name, char*, + private_eap_aka_3gpp_t *this) +{ + return "eap-aka-3gpp"; +} + +/** + * Try to instanciate ea_aka_3gpp functions and card/provider backends + */ +static bool register_functions(private_eap_aka_3gpp_t *this, + plugin_feature_t *feature, bool reg, void *data) +{ + if (reg) + { + this->functions = eap_aka_3gpp_functions_create(); + if (!this->functions) + { + return FALSE; + } + this->card = eap_aka_3gpp_card_create(this->functions); + this->provider = eap_aka_3gpp_provider_create(this->functions); + return TRUE; + } + this->card->destroy(this->card); + this->provider->destroy(this->provider); + this->functions->destroy(this->functions); + this->card = NULL; + this->provider = NULL; + this->functions = NULL; + return TRUE; +} + +/** + * Callback providing our card to register + */ +static simaka_card_t* get_card(private_eap_aka_3gpp_t *this) +{ + return &this->card->card; +} + +/** + * Callback providing our provider to register + */ +static simaka_provider_t* get_provider(private_eap_aka_3gpp_t *this) +{ + return &this->provider->provider; +} + +METHOD(plugin_t, get_features, int, + private_eap_aka_3gpp_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((void*)register_functions, NULL), + PLUGIN_PROVIDE(CUSTOM, "eap-aka-3gpp-functions"), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_CALLBACK(simaka_manager_register, get_card), + PLUGIN_PROVIDE(CUSTOM, "aka-card"), + PLUGIN_DEPENDS(CUSTOM, "aka-manager"), + PLUGIN_DEPENDS(CUSTOM, "eap-aka-3gpp-functions"), + PLUGIN_CALLBACK(simaka_manager_register, get_provider), + PLUGIN_PROVIDE(CUSTOM, "aka-provider"), + PLUGIN_DEPENDS(CUSTOM, "aka-manager"), + PLUGIN_DEPENDS(CUSTOM, "eap-aka-3gpp-functions"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, private_eap_aka_3gpp_t *this) +{ + free(this); +} + +/** + * See header + */ +plugin_t *eap_aka_3gpp_plugin_create() +{ + private_eap_aka_3gpp_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h new file mode 100644 index 000000000..e101f4be6 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp eap_aka_3gpp + * @ingroup cplugins + * + * @defgroup eap_aka_3gpp_plugin eap_aka_3gpp_plugin + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_PLUGIN_H_ +#define EAP_AKA_3GPP_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct eap_aka_3gpp_plugin_t eap_aka_3gpp_plugin_t; + +/** + * Plugin to provide a USIM card/provider according to the 3GPP standard. + * + * This plugin implements the 3GPP standards TS 35.205, .206, .207, .208 + * completely in software using the MILENAGE algorithm. + * The shared keys used for authentication (K, OPc) are from ipsec.secrets. + * The peers ID is used to query it. + * + * To enable SEQ sequence check by default define SEQ_CHECK. Left undefined/off, + * it makes the USIM 'card' to accept any SEQ number, not comparing received + * SQN with its own locally stored value. This potentially allows an attacker + * to do replay attacks. But since the server has proven his identity via IKE, + * such an attack is only possible between server and AAA (if any). + * Note that SEQ_CHECK only controls the compile-time default behaviour, + * but the run-time behaviour can always be controlled by setting the + * charon.plugins.eap-aka-3gpp.seq_check config variable. + */ +struct eap_aka_3gpp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * The AKA mechanism uses sequence numbers to detect replay attacks. The + * peer stores the sequence number normally in a USIM and accepts + * incremental sequence numbers (incremental for lifetime of the USIM). To + * prevent a complex sequence number management, this implementation uses + * a sequence number derived from time. It is initialized to the startup + * time of the daemon. On the provider side, an offset can optionally be + * added to allow for a time sqew towards the card side. + */ +#define SQN_TIME_OFFSET 180 + +#endif /** EAP_AKA_3GPP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c new file mode 100644 index 000000000..d5112d390 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_provider.h" + +#include <daemon.h> + +typedef struct private_eap_aka_3gpp_provider_t private_eap_aka_3gpp_provider_t; + +/** + * Private data of an eap_aka_3gpp_provider_t object. + */ +struct private_eap_aka_3gpp_provider_t { + + /** + * Public eap_aka_3gpp_provider_t interface. + */ + eap_aka_3gpp_provider_t public; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *f; + + /** + * time based SQN, we use the same for all peers + */ + uint8_t sqn[AKA_SQN_LEN]; +}; + +/** Authentication management field, AMF, as defined in 3GPP TS 33.102 V12.2.0 + * + * The 16 bits in the AMF are numbered from "0" to "15" where bit "0" is + * the most significant bit and bit "15" is the least significant bit. + * Bit "0" is called the "AMF separation bit". It is used for the purposes + * of EPS (Evolved Packet System) and is specified in + * - TS 33.401 [28] for E-UTRAN access to EPS; + * - TS 33.402 [29] for non-3GPP access to EPS. + * Bits "1" to "7" are reserved for future standardization use. + * Bits "1" to "7" shall be set to 0 while not yet specified for a particular use. + * Bits "8" to "15" can be used for proprietary purposes. + */ +static const uint8_t amf[AKA_AMF_LEN] = {0x80, 0x00}; + +METHOD(simaka_provider_t, get_quintuplet, bool, + private_eap_aka_3gpp_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]) +{ + rng_t *rng; + uint8_t maca[AKA_MAC_LEN], ak[AKA_AK_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN]; + + /* generate RAND: we use a RNG already registered as f0(). */ + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng || !rng->get_bytes(rng, AKA_RAND_LEN, rand)) + { + DBG1(DBG_IKE, "generating RAND for AKA failed"); + DESTROY_IF(rng); + return FALSE; + } + rng->destroy(rng); + DBG3(DBG_IKE, "generated rand %b", rand, AKA_RAND_LEN); + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* generate MAC and XRES, CK, IK, AK */ + if (!this->f->f1(this->f, k, opc, rand, this->sqn, amf, maca) || + !this->f->f2345(this->f, k, opc, rand, xres, ck, ik, ak)) + { + return FALSE; + } + *xres_len = AKA_RES_LEN; + + /* create AUTN = (SQN xor AK) || AMF || MAC */ + memcpy(autn, this->sqn, AKA_SQN_LEN); + memxor(autn, ak, AKA_AK_LEN); + memcpy(autn + AKA_SQN_LEN, amf, AKA_AMF_LEN); + memcpy(autn + AKA_SQN_LEN + AKA_AMF_LEN, maca, AKA_MAC_LEN); + DBG3(DBG_IKE, "AUTN %b", autn, AKA_AUTN_LEN); + + chunk_increment(chunk_create(this->sqn, AKA_SQN_LEN)); + + return TRUE; +} + +METHOD(simaka_provider_t, resync, bool, + private_eap_aka_3gpp_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + uint8_t *sqn, *macs; + uint8_t aks[AKA_AK_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN], amfs[AKA_AMF_LEN], + xmacs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* get SQNms out of the AUTS the card created as: + * AUTS = (SQNms xor AKS) || MAC-S */ + sqn = auts; + macs = auts + AKA_SQN_LEN; + if (!this->f->f5star(this->f, k, opc, rand, aks)) + { + return FALSE; + } + memxor(sqn, aks, AKA_AK_LEN); + + /* generate resync XMAC-S... */ + memset(amfs, 0, AKA_AMF_LEN); + if (!this->f->f1star(this->f, k, opc, rand, sqn, amfs, xmacs)) + { + return FALSE; + } + /* ...and compare it with the card's MAC-S */ + if (!memeq_const(xmacs, macs, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MACS does not match XMACS"); + DBG3(DBG_IKE, "MACS %b XMACS %b", + macs, AKA_MAC_LEN, xmacs, AKA_MAC_LEN); + return FALSE; + } + /* update stored SQN to received SQN + 1 */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + chunk_increment(chunk_create(this->sqn, AKA_SQN_LEN)); + return TRUE; +} + +METHOD(eap_aka_3gpp_provider_t, destroy, void, + private_eap_aka_3gpp_provider_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_provider_t *eap_aka_3gpp_provider_create( + eap_aka_3gpp_functions_t *f) +{ + private_eap_aka_3gpp_provider_t *this; + + INIT(this, + .public = { + .provider = { + .get_triplet = (void*)return_false, + .get_quintuplet = _get_quintuplet, + .resync = _resync, + .is_pseudonym = (void*)return_null, + .gen_pseudonym = (void*)return_null, + .is_reauth = (void*)return_null, + .gen_reauth = (void*)return_null, + }, + .destroy = _destroy, + }, + .f = f, + ); + /* use an offset to accept clock skew between client/server without resync */ + eap_aka_3gpp_get_sqn(this->sqn, SQN_TIME_OFFSET); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h new file mode 100644 index 000000000..6af8b4b4f --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_provider eap_aka_3gpp_provider + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_PROVIDER_H_ +#define EAP_AKA_3GPP_PROVIDER_H_ + +#include "eap_aka_3gpp_functions.h" + +#include <simaka_provider.h> + +typedef struct eap_aka_3gpp_provider_t eap_aka_3gpp_provider_t; + +/** + * SIM provider implementation using a set of AKA functions. + */ +struct eap_aka_3gpp_provider_t { + + /** + * Implements simaka_provider_t interface. + */ + simaka_provider_t provider; + + /** + * Destroy a eap_aka_3gpp_provider_t. + */ + void (*destroy)(eap_aka_3gpp_provider_t *this); +}; + +/** + * Create a eap_aka_3gpp_provider instance. + */ +eap_aka_3gpp_provider_t *eap_aka_3gpp_provider_create( + eap_aka_3gpp_functions_t *f); + +#endif /** EAP_AKA_3GPP_PROVIDER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 478225562..a14afbc55 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 2591dee55..e6427106a 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 08d8ef8f6..0075513b2 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 4859833ba..7481fe377 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 796d42f14..f26a58550 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 00a9f73da..abc3081b8 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index df3c2eae2..8e8597cab 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index d8ebeb8b5..938243394 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 0c302af51..e1f5be06a 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -477,7 +477,7 @@ static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this, .interim = { .last = now, }, - /* default terminate cause, if none other catched */ + /* default terminate cause, if none other caught */ .cause = ACCT_CAUSE_USER_REQUEST, ); snprintf(entry->sid, sizeof(entry->sid), "%u-%u", this->prefix, unique); diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 6c2584ae4..f7b2d3e2d 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index b2473725a..a78155080 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 88c31a95e..28e7b4612 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 62c8ca11e..98d4fe9cc 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index ef20102bb..539dc657e 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index c9af52fa9..284178e13 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index dfe6d8b03..9e69e068c 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 902d79d76..6f5d3a466 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 53fb187fd..5a9310a7d 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 1514f4011..7322bc036 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -321,8 +321,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -423,6 +421,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,6 +451,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c index 959c4c67d..6b9622ae3 100644 --- a/src/libcharon/plugins/error_notify/error_notify_socket.c +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -94,7 +94,6 @@ METHOD(error_notify_socket_t, notify, void, DBG1(DBG_CFG, "sending notify failed: %s", strerror(errno)); break; } - break; } } enumerator->destroy(enumerator); @@ -146,7 +145,7 @@ error_notify_socket_t *error_notify_socket_create() this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { - DBG1(DBG_CFG, "creating duplicheck socket failed"); + DBG1(DBG_CFG, "creating error-notify socket failed"); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index c3a18191f..8ab170b6d 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 3de99da38..4328db1f9 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c index e19fc5972..28ced546e 100644 --- a/src/libcharon/plugins/farp/farp_listener.c +++ b/src/libcharon/plugins/farp/farp_listener.c @@ -101,6 +101,7 @@ METHOD(listener_t, child_updown, bool, entry->remote->destroy_offset(entry->remote, offsetof(traffic_selector_t, destroy)); free(entry); + break; } } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index 5263ccd43..15589b35d 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index d82bdd28e..cdf33f61f 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 02243e47c..adb40765e 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index d9c172c1d..6164f5c7b 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 9f1a490cf..e604be758 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 7f25c5202..8d653104e 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -352,8 +352,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -454,6 +452,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -482,6 +482,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index c411b829d..8ddaa71d3 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1141,7 +1141,7 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, METHOD(kernel_ipsec_t, get_features, kernel_feature_t, private_kernel_netlink_ipsec_t *this) { - return KERNEL_ESP_V3_TFC; + return KERNEL_ESP_V3_TFC | KERNEL_POLICY_SPI; } /** @@ -2409,11 +2409,13 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, struct xfrm_user_tmpl *tmpl; struct { uint8_t proto; + uint32_t spi; bool use; } protos[] = { - { IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, - { IPPROTO_ESP, ipsec->cfg.esp.use }, - { IPPROTO_AH, ipsec->cfg.ah.use }, + { IPPROTO_COMP, htonl(ntohs(ipsec->cfg.ipcomp.cpi)), + ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, + { IPPROTO_ESP, ipsec->cfg.esp.spi, ipsec->cfg.esp.use }, + { IPPROTO_AH, ipsec->cfg.ah.spi, ipsec->cfg.ah.use }, }; ipsec_mode_t proto_mode = ipsec->cfg.mode; int count = 0; @@ -2441,6 +2443,10 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, } tmpl->reqid = ipsec->cfg.reqid; tmpl->id.proto = protos[i].proto; + if (policy->direction == POLICY_OUT) + { + tmpl->id.spi = protos[i].spi; + } tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(proto_mode); tmpl->optional = protos[i].proto == IPPROTO_COMP && diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index cf85cb0a6..f3b5b1d4a 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) { struct nlmsghdr *hdr; char buf[this->buflen]; - ssize_t len; + ssize_t len, read_len; + bool wipe = FALSE; - len = read_msg(this, buf, sizeof(buf), block); + len = read_len = read_msg(this, buf, sizeof(buf), block); if (len == -1) { return TRUE; @@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = (struct nlmsghdr*)buf; while (NLMSG_OK(hdr, len)) { + if (this->protocol == NETLINK_XFRM && + hdr->nlmsg_type == XFRM_MSG_NEWSA) + { /* wipe potential IPsec SA keys */ + wipe = TRUE; + } if (!queue(this, hdr)) { break; @@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = NLMSG_NEXT(hdr, len); } } + if (wipe) + { + memwipe(buf, read_len); + } return FALSE; } diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index b27408a3f..0ef880035 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index e7005bbff..1f232502a 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 6d06ee179..da7ae472d 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1831,7 +1831,7 @@ METHOD(enumerator_t, enumerate_subnets, bool, for (; this->current < this->buf + this->len; this->current += rtm->rtm_msglen) { - struct sockaddr *netmask; + struct sockaddr *netmask = NULL; uint8_t netbits = 0; rtm = (struct rt_msghdr*)this->current; @@ -1864,7 +1864,7 @@ METHOD(enumerator_t, enumerate_subnets, bool, this->ifname = strndup(sdl->sdl_data, sdl->sdl_nlen); } } - if (this->net) + if (this->net && netmask) { netbits = sockaddr_to_netmask(netmask, this->net); } diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index ffdae84c0..263ec5d64 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -321,8 +321,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -423,6 +421,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,6 +451,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 7f820292d..54a7ccf44 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index c55e3578c..b25f3a669 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -323,8 +323,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -425,6 +423,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -453,6 +453,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index ba86d3788..4db0b7dc2 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -319,8 +319,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -421,6 +419,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,6 +449,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index e2d63be1c..721edbdd5 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 10b48daa3..81d895df1 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 8e0b10eb0..e9bd93803 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 954a43dc8..7ccbfb102 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index add1f547f..2e4ea256d 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 5e166f28f..0db2cb187 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 9aac31894..5f3517c25 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index b87afa4a6..54e9ed9b9 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 595651f21..1971282a1 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 8f1e43926..6efd3e189 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 5c146190d..e0b813d6b 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 00ed693eb..86728515f 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -102,10 +102,11 @@ static void add_traffic_selectors(private_sql_config_t *this, bool local; e = this->db->query(this->db, - "SELECT kind, type, protocol, " - "start_addr, end_addr, start_port, end_port " - "FROM traffic_selectors JOIN child_config_traffic_selector " - "ON id = traffic_selector WHERE child_cfg = ?", + "SELECT ct.kind, t.type, t.protocol, " + "t.start_addr, t.end_addr, t.start_port, t.end_port " + "FROM traffic_selectors AS t " + "JOIN child_config_traffic_selector AS ct " + "ON t.id = ct.traffic_selector WHERE ct.child_cfg = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_BLOB, DB_BLOB, DB_INT, DB_INT); @@ -131,9 +132,9 @@ static void add_esp_proposals(private_sql_config_t *this, bool use_default = TRUE; e = this->db->query(this->db, - "SELECT proposal " - "FROM proposals JOIN child_config_proposal ON id = prop " - "WHERE child_cfg = ? ORDER BY prio", + "SELECT p.proposal " + "FROM proposals AS p JOIN child_config_proposal AS cp " + "ON p.id = cp.prop WHERE cp.child_cfg = ? ORDER BY cp.prio", DB_INT, id, DB_TEXT); if (e) { @@ -202,10 +203,11 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) child_cfg_t *child_cfg; e = this->db->query(this->db, - "SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, " - "mode, start_action, dpd_action, close_action, ipcomp, reqid " - "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " - "WHERE peer_cfg = ?", + "SELECT c.id, c.name, c.lifetime, c.rekeytime, c.jitter, c.updown, " + "c.hostaccess, c.mode, c.start_action, c.dpd_action, " + "c.close_action, c.ipcomp, c.reqid " + "FROM child_configs AS c JOIN peer_config_child_config AS pc " + "ON c.id = pc.child_cfg WHERE pc.peer_cfg = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); @@ -231,9 +233,10 @@ static void add_ike_proposals(private_sql_config_t *this, bool use_default = TRUE; e = this->db->query(this->db, - "SELECT proposal " - "FROM proposals JOIN ike_config_proposal ON id = prop " - "WHERE ike_cfg = ? ORDER BY prio", + "SELECT p.proposal " + "FROM proposals AS p " + "JOIN ike_config_proposal AS ip ON p.id = ip.prop " + "WHERE ip.ike_cfg = ? ORDER BY ip.prio", DB_INT, id, DB_TEXT); if (e) { @@ -288,8 +291,8 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, - "SELECT id, certreq, force_encap, local, remote " - "FROM ike_configs WHERE id = ?", + "SELECT c.id, c.certreq, c.force_encap, c.local, c.remote " + "FROM ike_configs AS c WHERE c.id = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (e) @@ -310,16 +313,16 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) peer_cfg_t *peer_cfg = NULL; e = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE id = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.id = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, @@ -465,16 +468,16 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, peer_cfg_t *peer_cfg = NULL; e = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE ike_version = ? AND name = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.ike_version = ? AND c.name = ?", DB_INT, 2, DB_TEXT, name, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, @@ -544,8 +547,8 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, .other = other, ); e->inner = this->db->query(this->db, - "SELECT id, certreq, force_encap, local, remote " - "FROM ike_configs", + "SELECT c.id, c.certreq, c.force_encap, " + "c.local, c.remote FROM ike_configs AS c", DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (!e->inner) { @@ -613,16 +616,16 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, /* TODO: only get configs whose IDs match exactly or contain wildcards */ e->inner = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE ike_version = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.ike_version = ?", DB_INT, 2, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 3317de6c8..9ba0bf1c9 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -110,7 +110,8 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, else { e->inner = this->db->query(this->db, - "SELECT type, data FROM private_keys WHERE (? OR type = ?)", + "SELECT p.type, p.data FROM private_keys AS p " + "WHERE (? OR p.type = ?)", DB_INT, type == KEY_ANY, DB_INT, type, DB_INT, DB_BLOB); } @@ -197,8 +198,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, else { e->inner = this->db->query(this->db, - "SELECT type, data FROM certificates WHERE " - "(? OR type = ?) AND (? OR keytype = ?)", + "SELECT c.type, c.data FROM certificates AS c WHERE " + "(? OR c.type = ?) AND (? OR c.keytype = ?)", DB_INT, cert == CERT_ANY, DB_INT, cert, DB_INT, key == KEY_ANY, DB_INT, key, DB_INT, DB_BLOB); @@ -286,7 +287,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, if (!me && !other) { e->inner = this->db->query(this->db, - "SELECT type, data FROM shared_secrets WHERE (? OR type = ?)", + "SELECT s.type, s.data FROM shared_secrets AS s " + "WHERE (? OR s.type = ?)", DB_INT, type == SHARED_ANY, DB_INT, type, DB_INT, DB_BLOB); } diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 0af607fd7..70374b32f 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 00f74831c..ac0129210 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -136,7 +136,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, /** * parse a proposal string, either into ike_cfg or child_cfg */ -static void add_proposals(private_stroke_config_t *this, char *string, +static bool add_proposals(private_stroke_config_t *this, char *string, ike_cfg_t *ike_cfg, child_cfg_t *child_cfg, protocol_id_t proto) { if (string) @@ -170,10 +170,11 @@ static void add_proposals(private_stroke_config_t *this, char *string, continue; } DBG1(DBG_CFG, "skipped invalid proposal string: %s", single); + return FALSE; } if (strict) { - return; + return TRUE; } /* add default porposal to the end if not strict */ } @@ -187,6 +188,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, child_cfg->add_proposal(child_cfg, proposal_create_default(proto)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto)); } + return TRUE; } /** @@ -289,7 +291,12 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.fragmentation, msg->add_conn.ikedscp); - add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL, PROTO_IKE); + if (!add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, + NULL, PROTO_IKE)) + { + ike_cfg->destroy(ike_cfg); + return NULL; + } return ike_cfg; } @@ -1050,6 +1057,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { child_cfg_t *child_cfg; + bool success; child_cfg_create_t child = { .lifetime = { .time = { @@ -1100,13 +1108,18 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, if (msg->add_conn.algorithms.ah) { - add_proposals(this, msg->add_conn.algorithms.ah, - NULL, child_cfg, PROTO_AH); + success = add_proposals(this, msg->add_conn.algorithms.ah, + NULL, child_cfg, PROTO_AH); } else { - add_proposals(this, msg->add_conn.algorithms.esp, - NULL, child_cfg, PROTO_ESP); + success = add_proposals(this, msg->add_conn.algorithms.esp, + NULL, child_cfg, PROTO_ESP); + } + if (!success) + { + child_cfg->destroy(child_cfg); + return NULL; } return child_cfg; } diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 327443020..278eaa17b 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 438001baf..3b146e1ee 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index abc77433a..3452080a8 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 46f4e4f85..2c127985c 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 245bbd471..b82c37966 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index ef0f33ce3..4c648fbad 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index fd2b89849..cd3dafb08 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -409,8 +409,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -511,6 +509,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -539,6 +539,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 0e9626aa3..f48eb6abb 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 7d5383290..7d5944ab1 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -249,8 +249,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -351,6 +349,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -379,6 +379,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index 5691a74d1..b1222765b 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -470,8 +474,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@uninstall-local: @RUBY_GEMS_INSTALL_FALSE@install-data-local: +@RUBY_GEMS_INSTALL_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb index bcf1a17be..f846a14af 100644 --- a/src/libcharon/plugins/vici/ruby/lib/vici.rb +++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb @@ -550,7 +550,7 @@ module Vici # Listen for a set of event messages. This call is blocking, and invokes # the passed closure for each event received. The closure receives the # event name and the event message as argument. To stop listening, the - # closure may raise a StopEventListening exception, the only catched + # closure may raise a StopEventListening exception, the only caught # exception. def listen_events(events, &block) self.class.instance_eval do diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 0347c5f53..50c790af5 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 28158a373..7d3dc897b 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 1dc267545..8b937bb8d 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index a610bab2a..ff2e6e9ab 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index 8c31f2472..0f320dfeb 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 3d9f6133b..4133d9182 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -40,10 +40,10 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, "DESTROYING", ); -ENUM(child_sa_outbound_state_names, CHILD_OUTBOUND_NONE, CHILD_OUTBOUND_INSTALLED, - "NONE", +ENUM_FLAGS(child_sa_outbound_state_names, CHILD_OUTBOUND_REGISTERED, CHILD_OUTBOUND_POLICIES, "REGISTERED", - "INSTALLED", + "SA", + "POLICIES", ); typedef struct private_child_sa_t private_child_sa_t; @@ -296,12 +296,15 @@ METHOD(child_sa_t, get_config, child_cfg_t*, METHOD(child_sa_t, set_state, void, private_child_sa_t *this, child_sa_state_t state) { - DBG2(DBG_CHD, "CHILD_SA %s{%d} state change: %N => %N", - get_name(this), this->unique_id, - child_sa_state_names, this->state, - child_sa_state_names, state); - charon->bus->child_state_change(charon->bus, &this->public, state); - this->state = state; + if (this->state != state) + { + DBG2(DBG_CHD, "CHILD_SA %s{%d} state change: %N => %N", + get_name(this), this->unique_id, + child_sa_state_names, this->state, + child_sa_state_names, state); + charon->bus->child_state_change(charon->bus, &this->public, state); + this->state = state; + } } METHOD(child_sa_t, get_state, child_sa_state_t, @@ -547,7 +550,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) } else { - if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) + if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA)) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -788,7 +791,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, { tfc = this->config->get_tfc(this->config); } - this->outbound_state = CHILD_OUTBOUND_INSTALLED; + this->outbound_state |= CHILD_OUTBOUND_SA; } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", @@ -1188,6 +1191,7 @@ METHOD(child_sa_t, install_policies, status_t, linked_list_t *my_ts_list, *other_ts_list; traffic_selector_t *my_ts, *other_ts; status_t status = SUCCESS; + bool install_outbound = FALSE; if (!this->reqid_allocated && !this->static_reqid) { @@ -1207,12 +1211,17 @@ METHOD(child_sa_t, install_policies, status_t, this->reqid_allocated = TRUE; } + if (!(this->outbound_state & CHILD_OUTBOUND_REGISTERED)) + { + install_outbound = TRUE; + this->outbound_state |= CHILD_OUTBOUND_POLICIES; + } + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; - bool install_outbound; prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); @@ -1222,7 +1231,6 @@ METHOD(child_sa_t, install_policies, status_t, this->trap = this->state == CHILD_CREATED; priority = this->trap ? POLICY_PRIORITY_ROUTED : POLICY_PRIORITY_DEFAULT; - install_outbound = this->outbound_state != CHILD_OUTBOUND_REGISTERED; /* enumerate pairs of traffic selectors */ enumerator = create_policy_enumerator(this); @@ -1250,7 +1258,6 @@ METHOD(child_sa_t, install_policies, status_t, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority, manual_prio); - } if (status != SUCCESS) { @@ -1267,21 +1274,35 @@ METHOD(child_sa_t, install_policies, status_t, return status; } -METHOD(child_sa_t, register_outbound, void, +METHOD(child_sa_t, register_outbound, status_t, private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, uint16_t cpi, bool tfcv3) { - DBG2(DBG_CHD, "registering outbound %N SA", protocol_id_names, - this->protocol); - DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), this->my_addr, - this->other_addr); - - this->other_spi = spi; - this->other_cpi = cpi; - this->encr_r = chunk_clone(encr); - this->integ_r = chunk_clone(integ); - this->tfcv3 = tfcv3; - this->outbound_state = CHILD_OUTBOUND_REGISTERED; + status_t status; + + /* if the kernel supports installing SPIs with policies we install the + * SA immediately as it will only be used once we update the policies */ + if (charon->kernel->get_features(charon->kernel) & KERNEL_POLICY_SPI) + { + status = install_internal(this, encr, integ, spi, cpi, FALSE, FALSE, + tfcv3); + } + else + { + DBG2(DBG_CHD, "registering outbound %N SA", protocol_id_names, + this->protocol); + DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), this->my_addr, + this->other_addr); + + this->other_spi = spi; + this->other_cpi = cpi; + this->encr_r = chunk_clone(encr); + this->integ_r = chunk_clone(integ); + this->tfcv3 = tfcv3; + status = SUCCESS; + } + this->outbound_state |= CHILD_OUTBOUND_REGISTERED; + return status; } METHOD(child_sa_t, install_outbound, status_t, @@ -1289,18 +1310,23 @@ METHOD(child_sa_t, install_outbound, status_t, { enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - status_t status; + status_t status = SUCCESS; - status = install_internal(this, this->encr_r, this->integ_r, - this->other_spi, this->other_cpi, FALSE, FALSE, - this->tfcv3); - chunk_clear(&this->encr_r); - chunk_clear(&this->integ_r); + if (!(this->outbound_state & CHILD_OUTBOUND_SA)) + { + status = install_internal(this, this->encr_r, this->integ_r, + this->other_spi, this->other_cpi, FALSE, + FALSE, this->tfcv3); + chunk_clear(&this->encr_r); + chunk_clear(&this->integ_r); + } + this->outbound_state &= ~CHILD_OUTBOUND_REGISTERED; if (status != SUCCESS) { return status; } - if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + !(this->outbound_state & CHILD_OUTBOUND_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; @@ -1331,6 +1357,7 @@ METHOD(child_sa_t, install_outbound, status_t, } enumerator->destroy(enumerator); } + this->outbound_state |= CHILD_OUTBOUND_POLICIES; return status; } @@ -1340,20 +1367,19 @@ METHOD(child_sa_t, remove_outbound, void, enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - switch (this->outbound_state) + if (!(this->outbound_state & CHILD_OUTBOUND_SA)) { - case CHILD_OUTBOUND_INSTALLED: - break; - case CHILD_OUTBOUND_REGISTERED: + if (this->outbound_state & CHILD_OUTBOUND_REGISTERED) + { chunk_clear(&this->encr_r); chunk_clear(&this->integ_r); this->outbound_state = CHILD_OUTBOUND_NONE; - /* fall-through */ - case CHILD_OUTBOUND_NONE: - return; + } + return; } - if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + (this->outbound_state & CHILD_OUTBOUND_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; @@ -1598,8 +1624,8 @@ METHOD(child_sa_t, destroy, void, prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); - del_outbound = this->trap || - this->outbound_state == CHILD_OUTBOUND_INSTALLED; + del_outbound = (this->outbound_state & CHILD_OUTBOUND_POLICIES) || + this->trap; /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); @@ -1640,7 +1666,7 @@ METHOD(child_sa_t, destroy, void, }; charon->kernel->del_sa(charon->kernel, &id, &sa); } - if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) + if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA)) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -1719,7 +1745,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, { private_child_sa_t *this; static refcount_t unique_id = 0, unique_mark = 0; - refcount_t mark; + refcount_t mark = 0; INIT(this, .public = { @@ -1792,16 +1818,33 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, { this->mark_out.value = mark_out; } - if (this->mark_in.value == MARK_UNIQUE || - this->mark_out.value == MARK_UNIQUE) + + if (MARK_IS_UNIQUE(this->mark_in.value) || + MARK_IS_UNIQUE(this->mark_out.value)) { - mark = ref_get(&unique_mark); - if (this->mark_in.value == MARK_UNIQUE) + bool unique_dir; + + unique_dir = this->mark_in.value == MARK_UNIQUE_DIR || + this->mark_out.value == MARK_UNIQUE_DIR; + + if (!unique_dir) + { + mark = ref_get(&unique_mark); + } + if (MARK_IS_UNIQUE(this->mark_in.value)) { + if (unique_dir) + { + mark = ref_get(&unique_mark); + } this->mark_in.value = mark; } - if (this->mark_out.value == MARK_UNIQUE) + if (MARK_IS_UNIQUE(this->mark_out.value)) { + if (unique_dir) + { + mark = ref_get(&unique_mark); + } this->mark_out.value = mark; } } diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index b9a913da1..082404d93 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -102,17 +102,28 @@ enum child_sa_outbound_state_t { /** * Outbound SA is not installed */ - CHILD_OUTBOUND_NONE, + CHILD_OUTBOUND_NONE = 0, /** - * Data for the outbound SA has been registered, but not installed yet + * Data for the outbound SA has been registered during a rekeying (not set + * once the SA and policies are both installed) */ - CHILD_OUTBOUND_REGISTERED, + CHILD_OUTBOUND_REGISTERED = (1<<0), /** - * The outbound SA is currently installed + * The outbound SA has been installed */ - CHILD_OUTBOUND_INSTALLED, + CHILD_OUTBOUND_SA = (1<<1), + + /** + * The outbound policies have been installed + */ + CHILD_OUTBOUND_POLICIES = (1<<2), + + /** + * The outbound SA and policies are both installed + */ + CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES), }; /** @@ -400,20 +411,23 @@ struct child_sa_t { * Register data for the installation of an outbound SA as responder during * a rekeying. * - * The SA is not installed until install_outbound() is called. + * If the kernel is able to handle SPIs on policies the SA is installed + * immediately, if not it won't be installed until install_outbound() is + * called. * * @param encr encryption key, if any (cloned) * @param integ integrity key (cloned) * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param tfcv3 TRUE if peer supports ESPv3 TFC + * @return SUCCESS or FAILED */ - void (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, - uint32_t spi, uint16_t cpi, bool tfcv3); + status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, + uint32_t spi, uint16_t cpi, bool tfcv3); /** - * Install the outbound SA and the outbound policies as responder during a - * rekeying. + * Install the outbound policies and, if not already done, the outbound SA + * as responder during a rekeying. * * @return SUCCESS or FAILED */ diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 48ec3e7f5..3472d2c35 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1805,8 +1805,12 @@ METHOD(task_manager_t, queue_child_rekey, void, if (is_redundant(this, child_sa)) { child_sa->set_state(child_sa, CHILD_REKEYED); - queue_task(this, (task_t*)quick_delete_create(this->ike_sa, + if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed", + FALSE, lib->ns)) + { + queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, spi, FALSE, FALSE)); + } } else { diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 8be82ebe2..49b476ad8 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -396,10 +396,6 @@ static bool install(private_quick_mode_t *this) charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, this->dh, this->nonce_i, this->nonce_r); - /* add to IKE_SA, and remove from task */ - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); - my_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( @@ -415,6 +411,9 @@ static bool install(private_quick_mode_t *this) my_ts->destroy(my_ts); other_ts->destroy(other_ts); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); + if (this->rekey) { old = this->ike_sa->get_child_sa(this->ike_sa, diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 70dacd1dc..0c41c68d0 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -342,10 +342,13 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, * the nonces. */ switch (alg) { + case PRF_AES128_CMAC: + /* while variable keys may be used according to RFC 4615, RFC 7296 + * explicitly limits the key size to 128 bit for this application */ case PRF_AES128_XCBC: - /* while rfc4434 defines variable keys for AES-XCBC, rfc3664 does + /* while RFC 4434 defines variable keys for AES-XCBC, RFC 3664 does * not and therefore fixed key semantics apply to XCBC for key - * derivation. */ + * derivation, which is also reinforced by RFC 7296 */ case PRF_CAMELLIA128_XCBC: /* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we * assume fixed key length. */ diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 896cabb2b..cac3bc0a2 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -478,6 +478,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh, bool ike_auth) { status_t status, status_i, status_o; + child_sa_outbound_state_t out_state; chunk_t nonce_i, nonce_r; chunk_t encr_i = chunk_empty, encr_r = chunk_empty; chunk_t integ_i = chunk_empty, integ_r = chunk_empty; @@ -678,29 +679,42 @@ static status_t select_and_install(private_child_create_t *this, status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, this->initiator, TRUE, this->tfcv3); - status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->other_spi, this->other_cpi, this->initiator, - FALSE, this->tfcv3); } - else if (!this->rekey) + else { status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, this->my_spi, this->my_cpi, this->initiator, TRUE, this->tfcv3); - status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, + } + if (this->rekey) + { /* during rekeyings we install the outbound SA and/or policies + * separately: as responder when we receive the delete for the old + * SA, as initiator pretty much immediately in the ike-rekey task, + * unless there was a rekey collision that we lost */ + if (this->initiator) + { + status_o = this->child_sa->register_outbound(this->child_sa, + encr_i, integ_i, this->other_spi, this->other_cpi, + this->tfcv3); + } + else + { + status_o = this->child_sa->register_outbound(this->child_sa, + encr_r, integ_r, this->other_spi, this->other_cpi, + this->tfcv3); + } + } + else if (this->initiator) + { + status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, this->other_spi, this->other_cpi, this->initiator, FALSE, this->tfcv3); } else - { /* as responder during a rekeying we only install the inbound - * SA now, the outbound SA and policies are installed when we - * receive the delete for the old SA */ - status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->my_spi, this->my_cpi, this->initiator, - TRUE, this->tfcv3); - this->child_sa->register_outbound(this->child_sa, encr_r, integ_r, - this->other_spi, this->other_cpi, this->tfcv3); - status_o = SUCCESS; + { + status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, + this->other_spi, this->other_cpi, this->initiator, + FALSE, this->tfcv3); } } @@ -745,20 +759,15 @@ static status_t select_and_install(private_child_create_t *this, charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, this->dh, nonce_i, nonce_r); - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); - this->established = TRUE; - - schedule_inactivity_timeout(this); - my_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, FALSE)); + out_state = this->child_sa->get_outbound_state(this->child_sa); DBG0(DBG_IKE, "%sCHILD_SA %s{%d} established " "with SPIs %.8x_i %.8x_o and TS %#R === %#R", - this->rekey && !this->initiator ? "inbound " : "", + (out_state == CHILD_OUTBOUND_INSTALLED) ? "" : "inbound ", this->child_sa->get_name(this->child_sa), this->child_sa->get_unique_id(this->child_sa), ntohl(this->child_sa->get_spi(this->child_sa, TRUE)), @@ -767,6 +776,12 @@ static status_t select_and_install(private_child_create_t *this, my_ts->destroy(my_ts); other_ts->destroy(other_ts); + + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); + this->established = TRUE; + + schedule_inactivity_timeout(this); return SUCCESS; } @@ -1007,17 +1022,6 @@ METHOD(task_t, build_i, status_t, break; } - if (this->reqid) - { - DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", - this->config->get_name(this->config), this->reqid); - } - else - { - DBG0(DBG_IKE, "establishing CHILD_SA %s", - this->config->get_name(this->config)); - } - /* check if we want a virtual IP, but don't have one */ list = linked_list_create(); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -1070,6 +1074,19 @@ METHOD(task_t, build_i, status_t, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY), this->mark_in, this->mark_out); + if (this->reqid) + { + DBG0(DBG_IKE, "establishing CHILD_SA %s{%d} reqid %d", + this->child_sa->get_name(this->child_sa), + this->child_sa->get_unique_id(this->child_sa), this->reqid); + } + else + { + DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", + this->child_sa->get_name(this->child_sa), + this->child_sa->get_unique_id(this->child_sa)); + } + if (!allocate_spi(this)) { DBG1(DBG_IKE, "unable to allocate SPIs from kernel"); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 626796383..2217295b6 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -196,7 +196,6 @@ static void install_outbound(private_child_delete_t *this, /* FIXME: delete the new child_sa? */ return; } - child_sa->set_state(child_sa, CHILD_INSTALLED); my_ts = linked_list_create_from_enumerator( child_sa->create_ts_enumerator(child_sa, TRUE)); diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 761c860e7..b67e9b80f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2016 Tobias Brunner + * Copyright (C) 2009-2017 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -283,7 +283,8 @@ METHOD(task_t, build_r, status_t, /** * Handle a rekey collision */ -static child_sa_t *handle_collision(private_child_rekey_t *this) +static child_sa_t *handle_collision(private_child_rekey_t *this, + child_sa_t **to_install) { child_sa_t *to_delete; @@ -302,8 +303,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) { child_sa_t *child_sa; - DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child"); + *to_install = this->child_create->get_child(this->child_create); to_delete = this->child_sa; + DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child " + "%s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); /* don't touch child other created, it has already been deleted */ if (!this->other_child_destroyed) { @@ -321,9 +325,10 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) } else { - DBG1(DBG_IKE, "CHILD_SA rekey collision lost, " - "deleting rekeyed child"); to_delete = this->child_create->get_child(this->child_create); + DBG1(DBG_IKE, "CHILD_SA rekey collision lost, deleting redundant " + "child %s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } } else @@ -334,15 +339,17 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) * the CHILD_SA the other is not deleting. */ if (del->get_child(del) != this->child_sa) { - DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, " - "deleting rekeyed child"); to_delete = this->child_sa; + DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, deleting old child " + "%s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } else { - DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, " - "deleting redundant child"); to_delete = this->child_create->get_child(this->child_create); + DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, deleting redundant " + "child %s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } } return to_delete; @@ -353,7 +360,7 @@ METHOD(task_t, process_i, status_t, { protocol_id_t protocol; uint32_t spi; - child_sa_t *to_delete; + child_sa_t *to_delete, *to_install = NULL; if (message->get_notify(message, NO_ADDITIONAL_SAS)) { @@ -415,19 +422,48 @@ METHOD(task_t, process_i, status_t, /* check for rekey collisions */ if (this->collision) { - to_delete = handle_collision(this); + to_delete = handle_collision(this, &to_install); } else { + to_install = this->child_create->get_child(this->child_create); to_delete = this->child_sa; } - + if (to_install) + { + if (to_install->install_outbound(to_install) != SUCCESS) + { + DBG1(DBG_IKE, "unable to install outbound IPsec SA (SAD) in kernel"); + charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED, + to_install); + /* FIXME: delete the child_sa? fail the task? */ + } + else + { + linked_list_t *my_ts, *other_ts; + + my_ts = linked_list_create_from_enumerator( + to_install->create_ts_enumerator(to_install, TRUE)); + other_ts = linked_list_create_from_enumerator( + to_install->create_ts_enumerator(to_install, FALSE)); + + DBG0(DBG_IKE, "outbound CHILD_SA %s{%d} established " + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", + to_install->get_name(to_install), + to_install->get_unique_id(to_install), + ntohl(to_install->get_spi(to_install, TRUE)), + ntohl(to_install->get_spi(to_install, FALSE)), + my_ts, other_ts); + + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); + } + } if (to_delete != this->child_create->get_child(this->child_create)) { /* invoke rekey hook if rekeying successful */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); } - if (to_delete == NULL) { return SUCCESS; diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index f9fee5e7e..6436a2549 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -158,6 +158,31 @@ CALLBACK(acquire_by_dst, bool, return this->dst && this->dst->ip_equals(this->dst, dst); } +/** + * Check if any remote TS are dynamic + */ +static bool dynamic_remote_ts(child_cfg_t *child) +{ + enumerator_t *enumerator; + linked_list_t *other_ts; + traffic_selector_t *ts; + bool found = FALSE; + + other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL); + enumerator = other_ts->create_enumerator(other_ts); + while (enumerator->enumerate(enumerator, &ts)) + { + if (ts->is_dynamic(ts)) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); + return found; +} + METHOD(trap_manager_t, install, uint32_t, private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child, uint32_t reqid) @@ -184,25 +209,39 @@ METHOD(trap_manager_t, install, uint32_t, me = host_create_any(other->get_family(other)); wildcard = TRUE; } - else if (!other || other->is_anyaddr(other)) + else if (other && other->is_anyaddr(other)) { - DESTROY_IF(other); + other->destroy(other); DBG1(DBG_CFG, "installing trap failed, remote address unknown"); return 0; } else - { - me = ike_cfg->resolve_me(ike_cfg, other->get_family(other)); - if (!me || me->is_anyaddr(me)) + { /* depending on the traffic selectors we don't really need a remote + * host yet, but we might fail later if no IP can be resolved */ + if (!other && dynamic_remote_ts(child)) + { /* with dynamic TS we do need a host, otherwise 0.0.0.0/0 is used, + * which is probably not what users expect*/ + DBG1(DBG_CFG, "installing trap failed, remote address unknown with " + "dynamic traffic selector"); + return 0; + } + me = ike_cfg->resolve_me(ike_cfg, other ? other->get_family(other) + : AF_UNSPEC); + if (!other) + { + other = host_create_any(me ? me->get_family(me) : AF_INET); + } + other->set_port(other, ike_cfg->get_other_port(ike_cfg)); + if ((!me || me->is_anyaddr(me)) && !other->is_anyaddr(other)) { DESTROY_IF(me); me = charon->kernel->get_source_addr(charon->kernel, other, NULL); - if (!me) - { - me = host_create_any(other->get_family(other)); - } - me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } + if (!me) + { + me = host_create_any(other->get_family(other)); + } + me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } this->lock->write_lock(this->lock); diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 3070f429b..8a2775bc0 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -335,8 +335,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -437,6 +435,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -465,6 +465,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index 76b23f589..ac169723f 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -483,6 +483,9 @@ START_TEST(test_collision) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); } else { @@ -493,10 +496,10 @@ START_TEST(test_collision) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 3, 6); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { @@ -507,6 +510,9 @@ START_TEST(test_collision) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); } else { @@ -517,10 +523,10 @@ START_TEST(test_collision) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); @@ -528,27 +534,41 @@ START_TEST(test_collision) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 3); - assert_ipsec_sas_installed(b, 2, 4, 5, 6, - data[_i].spi_del_b == 2 ? 1 : 3); + if (data[_i].spi_del_b == 2) + { + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); + } + else + { + assert_ipsec_sas_installed(b, 2, 3, 4, 5); + } assert_scheduler(); /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 3); - assert_ipsec_sas_installed(a, 1, 3, 5, 6, - data[_i].spi_del_a == 1 ? 2 : 4); + if (data[_i].spi_del_a == 1) + { + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); + } + else + { + assert_ipsec_sas_installed(a, 1, 3, 4, 6); + } assert_scheduler(); /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); @@ -682,6 +702,9 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); } else { @@ -692,10 +715,10 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* <-- INFORMATIONAL { D } */ assert_hook_not_called(child_rekey); @@ -748,21 +771,23 @@ START_TEST(test_collision_delayed_response) assert_hook_rekey(child_rekey, 1, data[_i].spi_a); exchange_test_helper->process_message(exchange_test_helper, a, msg); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); } else { assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, a, msg); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 3, 4, 6); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(a, 1, 3, 5, 6, - data[_i].spi_del_a == 1 ? 2 : 4); assert_child_sa_count(a, 3); /* we don't expect this hook to get called anymore */ @@ -1173,6 +1198,8 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); } else { @@ -1181,9 +1208,9 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { @@ -1194,6 +1221,8 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); } else { @@ -1202,9 +1231,10 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); @@ -1212,7 +1242,8 @@ START_TEST(test_collision_ke_invalid) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, @@ -1223,7 +1254,8 @@ START_TEST(test_collision_ke_invalid) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h index 4d363edfd..ae9ac5c98 100644 --- a/src/libcharon/tests/utils/exchange_test_asserts.h +++ b/src/libcharon/tests/utils/exchange_test_asserts.h @@ -285,7 +285,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param dir IN or OUT to check the next in- or outbound message */ #define assert_message_empty(dir) \ - _assert_payload(dir, 0) + _assert_payload(#dir, 0) /** * Assert that the next in- or outbound plaintext message contains exactly @@ -295,7 +295,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected payload type */ #define assert_single_payload(dir, expected) \ - _assert_payload(dir, 1, { TRUE, expected, 0 }) + _assert_payload(#dir, 1, { TRUE, expected, 0 }) /** * Assert that the next in- or outbound plaintext message contains exactly @@ -305,7 +305,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected notify type */ #define assert_single_notify(dir, expected) \ - _assert_payload(dir, 1, { TRUE, 0, expected }) + _assert_payload(#dir, 1, { TRUE, 0, expected }) /** * Assert that the next in- or outbound plaintext message contains a notify @@ -315,7 +315,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected notify type */ #define assert_notify(dir, expected) \ - _assert_payload(dir, -1, { TRUE, 0, expected }) + _assert_payload(#dir, -1, { TRUE, 0, expected }) /** * Assert that the next in- or outbound plaintext message does not contain a @@ -325,7 +325,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param unexpected not expected notify type */ #define assert_no_notify(dir, unexpected) \ - _assert_payload(dir, -1, { FALSE, 0, unexpected }) + _assert_payload(#dir, -1, { FALSE, 0, unexpected }) #define _assert_payload(dir, c, ...) ({ \ listener_message_rule_t _rules[] = { __VA_ARGS__ }; \ @@ -333,7 +333,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, .listener = { .message = exchange_test_asserts_message, }, \ .file = __FILE__, \ .line = __LINE__, \ - .incoming = streq(#dir, "IN") ? TRUE : FALSE, \ + .incoming = streq(dir, "IN") ? TRUE : FALSE, \ .count = c, \ .rules = _rules, \ .num_rules = countof(_rules), \ diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h index d23f724f1..216c15065 100644 --- a/src/libcharon/tests/utils/sa_asserts.h +++ b/src/libcharon/tests/utils/sa_asserts.h @@ -121,7 +121,8 @@ test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ child_sa_state_names, _state, \ child_sa_state_names, _child->get_state(_child)); \ - test_assert_msg(_outbound == _child->get_outbound_state(_child), "%N != %N", \ + typeof(outbound) _cur_out = _child->get_outbound_state(_child); \ + test_assert_msg(_outbound == _cur_out || _outbound & _cur_out, "%N != %N", \ child_sa_outbound_state_names, _outbound, \ child_sa_outbound_state_names, _child->get_outbound_state(_child)); \ }) diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 8adf068e2..d147b27d8 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 89ce5801a..4df3dcb64 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -33,6 +33,9 @@ libimcv_la_SOURCES := \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -68,6 +71,7 @@ libimcv_la_SOURCES := \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -75,6 +79,13 @@ libimcv_la_SOURCES := \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 8cde4b7fc..a6397c5ff 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -2,7 +2,11 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtpmtss \ - -DIPSEC_SCRIPT=\"${ipsec_script}\" + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DSWID_DIRECTORY=\"${prefix}/share\" + +AM_CFLAGS = \ + $(json_CFLAGS) ipseclib_LTLIBRARIES = libimcv.la @@ -12,7 +16,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libtpmtss/libtpmtss.la + $(top_builddir)/src/libtpmtss/libtpmtss.la \ + $(json_LIBS) if USE_WINDOWS libimcv_la_LIBADD += -lws2_32 @@ -49,6 +54,9 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -84,6 +92,7 @@ libimcv_la_SOURCES = \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -91,6 +100,15 @@ libimcv_la_SOURCES = \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swid_gen/swid_gen.h swid_gen/swid_gen.c \ + swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ @@ -173,6 +191,14 @@ if USE_IMV_SWID SUBDIRS += plugins/imv_swid endif +if USE_IMC_SWIMA + SUBDIRS += plugins/imc_swima +endif + +if USE_IMV_SWIMA + SUBDIRS += plugins/imv_swima +endif + if USE_IMC_HCD SUBDIRS += plugins/imc_hcd endif @@ -190,8 +216,19 @@ imcv_tests_SOURCES = \ pa_tnc/pa_tnc_attr_manager.c \ seg/seg_env.c seg/seg_contract.c \ seg/seg_contract_manager.c \ + swid_gen/swid_gen.c \ + swima/swima_data_model.c \ + swima/swima_event.c \ + swima/swima_events.c \ + swima/swima_record.c \ + swima/swima_inventory.c \ + swima/swima_collector.c \ suites/test_imcv_seg.c \ + suites/test_imcv_swima.c \ ietf/ietf_attr_pa_tnc_error.c \ + ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.c \ tcg/seg/tcg_seg_attr_seg_env.c \ imcv.c imcv_tests.h imcv_tests.c diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index e361f20f6..246ffe29d 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -103,8 +103,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) @USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation @USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid @USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid -@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd +@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima +@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima +@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv @@ -162,7 +164,7 @@ libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ $(top_builddir)/src/libtpmtss/libtpmtss.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ imc/imc_os_info.lo imv/imv_agent.lo imv/imv_database.lo \ @@ -178,7 +180,10 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ ietf/ietf_attr_pa_tnc_error.lo ietf/ietf_attr_port_filter.lo \ ietf/ietf_attr_product_info.lo \ ietf/ietf_attr_remediation_instr.lo \ - ietf/ietf_attr_string_version.lo ita/ita_attr.lo \ + ietf/ietf_attr_string_version.lo \ + ietf/swima/ietf_swima_attr_req.lo \ + ietf/swima/ietf_swima_attr_sw_inv.lo \ + ietf/swima/ietf_swima_attr_sw_ev.lo ita/ita_attr.lo \ ita/ita_attr_command.lo ita/ita_attr_dummy.lo \ ita/ita_attr_get_settings.lo ita/ita_attr_settings.lo \ ita/ita_attr_angel.lo os_info/os_info.lo pa_tnc/pa_tnc_msg.lo \ @@ -195,10 +200,15 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ pts/components/ita/ita_comp_tboot.lo \ pts/components/ita/ita_comp_tgrub.lo \ pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \ - pwg/pwg_attr_vendor_smi_code.lo seg/seg_contract.lo \ - seg/seg_contract_manager.lo seg/seg_env.lo swid/swid_error.lo \ - swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \ - tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \ + pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \ + seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \ + swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \ + swid/swid_tag_id.lo swid_gen/swid_gen.lo \ + swid_gen/swid_gen_info.lo swima/swima_data_model.lo \ + swima/swima_record.lo swima/swima_event.lo \ + swima/swima_events.lo swima/swima_inventory.lo \ + swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \ + tcg/pts/tcg_pts_attr_proto_caps.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \ @@ -234,8 +244,19 @@ am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \ seg/imcv_tests-seg_env.$(OBJEXT) \ seg/imcv_tests-seg_contract.$(OBJEXT) \ seg/imcv_tests-seg_contract_manager.$(OBJEXT) \ + swid_gen/imcv_tests-swid_gen.$(OBJEXT) \ + swima/imcv_tests-swima_data_model.$(OBJEXT) \ + swima/imcv_tests-swima_event.$(OBJEXT) \ + swima/imcv_tests-swima_events.$(OBJEXT) \ + swima/imcv_tests-swima_record.$(OBJEXT) \ + swima/imcv_tests-swima_inventory.$(OBJEXT) \ + swima/imcv_tests-swima_collector.$(OBJEXT) \ suites/imcv_tests-test_imcv_seg.$(OBJEXT) \ + suites/imcv_tests-test_imcv_swima.$(OBJEXT) \ ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_req.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.$(OBJEXT) \ tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT) \ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT) imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS) @@ -357,8 +378,8 @@ am__tty_colors = { \ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imv_scanner plugins/imc_os plugins/imv_os \ plugins/imc_attestation plugins/imv_attestation \ - plugins/imc_swid plugins/imv_swid plugins/imc_hcd \ - plugins/imv_hcd + plugins/imc_swid plugins/imv_swid plugins/imc_swima \ + plugins/imv_swima plugins/imc_hcd plugins/imv_hcd am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -485,8 +506,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -587,6 +606,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -615,6 +636,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -622,7 +647,11 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtpmtss \ - -DIPSEC_SCRIPT=\"${ipsec_script}\" + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DSWID_DIRECTORY=\"${prefix}/share\" + +AM_CFLAGS = \ + $(json_CFLAGS) ipseclib_LTLIBRARIES = libimcv.la libimcv_la_LDFLAGS = \ @@ -631,7 +660,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libtpmtss/libtpmtss.la $(am__append_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la $(json_LIBS) \ + $(am__append_1) libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -663,6 +693,9 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -698,6 +731,7 @@ libimcv_la_SOURCES = \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -705,6 +739,15 @@ libimcv_la_SOURCES = \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swid_gen/swid_gen.h swid_gen/swid_gen.c \ + swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ @@ -746,14 +789,26 @@ imv_policy_manager_LDADD = \ SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ $(am__append_5) $(am__append_6) $(am__append_7) \ $(am__append_8) $(am__append_9) $(am__append_10) \ - $(am__append_11) $(am__append_12) $(am__append_13) + $(am__append_11) $(am__append_12) $(am__append_13) \ + $(am__append_14) $(am__append_15) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ seg/seg_env.c seg/seg_contract.c \ seg/seg_contract_manager.c \ + swid_gen/swid_gen.c \ + swima/swima_data_model.c \ + swima/swima_event.c \ + swima/swima_events.c \ + swima/swima_record.c \ + swima/swima_inventory.c \ + swima/swima_collector.c \ suites/test_imcv_seg.c \ + suites/test_imcv_swima.c \ ietf/ietf_attr_pa_tnc_error.c \ + ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.c \ tcg/seg/tcg_seg_attr_seg_env.c \ imcv.c imcv_tests.h imcv_tests.c @@ -908,6 +963,18 @@ ietf/ietf_attr_remediation_instr.lo: ietf/$(am__dirstamp) \ ietf/$(DEPDIR)/$(am__dirstamp) ietf/ietf_attr_string_version.lo: ietf/$(am__dirstamp) \ ietf/$(DEPDIR)/$(am__dirstamp) +ietf/swima/$(am__dirstamp): + @$(MKDIR_P) ietf/swima + @: > ietf/swima/$(am__dirstamp) +ietf/swima/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ietf/swima/$(DEPDIR) + @: > ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_req.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_sw_inv.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_sw_ev.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) ita/$(am__dirstamp): @$(MKDIR_P) ita @: > ita/$(am__dirstamp) @@ -1016,6 +1083,13 @@ pwg/$(DEPDIR)/$(am__dirstamp): pwg/pwg_attr.lo: pwg/$(am__dirstamp) pwg/$(DEPDIR)/$(am__dirstamp) pwg/pwg_attr_vendor_smi_code.lo: pwg/$(am__dirstamp) \ pwg/$(DEPDIR)/$(am__dirstamp) +rest/$(am__dirstamp): + @$(MKDIR_P) rest + @: > rest/$(am__dirstamp) +rest/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) rest/$(DEPDIR) + @: > rest/$(DEPDIR)/$(am__dirstamp) +rest/rest.lo: rest/$(am__dirstamp) rest/$(DEPDIR)/$(am__dirstamp) seg/$(am__dirstamp): @$(MKDIR_P) seg @: > seg/$(am__dirstamp) @@ -1039,6 +1113,36 @@ swid/swid_inventory.lo: swid/$(am__dirstamp) \ swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) swid/swid_tag_id.lo: swid/$(am__dirstamp) \ swid/$(DEPDIR)/$(am__dirstamp) +swid_gen/$(am__dirstamp): + @$(MKDIR_P) swid_gen + @: > swid_gen/$(am__dirstamp) +swid_gen/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) swid_gen/$(DEPDIR) + @: > swid_gen/$(DEPDIR)/$(am__dirstamp) +swid_gen/swid_gen.lo: swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swid_gen/swid_gen_info.lo: swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swima/$(am__dirstamp): + @$(MKDIR_P) swima + @: > swima/$(am__dirstamp) +swima/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) swima/$(DEPDIR) + @: > swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_data_model.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_record.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_event.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_events.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_inventory.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_collector.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_error.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) tcg/$(am__dirstamp): @$(MKDIR_P) tcg @: > tcg/$(am__dirstamp) @@ -1181,6 +1285,20 @@ seg/imcv_tests-seg_contract.$(OBJEXT): seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) seg/imcv_tests-seg_contract_manager.$(OBJEXT): seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) +swid_gen/imcv_tests-swid_gen.$(OBJEXT): swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_data_model.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_event.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_events.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_record.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_inventory.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_collector.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) suites/$(am__dirstamp): @$(MKDIR_P) suites @: > suites/$(am__dirstamp) @@ -1189,8 +1307,19 @@ suites/$(DEPDIR)/$(am__dirstamp): @: > suites/$(DEPDIR)/$(am__dirstamp) suites/imcv_tests-test_imcv_seg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) +suites/imcv_tests-test_imcv_swima.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT): \ ietf/$(am__dirstamp) ietf/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_req.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT): \ tcg/seg/$(am__dirstamp) tcg/seg/$(DEPDIR)/$(am__dirstamp) @@ -1247,6 +1376,8 @@ mostlyclean-compile: -rm -f generic/*.lo -rm -f ietf/*.$(OBJEXT) -rm -f ietf/*.lo + -rm -f ietf/swima/*.$(OBJEXT) + -rm -f ietf/swima/*.lo -rm -f imc/*.$(OBJEXT) -rm -f imc/*.lo -rm -f imv/*.$(OBJEXT) @@ -1267,11 +1398,17 @@ mostlyclean-compile: -rm -f pts/components/tcg/*.lo -rm -f pwg/*.$(OBJEXT) -rm -f pwg/*.lo + -rm -f rest/*.$(OBJEXT) + -rm -f rest/*.lo -rm -f seg/*.$(OBJEXT) -rm -f seg/*.lo -rm -f suites/*.$(OBJEXT) -rm -f swid/*.$(OBJEXT) -rm -f swid/*.lo + -rm -f swid_gen/*.$(OBJEXT) + -rm -f swid_gen/*.lo + -rm -f swima/*.$(OBJEXT) + -rm -f swima/*.lo -rm -f tcg/*.$(OBJEXT) -rm -f tcg/*.lo -rm -f tcg/pts/*.$(OBJEXT) @@ -1303,6 +1440,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_remediation_instr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_string_version.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_sw_ev.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_sw_inv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_os_info.Plo@am__quote@ @@ -1351,6 +1494,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pwg/$(DEPDIR)/pwg_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pwg/$(DEPDIR)/pwg_attr_vendor_smi_code.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@rest/$(DEPDIR)/rest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_env.Po@am__quote@ @@ -1358,10 +1502,27 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_collector.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_data_model.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_event.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_events.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_inventory.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_record.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_collector.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_data_model.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_event.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_events.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_inventory.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_record.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@ @@ -1482,6 +1643,104 @@ seg/imcv_tests-seg_contract_manager.obj: seg/seg_contract_manager.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi` +swid_gen/imcv_tests-swid_gen.o: swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swid_gen/imcv_tests-swid_gen.o -MD -MP -MF swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo -c -o swid_gen/imcv_tests-swid_gen.o `test -f 'swid_gen/swid_gen.c' || echo '$(srcdir)/'`swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swid_gen/swid_gen.c' object='swid_gen/imcv_tests-swid_gen.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swid_gen/imcv_tests-swid_gen.o `test -f 'swid_gen/swid_gen.c' || echo '$(srcdir)/'`swid_gen/swid_gen.c + +swid_gen/imcv_tests-swid_gen.obj: swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swid_gen/imcv_tests-swid_gen.obj -MD -MP -MF swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo -c -o swid_gen/imcv_tests-swid_gen.obj `if test -f 'swid_gen/swid_gen.c'; then $(CYGPATH_W) 'swid_gen/swid_gen.c'; else $(CYGPATH_W) '$(srcdir)/swid_gen/swid_gen.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swid_gen/swid_gen.c' object='swid_gen/imcv_tests-swid_gen.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swid_gen/imcv_tests-swid_gen.obj `if test -f 'swid_gen/swid_gen.c'; then $(CYGPATH_W) 'swid_gen/swid_gen.c'; else $(CYGPATH_W) '$(srcdir)/swid_gen/swid_gen.c'; fi` + +swima/imcv_tests-swima_data_model.o: swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_data_model.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo -c -o swima/imcv_tests-swima_data_model.o `test -f 'swima/swima_data_model.c' || echo '$(srcdir)/'`swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo swima/$(DEPDIR)/imcv_tests-swima_data_model.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_data_model.c' object='swima/imcv_tests-swima_data_model.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_data_model.o `test -f 'swima/swima_data_model.c' || echo '$(srcdir)/'`swima/swima_data_model.c + +swima/imcv_tests-swima_data_model.obj: swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_data_model.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo -c -o swima/imcv_tests-swima_data_model.obj `if test -f 'swima/swima_data_model.c'; then $(CYGPATH_W) 'swima/swima_data_model.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_data_model.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo swima/$(DEPDIR)/imcv_tests-swima_data_model.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_data_model.c' object='swima/imcv_tests-swima_data_model.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_data_model.obj `if test -f 'swima/swima_data_model.c'; then $(CYGPATH_W) 'swima/swima_data_model.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_data_model.c'; fi` + +swima/imcv_tests-swima_event.o: swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_event.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_event.Tpo -c -o swima/imcv_tests-swima_event.o `test -f 'swima/swima_event.c' || echo '$(srcdir)/'`swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_event.Tpo swima/$(DEPDIR)/imcv_tests-swima_event.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_event.c' object='swima/imcv_tests-swima_event.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_event.o `test -f 'swima/swima_event.c' || echo '$(srcdir)/'`swima/swima_event.c + +swima/imcv_tests-swima_event.obj: swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_event.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_event.Tpo -c -o swima/imcv_tests-swima_event.obj `if test -f 'swima/swima_event.c'; then $(CYGPATH_W) 'swima/swima_event.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_event.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_event.Tpo swima/$(DEPDIR)/imcv_tests-swima_event.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_event.c' object='swima/imcv_tests-swima_event.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_event.obj `if test -f 'swima/swima_event.c'; then $(CYGPATH_W) 'swima/swima_event.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_event.c'; fi` + +swima/imcv_tests-swima_events.o: swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_events.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_events.Tpo -c -o swima/imcv_tests-swima_events.o `test -f 'swima/swima_events.c' || echo '$(srcdir)/'`swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_events.Tpo swima/$(DEPDIR)/imcv_tests-swima_events.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_events.c' object='swima/imcv_tests-swima_events.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_events.o `test -f 'swima/swima_events.c' || echo '$(srcdir)/'`swima/swima_events.c + +swima/imcv_tests-swima_events.obj: swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_events.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_events.Tpo -c -o swima/imcv_tests-swima_events.obj `if test -f 'swima/swima_events.c'; then $(CYGPATH_W) 'swima/swima_events.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_events.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_events.Tpo swima/$(DEPDIR)/imcv_tests-swima_events.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_events.c' object='swima/imcv_tests-swima_events.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_events.obj `if test -f 'swima/swima_events.c'; then $(CYGPATH_W) 'swima/swima_events.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_events.c'; fi` + +swima/imcv_tests-swima_record.o: swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_record.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_record.Tpo -c -o swima/imcv_tests-swima_record.o `test -f 'swima/swima_record.c' || echo '$(srcdir)/'`swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_record.Tpo swima/$(DEPDIR)/imcv_tests-swima_record.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_record.c' object='swima/imcv_tests-swima_record.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_record.o `test -f 'swima/swima_record.c' || echo '$(srcdir)/'`swima/swima_record.c + +swima/imcv_tests-swima_record.obj: swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_record.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_record.Tpo -c -o swima/imcv_tests-swima_record.obj `if test -f 'swima/swima_record.c'; then $(CYGPATH_W) 'swima/swima_record.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_record.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_record.Tpo swima/$(DEPDIR)/imcv_tests-swima_record.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_record.c' object='swima/imcv_tests-swima_record.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_record.obj `if test -f 'swima/swima_record.c'; then $(CYGPATH_W) 'swima/swima_record.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_record.c'; fi` + +swima/imcv_tests-swima_inventory.o: swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_inventory.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo -c -o swima/imcv_tests-swima_inventory.o `test -f 'swima/swima_inventory.c' || echo '$(srcdir)/'`swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo swima/$(DEPDIR)/imcv_tests-swima_inventory.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_inventory.c' object='swima/imcv_tests-swima_inventory.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_inventory.o `test -f 'swima/swima_inventory.c' || echo '$(srcdir)/'`swima/swima_inventory.c + +swima/imcv_tests-swima_inventory.obj: swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_inventory.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo -c -o swima/imcv_tests-swima_inventory.obj `if test -f 'swima/swima_inventory.c'; then $(CYGPATH_W) 'swima/swima_inventory.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_inventory.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo swima/$(DEPDIR)/imcv_tests-swima_inventory.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_inventory.c' object='swima/imcv_tests-swima_inventory.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_inventory.obj `if test -f 'swima/swima_inventory.c'; then $(CYGPATH_W) 'swima/swima_inventory.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_inventory.c'; fi` + +swima/imcv_tests-swima_collector.o: swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_collector.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo -c -o swima/imcv_tests-swima_collector.o `test -f 'swima/swima_collector.c' || echo '$(srcdir)/'`swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo swima/$(DEPDIR)/imcv_tests-swima_collector.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_collector.c' object='swima/imcv_tests-swima_collector.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_collector.o `test -f 'swima/swima_collector.c' || echo '$(srcdir)/'`swima/swima_collector.c + +swima/imcv_tests-swima_collector.obj: swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_collector.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo -c -o swima/imcv_tests-swima_collector.obj `if test -f 'swima/swima_collector.c'; then $(CYGPATH_W) 'swima/swima_collector.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_collector.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo swima/$(DEPDIR)/imcv_tests-swima_collector.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_collector.c' object='swima/imcv_tests-swima_collector.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_collector.obj `if test -f 'swima/swima_collector.c'; then $(CYGPATH_W) 'swima/swima_collector.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_collector.c'; fi` + suites/imcv_tests-test_imcv_seg.o: suites/test_imcv_seg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po @@ -1496,6 +1755,20 @@ suites/imcv_tests-test_imcv_seg.obj: suites/test_imcv_seg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi` +suites/imcv_tests-test_imcv_swima.o: suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_swima.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo -c -o suites/imcv_tests-test_imcv_swima.o `test -f 'suites/test_imcv_swima.c' || echo '$(srcdir)/'`suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_swima.c' object='suites/imcv_tests-test_imcv_swima.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_swima.o `test -f 'suites/test_imcv_swima.c' || echo '$(srcdir)/'`suites/test_imcv_swima.c + +suites/imcv_tests-test_imcv_swima.obj: suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_swima.obj -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo -c -o suites/imcv_tests-test_imcv_swima.obj `if test -f 'suites/test_imcv_swima.c'; then $(CYGPATH_W) 'suites/test_imcv_swima.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_swima.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_swima.c' object='suites/imcv_tests-test_imcv_swima.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_swima.obj `if test -f 'suites/test_imcv_swima.c'; then $(CYGPATH_W) 'suites/test_imcv_swima.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_swima.c'; fi` + ietf/imcv_tests-ietf_attr_pa_tnc_error.o: ietf/ietf_attr_pa_tnc_error.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.o -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po @@ -1510,6 +1783,48 @@ ietf/imcv_tests-ietf_attr_pa_tnc_error.obj: ietf/ietf_attr_pa_tnc_error.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi` +ietf/swima/imcv_tests-ietf_swima_attr_req.o: ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_req.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.o `test -f 'ietf/swima/ietf_swima_attr_req.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_req.c' object='ietf/swima/imcv_tests-ietf_swima_attr_req.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.o `test -f 'ietf/swima/ietf_swima_attr_req.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_req.c + +ietf/swima/imcv_tests-ietf_swima_attr_req.obj: ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_req.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.obj `if test -f 'ietf/swima/ietf_swima_attr_req.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_req.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_req.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_req.c' object='ietf/swima/imcv_tests-ietf_swima_attr_req.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.obj `if test -f 'ietf/swima/ietf_swima_attr_req.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_req.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_req.c'; fi` + +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o: ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o `test -f 'ietf/swima/ietf_swima_attr_sw_inv.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_inv.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o `test -f 'ietf/swima/ietf_swima_attr_sw_inv.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_inv.c + +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj: ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_inv.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_inv.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_inv.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_inv.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_inv.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_inv.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_inv.c'; fi` + +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o: ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o `test -f 'ietf/swima/ietf_swima_attr_sw_ev.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_ev.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o `test -f 'ietf/swima/ietf_swima_attr_sw_ev.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_ev.c + +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj: ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_ev.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_ev.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_ev.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_ev.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_ev.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_ev.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_ev.c'; fi` + tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o: tcg/seg/tcg_seg_attr_seg_env.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po @@ -1559,6 +1874,7 @@ clean-libtool: -rm -rf .libs _libs -rm -rf generic/.libs generic/_libs -rm -rf ietf/.libs ietf/_libs + -rm -rf ietf/swima/.libs ietf/swima/_libs -rm -rf imc/.libs imc/_libs -rm -rf imv/.libs imv/_libs -rm -rf ita/.libs ita/_libs @@ -1569,8 +1885,11 @@ clean-libtool: -rm -rf pts/components/ita/.libs pts/components/ita/_libs -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs -rm -rf pwg/.libs pwg/_libs + -rm -rf rest/.libs rest/_libs -rm -rf seg/.libs seg/_libs -rm -rf swid/.libs swid/_libs + -rm -rf swid_gen/.libs swid_gen/_libs + -rm -rf swima/.libs swima/_libs -rm -rf tcg/.libs tcg/_libs -rm -rf tcg/pts/.libs tcg/pts/_libs -rm -rf tcg/seg/.libs tcg/seg/_libs @@ -1884,6 +2203,8 @@ distclean-generic: -rm -f generic/$(am__dirstamp) -rm -f ietf/$(DEPDIR)/$(am__dirstamp) -rm -f ietf/$(am__dirstamp) + -rm -f ietf/swima/$(DEPDIR)/$(am__dirstamp) + -rm -f ietf/swima/$(am__dirstamp) -rm -f imc/$(DEPDIR)/$(am__dirstamp) -rm -f imc/$(am__dirstamp) -rm -f imv/$(DEPDIR)/$(am__dirstamp) @@ -1904,12 +2225,18 @@ distclean-generic: -rm -f pts/components/tcg/$(am__dirstamp) -rm -f pwg/$(DEPDIR)/$(am__dirstamp) -rm -f pwg/$(am__dirstamp) + -rm -f rest/$(DEPDIR)/$(am__dirstamp) + -rm -f rest/$(am__dirstamp) -rm -f seg/$(DEPDIR)/$(am__dirstamp) -rm -f seg/$(am__dirstamp) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) -rm -f swid/$(DEPDIR)/$(am__dirstamp) -rm -f swid/$(am__dirstamp) + -rm -f swid_gen/$(DEPDIR)/$(am__dirstamp) + -rm -f swid_gen/$(am__dirstamp) + -rm -f swima/$(DEPDIR)/$(am__dirstamp) + -rm -f swima/$(am__dirstamp) -rm -f tcg/$(DEPDIR)/$(am__dirstamp) -rm -f tcg/$(am__dirstamp) -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp) @@ -1928,7 +2255,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1975,7 +2302,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index cfac6ed17..9e3e83d4d 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,10 +25,14 @@ #include "ietf/ietf_attr_product_info.h" #include "ietf/ietf_attr_remediation_instr.h" #include "ietf/ietf_attr_string_version.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" #include "generic/generic_attr_bool.h" -ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, +ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, + IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Testing", "Attribute Request", "Product Information", @@ -43,6 +47,20 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Forwarding Enabled", "Factory Default Password Enabled", ); +ENUM_NEXT(ietf_attr_names, IETF_ATTR_SW_REQUEST, + IETF_ATTR_SRC_METADATA_RESP, + IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, + "SW Request", + "SW Identifier Inventory", + "SW Identifier Events", + "SW Inventory", + "SW Events", + "SW Subscription Status Request", + "SW Subscription Status Response", + "SW Source Metadata Request", + "SW Source Metadata Response", +); +ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP); /** * See header @@ -79,8 +97,23 @@ pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: return generic_attr_bool_create_from_data(length, value, pen_type_create(PEN_IETF, type)); + case IETF_ATTR_SW_REQUEST: + return ietf_swima_attr_req_create_from_data(length, value); + case IETF_ATTR_SW_ID_INVENTORY: + return ietf_swima_attr_sw_inv_create_from_data(length, value, TRUE); + case IETF_ATTR_SW_INVENTORY: + return ietf_swima_attr_sw_inv_create_from_data(length, value, FALSE); + case IETF_ATTR_SW_ID_EVENTS: + return ietf_swima_attr_sw_ev_create_from_data(length, value, TRUE); + case IETF_ATTR_SW_EVENTS: + return ietf_swima_attr_sw_ev_create_from_data(length, value, FALSE); case IETF_ATTR_TESTING: case IETF_ATTR_RESERVED: + /* unsupported IETF/SWIMA attributes */ + case IETF_ATTR_SUBSCRIPTION_STATUS_REQ: + case IETF_ATTR_SUBSCRIPTION_STATUS_RESP: + case IETF_ATTR_SRC_METADATA_REQ: + case IETF_ATTR_SRC_METADATA_RESP: default: return NULL; } diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index 7154674af..d2ea98201 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,9 +28,11 @@ typedef enum ietf_attr_t ietf_attr_t; /** - * IETF standard PA-TNC attribute types defined by RFC 5792 + * IETF standard PA-TNC attribute types */ enum ietf_attr_t { + + /* RFC 5792 */ IETF_ATTR_TESTING = 0, IETF_ATTR_ATTRIBUTE_REQUEST = 1, IETF_ATTR_PRODUCT_INFORMATION = 2, @@ -44,6 +46,18 @@ enum ietf_attr_t { IETF_ATTR_REMEDIATION_INSTRUCTIONS = 10, IETF_ATTR_FORWARDING_ENABLED = 11, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12, + + /* draft-ietf-sacm-nea-swid-patnc */ + IETF_ATTR_SW_REQUEST = 17, + IETF_ATTR_SW_ID_INVENTORY = 18, + IETF_ATTR_SW_ID_EVENTS = 19, + IETF_ATTR_SW_INVENTORY = 20, + IETF_ATTR_SW_EVENTS = 21, + IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22, + IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23, + IETF_ATTR_SRC_METADATA_REQ = 24, + IETF_ATTR_SRC_METADATA_RESP = 25, + IETF_ATTR_RESERVED = 0xffffffff, }; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index 0dbb4aaef..966c095e2 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,13 +20,23 @@ #include <bio/bio_reader.h> #include <utils/debug.h> -ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, +ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, "Reserved", "Invalid Parameter", "Version Not Supported", "Attribute Type Not Supported" ); +ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SW, + PA_ERROR_SW_SUBSCRIPTION_ID_REUSE, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, + "SW Error", + "SW Subscription Denied", + "SW Response Too Large", + "SW Subscription Fulfillment Error", + "SW Subscription ID Reuse" +); +ENUM_END(pa_tnc_error_code_names, PA_ERROR_SW_SUBSCRIPTION_ID_REUSE); typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; @@ -246,7 +256,8 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_uint24(reader, &this->error_code.vendor_id); reader->read_uint32(reader, &this->error_code.type); - if (this->error_code.vendor_id == PEN_IETF) + if (this->error_code.vendor_id == PEN_IETF && + this->error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) { if (!reader->read_data(reader, PA_ERROR_MSG_INFO_SIZE, &this->msg_info)) { @@ -396,7 +407,8 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_type_t error_code, { private_ietf_attr_pa_tnc_error_t *this; - if (error_code.vendor_id == PEN_IETF) + if (error_code.vendor_id == PEN_IETF && + error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) { msg_info.len = PA_ERROR_MSG_INFO_SIZE; } diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index b1df1945a..7dbc33828 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -27,15 +27,24 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t; #include "ietf_attr.h" #include "pa_tnc/pa_tnc_attr.h" - /** * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792 */ enum pa_tnc_error_code_t { - PA_ERROR_RESERVED = 0, - PA_ERROR_INVALID_PARAMETER = 1, - PA_ERROR_VERSION_NOT_SUPPORTED = 2, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, + + /* RFC 5792 PA-TNC */ + PA_ERROR_RESERVED = 0, + PA_ERROR_INVALID_PARAMETER = 1, + PA_ERROR_VERSION_NOT_SUPPORTED = 2, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, + PA_ERROR_PA_TNC_MSG_ROOF = 3, + + /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */ + PA_ERROR_SW = 32, + PA_ERROR_SW_SUBSCRIPTION_DENIED = 33, + PA_ERROR_SW_RESPONSE_TOO_LARGE = 34, + PA_ERROR_SW_SUBSCRIPTION_FULFILLMENT = 35, + PA_ERROR_SW_SUBSCRIPTION_ID_REUSE = 36 }; /** diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c new file mode 100644 index 000000000..07d0b0c5f --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c @@ -0,0 +1,320 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_req.h" +#include "swima/swima_record.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> +#include <collections/linked_list.h> + +typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t; + +/** + * SW Request + * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |C|S|R| Reserved| Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Earliest EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier Length | Software Identifier (Var Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +#define SW_REQ_RESERVED_MASK 0xE0 + +/** + * Private data of an ietf_swima_attr_req_t object. + */ +struct private_ietf_swima_attr_req_t { + + /** + * Public members of ietf_swima_attr_req_t + */ + ietf_swima_attr_req_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * SWID request flags + */ + uint8_t flags; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Inventory of Target Software Identifiers + */ + swima_inventory_t *targets; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_req_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_req_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_req_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_req_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_req_t *this) +{ + bio_writer_t *writer; + swima_record_t *sw_record; + uint32_t earliest_eid; + chunk_t sw_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + earliest_eid = this->targets->get_eid(this->targets, NULL); + + writer = bio_writer_create(IETF_SWIMA_REQ_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->targets->get_count(this->targets)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, earliest_eid); + + enumerator = this->targets->create_enumerator(this->targets); + while (enumerator->enumerate(enumerator, &sw_record)) + { + sw_id = sw_record->get_sw_id(sw_record, NULL); + writer->write_data16(writer, sw_id); + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_req_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + swima_record_t *sw_record; + uint32_t sw_id_count, earliest_eid; + chunk_t sw_id; + + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } + if (this->value.len < IETF_SWIMA_REQ_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for SW Request"); + return FAILED; + } + + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &sw_id_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &earliest_eid); + + *offset = IETF_SWIMA_REQ_MIN_SIZE; + this->flags &= SW_REQ_RESERVED_MASK; + this->targets->set_eid(this->targets, earliest_eid, 0); + + while (sw_id_count--) + { + if (!reader->read_data16(reader, &sw_id)) + { + DBG1(DBG_TNC, "insufficient data for Software ID"); + reader->destroy(reader); + return FAILED; + } + *offset += 2 + sw_id.len; + + sw_record = swima_record_create(0, sw_id, chunk_empty); + this->targets->add(this->targets, sw_record); + } + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_req_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_req_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_req_t *this) +{ + if (ref_put(&this->ref)) + { + this->targets->destroy(this->targets); + free(this->value.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_req_t, get_flags, uint8_t, + private_ietf_swima_attr_req_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_req_t, get_request_id, uint32_t, + private_ietf_swima_attr_req_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_req_t, set_targets, void, + private_ietf_swima_attr_req_t *this, swima_inventory_t *targets) +{ + this->targets->destroy(this->targets); + this->targets = targets->get_ref(targets); +} + +METHOD(ietf_swima_attr_req_t, get_targets, swima_inventory_t*, + private_ietf_swima_attr_req_t *this) +{ + return this->targets; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_req_create(uint8_t flags, uint32_t request_id) +{ + private_ietf_swima_attr_req_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .set_targets = _set_targets, + .get_targets = _get_targets, + }, + .type = { PEN_IETF, IETF_ATTR_SW_REQUEST }, + .flags = flags & SW_REQ_RESERVED_MASK, + .request_id = request_id, + .targets = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_req_create_from_data(size_t length, chunk_t data) +{ + private_ietf_swima_attr_req_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .set_targets = _set_targets, + .get_targets = _get_targets, + }, + .type = { PEN_IETF, IETF_ATTR_SW_REQUEST }, + .length = length, + .value = chunk_clone(data), + .targets = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.h b/src/libimcv/ietf/swima/ietf_swima_attr_req.h new file mode 100644 index 000000000..21155d62c --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_req ietf_swima_attr_req + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_REQ_H_ +#define IETF_SWIMA_ATTR_REQ_H_ + +#define IETF_SWIMA_REQ_MIN_SIZE 12 + +typedef struct ietf_swima_attr_req_t ietf_swima_attr_req_t; +typedef enum ietf_swima_attr_req_flag_t ietf_swima_attr_req_flag_t; + +enum ietf_swima_attr_req_flag_t { + IETF_SWIMA_ATTR_REQ_FLAG_NONE = 0, + IETF_SWIMA_ATTR_REQ_FLAG_C = (1 << 7), + IETF_SWIMA_ATTR_REQ_FLAG_S = (1 << 6), + IETF_SWIMA_ATTR_REQ_FLAG_R = (1 << 5) +}; + +#include "swima/swima_inventory.h" +#include "ietf/ietf_attr.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Request attribute + */ +struct ietf_swima_attr_req_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get SW request flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_req_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_req_t *this); + + /** + * Set Software Identity targets + * + * @param targets SW ID inventory containing targets (not cloned) + */ + void (*set_targets)(ietf_swima_attr_req_t *this, swima_inventory_t *targets); + + /** + * Get Software Identity targets + * + * @return SW ID inventory containing targets + */ + swima_inventory_t* (*get_targets)(ietf_swima_attr_req_t *this); + +}; + +/** + * Creates an ietf_swima_attr_req_t object + * + * @param flags Sets the C|S|R flags + * @param request_id Request ID + */ +pa_tnc_attr_t* ietf_swima_attr_req_create(uint8_t flags, uint32_t request_id); + +/** + * Creates an ietf_swima_attr_req_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + */ +pa_tnc_attr_t* ietf_swima_attr_req_create_from_data(size_t length, chunk_t value); + +#endif /** IETF_SWIMA_ATTR_REQ_H_ @}*/ diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c new file mode 100644 index 000000000..e315c3dbb --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c @@ -0,0 +1,482 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_sw_ev.h" +#include "swima/swima_event.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> + +#define SW_EV_TIMESTAMP_SIZE 20 + +typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t; + +/** + * Software [Identifier] Events + * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID Copy / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID Epoch | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last Consulted EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Identifier | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Data Model Type PEN |Data Model Type| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Source ID Num | Action | Software Identifier Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Locator Length | Software Locator (Var. Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Software Event only + * see section 5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record (Variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an ietf_swima_attr_sw_ev_t object. + */ +struct private_ietf_swima_attr_sw_ev_t { + + /** + * Public members of ietf_swima_attr_sw_ev_t + */ + ietf_swima_attr_sw_ev_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer + */ + chunk_t value; + + /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Attribute flags + */ + uint8_t flags; + + /** + * Number of unprocessed software events in attribute + */ + uint32_t event_count; + + /** + * Event list + */ + swima_events_t *events; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_sw_ev_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + bio_writer_t *writer; + swima_event_t *sw_event; + swima_record_t *sw_record; + chunk_t timestamp, sw_id, sw_locator, record; + pen_type_t data_model; + uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch; + uint8_t action, source_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + last_consulted_eid = this->events->get_eid(this->events, &eid_epoch, + &last_eid); + + writer = bio_writer_create(IETF_SWIMA_SW_EV_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->events->get_count(this->events)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, eid_epoch); + writer->write_uint32(writer, last_eid); + writer->write_uint32(writer, last_consulted_eid); + + enumerator = this->events->create_enumerator(this->events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + eid = sw_event->get_eid(sw_event, ×tamp); + action = sw_event->get_action(sw_event); + sw_record = sw_event->get_sw_record(sw_event); + record_id = sw_record->get_record_id(sw_record); + data_model = sw_record->get_data_model(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + + writer->write_uint32(writer, eid); + writer->write_data (writer, timestamp); + writer->write_uint32(writer, record_id); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, source_id); + writer->write_uint8 (writer, action); + writer->write_data16(writer, sw_id); + writer->write_data16(writer, sw_locator); + + if (this->type.type == IETF_ATTR_SW_EVENTS) + { + record = sw_record->get_record(sw_record); + writer->write_data32(writer, record); + } + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + uint32_t data_model_pen, record_id; + uint32_t eid, eid_epoch, last_eid, last_consulted_eid; + uint8_t data_model_type, source_id, action; + pen_type_t data_model; + chunk_t sw_id, sw_locator, record, timestamp; + swima_event_t *sw_event; + swima_record_t *sw_record; + status_t status = NEED_MORE; + + if (this->offset == 0) + { + if (this->length < IETF_SWIMA_SW_EV_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < IETF_SWIMA_SW_EV_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &this->event_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &eid_epoch); + reader->read_uint32(reader, &last_eid); + reader->read_uint32(reader, &last_consulted_eid); + this->offset = IETF_SWIMA_SW_EV_MIN_SIZE; + this->events->set_eid(this->events, last_consulted_eid, eid_epoch); + this->events->set_last_eid(this->events, last_eid); + this->value = reader->peek(reader); + reader->destroy(reader); + } + + reader = bio_reader_create(this->value); + + while (this->event_count) + { + if (!reader->read_uint32(reader, &eid) || + !reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, ×tamp) || + !reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_uint8 (reader, &action) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + goto end; + } + record = chunk_empty; + + if (action == 0 || action > SWIMA_EVENT_ACTION_LAST) + { + DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names, + PEN_IETF, ietf_attr_names, this->type.type); + *offset = this->offset; + reader->destroy(reader); + + return FAILED; + } + + if (this->type.type == IETF_ATTR_SW_EVENTS && + !reader->read_data32(reader, &record)) + { + goto end; + } + data_model = pen_type_create(data_model_pen, data_model_type); + sw_record = swima_record_create(record_id, sw_id, sw_locator); + sw_record->set_data_model(sw_record, data_model); + sw_record->set_source_id(sw_record, source_id); + sw_record->set_record(sw_record, record); + sw_event = swima_event_create(eid, timestamp, action, sw_record); + this->events->add(this->events, sw_event); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); + + /* at least one software event was processed */ + status = SUCCESS; + this->event_count--; + } + + if (this->length == this->offset) + { + status = SUCCESS; + } + else + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; + } + +end: + reader->destroy(reader); + return status; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_sw_ev_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_sw_ev_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + if (ref_put(&this->ref)) + { + this->events->destroy(this->events); + free(this->segment.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_sw_ev_t, get_flags, uint8_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_sw_ev_t, get_request_id, uint32_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_sw_ev_t, get_event_count, uint32_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->event_count; +} + +METHOD(ietf_swima_attr_sw_ev_t, set_events, void, + private_ietf_swima_attr_sw_ev_t *this, swima_events_t *events) +{ + this->events->destroy(this->events); + this->events = events->get_ref(events); +} + +METHOD(ietf_swima_attr_sw_ev_t, get_events, swima_events_t*, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->events; +} + +METHOD(ietf_swima_attr_sw_ev_t, clear_events, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + this->events->clear(this->events); +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_ev_create(uint8_t flags, uint32_t request_id, + bool sw_id_only) +{ + private_ietf_swima_attr_sw_ev_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_EVENTS : IETF_ATTR_SW_EVENTS; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_event_count = _get_event_count, + .set_events = _set_events, + .get_events = _get_events, + .clear_events = _clear_events, + }, + .type = { PEN_IETF, type }, + .flags = flags, + .request_id = request_id, + .events = swima_events_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_ev_create_from_data(size_t length, + chunk_t data, bool sw_id_only) +{ + private_ietf_swima_attr_sw_ev_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_EVENTS : IETF_ATTR_SW_EVENTS; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_event_count = _get_event_count, + .set_events = _set_events, + .get_events = _get_events, + .clear_events = _clear_events, + }, + .type = { PEN_IETF, type }, + .length = length, + .segment = chunk_clone(data), + .events = swima_events_create(), + .ref = 1, + ); + + /* received either complete attribute value or first segment */ + this->value = this->segment; + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h new file mode 100644 index 000000000..00f64dd80 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_sw_ev ietf_swima_attr_sw_ev + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_SW_EV_H_ +#define IETF_SWIMA_ATTR_SW_EV_H_ + +#define IETF_SWIMA_SW_EV_MIN_SIZE 20 + +typedef struct ietf_swima_attr_sw_ev_t ietf_swima_attr_sw_ev_t; +typedef enum ietf_swima_attr_sw_ev_flag_t ietf_swima_attr_sw_ev_flag_t; + +enum ietf_swima_attr_sw_ev_flag_t { + IETF_SWIMA_ATTR_SW_EV_FLAG_NONE = 0, + IETF_SWIMA_ATTR_SW_EV_FLAG_S_F = (1 << 7) +}; + +#include "ietf/ietf_attr.h" +#include "swima/swima_events.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Identifier Inventory attribute + * + */ +struct ietf_swima_attr_sw_ev_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get Software Inventory flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_sw_ev_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_sw_ev_t *this); + + /** + * Get number of Software [Identifier] Events + * + * @return Software [Identifier] event count + */ + uint32_t (*get_event_count)(ietf_swima_attr_sw_ev_t *this); + + /** + * Add Software [Identifier] Events + * + * @param sw_events List of Software [Identifier] events to be added + */ + void (*set_events)(ietf_swima_attr_sw_ev_t *this, + swima_events_t *sw_events); + /** + * Get Software [Identifier] Events + * + * @result Software [Identifier] events + */ + swima_events_t* (*get_events)(ietf_swima_attr_sw_ev_t *this); + + /** + * Remove all Software [Identifier] events + */ + void (*clear_events)(ietf_swima_attr_sw_ev_t *this); + +}; + +/** + * Creates an ietf_swima_attr_sw_ev_t object + * + * @param flags Sets the flags + * @param request_id Copy of the Request ID + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_ev_create(uint8_t flags, uint32_t request_id, + bool sw_id_only); + +/** + * Creates an ietf_swima_attr_sw_ev_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_ev_create_from_data(size_t length, + chunk_t value, bool sw_id_only); + +#endif /** IETF_SWIMA_ATTR_SW_EV_H_ @}*/ diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c new file mode 100644 index 000000000..ee5b16b92 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c @@ -0,0 +1,438 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_sw_inv.h" +#include "swima/swima_record.h" + +#include <pa_tnc/pa_tnc_msg.h> +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <utils/debug.h> + + +typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t; + +/** + * Software [Identifier] Inventory + * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID Copy / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID Epoch | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Identifier | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Data Model Type PEN |Data Model Type| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Source ID Num | Software Identifier Length |Software Id (v)| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Locator Length | Software Locator (Var. Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Software Inventory only + * see section 5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record (Variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an ietf_swima_attr_sw_inv_t object. + */ +struct private_ietf_swima_attr_sw_inv_t { + + /** + * Public members of ietf_swima_attr_sw_inv_t + */ + ietf_swima_attr_sw_inv_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer + */ + chunk_t value; + + /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Attribute flags + */ + uint8_t flags; + + /** + * Number of unprocessed software inventory evidence records in attribute + */ + uint32_t record_count; + + /** + * SWID Tag ID Inventory + */ + swima_inventory_t *inventory; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_sw_inv_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + bio_writer_t *writer; + swima_record_t *sw_record; + chunk_t sw_id, sw_locator, record; + pen_type_t data_model; + uint32_t record_id, last_eid, eid_epoch; + uint8_t source_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + last_eid = this->inventory->get_eid(this->inventory, &eid_epoch); + + writer = bio_writer_create(IETF_SWIMA_SW_INV_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->inventory->get_count(this->inventory)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, eid_epoch); + writer->write_uint32(writer, last_eid); + + enumerator = this->inventory->create_enumerator(this->inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + record_id = sw_record->get_record_id(sw_record); + data_model = sw_record->get_data_model(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + + writer->write_uint32(writer, record_id); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, source_id); + writer->write_data16(writer, sw_id); + writer->write_data16(writer, sw_locator); + + if (this->type.type == IETF_ATTR_SW_INVENTORY) + { + record = sw_record->get_record(sw_record); + writer->write_data32(writer, record); + } + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + uint32_t data_model_pen, record_id, last_eid, eid_epoch; + uint8_t data_model_type, source_id; + pen_type_t data_model; + chunk_t sw_id, sw_locator, record; + swima_record_t *sw_record; + status_t status = NEED_MORE; + + if (this->offset == 0) + { + if (this->length < IETF_SWIMA_SW_INV_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < IETF_SWIMA_SW_INV_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &this->record_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &eid_epoch); + reader->read_uint32(reader, &last_eid); + this->offset = IETF_SWIMA_SW_INV_MIN_SIZE; + this->value = reader->peek(reader); + this->inventory->set_eid(this->inventory, last_eid, eid_epoch); + reader->destroy(reader); + } + + reader = bio_reader_create(this->value); + + while (this->record_count) + { + if (!reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + goto end; + } + record = chunk_empty; + + if (this->type.type == IETF_ATTR_SW_INVENTORY && + !reader->read_data32(reader, &record)) + { + goto end; + } + data_model = pen_type_create(data_model_pen, data_model_type); + sw_record = swima_record_create(record_id, sw_id, sw_locator); + sw_record->set_data_model(sw_record, data_model); + sw_record->set_source_id(sw_record, source_id); + sw_record->set_record(sw_record, record); + this->inventory->add(this->inventory, sw_record); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); + + /* at least one software inventory evidence record was processed */ + status = SUCCESS; + this->record_count--; + } + + if (this->length == this->offset) + { + status = SUCCESS; + } + else + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; + } + +end: + reader->destroy(reader); + return status; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_sw_inv_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_sw_inv_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + if (ref_put(&this->ref)) + { + this->inventory->destroy(this->inventory); + free(this->segment.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_sw_inv_t, get_flags, uint8_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_sw_inv_t, get_request_id, uint32_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_sw_inv_t, get_record_count, uint32_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->record_count; +} + +METHOD(ietf_swima_attr_sw_inv_t, set_inventory, void, + private_ietf_swima_attr_sw_inv_t *this, swima_inventory_t *inventory) +{ + this->inventory->destroy(this->inventory); + this->inventory = inventory->get_ref(inventory); +} + +METHOD(ietf_swima_attr_sw_inv_t, get_inventory, swima_inventory_t*, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->inventory; +} + +METHOD(ietf_swima_attr_sw_inv_t, clear_inventory, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + this->inventory->clear(this->inventory); +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_inv_create(uint8_t flags, uint32_t request_id, + bool sw_id_only) +{ + private_ietf_swima_attr_sw_inv_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_INVENTORY : IETF_ATTR_SW_INVENTORY; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_record_count = _get_record_count, + .set_inventory = _set_inventory, + .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, + }, + .type = { PEN_IETF, type }, + .flags = flags, + .request_id = request_id, + .inventory = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_inv_create_from_data(size_t length, + chunk_t data, bool sw_id_only) +{ + private_ietf_swima_attr_sw_inv_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_INVENTORY : IETF_ATTR_SW_INVENTORY; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_record_count = _get_record_count, + .set_inventory = _set_inventory, + .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, + }, + .type = { PEN_IETF, type }, + .length = length, + .segment = chunk_clone(data), + .inventory = swima_inventory_create(), + .ref = 1, + ); + + /* received either complete attribute value or first segment */ + this->value = this->segment; + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h new file mode 100644 index 000000000..a50cf2914 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_sw_inv ietf_swima_attr_sw_inv + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_SW_INV_H_ +#define IETF_SWIMA_ATTR_SW_INV_H_ + +#define IETF_SWIMA_SW_INV_MIN_SIZE 16 + +typedef struct ietf_swima_attr_sw_inv_t ietf_swima_attr_sw_inv_t; +typedef enum ietf_swima_attr_sw_inv_flag_t ietf_swima_attr_sw_inv_flag_t; + +enum ietf_swima_attr_sw_inv_flag_t { + IETF_SWIMA_ATTR_SW_INV_FLAG_NONE = 0, + IETF_SWIMA_ATTR_SW_INV_FLAG_S_F = (1 << 7) +}; + +#include "ietf/ietf_attr.h" +#include "swima/swima_inventory.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Identifier Inventory attribute + * + */ +struct ietf_swima_attr_sw_inv_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get Software Inventory flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_sw_inv_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_sw_inv_t *this); + + /** + * Get number of Software [Identifier] Inventory records + * + * @return Software ID count + */ + uint32_t (*get_record_count)(ietf_swima_attr_sw_inv_t *this); + + /** + * Add a Software [Identifier] Inventory + * + * @param sw_inventory Software [Identifier] record to be added + */ + void (*set_inventory)(ietf_swima_attr_sw_inv_t *this, + swima_inventory_t *sw_inventory); + /** + * Get Software [Identifier] Inventory + * + * @result Software [Identifier] Inventory + */ + swima_inventory_t* (*get_inventory)(ietf_swima_attr_sw_inv_t *this); + + /** + * Remove all Software [Identifier] records from the inventory + */ + void (*clear_inventory)(ietf_swima_attr_sw_inv_t *this); + + +}; + +/** + * Creates an ietf_swima_attr_sw_inv_t object + * + * @param flags Sets the flags + * @param request_id Copy of the Request ID + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_inv_create(uint8_t flags, uint32_t request_id, + bool sw_id_only); + +/** + * Creates an ietf_swima_attr_sw_inv_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_inv_create_from_data(size_t length, + chunk_t value, bool sw_id_only); + +#endif /** IETF_SWIMA_ATTR_SW_INV_H_ @}*/ diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h index e260ff8f6..0f44d8f6f 100644 --- a/src/libimcv/imcv.h +++ b/src/libimcv/imcv.h @@ -36,6 +36,9 @@ * @defgroup libimcv_swid swid * @ingroup libimcv * + * @defgroup libimcv_swima swima + * @ingroup libimcv + * * @addtogroup libimcv * @{ */ diff --git a/src/libimcv/imcv_tests.h b/src/libimcv/imcv_tests.h index d3ea24b1f..2a0e13206 100644 --- a/src/libimcv/imcv_tests.h +++ b/src/libimcv/imcv_tests.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,4 +14,4 @@ */ TEST_SUITE(imcv_seg_suite_create) - +TEST_SUITE(imcv_swima_suite_create) diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index fb0db91ee..a872499d2 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -652,114 +652,120 @@ INSERT INTO algorithms ( 8192, 'SHA384' ); +INSERT INTO algorithms ( + id, name +) VALUES ( + 4096, 'SHA512' +); + /* File Hashes */ INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' + 2, 2, 32768, '6c6f8e12f6cbfba612e780374c4cdcd40f20968a' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' + 2, 2, 16384, 'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' + 2, 2, 8192, '197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' + 2, 4, 32768, '3ad204f99eb7262efab79cfca02628870ea76361' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' + 2, 4, 16384, '3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' + 2, 4, 8192, 'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' + 4, 5, 32768, 'ecd9c7076cc0572724c7a67db7f19c2831e0445f' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' + 4, 5, 16384, '28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' + 4, 5, 8192, '51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' + 5, 1, 32768, 'd9309b9e45928239d7a7b18711e690792632cce4' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' + 5, 1, 16384, 'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' + 5, 1, 8192, 'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' + 5, 3, 32768, '3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' + 5, 3, 16384, 'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' + 5, 3, 8192, 'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' + 6, 5, 32768, 'e59602f4edf24c1b36199588886d06665d4adcd7' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' + 6, 5, 16384, '090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' + 6, 5, 8192, '7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' ); /* Packages */ @@ -790,30 +796,42 @@ INSERT INTO packages ( /* 4 */ /* Versions */ -INSERT INTO versions ( +INSERT INTO versions ( /* 1 */ package, product, release, time ) VALUES ( 1, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 2 */ package, product, release, time ) VALUES ( 2, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 3 */ package, product, release, time ) VALUES ( 3, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 4 */ package, product, release, time ) VALUES ( 4, 28, '1.0.1e-2', 1366531494 ); +INSERT INTO versions ( /* 5 */ + package, product, time +) VALUES ( + 2, 18, 1350544774 +); + +INSERT INTO versions ( /* 6 */ + package, product, time +) VALUES ( + 4, 18, 1350544774 +); + /* Components */ INSERT INTO components ( @@ -1681,59 +1699,59 @@ INSERT INTO enforcements ( /* 18 */ INSERT INTO "swid_entities" ( /* 1 */ "name", "regid" ) VALUES ( - 'strongSwan Project', 'regid.2004-03.org.strongswan' + 'strongSwan Project', 'strongswan.org' ); INSERT INTO swid_entities ( /* 2 */ "name", "regid" ) VALUES ( - 'Adobe Systems Inc.', 'regid.1986-12.com.adobe' + 'Adobe Systems Inc.', 'adobe.com' ); INSERT INTO swid_entities ( /* 3 */ "name", "regid" ) VALUES ( - 'Microsoft Corporation', 'regid.1991-06.com.microsoft' + 'Microsoft Corporation', 'microsoft.com' ); INSERT INTO swid_entities ( /* 4 */ "name", "regid" ) VALUES ( - 'Ubuntu Project', 'regid.2004-05.com.ubuntu' + 'Ubuntu Project', 'ubuntu.com' ); INSERT INTO swid_entities ( /* 5 */ "name", "regid" ) VALUES ( - 'Apache Software Foundation', 'regid.1995-04.org.apache' + 'Apache Software Foundation', 'apache.org' ); INSERT INTO swid_entities ( /* 6 */ "name", "regid" ) VALUES ( - 'Debian Project', 'regid.1999-03.org.debian' + 'Debian Project', 'debian.org' ); INSERT INTO swid_entities ( /* 7 */ "name", "regid" ) VALUES ( - 'Internet Systems Consortium', 'regid.1994-04.org.isc' + 'Internet Systems Consortium', 'isc.org' ); INSERT INTO swid_entities ( /* 8 */ "name", "regid" ) VALUES ( - 'OpenSSL Project', 'regid.1998-12.org.openssl' + 'OpenSSL Project', 'openssl.org' ); INSERT INTO swid_entities ( /* 9 */ "name", "regid" ) VALUES ( - 'Samba Project', 'regid.1998-01.org.samba' + 'Samba Project', 'samba.org' ); INSERT INTO swid_entities ( /* 10 */ "name", "regid" ) VALUES ( - 'SQLite Project', 'regid.2002-08.org.sqlite' + 'SQLite Project', 'sqlite.org' ); diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index b730f8c41..1988873e9 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -130,6 +130,31 @@ static bool iterate_enforcements(database_t *db, int device_id, int session_id, case IMV_WORKITEM_DIR_META: arg_int = dir; break; + case IMV_WORKITEM_SWID_TAGS: + /* software [identifier] inventory by default */ + arg_int = 0; + + /* software identifiers only? */ + if (device_id && strchr(argument, 'R')) + { + /* get last EID in order to set earliest EID */ + e2 = db->query(db, + "SELECT eid FROM swid_events where device == ? " + "ORDER BY eid DESC", DB_UINT, device_id, DB_INT); + if (e2) + { + if (e2->enumerate(e2, &arg_int)) + { + arg_int++; + } + else + { + arg_int = 1; + } + e2->destroy(e2); + } + } + break; default: arg_int = 0; } diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql index 5c2a6563b..8bde8898f 100644 --- a/src/libimcv/imv/tables.sql +++ b/src/libimcv/imv/tables.sql @@ -41,11 +41,15 @@ DROP TABLE IF EXISTS file_hashes; CREATE TABLE file_hashes ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, file INTEGER NOT NULL REFERENCES files(id), - product INTEGER NOT NULL REFERENCES products(id), - device INTEGER DEFAULT 0 REFERENCES devices(id), + version INTEGER REFERENCES versions(id), + device INTEGER REFERENCES devices(id), + size INTEGER, algo INTEGER NOT NULL REFERENCES algorithms(id), - hash BLOB NOT NULL + hash VARCHAR(64) NOT NULL, + mutable INTEGER DEFAULT 0 ); +DROP INDEX IF EXISTS "file_hashes_idx"; +CREATE INDEX "file_hashes_idx" ON "file_hashes" ("file", "version", "algo"); DROP TABLE IF EXISTS groups; CREATE TABLE groups ( @@ -177,9 +181,9 @@ CREATE INDEX packages_name ON packages ( DROP TABLE IF EXISTS versions; CREATE TABLE versions ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, - package INTEGER NOT NULL REFERENCES packages(id), product INTEGER NOT NULL REFERENCES products(id), - release TEXT NOT NULL, + package INTEGER NOT NULL REFERENCES packages(id), + release TEXT, security INTEGER DEFAULT 0, blacklist INTEGER DEFAULT 0, time INTEGER DEFAULT 0 @@ -302,14 +306,47 @@ CREATE INDEX "swid_tags_sessions_session_id" ON "swid_tags_sessions" ( DROP TABLE IF EXISTS "swid_tagstats"; CREATE TABLE "swid_tagstats" ( - "id" integer NOT NULL PRIMARY KEY, - "tag_id" integer NOT NULL REFERENCES "swid_tags" ("id"), - "device_id" integer NOT NULL REFERENCES "devices" ("id"), - "first_seen_id" integer NOT NULL REFERENCES "sessions" ("id"), - "last_seen_id" integer NOT NULL REFERENCES "sessions" ("id"), + "id" INTEGER NOT NULL PRIMARY KEY, + "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"), + "device_id" INTEGER NOT NULL REFERENCES "devices" ("id"), + "first_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"), + "last_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"), + "first_installed_id" INTEGER REFERENCES "swid_events" ("id"), + "last_deleted_id" INTEGER REFERENCES "swid_events" ("id"), UNIQUE ("tag_id", "device_id") ); CREATE INDEX "swid_tagstats_tag_id" ON "swid_tagstats" ("tag_id"); CREATE INDEX "swid_tagstats_device_id" ON "swid_tagstats" ("device_id"); CREATE INDEX "swid_tagstats_first_seen_id" ON "swid_tagstats" ("first_seen_id"); CREATE INDEX "swid_tagstats_last_seen_id" ON "swid_tagstats" ("last_seen_id"); + +DROP TABLE IF EXISTS "swid_events"; +CREATE TABLE "swid_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "device" INTEGER REFERENCES "devices" ("id"), + "epoch" INTEGER NOT NULL, + "eid" INTEGER NOT NULL, + "timestamp" CHAR(20) NOT NULL +); +DROP INDEX IF EXISTS "swid_events_device"; +CREATE INDEX "swid_events_device" ON "swid_events" ( + "device" +); + +DROP TABLE IF EXISTS "swid_tags_events"; +CREATE TABLE "swid_tags_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"), + "event_id" INTEGER NOT NULL REFERENCES "swid_events" ("id"), + "action" INTEGER NOT NULL, + "record_id" INTEGER DEFAULT 0, + "source_id" INTEGER DEFAULT 0 +); +DROP INDEX IF EXISTS "swid_tags_events_event_id"; +DROP INDEX IF EXISTS "swid_tags_events_tag_id"; +CREATE INDEX "swid_tags_events_event_id" ON "swid_tags_events" ( + "event_id" +); +CREATE INDEX "swid_tags_events_tag_id" ON "swid_tags_events" ( + "tag_id" +); diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 17c649dfd..5f5add704 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -299,8 +299,9 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool, error_code = error_attr->get_error_code(error_attr); msg_info = error_attr->get_msg_info(error_attr); - /* skip errors from non-IETF namespaces */ - if (error_code.vendor_id != PEN_IETF) + /* skip errors from non-IETF namespaces and non PA-TNC msg errors */ + if (error_code.vendor_id != PEN_IETF || + error_code.type > PA_ERROR_PA_TNC_MSG_ROOF) { continue; } diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index d67050f0d..1600d4d2f 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 981af3964..b12499d82 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index aa0c49aeb..14c6e02a0 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 63b43154c..664ffdff6 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am index c1cdb988a..22f2e3762 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.am +++ b/src/libimcv/plugins/imc_swid/Makefile.am @@ -1,21 +1,20 @@ -regid = regid.2004-03.org.strongswan +regid = strongswan.org unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)_$(unique_sw_id).swidtag +swid_tag = $(regid)__$(unique_sw_id).swidtag -swiddir = $(prefix)/share/$(regid) -swid_DATA = $(swid_tag) -ipsec_DATA = $(swid_tag) -EXTRA_DIST = $(regid)_strongSwan.swidtag.in -CLEANFILES = $(regid)_strongSwan*.swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag -$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in +$(swid_tag) : $(regid)__strongSwan.swidtag.in $(AM_V_GEN) \ sed \ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)_strongSwan.swidtag.in > $@ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 02bc2bfef..b6a77dda4 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -103,7 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -135,8 +136,7 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \ - "$(DESTDIR)$(swiddir)" +am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -190,7 +190,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -DATA = $(ipsec_DATA) $(swid_DATA) +DATA = $(dist_swid_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,17 +441,20 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -regid = regid.2004-03.org.strongswan +regid = strongswan.org unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)_$(unique_sw_id).swidtag -swiddir = $(prefix)/share/$(regid) -swid_DATA = $(swid_tag) -ipsec_DATA = $(swid_tag) -EXTRA_DIST = $(regid)_strongSwan.swidtag.in -CLEANFILES = $(regid)_strongSwan*.swidtag +swid_tag = $(regid)__$(unique_sw_id).swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ @@ -578,30 +581,9 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-ipsecDATA: $(ipsec_DATA) +install-dist_swidDATA: $(dist_swid_DATA) @$(NORMAL_INSTALL) - @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(ipsecdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(ipsecdir)" || exit $$?; \ - done - -uninstall-ipsecDATA: - @$(NORMAL_UNINSTALL) - @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(ipsecdir)'; $(am__uninstall_files_from_dir) -install-swidDATA: $(swid_DATA) - @$(NORMAL_INSTALL) - @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \ + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ @@ -615,9 +597,9 @@ install-swidDATA: $(swid_DATA) $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ done -uninstall-swidDATA: +uninstall-dist_swidDATA: @$(NORMAL_UNINSTALL) - @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \ + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) @@ -707,7 +689,7 @@ check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(DATA) installdirs: - for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(swiddir)"; do \ + for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -764,8 +746,7 @@ info: info-am info-am: -install-data-am: install-imcvLTLIBRARIES install-ipsecDATA \ - install-swidDATA +install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES install-dvi: install-dvi-am @@ -811,8 +792,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ - uninstall-swidDATA +uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES .MAKE: install-am install-strip @@ -821,28 +801,28 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-imcvLTLIBRARIES install-info install-info-am \ - install-ipsecDATA install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip install-swidDATA \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-dist_swidDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-imcvLTLIBRARIES install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ - uninstall-ipsecDATA uninstall-swidDATA + tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ + uninstall-imcvLTLIBRARIES .PRECIOUS: Makefile -$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in +$(swid_tag) : $(regid)__strongSwan.swidtag.in $(AM_V_GEN) \ sed \ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)_strongSwan.swidtag.in > $@ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c index 0dcb9afb6..1468a59cc 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid.c +++ b/src/libimcv/plugins/imc_swid/imc_swid.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2015 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,8 +30,6 @@ #include <pen/pen.h> #include <utils/debug.h> -#define SWID_GENERATOR "/usr/local/bin/swid_generator" - /* IMC definitions */ static const char imc_name[] = "SWID"; @@ -165,7 +163,7 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, pa_tnc_attr_t *attr, *attr_error; imc_swid_state_t *swid_state; swid_inventory_t *swid_inventory; - char *swid_directory, *swid_generator; + char *swid_directory; uint32_t eid_epoch; bool swid_pretty, swid_full; enumerator_t *enumerator; @@ -173,9 +171,6 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, swid_directory = lib->settings->get_str(lib->settings, "%s.plugins.imc-swid.swid_directory", SWID_DIRECTORY, lib->ns); - swid_generator = lib->settings->get_str(lib->settings, - "%s.plugins.imc-swid.swid_generator", - SWID_GENERATOR, lib->ns); swid_pretty = lib->settings->get_bool(lib->settings, "%s.plugins.imc-swid.swid_pretty", FALSE, lib->ns); @@ -184,8 +179,8 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, FALSE, lib->ns); swid_inventory = swid_inventory_create(full_tags); - if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator, - targets, swid_pretty, swid_full)) + if (!swid_inventory->collect(swid_inventory, swid_directory, targets, + swid_pretty, swid_full)) { swid_inventory->destroy(swid_inventory); attr_error = swid_error_create(TCG_SWID_ERROR, request_id, diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag new file mode 100644 index 000000000..644c0989c --- /dev/null +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="utf-8"?> +<SoftwareIdentity + name="strongSwan" + tagId="strongSwan-5-6-0" + version="5.6.0" versionScheme="alphanumeric" + xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> + <Entity + name="strongSwan Project" + regid="strongswan.org" + role="softwareCreator licensor tagCreator"/> +</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in index 8b7b50fdf..0e5aa8d4d 100644 --- a/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in @@ -1,12 +1,11 @@ <?xml version="1.0" encoding="utf-8"?> - <SoftwareIdentity name="strongSwan" - uniqueId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@" + tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@" version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric" - xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"> + xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> <Entity name="strongSwan Project" - regid="regid.2004-03.org.strongswan" - role="publisher licensor tagcreator"/> + regid="strongswan.org" + role="softwareCreator licensor tagCreator"/> </SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am new file mode 100644 index 000000000..4a29e7949 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/Makefile.am @@ -0,0 +1,33 @@ +regid = strongswan.org +unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) +swid_tag = $(regid)__$(unique_sw_id).swidtag + +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag + +$(swid_tag) : $(regid)__strongSwan.swidtag.in + $(AM_V_GEN) \ + sed \ + -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ + -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ + -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ + -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imc-swima.la + +imc_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +imc_swima_la_SOURCES = imc_swima.c imc_swima_state.h imc_swima_state.c +imc_swima_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in new file mode 100644 index 000000000..ae1d024af --- /dev/null +++ b/src/libimcv/plugins/imc_swima/Makefile.in @@ -0,0 +1,828 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libimcv/plugins/imc_swima +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" +LTLIBRARIES = $(imcv_LTLIBRARIES) +imc_swima_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +am_imc_swima_la_OBJECTS = imc_swima.lo imc_swima_state.lo +imc_swima_la_OBJECTS = $(am_imc_swima_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +imc_swima_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(imc_swima_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(imc_swima_la_SOURCES) +DIST_SOURCES = $(imc_swima_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +DATA = $(dist_swid_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +regid = strongswan.org +unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) +swid_tag = $(regid)__$(unique_sw_id).swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imc-swima.la +imc_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la + +imc_swima_la_SOURCES = imc_swima.c imc_swima_state.h imc_swima_state.c +imc_swima_la_LDFLAGS = -module -avoid-version -no-undefined +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swima/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swima/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ + } + +uninstall-imcvLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ + done + +clean-imcvLTLIBRARIES: + -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) + @list='$(imcv_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +imc-swima.la: $(imc_swima_la_OBJECTS) $(imc_swima_la_DEPENDENCIES) $(EXTRA_imc_swima_la_DEPENDENCIES) + $(AM_V_CCLD)$(imc_swima_la_LINK) -rpath $(imcvdir) $(imc_swima_la_OBJECTS) $(imc_swima_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swima.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swima_state.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dist_swidDATA: $(dist_swid_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ + done + +uninstall-dist_swidDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_swidDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-imcvLTLIBRARIES install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ + uninstall-imcvLTLIBRARIES + +.PRECIOUS: Makefile + + +$(swid_tag) : $(regid)__strongSwan.swidtag.in + $(AM_V_GEN) \ + sed \ + -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ + -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ + -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ + -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c new file mode 100644 index 000000000..e120cf7fc --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima.c @@ -0,0 +1,407 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imc_swima_state.h" + +#include <imc/imc_agent.h> +#include <imc/imc_msg.h> +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" +#include "swima/swima_inventory.h" +#include "swima/swima_collector.h" +#include "swima/swima_error.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" + +#include <tncif_pa_subtypes.h> +#include <pen/pen.h> +#include <utils/debug.h> + +/* IMC definitions */ + +static const char imc_name[] = "SWIMA"; + +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_SW } +}; + +static imc_agent_t *imc_swima; + +/** + * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) +{ + if (imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); + return TNC_RESULT_ALREADY_INITIALIZED; + } + imc_swima = imc_agent_create(imc_name, msg_types, countof(msg_types), + imc_id, actual_version); + if (!imc_swima) + { + return TNC_RESULT_FATAL; + } + if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) + { + DBG1(DBG_IMC, "no common IF-IMC version"); + return TNC_RESULT_NO_COMMON_VERSION; + } + return TNC_RESULT_SUCCESS; +} + +/** + * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) +{ + imc_state_t *state; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imc_swima_state_create(connection_id); + return imc_swima->create_state(imc_swima, state); + case TNC_CONNECTION_STATE_HANDSHAKE: + if (imc_swima->change_state(imc_swima, connection_id, new_state, + &state) != TNC_RESULT_SUCCESS) + { + return TNC_RESULT_FATAL; + } + state->set_result(state, imc_id, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + return TNC_RESULT_SUCCESS; + case TNC_CONNECTION_STATE_DELETE: + return imc_swima->delete_state(imc_swima, connection_id); + default: + return imc_swima->change_state(imc_swima, connection_id, + new_state, NULL); + } +} + +/** + * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + imc_state_t *state; + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + char buf[BUF_LEN]; + TNC_Result result = TNC_RESULT_SUCCESS; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMV */ + contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, + TRUE, imc_id, TRUE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + + /* send PA-TNC message with the excl flag not set */ + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + out_msg->add_attribute(out_msg, attr); + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; +} + +/** + * Add SWID Inventory or Event attribute to the send queue + */ +static void fulfill_request(imc_state_t *state, imc_msg_t *msg, + uint32_t request_id, bool sw_id_only, + swima_inventory_t *targets) +{ + pa_tnc_attr_t *attr; + swima_collector_t *collector; + size_t msg_len = 64; + char error_msg[msg_len], *id_str; + bool collect_inventory = TRUE; + int items; + + collector = swima_collector_create(); + id_str = sw_id_only ? " ID" : ""; + + if (targets->get_eid(targets, NULL) > 0) + { + swima_events_t *sw_ev; + ietf_swima_attr_sw_ev_t *sw_ev_attr; + + sw_ev = collector->collect_events(collector, sw_id_only, targets); + if (!sw_ev) + { + snprintf(error_msg, msg_len, "failed to collect SW%s events, " + "fallback to SW%s inventory", id_str, id_str); + attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg); + msg->add_attribute(msg, attr); + } + else { + items = sw_ev->get_count(sw_ev); + DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str, + items == 1 ? "" : "s"); + + /* Send an IETF SW [Identity] Events attribute */ + attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, + request_id, sw_id_only); + sw_ev_attr = (ietf_swima_attr_sw_ev_t*)attr; + sw_ev_attr->set_events(sw_ev_attr, sw_ev); + collect_inventory = FALSE; + } + } + + if (collect_inventory) + { + swima_inventory_t *sw_inv; + ietf_swima_attr_sw_inv_t *sw_inv_attr; + + sw_inv = collector->collect_inventory(collector, sw_id_only, targets); + if (!sw_inv) + { + snprintf(error_msg, msg_len, "failed to collect SW%s inventory", + id_str); + attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg); + } + else + { + items = sw_inv->get_count(sw_inv); + DBG1(DBG_IMC, "collected %d SW%s record%s", items, id_str, + items == 1 ? "" : "s"); + + /* Send an IETF SW [Identity] Inventory attribute */ + attr = ietf_swima_attr_sw_inv_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, + request_id, sw_id_only); + sw_inv_attr = (ietf_swima_attr_sw_inv_t*)attr; + sw_inv_attr->set_inventory(sw_inv_attr, sw_inv); + } + } + msg->add_attribute(msg, attr); + collector->destroy(collector); +} + +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) +{ + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + enumerator_t *enumerator; + pen_type_t type; + TNC_Result result; + bool fatal_error = FALSE; + + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, out_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + out_msg->destroy(out_msg); + return result; + } + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + ietf_swima_attr_req_t *attr_req; + uint8_t flags; + uint32_t request_id; + bool sw_id_only; + swima_inventory_t *targets; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SW_REQUEST) + { + continue; + } + + attr_req = (ietf_swima_attr_req_t*)attr; + flags = attr_req->get_flags(attr_req); + request_id = attr_req->get_request_id(attr_req); + targets = attr_req->get_targets(attr_req); + + if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C)) + { + attr = swima_error_create(PA_ERROR_SW_SUBSCRIPTION_DENIED, + request_id, 0, "no subscription available yet"); + out_msg->add_attribute(out_msg, attr); + break; + } + sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); + + fulfill_request(state, out_msg, request_id, sw_id_only, targets); + break; + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + result = TNC_RESULT_FATAL; + } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); + + return result; +} + +/** + * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 + + */ +TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) +{ + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_data(imc_swima, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +/** + * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 + */ +TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) +{ + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_swima, state, connection_id, + src_imv_id, dst_imc_id,msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +/** + * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + return TNC_RESULT_SUCCESS; +} + +/** + * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + imc_swima->destroy(imc_swima); + imc_swima = NULL; + + return TNC_RESULT_SUCCESS; +} + +/** + * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, + TNC_TNCC_BindFunctionPointer bind_function) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + return imc_swima->bind_functions(imc_swima, bind_function); +} diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c new file mode 100644 index 000000000..70b2434a4 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imc_swima_state.h" + +#include <tncif_names.h> + +#include <utils/debug.h> + +typedef struct private_imc_swima_state_t private_imc_swima_state_t; + +/** + * Private data of an imc_swima_state_t object. + */ +struct private_imc_swima_state_t { + + /** + * Public members of imc_swima_state_t + */ + imc_swima_state_t public; + + /** + * TNCCS connection ID + */ + TNC_ConnectionID connection_id; + + /** + * TNCCS connection state + */ + TNC_ConnectionState state; + + /** + * Assessment/Evaluation Result + */ + TNC_IMV_Evaluation_Result result; + + /** + * Does the TNCCS connection support long message types? + */ + bool has_long; + + /** + * Does the TNCCS connection support exclusive delivery? + */ + bool has_excl; + + /** + * Maximum PA-TNC message size for this TNCCS connection + */ + uint32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; +}; + +METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, + private_imc_swima_state_t *this) +{ + return this->connection_id; +} + +METHOD(imc_state_t, has_long, bool, + private_imc_swima_state_t *this) +{ + return this->has_long; +} + +METHOD(imc_state_t, has_excl, bool, + private_imc_swima_state_t *this) +{ + return this->has_excl; +} + +METHOD(imc_state_t, set_flags, void, + private_imc_swima_state_t *this, bool has_long, bool has_excl) +{ + this->has_long = has_long; + this->has_excl = has_excl; +} + +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_swima_state_t *this, uint32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, uint32_t, + private_imc_swima_state_t *this) +{ + return this->max_msg_len; +} + +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_swima_state_t *this) +{ + return this->contracts; +} + +METHOD(imc_state_t, change_state, void, + private_imc_swima_state_t *this, TNC_ConnectionState new_state) +{ + this->state = new_state; +} + +METHOD(imc_state_t, set_result, void, + private_imc_swima_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result result) +{ + this->result = result; +} + +METHOD(imc_state_t, get_result, bool, + private_imc_swima_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result *result) +{ + if (result) + { + *result = this->result; + } + return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + +METHOD(imc_state_t, destroy, void, + private_imc_swima_state_t *this) +{ + this->contracts->destroy(this->contracts); + free(this); +} + +/** + * Described in header. + */ +imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id) +{ + private_imc_swima_state_t *this; + + INIT(this, + .public = { + .interface = { + .get_connection_id = _get_connection_id, + .has_long = _has_long, + .has_excl = _has_excl, + .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, + .change_state = _change_state, + .set_result = _set_result, + .get_result = _get_result, + .destroy = _destroy, + }, + }, + .state = TNC_CONNECTION_STATE_CREATE, + .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .connection_id = connection_id, + .contracts = seg_contract_manager_create(), + ); + + return &this->public.interface; +} + + diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h new file mode 100644 index 000000000..4e4e3b1bf --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imc_swima imc_swima + * @ingroup libimcv_plugins + * + * @defgroup imc_swima_state_t imc_swima_state + * @{ @ingroup imc_swima + */ + +#ifndef IMC_SWIMA_STATE_H_ +#define IMC_SWIMA_STATE_H_ + +#include <imc/imc_state.h> +#include <library.h> + +typedef struct imc_swima_state_t imc_swima_state_t; + +/** + * Internal state of an imc_swima_t connection instance + */ +struct imc_swima_state_t { + + /** + * imc_state_t interface + */ + imc_state_t interface; + +}; + +/** + * Create an imc_swima_state_t instance + * + * @param id connection ID + */ +imc_state_t* imc_swima_state_create(TNC_ConnectionID id); + +#endif /** IMC_SWIMA_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag new file mode 100644 index 000000000..644c0989c --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="utf-8"?> +<SoftwareIdentity + name="strongSwan" + tagId="strongSwan-5-6-0" + version="5.6.0" versionScheme="alphanumeric" + xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> + <Entity + name="strongSwan Project" + regid="strongswan.org" + role="softwareCreator licensor tagCreator"/> +</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in new file mode 100644 index 000000000..0e5aa8d4d --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="utf-8"?> +<SoftwareIdentity + name="strongSwan" + tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@" + version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric" + xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> + <Entity + name="strongSwan Project" + regid="strongswan.org" + role="softwareCreator licensor tagCreator"/> +</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 93c074853..a002f0baf 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index 02bd5f510..3872b9a57 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -322,8 +322,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -424,6 +422,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,6 +452,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index 034418428..fb894f393 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -134,6 +134,11 @@ struct private_attest_db_t { char *version; /** + * Primary key of software package version to be queried + */ + int vid; + + /** * TRUE if version has been set */ bool version_set; @@ -975,7 +980,7 @@ METHOD(attest_db_t, list_files, void, { while (e->enumerate(e, &fid, &file)) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); count++; } e->destroy(e); @@ -996,10 +1001,10 @@ METHOD(attest_db_t, list_files, void, { if (did != last_did) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); last_did = did; } - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); count++; } e->destroy(e); @@ -1182,24 +1187,24 @@ METHOD(attest_db_t, list_hashes, void, private_attest_db_t *this) { enumerator_t *e; - chunk_t hash; - char *file, *dir, *product; + char *file, *dir, *product, *hash; int id, fid, fid_old = 0, did, did_old = 0, pid, pid_old = 0, count = 0; if (this->pid && this->fid && this->did) { - printf("%4d: %s\n", this->did, this->dir); - printf("%4d: %s\n", this->fid, this->file); + printf("%6d: %s\n", this->did, this->dir); + printf("%6d: %s\n", this->fid, this->file); e = this->db->query(this->db, - "SELECT id, hash FROM file_hashes " - "WHERE algo = ? AND file = ? AND product = ?", + "SELECT h.id, h.hash FROM file_hashes AS h " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND h.file = ? AND v.product = ?", DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->pid, - DB_INT, DB_BLOB); + DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash)) { - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1216,25 +1221,26 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "WHERE h.algo = ? AND h.product = ? AND f.name = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND f.name = ? " "ORDER BY d.path, f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, DB_TEXT, this->file, - DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &did, &dir)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, this->file); + printf("%6d: %s\n", fid, this->file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1246,25 +1252,26 @@ METHOD(attest_db_t, list_hashes, void, } else if (this->pid && this->did) { - printf("%4d: %s\n", this->did, this->dir); + printf("%6d: %s\n", this->did, this->dir); e = this->db->query(this->db, "SELECT h.id, h.hash, f.id, f.name " "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " - "WHERE h.algo = ? AND h.product = ? AND f.dir = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND f.dir = ? " "ORDER BY f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, DB_INT, this->did, - DB_INT, DB_BLOB, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file)) { if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1281,25 +1288,26 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "WHERE h.algo = ? AND h.product = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? " "ORDER BY d.path, f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, - DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1313,21 +1321,22 @@ METHOD(attest_db_t, list_hashes, void, { e = this->db->query(this->db, "SELECT h.id, h.hash, p.id, p.name FROM file_hashes AS h " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND h.file = ? " "ORDER BY p.name, h.hash", DB_INT, this->algo, DB_INT, this->fid, - DB_INT, DB_BLOB, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &pid, &product)) { if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1345,32 +1354,33 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND f.name = ? " "ORDER BY d.path, f.name, p.name, h.hash", DB_INT, this->algo, DB_TEXT, this->file, - DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &did, &dir, &pid, &product)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, this->file); + printf("%6d: %s\n", fid, this->file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1386,27 +1396,28 @@ METHOD(attest_db_t, list_hashes, void, "SELECT h.id, h.hash, f.id, f.name, p.id, p.name " "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND f.dir = ? " "ORDER BY f.name, p.name, h.hash", DB_INT, this->algo, DB_INT, this->did, - DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file, &pid, &product)) { if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1423,10 +1434,11 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "JOIN products AS p on h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p on v.product = p.id " "WHERE h.algo = ? " "ORDER BY d.path, f.name, p.name, h.hash", - DB_INT, this->algo, DB_INT, DB_BLOB, DB_INT, DB_TEXT, + DB_INT, this->algo, DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { @@ -1435,21 +1447,21 @@ METHOD(attest_db_t, list_hashes, void, { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1610,28 +1622,32 @@ static bool insert_file_hash(private_attest_db_t *this, int *hashes_added, int *hashes_updated) { enumerator_t *e; - chunk_t hash; + uint8_t hex_measurement_buf[2*HASH_SIZE_SHA512 + 1]; + uint8_t *hex_hash_buf; + chunk_t hex_hash, hex_measurement; char *label; bool insert = TRUE, update = FALSE; label = "could not be created"; e = this->db->query(this->db, - "SELECT hash FROM file_hashes WHERE algo = ? " - "AND file = ? AND product = ? AND device = 0", - DB_INT, algo, DB_UINT, fid, DB_UINT, this->pid, DB_BLOB); + "SELECT hash FROM file_hashes " + "WHERE algo = ? AND file = ? AND version = ?", + DB_INT, algo, DB_UINT, fid, DB_UINT, this->vid, DB_TEXT); if (!e) { printf("file_hashes query failed\n"); return FALSE; } + hex_measurement = chunk_to_hex(measurement, hex_measurement_buf, FALSE); - while (e->enumerate(e, &hash)) + while (e->enumerate(e, &hex_hash_buf)) { update = TRUE; + hex_hash = chunk_from_str(hex_hash_buf); - if (chunk_equals(measurement, hash)) + if (chunk_equals(hex_measurement, hex_hash)) { label = "exists and equals"; insert = FALSE; @@ -1644,10 +1660,10 @@ static bool insert_file_hash(private_attest_db_t *this, { if (this->db->execute(this->db, NULL, "INSERT INTO file_hashes " - "(file, product, device, algo, hash) " - "VALUES (?, ?, 0, ?, ?)", - DB_UINT, fid, DB_UINT, this->pid, - DB_INT, algo, DB_BLOB, measurement) != 1) + "(file, version, algo, hash) " + "VALUES (?, ?, ?, ?)", + DB_UINT, fid, DB_UINT, this->vid, + DB_INT, algo, DB_TEXT, hex_measurement) != 1) { printf("file_hash insertion failed\n"); return FALSE; @@ -1668,6 +1684,75 @@ static bool insert_file_hash(private_attest_db_t *this, } /** + * Add a package version + */ +static bool add_version(private_attest_db_t *this) +{ + int vid, security_old, security, blacklist_old, blacklist; + time_t t = time(NULL); + enumerator_t *e; + bool success; + + security = this->package_state == OS_PACKAGE_STATE_SECURITY; + blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST; + + e = this->db->query(this->db, + "SELECT id, security, blacklist FROM versions " + "WHERE package = ? AND product = ? AND release = ?", + DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT, this->version, + DB_INT, DB_INT, DB_INT, DB_INT); + if (e) + { + if (e->enumerate(e, &vid, &security_old, &blacklist_old)) + { + this->vid = vid; + } + e->destroy(e); + } + if (this->vid) + { + if (security != security_old || blacklist != blacklist_old) + { + /* update security and/or blacklist flag */ + success = this->db->execute(this->db, NULL, "UPDATE versions " + "SET security = ?, blacklist = ?, time = ? WHERE id = ?", + DB_INT, security, DB_INT, blacklist, DB_INT, t, + DB_INT, this->vid) == 1; + + printf("'%s' package %s (%s)%N %s updated in database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state, + success ? "" : "could not be "); + } + else + { + success = TRUE; + + printf("'%s' package %s (%s)%N exists in database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state); + } + return success; + } + + /* create a new version */ + success = this->db->execute(this->db, NULL, + "INSERT INTO versions " + "(package, product, release, security, blacklist, time) " + "VALUES (?, ?, ?, ?, ?, ?)", + DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT, + this->version, DB_INT, security, DB_INT, blacklist, + DB_INT, t) == 1; + + printf("'%s' package %s (%s)%N %sinserted into database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state, + success ? "" : "could not be "); + + return success; +} + +/** * Add hash measurement for a single file or all files in a directory */ static bool add_hash(private_attest_db_t *this) @@ -1771,7 +1856,14 @@ static bool add_hash(private_attest_db_t *this) METHOD(attest_db_t, add, bool, private_attest_db_t *this) { - bool success = FALSE; + /* insert package version */ + if (this->version_set && this->gid && this->pid) + { + if (!add_version(this)) + { + return FALSE; + } + } /* add directory or file hash measurement for a given product */ if (this->did && this->pid) @@ -1779,29 +1871,7 @@ METHOD(attest_db_t, add, bool, return add_hash(this); } - /* insert package version */ - if (this->version_set && this->gid && this->pid) - { - time_t t = time(NULL); - int security, blacklist; - - security = this->package_state == OS_PACKAGE_STATE_SECURITY; - blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST; - - success = this->db->execute(this->db, NULL, - "INSERT INTO versions " - "(package, product, release, security, blacklist, time) " - "VALUES (?, ?, ?, ?, ?, ?)", - DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT, - this->version, DB_INT, security, DB_INT, blacklist, - DB_INT, t) == 1; - - printf("'%s' package %s (%s)%N %sinserted into database\n", - this->product, this->package, this->version, - os_package_state_names, this->package_state, - success ? "" : "could not be "); - } - return success; + return FALSE; } METHOD(attest_db_t, delete, bool, @@ -1816,8 +1886,9 @@ METHOD(attest_db_t, delete, bool, if (this->algo && this->pid && this->fid) { success = this->db->execute(this->db, NULL, - "DELETE FROM file_hashes " - "WHERE algo = ? AND product = ? AND file = ?", + "DELETE FROM file_hashes AS h " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND h.file = ?", DB_UINT, this->algo, DB_UINT, this->pid, DB_UINT, this->fid) > 0; diff --git a/src/libimcv/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c index 8f4afdbad..2966529e1 100644 --- a/src/libimcv/plugins/imv_attestation/attest_usage.c +++ b/src/libimcv/plugins/imv_attestation/attest_usage.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -77,8 +77,9 @@ Usage:\n\ ipsec attest --add [--owner <name>] --key <digest>|--aik <path>\n\ Add an AIK public key digest entry preceded by an optional owner name\n\ \n\ - ipsec attest --add --product <name>|--pid <id> --sha1|--sha1-ima|--sha256|--sha384\n\ - [--relative|--rel] --dir <path>|--file <path>\n\ + ipsec attest --add --product <name>|--pid <id> --sha1|--sha256|--sha384\n\ + [--relative|--rel] [--package <name> --version <string>]\n\ + --dir <path>|--file <path>\n\ Add hashes of a single file or all files in a directory under absolute or relative filenames\n\ \n\ ipsec attest --add --key <digest|--kid <id> --component <cfn>|--cid <id> --sequence <no>|--seq <no>\n\ diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index b19cb4a41..fda666b06 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index f2804f3fc..a8d80b3f8 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 6cc107edb..b851f84e7 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am index 73da84b55..e573ea0d8 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ b/src/libimcv/plugins/imv_swid/Makefile.am @@ -16,7 +16,6 @@ imv_swid_la_LIBADD = \ imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c \ - imv_swid_rest.h imv_swid_rest.c + imv_swid_agent.h imv_swid_agent.c imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index 3560752ed..c745b4597 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -141,7 +141,7 @@ imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \ - imv_swid_agent.lo imv_swid_rest.lo + imv_swid_agent.lo imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -461,8 +465,7 @@ imv_swid_la_LIBADD = \ imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c \ - imv_swid_rest.h imv_swid_rest.c + imv_swid_agent.h imv_swid_agent.c imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined all: all-am @@ -545,7 +548,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_rest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@ .c.o: diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c index c057e7ed1..2884a169c 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2016 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,12 +18,12 @@ #include "imv_swid_agent.h" #include "imv_swid_state.h" -#include "imv_swid_rest.h" #include <imcv.h> #include <imv/imv_agent.h> #include <imv/imv_msg.h> #include <ietf/ietf_attr_pa_tnc_error.h> +#include "rest/rest.h" #include "tcg/seg/tcg_seg_attr_max_size.h" #include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/swid/tcg_swid_attr_req.h" @@ -72,7 +72,7 @@ struct private_imv_swid_agent_t { /** * REST API to strongTNC manager */ - imv_swid_rest_t *rest_api; + rest_t *rest_api; }; @@ -590,7 +590,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, DBG1(DBG_IMV, " %s", target); /* Separate target into tag_creator and unique_sw_id */ - separator = strchr(target, '_'); + separator = strstr(target, "__"); if (!separator) { error_str = "separation of regid from " @@ -598,9 +598,9 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, break; } tag_creator = chunk_create(target, separator - target); - separator++; + separator += 2; unique_sw_id = chunk_create(separator, strlen(target) - - tag_creator.len - 1); + tag_creator.len - 2); tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty); cast_attr = (tcg_swid_attr_req_t*)attr; @@ -719,7 +719,7 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns); if (rest_api_uri) { - this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout); + this->rest_api = rest_create(rest_api_uri, rest_api_timeout); } return &this->public; diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c deleted file mode 100644 index 0fe96edef..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_rest.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include <stdio.h> - -#include "imv_swid_rest.h" - -typedef struct private_imv_swid_rest_t private_imv_swid_rest_t; - -/** - * Private data of an imv_swid_rest_t object. - */ -struct private_imv_swid_rest_t { - - /** - * Public members of imv_swid_rest_t - */ - imv_swid_rest_t public; - - /** - * URI of REST API - */ - char *uri; - - /** - * Timeout of REST API connection - */ - u_int timeout; - -}; - -#define HTTP_STATUS_CODE_PRECONDITION_FAILED 412 - -METHOD(imv_swid_rest_t, post, status_t, - private_imv_swid_rest_t *this, char *command, json_object *jrequest, - json_object **jresponse) -{ - struct json_tokener *tokener; - chunk_t data, response = chunk_empty; - status_t status; - char *uri; - int code; - - if (asprintf(&uri, "%s%s",this->uri, command) < 0) - { - return FAILED; - } - data = chunk_from_str((char*)json_object_to_json_string(jrequest)); - - status = lib->fetcher->fetch(lib->fetcher, uri, &response, - FETCH_TIMEOUT, this->timeout, - FETCH_REQUEST_DATA, data, - FETCH_REQUEST_TYPE, "application/json; charset=utf-8", - FETCH_REQUEST_HEADER, "Accept: application/json", - FETCH_REQUEST_HEADER, "Expect:", - FETCH_RESPONSE_CODE, &code, - FETCH_END); - free(uri); - - if (status != SUCCESS) - { - if (code != HTTP_STATUS_CODE_PRECONDITION_FAILED || !response.ptr) - { - DBG2(DBG_IMV, "REST http request failed with status code: %d", code); - status = FAILED; - } - else - { - if (jresponse) - { - /* Parse HTTP response into a JSON object */ - tokener = json_tokener_new(); - *jresponse = json_tokener_parse_ex(tokener, response.ptr, - response.len); - json_tokener_free(tokener); - } - status = NEED_MORE; - } - } - free(response.ptr); - - return status; -} - -METHOD(imv_swid_rest_t, destroy, void, - private_imv_swid_rest_t *this) -{ - free(this->uri); - free(this); -} - -/** - * Described in header. - */ -imv_swid_rest_t *imv_swid_rest_create(char *uri, u_int timeout) -{ - private_imv_swid_rest_t *this; - - INIT(this, - .public = { - .post = _post, - .destroy = _destroy, - }, - .uri = strdup(uri), - .timeout = timeout, - ); - - return &this->public; -} - - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c index fb9493a83..50e9f489a 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2016 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -288,8 +288,8 @@ METHOD(imv_swid_state_t, get_request_id, uint32_t, METHOD(imv_swid_state_t, set_swid_inventory, void, private_imv_swid_state_t *this, swid_inventory_t *inventory) { - chunk_t tag_creator, unique_sw_id; - char software_id[256]; + chunk_t tag_creator, sw_id; + char software_id[BUF_LEN]; json_object *jstring; swid_tag_id_t *tag_id; enumerator_t *enumerator; @@ -299,10 +299,10 @@ METHOD(imv_swid_state_t, set_swid_inventory, void, { /* Construct software ID from tag creator and unique software ID */ tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, 256, "%.*s_%.*s", - tag_creator.len, tag_creator.ptr, - unique_sw_id.len, unique_sw_id.ptr); + sw_id = tag_id->get_unique_sw_id(tag_id, NULL); + snprintf(software_id, BUF_LEN, "%.*s__%.*s", + (int)tag_creator.len, tag_creator.ptr, + (int)sw_id.len, sw_id.ptr); DBG3(DBG_IMV, " %s", software_id); /* Add software ID to JSON array */ diff --git a/src/libimcv/plugins/imv_swima/Makefile.am b/src/libimcv/plugins/imv_swima/Makefile.am new file mode 100644 index 000000000..b1726f061 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/Makefile.am @@ -0,0 +1,21 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imv-swima.la + +imv_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(json_LIBS) + +imv_swima_la_SOURCES = \ + imv_swima.c imv_swima_state.h imv_swima_state.c \ + imv_swima_agent.h imv_swima_agent.c + +imv_swima_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in new file mode 100644 index 000000000..56eafa5ad --- /dev/null +++ b/src/libimcv/plugins/imv_swima/Makefile.in @@ -0,0 +1,795 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libimcv/plugins/imv_swima +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(imcvdir)" +LTLIBRARIES = $(imcv_LTLIBRARIES) +am__DEPENDENCIES_1 = +imv_swima_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) +am_imv_swima_la_OBJECTS = imv_swima.lo imv_swima_state.lo \ + imv_swima_agent.lo +imv_swima_la_OBJECTS = $(am_imv_swima_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +imv_swima_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(imv_swima_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(imv_swima_la_SOURCES) +DIST_SOURCES = $(imv_swima_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imv-swima.la +imv_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(json_LIBS) + +imv_swima_la_SOURCES = \ + imv_swima.c imv_swima_state.h imv_swima_state.c \ + imv_swima_agent.h imv_swima_agent.c + +imv_swima_la_LDFLAGS = -module -avoid-version -no-undefined +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swima/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swima/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ + } + +uninstall-imcvLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ + done + +clean-imcvLTLIBRARIES: + -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) + @list='$(imcv_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +imv-swima.la: $(imv_swima_la_OBJECTS) $(imv_swima_la_DEPENDENCIES) $(EXTRA_imv_swima_la_DEPENDENCIES) + $(AM_V_CCLD)$(imv_swima_la_LINK) -rpath $(imcvdir) $(imv_swima_la_OBJECTS) $(imv_swima_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima_agent.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima_state.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(imcvdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-imcvLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-imcvLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am \ + install-imcvLTLIBRARIES install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-imcvLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libimcv/plugins/imv_swima/imv_swima.c b/src/libimcv/plugins/imv_swima/imv_swima.c new file mode 100644 index 000000000..0d78ea034 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima.c @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_swima_agent.h" + +static const char imv_name[] = "SWIMA"; +static const imv_agent_create_t imv_agent_create = imv_swima_agent_create; + +/* include generic TGC TNC IF-IMV API code below */ + +#include <imv/imv_if.h> + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c new file mode 100644 index 000000000..efa2b1105 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c @@ -0,0 +1,804 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "imv_swima_agent.h" +#include "imv_swima_state.h" + +#include <imcv.h> +#include <imv/imv_agent.h> +#include <imv/imv_msg.h> +#include "rest/rest.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" +#include "swima/swima_error.h" +#include "swima/swima_inventory.h" +#include "swima/swima_events.h" +#include "swima/swima_data_model.h" + +#include <tncif_names.h> +#include <tncif_pa_subtypes.h> + +#include <pen/pen.h> +#include <utils/debug.h> +#include <bio/bio_reader.h> + +typedef struct private_imv_swima_agent_t private_imv_swima_agent_t; + +/* Subscribed PA-TNC message subtypes */ +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_SW } +}; + +/** + * Flag set when corresponding attribute has been received + */ +enum imv_swima_attr_t { + IMV_SWIMA_ATTR_SW_INV = (1<<0), + IMV_SWIMA_ATTR_SW_ID_INV = (1<<1), + IMV_SWIMA_ATTR_SW_EV = (1<<2), + IMV_SWIMA_ATTR_SW_ID_EV = (1<<2) +}; + +/** + * Private data of an imv_swima_agent_t object. + */ +struct private_imv_swima_agent_t { + + /** + * Public members of imv_swima_agent_t + */ + imv_agent_if_t public; + + /** + * IMV agent responsible for generic functions + */ + imv_agent_t *agent; + + /** + * REST API to strongTNC manager + */ + rest_t *rest_api; + +}; + +METHOD(imv_agent_if_t, bind_functions, TNC_Result, + private_imv_swima_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + return this->agent->bind_functions(this->agent, bind_function); +} + +METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_ConnectionState new_state) +{ + imv_state_t *state; + + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imv_swima_state_create(id); + return this->agent->create_state(this->agent, state); + case TNC_CONNECTION_STATE_DELETE: + return this->agent->delete_state(this->agent, id); + default: + return this->agent->change_state(this->agent, id, new_state, NULL); + } +} + +/** + * Process a received message + */ +static TNC_Result receive_msg(private_imv_swima_agent_t *this, + imv_state_t *state, imv_msg_t *in_msg) +{ + imv_swima_state_t *swima_state; + imv_msg_t *out_msg; + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + TNC_Result result; + bool fatal_error = FALSE; + + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, out_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + out_msg->destroy(out_msg); + return result; + } + + swima_state = (imv_swima_state_t*)state; + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + uint32_t request_id = 0, last_eid, eid_epoch; + swima_inventory_t *inventory; + swima_events_t *events; + pen_type_t type; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_IETF) + { + continue; + } + + switch (type.type) + { + case IETF_ATTR_PA_TNC_ERROR: + { + ietf_attr_pa_tnc_error_t *error_attr; + pen_type_t error_code; + chunk_t msg_info, description; + bio_reader_t *reader; + uint32_t max_attr_size; + bool success; + + error_attr = (ietf_attr_pa_tnc_error_t*)attr; + error_code = error_attr->get_error_code(error_attr); + + if (error_code.vendor_id != PEN_IETF || + error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) + { + continue; + } + msg_info = error_attr->get_msg_info(error_attr); + reader = bio_reader_create(msg_info); + success = reader->read_uint32(reader, &request_id); + + DBG1(DBG_IMV, "received PA-TNC error '%N' for request %d", + pa_tnc_error_code_names, error_code.type, request_id); + if (!success) + { + reader->destroy(reader); + continue; + } + if (error_code.type == PA_ERROR_SW_RESPONSE_TOO_LARGE) + { + if (!reader->read_uint32(reader, &max_attr_size)) + { + reader->destroy(reader); + continue; + } + DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes", + max_attr_size); + } + description = reader->peek(reader); + if (description.len) + { + DBG1(DBG_IMV, " description: %.*s", description.len, + description.ptr); + } + reader->destroy(reader); + break; + } + case IETF_ATTR_SW_ID_INVENTORY: + { + ietf_swima_attr_sw_inv_t *attr_cast; + uint32_t missing; + int sw_id_count; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_ID_INV); + + attr_cast = (ietf_swima_attr_sw_inv_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + inventory = attr_cast->get_inventory(attr_cast); + last_eid = inventory->get_eid(inventory, &eid_epoch); + sw_id_count = inventory->get_count(inventory); + missing = attr_cast->get_record_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software ID inventory with " + "%d item%s for request %d at last eid %d of epoch 0x%08x, " + "%d item%s to follow", sw_id_count, + (sw_id_count == 1) ? "" : "s", request_id, last_eid, + eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_inventory(swima_state, inventory); + swima_state->set_count(swima_state, sw_id_count, 0, + in_msg->get_src_id(in_msg)); + } + else + { + DBG1(DBG_IMV, "no workitem found for software ID " + "inventory with request ID %d", request_id); + } + attr_cast->clear_inventory(attr_cast); + break; + } + case IETF_ATTR_SW_INVENTORY: + { + ietf_swima_attr_sw_inv_t *attr_cast; + swima_record_t *sw_record; + json_object *jobj, *jarray, *jstring; + pen_type_t data_model; + chunk_t tag; + char *tag_str; + uint32_t missing; + int sw_count; + enumerator_t *e; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_INV); + + attr_cast = (ietf_swima_attr_sw_inv_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + inventory = attr_cast->get_inventory(attr_cast); + last_eid = inventory->get_eid(inventory, &eid_epoch); + sw_count = inventory->get_count(inventory); + missing = attr_cast->get_record_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software inventory with %d item%s for " + "request %d at last eid %d of epoch 0x%08x, %d item%s to " + "follow", sw_count, (sw_count == 1) ? "" : "s", request_id, + last_eid, eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_count(swima_state, 0, sw_count, + in_msg->get_src_id(in_msg)); + + if (this->rest_api) + { + jobj = json_object_new_object(); + jarray = json_object_new_array(); + json_object_object_add(jobj, "data", jarray); + + e = inventory->create_enumerator(inventory); + while (e->enumerate(e, &sw_record)) + { + tag = sw_record->get_record(sw_record); + DBG3(DBG_IMV, "%.*s", tag.len, tag.ptr); + + data_model = sw_record->get_data_model(sw_record); + if (!pen_type_equals(data_model, + swima_data_model_iso_2015_swid_xml)) + { + DBG1(DBG_IMV, "only ISO/IEC 19770-2-2015 XML " + "data model supported"); + continue; + } + + tag_str = strndup(tag.ptr, tag.len); + jstring = json_object_new_string(tag_str); + json_object_array_add(jarray, jstring); + free(tag_str); + } + e->destroy(e); + + if (this->rest_api->post(this->rest_api, + "swid/add-tags/", jobj, NULL) != SUCCESS) + { + DBG1(DBG_IMV, "error in REST API add-tags request"); + } + json_object_put(jobj); + } + } + else + { + DBG1(DBG_IMV, "no workitem found for SWID tag inventory " + "with request ID %d", request_id); + } + attr_cast->clear_inventory(attr_cast); + break; + } + case IETF_ATTR_SW_ID_EVENTS: + { + ietf_swima_attr_sw_ev_t *attr_cast; + uint32_t missing; + int sw_ev_count; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_ID_EV); + + attr_cast = (ietf_swima_attr_sw_ev_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + events = attr_cast->get_events(attr_cast); + last_eid = events->get_eid(events, &eid_epoch, NULL); + sw_ev_count = events->get_count(events); + missing = attr_cast->get_event_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software ID events with " + "%d item%s for request %d at last eid %d of epoch 0x%08x, " + "%d item%s to follow", sw_ev_count, + (sw_ev_count == 1) ? "" : "s", request_id, last_eid, + eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_events(swima_state, events); + swima_state->set_count(swima_state, sw_ev_count, 0, + in_msg->get_src_id(in_msg)); + } + else + { + DBG1(DBG_IMV, "no workitem found for software ID events " + "with request ID %d", request_id); + } + attr_cast->clear_events(attr_cast); + break; + + } + default: + break; + } + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + result = out_msg->send_assessment(out_msg); + if (result == TNC_RESULT_SUCCESS) + { + result = this->agent->provide_recommendation(this->agent, state); + } + } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_MessageType msg_type, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message_long, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(this->agent, state, id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; + +} + +METHOD(imv_agent_if_t, batch_ending, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id) +{ + imv_msg_t *out_msg; + imv_state_t *state; + imv_session_t *session; + imv_workitem_t *workitem; + imv_swima_state_t *swima_state; + imv_swima_handshake_state_t handshake_state; + pa_tnc_attr_t *attr; + TNC_IMVID imv_id; + TNC_Result result = TNC_RESULT_SUCCESS; + bool no_workitems = TRUE; + uint32_t request_id, received; + uint8_t flags; + enumerator_t *enumerator; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + swima_state = (imv_swima_state_t*)state; + handshake_state = swima_state->get_handshake_state(swima_state); + session = state->get_session(state); + imv_id = this->agent->get_id(this->agent); + + if (handshake_state == IMV_SWIMA_STATE_END) + { + return TNC_RESULT_SUCCESS; + } + + /* Create an empty out message - we might need it */ + out_msg = imv_msg_create(this->agent, state, id, imv_id, + swima_state->get_imc_id(swima_state), + msg_types[0]); + + if (!imcv_db) + { + DBG2(DBG_IMV, "no workitems available - no evaluation possible"); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* Look for SWID tag workitem and create SWID tag request */ + if (handshake_state == IMV_SWIMA_STATE_INIT && + session->get_policy_started(session)) + { + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + ietf_swima_attr_req_t *cast_attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + swima_inventory_t *targets; + uint32_t earliest_eid = 0; + char buf[BUF_LEN]; + + enumerator = session->create_workitem_enumerator(session); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY || + workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS) + { + continue; + } + + flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE; + if (strchr(workitem->get_arg_str(workitem), 'R')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_R; + } + if (strchr(workitem->get_arg_str(workitem), 'S')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_S; + } + if (strchr(workitem->get_arg_str(workitem), 'C')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_C; + } + earliest_eid = workitem->get_arg_int(workitem); + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + + /* Issue a SWID request */ + request_id = workitem->get_id(workitem); + swima_state->set_request_id(swima_state, request_id); + attr = ietf_swima_attr_req_create(flags, request_id); + + /* Request software identifier events */ + targets = swima_inventory_create(); + targets->set_eid(targets, earliest_eid, 0); + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + + out_msg->add_attribute(out_msg, attr); + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d", + imv_id, request_id, earliest_eid); + break; + } + enumerator->destroy(enumerator); + + if (no_workitems) + { + DBG2(DBG_IMV, "IMV %d has no workitems - " + "no evaluation requested", imv_id); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + } + handshake_state = IMV_SWIMA_STATE_WORKITEMS; + swima_state->set_handshake_state(swima_state, handshake_state); + } + } + + received = state->get_action_flags(state); + + if (handshake_state == IMV_SWIMA_STATE_WORKITEMS && + (received & (IMV_SWIMA_ATTR_SW_INV|IMV_SWIMA_ATTR_SW_ID_INV| + IMV_SWIMA_ATTR_SW_EV |IMV_SWIMA_ATTR_SW_ID_EV)) && + swima_state->get_missing(swima_state) == 0) + { + TNC_IMV_Evaluation_Result eval; + TNC_IMV_Action_Recommendation rec; + char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command; + char *target_str, *error_str = ""; + int sw_id_count, tag_count, i, res; + json_object *jrequest, *jresponse, *jvalue; + ietf_swima_attr_req_t *cast_attr; + swima_inventory_t *targets; + swima_record_t *target; + status_t status = SUCCESS; + + if (received & IMV_SWIMA_ATTR_SW_ID_INV) + { + cmd = "swid-measurement"; + format = "received inventory of %d SW ID%s and %d SWID tag%s"; + } + else if (received & IMV_SWIMA_ATTR_SW_ID_EV) + { + cmd = "swid-events"; + format = "received %d SW ID event%s and %d SWID tag%s"; + } + + if (cmd && this->rest_api) + { + res = asprintf(&command, "sessions/%d/%s/", + session->get_session_id(session, NULL, NULL), cmd); + if (res < 0) + { + error_str = "allocation of command string failed"; + status = FAILED; + } + else + { + jrequest = swima_state->get_jrequest(swima_state); + status = this->rest_api->post(this->rest_api, command, + jrequest, &jresponse); + if (status == FAILED) + { + error_str = "error in REST API request"; + } + free(command); + } + } + + switch (status) + { + case SUCCESS: + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) + { + swima_state->get_count(swima_state, &sw_id_count, + &tag_count); + if (format) + { + snprintf(result_str, BUF_LEN, format, + sw_id_count, (sw_id_count == 1) ? "" : "s", + tag_count, (tag_count == 1) ? "" : "s"); + } + else + { + snprintf(result_str, BUF_LEN, "received %d SWID tag" + "%s", tag_count, (tag_count == 1) ? "" : "s"); + + } + session->remove_workitem(session, enumerator); + + eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + break; + } + } + enumerator->destroy(enumerator); + break; + case NEED_MORE: + if (received & IMV_SWIMA_ATTR_SW_INV) + { + error_str = "not all requested SWID tags were received"; + status = FAILED; + json_object_put(jresponse); + break; + } + if (json_object_get_type(jresponse) != json_type_array) + { + error_str = "response was not a json_array"; + status = FAILED; + json_object_put(jresponse); + break; + } + + /* Create an IETF SW Request attribute */ + attr = ietf_swima_attr_req_create(IETF_SWIMA_ATTR_REQ_FLAG_NONE, + swima_state->get_request_id(swima_state)); + sw_id_count = json_object_array_length(jresponse); + DBG1(DBG_IMV, "%d SWID tag target%s", sw_id_count, + (sw_id_count == 1) ? "" : "s"); + swima_state->set_missing(swima_state, sw_id_count); + targets = swima_inventory_create(); + + for (i = 0; i < sw_id_count; i++) + { + jvalue = json_object_array_get_idx(jresponse, i); + if (json_object_get_type(jvalue) != json_type_string) + { + error_str = "json_string element expected in json_array"; + status = FAILED; + json_object_put(jresponse); + break; + } + target_str = (char*)json_object_get_string(jvalue); + DBG1(DBG_IMV, " %s", target_str); + target = swima_record_create(0, chunk_from_str(target_str), + chunk_empty); + targets->add(targets, target); + } + json_object_put(jresponse); + + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + out_msg->add_attribute(out_msg, attr); + break; + case FAILED: + default: + break; + } + + if (status == FAILED) + { + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) + { + session->remove_workitem(session, enumerator); + eval = TNC_IMV_EVALUATION_RESULT_ERROR; + rec = workitem->set_result(workitem, error_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + break; + } + } + enumerator->destroy(enumerator); + } + } + + /* finalized all workitems ? */ + if (handshake_state == IMV_SWIMA_STATE_WORKITEMS && + session->get_workitem_count(session, imv_id) == 0) + { + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* send non-empty PA-TNC message with excl flag not set */ + if (out_msg->get_attribute_count(out_msg)) + { + result = out_msg->send(out_msg, FALSE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id) +{ + imv_state_t *state; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + return this->agent->provide_recommendation(this->agent, state); +} + +METHOD(imv_agent_if_t, destroy, void, + private_imv_swima_agent_t *this) +{ + DESTROY_IF(this->rest_api); + this->agent->destroy(this->agent); + free(this); +} + +/** + * Described in header. + */ +imv_agent_if_t *imv_swima_agent_create(const char *name, TNC_IMVID id, + TNC_Version *actual_version) +{ + private_imv_swima_agent_t *this; + imv_agent_t *agent; + char *uri; + u_int timeout; + + agent = imv_agent_create(name, msg_types, countof(msg_types), id, + actual_version); + if (!agent) + { + return NULL; + } + agent->add_non_fatal_attr_type(agent, + pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .notify_connection_change = _notify_connection_change, + .receive_message = _receive_message, + .receive_message_long = _receive_message_long, + .batch_ending = _batch_ending, + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, + .agent = agent, + ); + + uri = lib->settings->get_str(lib->settings, + "%s.plugins.imv-swima.rest_api.uri", NULL, lib->ns); + timeout = lib->settings->get_int(lib->settings, + "%s.plugins.imv-swima.rest_api.timeout", 120, lib->ns); + if (uri) + { + this->rest_api = rest_create(uri, timeout); + } + + return &this->public; +} + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.h b/src/libimcv/plugins/imv_swima/imv_swima_agent.h new file mode 100644 index 000000000..d07c774dc --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_swima_agent_t imv_swima_agent + * @{ @ingroup imv_swima + */ + +#ifndef IMV_SWIMA_AGENT_H_ +#define IMV_SWIMA_AGENT_H_ + +#include <imv/imv_agent_if.h> + +/** + * Creates an SWID IMV agent + * + * @param name Name of the IMV + * @param id ID of the IMV + * @param actual_version TNC IF-IMV version + */ +imv_agent_if_t* imv_swima_agent_create(const char* name, TNC_IMVID id, + TNC_Version *actual_version); + +#endif /** IMV_SWIMA_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c new file mode 100644 index 000000000..03500bc2d --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c @@ -0,0 +1,483 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_swima_state.h" + +#include <imv/imv_lang_string.h> +#include <imv/imv_reason_string.h> +#include <imv/imv_remediation_string.h> + +#include <tncif_policy.h> + +#include <utils/debug.h> + +typedef struct private_imv_swima_state_t private_imv_swima_state_t; + +/** + * Private data of an imv_swima_state_t object. + */ +struct private_imv_swima_state_t { + + /** + * Public members of imv_swima_state_t + */ + imv_swima_state_t public; + + /** + * TNCCS connection ID + */ + TNC_ConnectionID connection_id; + + /** + * TNCCS connection state + */ + TNC_ConnectionState state; + + /** + * Does the TNCCS connection support long message types? + */ + bool has_long; + + /** + * Does the TNCCS connection support exclusive delivery? + */ + bool has_excl; + + /** + * Maximum PA-TNC message size for this TNCCS connection + */ + uint32_t max_msg_len; + + /** + * Flags set for completed actions + */ + uint32_t action_flags; + + /** + * IMV database session associated with TNCCS connection + */ + imv_session_t *session; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** + * IMV action recommendation + */ + TNC_IMV_Action_Recommendation rec; + + /** + * IMV evaluation result + */ + TNC_IMV_Evaluation_Result eval; + + /** + * IMV Scanner handshake state + */ + imv_swima_handshake_state_t handshake_state; + + /** + * TNC Reason String + */ + imv_reason_string_t *reason_string; + + /** + * IETF Remediation Instructions String + */ + imv_remediation_string_t *remediation_string; + + /** + * SWID Tag Request ID + */ + uint32_t request_id; + + /** + * Number of processed Software Identifiers + */ + int sw_id_count; + + /** + * Number of processed SWID Tags + */ + int tag_count; + + /** + * Number of missing Software Identifiers or SWID Tags + */ + uint32_t missing; + + /** + * SWID IMC ID + */ + TNC_UInt32 imc_id; + + /** + * Top level JSON object + */ + json_object *jobj; + + /** + * JSON array containing either a SW [ID] inventory or SW ID events + */ + json_object *jarray; + +}; + +METHOD(imv_state_t, get_connection_id, TNC_ConnectionID, + private_imv_swima_state_t *this) +{ + return this->connection_id; +} + +METHOD(imv_state_t, has_long, bool, + private_imv_swima_state_t *this) +{ + return this->has_long; +} + +METHOD(imv_state_t, has_excl, bool, + private_imv_swima_state_t *this) +{ + return this->has_excl; +} + +METHOD(imv_state_t, set_flags, void, + private_imv_swima_state_t *this, bool has_long, bool has_excl) +{ + this->has_long = has_long; + this->has_excl = has_excl; +} + +METHOD(imv_state_t, set_max_msg_len, void, + private_imv_swima_state_t *this, uint32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imv_state_t, get_max_msg_len, uint32_t, + private_imv_swima_state_t *this) +{ + return this->max_msg_len; +} + +METHOD(imv_state_t, set_action_flags, void, + private_imv_swima_state_t *this, uint32_t flags) +{ + this->action_flags |= flags; +} + +METHOD(imv_state_t, get_action_flags, uint32_t, + private_imv_swima_state_t *this) +{ + return this->action_flags; +} + +METHOD(imv_state_t, set_session, void, + private_imv_swima_state_t *this, imv_session_t *session) +{ + this->session = session; +} + +METHOD(imv_state_t, get_session, imv_session_t*, + private_imv_swima_state_t *this) +{ + return this->session; +} + +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_swima_state_t *this) +{ + return this->contracts; +} + +METHOD(imv_state_t, change_state, void, + private_imv_swima_state_t *this, TNC_ConnectionState new_state) +{ + this->state = new_state; +} + +METHOD(imv_state_t, get_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation *rec, + TNC_IMV_Evaluation_Result *eval) +{ + *rec = this->rec; + *eval = this->eval; +} + +METHOD(imv_state_t, set_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = rec; + this->eval = eval; +} + +METHOD(imv_state_t, update_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = tncif_policy_update_recommendation(this->rec, rec); + this->eval = tncif_policy_update_evaluation(this->eval, eval); +} + +METHOD(imv_state_t, get_reason_string, bool, + private_imv_swima_state_t *this, enumerator_t *language_enumerator, + chunk_t *reason_string, char **reason_language) +{ + return FALSE; +} + +METHOD(imv_state_t, get_remediation_instructions, bool, + private_imv_swima_state_t *this, enumerator_t *language_enumerator, + chunk_t *string, char **lang_code, char **uri) +{ + return FALSE; +} + +METHOD(imv_state_t, destroy, void, + private_imv_swima_state_t *this) +{ + json_object_put(this->jobj); + DESTROY_IF(this->session); + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); + free(this); +} + +METHOD(imv_swima_state_t, set_handshake_state, void, + private_imv_swima_state_t *this, imv_swima_handshake_state_t new_state) +{ + this->handshake_state = new_state; +} + +METHOD(imv_swima_state_t, get_handshake_state, imv_swima_handshake_state_t, + private_imv_swima_state_t *this) +{ + return this->handshake_state; +} + +METHOD(imv_swima_state_t, set_request_id, void, + private_imv_swima_state_t *this, uint32_t request_id) +{ + this->request_id = request_id; +} + +METHOD(imv_swima_state_t, get_request_id, uint32_t, + private_imv_swima_state_t *this) +{ + return this->request_id; +} + +METHOD(imv_swima_state_t, set_inventory, void, + private_imv_swima_state_t *this, swima_inventory_t *inventory) +{ + chunk_t sw_id, sw_locator; + uint32_t record_id; + char *sw_id_str; + json_object *jstring; + swima_record_t *sw_record; + enumerator_t *enumerator; + + if (this->sw_id_count == 0) + { + this->jarray = json_object_new_array(); + json_object_object_add(this->jobj, "data", this->jarray); + } + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + record_id = sw_record->get_record_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + sw_id_str = strndup(sw_id.ptr, sw_id.len); + if (sw_locator.len) + { + DBG3(DBG_IMV, "%6u: %s @ %.*s", record_id, sw_id_str, + sw_locator.len, sw_locator.ptr); + } + else + { + DBG3(DBG_IMV, "%6u: %s", record_id, sw_id_str); + } + + /* Add software identity to JSON array */ + jstring = json_object_new_string(sw_id_str); + json_object_array_add(this->jarray, jstring); + free(sw_id_str); + } + enumerator->destroy(enumerator); +} + +METHOD(imv_swima_state_t, set_events, void, + private_imv_swima_state_t *this, swima_events_t *events) +{ + chunk_t sw_id, timestamp; + uint32_t record_id, eid, last_eid, epoch, source_id, action; + char *sw_id_str, *timestamp_str; + json_object *jevent, *jvalue, *jstring; + swima_event_t *sw_event; + swima_record_t *sw_record; + enumerator_t *enumerator; + + if (this->sw_id_count == 0) + { + last_eid = events->get_eid(events, &epoch, NULL); + jvalue = json_object_new_int(epoch); + json_object_object_add(this->jobj, "epoch", jvalue); + jvalue = json_object_new_int(last_eid); + json_object_object_add(this->jobj, "lastEid", jvalue); + this->jarray = json_object_new_array(); + json_object_object_add(this->jobj, "events", this->jarray); + } + + enumerator = events->create_enumerator(events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + eid = sw_event->get_eid(sw_event, ×tamp); + timestamp_str = strndup(timestamp.ptr, timestamp.len); + action = sw_event->get_action(sw_event); + sw_record = sw_event->get_sw_record(sw_event); + record_id = sw_record->get_record_id(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, NULL); + sw_id_str = strndup(sw_id.ptr, sw_id.len); + DBG3(DBG_IMV, "%3u %.*s %u %5u: %s", eid, timestamp.len, timestamp.ptr, + action, record_id, sw_id_str); + + /* Add software event to JSON array */ + jevent = json_object_new_object(); + jvalue = json_object_new_int(eid); + json_object_object_add(jevent, "eid", jvalue); + jstring = json_object_new_string(timestamp_str); + json_object_object_add(jevent, "timestamp", jstring); + jvalue = json_object_new_int(record_id); + json_object_object_add(jevent, "recordId", jvalue); + jvalue = json_object_new_int(source_id); + json_object_object_add(jevent, "sourceId", jvalue); + jvalue = json_object_new_int(action); + json_object_object_add(jevent, "action", jvalue); + jstring = json_object_new_string(sw_id_str); + json_object_object_add(jevent, "softwareId", jstring); + json_object_array_add(this->jarray, jevent); + free(timestamp_str); + free(sw_id_str); + } + enumerator->destroy(enumerator); +} + +METHOD(imv_swima_state_t, get_jrequest, json_object*, + private_imv_swima_state_t *this) +{ + return this->jobj; +} + +METHOD(imv_swima_state_t, set_missing, void, + private_imv_swima_state_t *this, uint32_t count) +{ + this->missing = count; +} + +METHOD(imv_swima_state_t, get_missing, uint32_t, + private_imv_swima_state_t *this) +{ + return this->missing; +} + +METHOD(imv_swima_state_t, set_count, void, + private_imv_swima_state_t *this, int sw_id_count, int tag_count, + TNC_UInt32 imc_id) +{ + this->sw_id_count += sw_id_count; + this->tag_count += tag_count; + this->imc_id = imc_id; +} + +METHOD(imv_swima_state_t, get_count, void, + private_imv_swima_state_t *this, int *sw_id_count, int *tag_count) +{ + if (sw_id_count) + { + *sw_id_count = this->sw_id_count; + } + if (tag_count) + { + *tag_count = this->tag_count; + } +} + +METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32, + private_imv_swima_state_t *this) +{ + return this->imc_id; +} + +/** + * Described in header. + */ +imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) +{ + private_imv_swima_state_t *this; + + INIT(this, + .public = { + .interface = { + .get_connection_id = _get_connection_id, + .has_long = _has_long, + .has_excl = _has_excl, + .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, + .set_action_flags = _set_action_flags, + .get_action_flags = _get_action_flags, + .set_session = _set_session, + .get_session= _get_session, + .get_contracts = _get_contracts, + .change_state = _change_state, + .get_recommendation = _get_recommendation, + .set_recommendation = _set_recommendation, + .update_recommendation = _update_recommendation, + .get_reason_string = _get_reason_string, + .get_remediation_instructions = _get_remediation_instructions, + .destroy = _destroy, + }, + .set_handshake_state = _set_handshake_state, + .get_handshake_state = _get_handshake_state, + .set_request_id = _set_request_id, + .get_request_id = _get_request_id, + .set_inventory = _set_inventory, + .set_events = _set_events, + .get_jrequest = _get_jrequest, + .set_missing = _set_missing, + .get_missing = _get_missing, + .set_count = _set_count, + .get_count = _get_count, + .get_imc_id = _get_imc_id, + }, + .state = TNC_CONNECTION_STATE_CREATE, + .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .connection_id = connection_id, + .contracts = seg_contract_manager_create(), + .imc_id = TNC_IMCID_ANY, + .jobj = json_object_new_object(), + ); + + return &this->public.interface; +} + + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h new file mode 100644 index 000000000..4fa32daf4 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_swima imv_swima + * @ingroup libimcv_plugins + * + * @defgroup imv_swima_state_t imv_swima_state + * @{ @ingroup imv_swima + */ + +#ifndef IMV_SWIMA_STATE_H_ +#define IMV_SWIMA_STATE_H_ + +#include <imv/imv_state.h> +#include <swima/swima_inventory.h> +#include <swima/swima_events.h> +#include <library.h> + +#include <json.h> + +typedef struct imv_swima_state_t imv_swima_state_t; +typedef enum imv_swima_handshake_state_t imv_swima_handshake_state_t; + +/** + * IMV OS Handshake States (state machine) + */ +enum imv_swima_handshake_state_t { + IMV_SWIMA_STATE_INIT, + IMV_SWIMA_STATE_WORKITEMS, + IMV_SWIMA_STATE_END +}; + +/** + * Internal state of an imv_swima_t connection instance + */ +struct imv_swima_state_t { + + /** + * imv_state_t interface + */ + imv_state_t interface; + + /** + * Set state of the handshake + * + * @param new_state the handshake state of IMV + */ + void (*set_handshake_state)(imv_swima_state_t *this, + imv_swima_handshake_state_t new_state); + + /** + * Get state of the handshake + * + * @return the handshake state of IMV + */ + imv_swima_handshake_state_t (*get_handshake_state)(imv_swima_state_t *this); + + /** + * Set the SWID request ID + * + * @param request_id SWID request ID to be set + */ + void (*set_request_id)(imv_swima_state_t *this, uint32_t request_id); + + /** + * Get the SWID request ID + * + * @return SWID request ID + */ + uint32_t (*get_request_id)(imv_swima_state_t *this); + + /** + * Set or extend the SW ID inventory in the state + * + * @param inventory SW ID inventory to be added + */ + void (*set_inventory)(imv_swima_state_t *this, swima_inventory_t *inventory); + + /** + * Set or extend the SW ID events in the state + * + * @param events SW ID events to be added + */ + void (*set_events)(imv_swima_state_t *this, swima_events_t *events); + + /** + * Get the JSON encoding of the complete SW ID inventory or SW ID events + * + * @return JSON encoding + */ + json_object* (*get_jrequest)(imv_swima_state_t *this); + + /** + * Set the number of still missing SW [ID] records or envents + * + * @param count Number of missing SW [ID] records or envents + */ + void (*set_missing)(imv_swima_state_t *this, uint32_t count); + + /** + * Get the number of still missing SWID Tags or Tag IDs + * + * @result Number of missing SWID Tags or Tag IDs + */ + uint32_t (*get_missing)(imv_swima_state_t *this); + + /** + * Set [or with multiple attributes increment] SWID Tag [ID] counters + * + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags + * @param imc_id SWID IMC ID + */ + void (*set_count)(imv_swima_state_t *this, int tag_id_count, int tag_count, + TNC_UInt32 imc_id); + + /** + * Set [or with multiple attributes increment] SWID Tag [ID] counters + * + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags + */ + void (*get_count)(imv_swima_state_t *this, int *tag_id_count, int *tag_count); + + /** + * Get SWID IMC ID + * + * @return SWID IMC ID + */ + TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this); +}; + +/** + * Create an imv_swima_state_t instance + * + * @param id connection ID + */ +imv_state_t* imv_swima_state_create(TNC_ConnectionID id); + +#endif /** IMV_SWIMA_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 9aebfef67..8a6b9ed15 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.c b/src/libimcv/pts/components/ita/ita_comp_ima.c index 448ca9ffb..9ba72d01d 100644 --- a/src/libimcv/pts/components/ita/ita_comp_ima.c +++ b/src/libimcv/pts/components/ita/ita_comp_ima.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -667,7 +667,8 @@ METHOD(pts_component_t, verify, status_t, case IMA_STATE_RUNTIME: { uint8_t hash_buf[HASH_SIZE_SHA512]; - chunk_t digest, hash; + uint8_t digest_buf[HASH_SIZE_SHA512], *hex_digest_buf; + chunk_t hex_digest, digest, hash; enumerator_t *e; this->count++; @@ -685,8 +686,10 @@ METHOD(pts_component_t, verify, status_t, hash_algo, ima_name); if (e) { - while (e->enumerate(e, &digest)) + while (e->enumerate(e, &hex_digest_buf)) { + hex_digest = chunk_from_str(hex_digest_buf); + digest = chunk_from_hex(hex_digest, digest_buf); if (!ima_hash(digest, ima_algo, ima_name, FALSE, algo, hash_buf)) { diff --git a/src/libimcv/pts/pts_database.c b/src/libimcv/pts/pts_database.c index 1a4c4212d..4a47b06f0 100644 --- a/src/libimcv/pts/pts_database.c +++ b/src/libimcv/pts/pts_database.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -104,17 +104,19 @@ METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*, "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " "JOIN directories as d ON d.id = f.dir " - "WHERE fh.product = ? AND fh.algo = ? AND d.id = ? " + "JOIN versions as v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND d.id = ? " "ORDER BY f.name", - DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_BLOB); + DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT); } else { e = this->db->query(this->db, "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND fh.algo = ? AND fh.file = ?", - DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?", + DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT); } return e; } @@ -179,7 +181,8 @@ METHOD(pts_database_t, add_file_measurement, status_t, /* does hash measurement value already exist? */ e = this->db->query(this->db, "SELECT fh.id, fh.hash FROM file_hashes AS fh " - "WHERE fh.product = ? AND fh.algo = ? AND fh.file = ?", + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?", DB_INT, pid, DB_INT, algo, DB_INT, fid, DB_INT, DB_BLOB); if (!e) { @@ -235,8 +238,10 @@ METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*, e = this->db->query(this->db, "SELECT fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND f.name = ? AND fh.algo = ?", - DB_INT, pid, DB_TEXT, file, DB_INT, algo, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND f.name = ? AND fh.algo = ? " + "ORDER BY v.time DESC", + DB_INT, pid, DB_TEXT, file, DB_INT, algo, DB_TEXT); } else { /* absolute pathname */ @@ -256,8 +261,10 @@ METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*, e = this->db->query(this->db, "SELECT fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?", - DB_INT, pid, DB_INT, did, DB_TEXT, file, DB_INT, algo, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND f.dir = ? AND f.name = ? AND fh.algo = ? " + "ORDER BY v.time DESC", + DB_INT, pid, DB_INT, did, DB_TEXT, file, DB_INT, algo, DB_TEXT); } err: diff --git a/src/libimcv/rest/rest.c b/src/libimcv/rest/rest.c new file mode 100644 index 000000000..531da090e --- /dev/null +++ b/src/libimcv/rest/rest.c @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifdef USE_JSON + +#define _GNU_SOURCE +#include <stdio.h> + +#include "rest.h" + +typedef struct private_rest_t private_rest_t; + +/** + * Private data of an rest_t object. + */ +struct private_rest_t { + + /** + * Public members of rest_t + */ + rest_t public; + + /** + * URI of REST API + */ + char *uri; + + /** + * Timeout of REST API connection + */ + u_int timeout; + +}; + +METHOD(rest_t, get, status_t, + private_rest_t *this, char *command, json_object **jresponse) +{ + struct json_tokener *tokener; + chunk_t response = chunk_empty; + status_t status; + char *uri; + + if (asprintf(&uri, "%s%s",this->uri, command) < 0) + { + return FAILED; + } + + status = lib->fetcher->fetch(lib->fetcher, uri, &response, + FETCH_TIMEOUT, this->timeout, + FETCH_END); + free(uri); + + if (status == SUCCESS && jresponse) + { + /* Parse HTTP response into a JSON object */ + tokener = json_tokener_new(); + *jresponse = json_tokener_parse_ex(tokener, response.ptr, response.len); + json_tokener_free(tokener); + } + free(response.ptr); + + return status; +} + +#define HTTP_STATUS_CODE_NOT_FOUND 404 +#define HTTP_STATUS_CODE_PRECONDITION_FAILED 412 + +METHOD(rest_t, post, status_t, + private_rest_t *this, char *command, json_object *jrequest, + json_object **jresponse) +{ + struct json_tokener *tokener; + chunk_t data, response = chunk_empty; + status_t status; + char *uri; + int code; + + if (asprintf(&uri, "%s%s",this->uri, command) < 0) + { + return FAILED; + } + data = chunk_from_str((char*)json_object_to_json_string(jrequest)); + + status = lib->fetcher->fetch(lib->fetcher, uri, &response, + FETCH_TIMEOUT, this->timeout, + FETCH_REQUEST_DATA, data, + FETCH_REQUEST_TYPE, "application/json; charset=utf-8", + FETCH_REQUEST_HEADER, "Accept: application/json", + FETCH_REQUEST_HEADER, "Expect:", + FETCH_RESPONSE_CODE, &code, + FETCH_END); + free(uri); + + if (status != SUCCESS) + { + switch (code) + { + case HTTP_STATUS_CODE_NOT_FOUND: + status = NOT_FOUND; + break; + case HTTP_STATUS_CODE_PRECONDITION_FAILED: + if (!response.ptr) + { + return FAILED; + } + if (jresponse) + { + /* Parse HTTP response into a JSON object */ + tokener = json_tokener_new(); + *jresponse = json_tokener_parse_ex(tokener, response.ptr, + response.len); + json_tokener_free(tokener); + } + status = NEED_MORE; + break; + default: + DBG2(DBG_IMV, "REST http request failed with status code: %d", + code); + status = FAILED; + break; + } + } + free(response.ptr); + + return status; +} + +METHOD(rest_t, destroy, void, + private_rest_t *this) +{ + free(this->uri); + free(this); +} + +/** + * Described in header. + */ +rest_t *rest_create(char *uri, u_int timeout) +{ + private_rest_t *this; + + INIT(this, + .public = { + .get = _get, + .post = _post, + .destroy = _destroy, + }, + .uri = strdup(uri), + .timeout = timeout, + ); + + return &this->public; +} + +#endif /* USE_JSON */ diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.h b/src/libimcv/rest/rest.h index 32392cbe6..bddb881b8 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_rest.h +++ b/src/libimcv/rest/rest.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,50 +14,61 @@ */ /** - * @defgroup imv_swid imv_swid + * @defgroup imv_swima imv_swima * @ingroup libimcv_plugins * - * @defgroup imv_swid_rest_t imv_swid_rest - * @{ @ingroup imv_swid + * @defgroup rest_t rest + * @{ @ingroup imv_swima */ -#ifndef IMV_SWID_REST_H_ -#define IMV_SWID_REST_H_ +#ifndef REST_H_ +#define REST_H_ -#include <library.h> +#ifdef USE_JSON +#include <library.h> #include <json.h> -typedef struct imv_swid_rest_t imv_swid_rest_t; +typedef struct rest_t rest_t; /** * Public REST interface */ -struct imv_swid_rest_t { +struct rest_t { /** - * Post a HTTP request including a JSON object + * Send an HTTP GET request returning a JSON object + * + * @param jresp JSON object in HTTP + * @return Status (SUCCESS or FAILED) + */ + status_t (*get)(rest_t *this, char *command, json_object **jresp); + + /** + * Send an HTTP POST request including a JSON object * * @param jreq JSON object in HTTP request * @param jresp JSON object in HTTP response if NEED_MORE * @return Status (SUCCESS, NEED_MORE or FAILED) */ - status_t (*post)(imv_swid_rest_t *this, char *command, json_object *jreq, + status_t (*post)(rest_t *this, char *command, json_object *jreq, json_object **jresp); /** - * Destroy imv_swid_rest_t object + * Destroy rest_t object */ - void (*destroy)(imv_swid_rest_t *this); + void (*destroy)(rest_t *this); }; /** - * Create an imv_swid_rest_t instance + * Create an rest_t instance * * @param uri REST URI (http://username:password@hostname[:port]/api/) * @param timeout Timeout of the REST connection */ -imv_swid_rest_t* imv_swid_rest_create(char *uri, u_int timeout); +rest_t* rest_create(char *uri, u_int timeout); + +#endif /* USE_JSON */ -#endif /** IMV_SWID_REST_H_ @}*/ +#endif /** REST_H_ @}*/ diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c new file mode 100644 index 000000000..c54669d1d --- /dev/null +++ b/src/libimcv/suites/test_imcv_swima.c @@ -0,0 +1,1117 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include "swima/swima_record.h" +#include "swima/swima_data_model.h" +#include "swima/swima_inventory.h" +#include "swima/swima_event.h" +#include "swima/swima_events.h" +#include "swima/swima_collector.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" + +static pen_type_t ita_data_model = { PEN_ITA, 0x19 }; + +static char* sw_id_str[] = { + "strongswan.org_strongSwan_5.3.3", + "strongswan.org_62251aa6-1a01-479b-aea6-f3dcf0ab1f1a" +}; +static char sw_locator_str[] = "/usr/share/strongswan"; + +static char* sw_record_str[] = { + "<SoftwareIdentity tagId=\"abc\"></SoftwareIdentity>", + "<SoftwareIdentity tagId=\"def\"></SoftwareIdentity>" +}; + +START_TEST(test_imcv_swima_record) +{ + chunk_t sw_id, sw_locator, locator; + swima_record_t *sw_record, *sw_record_cp; + uint32_t record_id = 1; + uint8_t source_id = 2; + chunk_t record = chunk_from_str(sw_record_str[0]); + + sw_id = chunk_from_str(sw_id_str[0]); + sw_locator = chunk_from_str(sw_locator_str); + + /* Software Identity with Software Locator */ + sw_record = swima_record_create(record_id, sw_id, sw_locator), + ck_assert(sw_record); + sw_record_cp = sw_record->get_ref(sw_record); + + ck_assert(record_id == sw_record->get_record_id(sw_record)); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, NULL)); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, &locator)); + ck_assert_chunk_eq(locator, sw_locator); + + sw_record->set_data_model(sw_record, ita_data_model); + ck_assert(pen_type_equals(sw_record->get_data_model(sw_record), + ita_data_model)); + + sw_record->set_source_id(sw_record, source_id); + ck_assert(source_id == sw_record->get_source_id(sw_record)); + + sw_record->set_record(sw_record, record); + ck_assert_chunk_eq(record, sw_record->get_record(sw_record)); + + sw_record->destroy(sw_record); + sw_record_cp->destroy(sw_record); + + /* Software Identity without Software Locator */ + sw_record = swima_record_create(record_id, sw_id, chunk_empty), + ck_assert(sw_record); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, &locator)); + ck_assert(locator.ptr == NULL && locator.len == 0); + + ck_assert(pen_type_equals(swima_data_model_iso_2015_swid_xml, + sw_record->get_data_model(sw_record))); + + sw_record->destroy(sw_record); +} +END_TEST + +typedef struct req_data_t req_data_t; + +struct req_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t earliest_eid; + uint32_t sw_id_count; + chunk_t value; +}; + +static req_data_t req_data[] = { + { IETF_SWIMA_ATTR_REQ_FLAG_NONE, 1, 0, 0, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_REQ_FLAG_R, 2, 15, 1, chunk_from_chars( + 0x20, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x0F, 0x00, 0x1f, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67, + 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x5f, 0x73, + 0x74, 0x72, 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e, 0x5f, + 0x35, 0x2e, 0x33, 0x2e, 0x33) + }, + { IETF_SWIMA_ATTR_REQ_FLAG_S, 3, 256, 2, chunk_from_chars( + 0x40, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x1f, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67, + 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x5f, 0x73, + 0x74, 0x72, 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e, 0x5f, + 0x35, 0x2e, 0x33, 0x2e, 0x33, 0x00, 0x33, 0x73, 0x74, 0x72, + 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, + 0x67, 0x5f, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, + 0x2d, 0x31, 0x61, 0x30, 0x31, 0x2d, 0x34, 0x37, 0x39, 0x62, + 0x2d, 0x61, 0x65, 0x61, 0x36, 0x2d, 0x66, 0x33, 0x64, 0x63, + 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61) + }, +}; + +START_TEST(test_imcv_swima_sw_req) +{ + pen_type_t type; + pen_type_t pen_type = { PEN_IETF, IETF_ATTR_SW_REQUEST }; + pa_tnc_attr_t *attr, *attr1, *attr2; + ietf_swima_attr_req_t *c_attr; + swima_record_t *target; + swima_inventory_t *targets; + chunk_t sw_id, value; + enumerator_t *enumerator; + uint32_t offset; + int n; + + attr = ietf_swima_attr_req_create(req_data[_i].flags, + req_data[_i].request_id); + ck_assert(attr); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, pen_type)); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + targets = swima_inventory_create(); + targets->set_eid(targets, req_data[_i].earliest_eid, 0); + + for (n = 0; n < req_data[_i].sw_id_count; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + target = swima_record_create(0, sw_id, chunk_empty); + targets->add(targets, target); + } + c_attr = (ietf_swima_attr_req_t*)attr; + c_attr->set_targets(c_attr, targets); + c_attr->set_targets(c_attr, targets); + targets->destroy(targets); + + attr->build(attr); + attr->build(attr); + value = attr->get_value(attr); + ck_assert_chunk_eq(value, req_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_req_create_from_data(value.len, value); + ck_assert(attr2); + + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, pen_type)); + + c_attr = (ietf_swima_attr_req_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == req_data[_i].flags); + ck_assert(c_attr->get_request_id(c_attr) == req_data[_i].request_id); + + targets = c_attr->get_targets(c_attr); + ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid); + + enumerator = targets->create_enumerator(targets); + ck_assert(enumerator); + n = 0; + while (enumerator->enumerate(enumerator, &target)) + { + sw_id = target->get_sw_id(target, NULL); + ck_assert(chunk_equals(sw_id, chunk_from_str(sw_id_str[n++]))); + } + enumerator->destroy(enumerator); + + attr2->destroy(attr2); +} +END_TEST + +START_TEST(test_imcv_swima_sw_req_trunc) +{ + pa_tnc_attr_t *attr; + chunk_t data; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_req_create_from_data(0, chunk_empty); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Truncate first SW ID */ + data = req_data[2].value; + data.len = 14; + attr = ietf_swima_attr_req_create_from_data(data.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 12); + attr->destroy(attr); + + /* Truncate second SW ID */ + data = req_data[2].value; + data.len = 47; + attr = ietf_swima_attr_req_create_from_data(data.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 45); + attr->destroy(attr); + + /* Segmentation */ + data = req_data[2].value; + data.len = 50; + attr = ietf_swima_attr_req_create_from_data(req_data[2].value.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + data = chunk_skip(req_data[2].value, 50); + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + attr->destroy(attr); +} +END_TEST + +static pen_type_t sw_inv_types[] = { + { PEN_IETF, IETF_ATTR_SW_INVENTORY }, + { PEN_IETF, IETF_ATTR_SW_ID_INVENTORY } +}; + +typedef struct sw_inv_data_t sw_inv_data_t; + +struct sw_inv_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t eid_epoch; + uint32_t last_eid; + chunk_t value; +}; + +static sw_inv_data_t sw_inv_data[] = { + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd0, 0x87654321, 0x00000007, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD0, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd1, 0x87654321, 0x00000007, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD1, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd2, 0x12345678, 0x00000030, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, + 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034, + chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, + 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, + 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, + 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, + 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, + 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, + 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, + 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, + 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74, + 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22, + 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, + 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034, + chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00, + 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, + 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, + 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, + 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, + 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, + 0x31, 0x61, 0x00, 0x00) + } +}; + +START_TEST(test_imcv_swima_inv) +{ + pen_type_t type, data_model; + chunk_t sw_id, record, value; + ietf_swima_attr_sw_inv_t *c_attr; + pa_tnc_attr_t *attr, *attr1, *attr2; + swima_record_t *sw_record; + swima_inventory_t *sw_inv; + enumerator_t *enumerator; + uint32_t offset, epoch; + uint8_t source_id; + bool sw_id_only = _i % 2; + int n; + + attr = ietf_swima_attr_sw_inv_create(sw_inv_data[_i].flags, + sw_inv_data[_i].request_id, + sw_id_only); + + sw_inv = swima_inventory_create(); + sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); + for (n = 0; n < _i/2; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + sw_record = swima_record_create(n, sw_id, chunk_empty); + + if (n == 1) + { + sw_record->set_data_model(sw_record, ita_data_model); + sw_record->set_source_id(sw_record, 0x11); + } + if (!sw_id_only) + { + record = chunk_from_str(sw_record_str[n]); + sw_record->set_record(sw_record, record); + } + sw_inv->add(sw_inv, sw_record); + } + c_attr = (ietf_swima_attr_sw_inv_t*)attr; + c_attr->set_inventory(c_attr, sw_inv); + c_attr->set_inventory(c_attr, sw_inv); + + attr->build(attr); + attr->build(attr); + sw_inv->destroy(sw_inv); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, sw_inv_types[sw_id_only])); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + value = attr->get_value(attr); + ck_assert_chunk_eq(value, sw_inv_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_sw_inv_create_from_data(value.len, value, + sw_id_only); + ck_assert(attr2); + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, sw_inv_types[sw_id_only])); + + c_attr = (ietf_swima_attr_sw_inv_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == sw_inv_data[_i].flags); + ck_assert(c_attr->get_record_count(c_attr) == 0); + ck_assert(c_attr->get_request_id(c_attr) == sw_inv_data[_i].request_id); + + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_eid(sw_inv, NULL) == sw_inv_data[_i].last_eid); + ck_assert(sw_inv->get_eid(sw_inv, &epoch) == sw_inv_data[_i].last_eid); + ck_assert(epoch == sw_inv_data[_i].eid_epoch); + ck_assert(sw_inv); + ck_assert(sw_inv->get_count(sw_inv) == _i/2); + + enumerator = sw_inv->create_enumerator(sw_inv); + ck_assert(enumerator); + + n = 0; + while (enumerator->enumerate(enumerator, &sw_record)) + { + ck_assert(sw_record->get_record_id(sw_record) == n); + data_model = sw_record->get_data_model(sw_record); + ck_assert(pen_type_equals(data_model, (n == 1) ? ita_data_model : + swima_data_model_iso_2015_swid_xml)); + source_id = sw_record->get_source_id(sw_record); + ck_assert(source_id == (n == 1 ? 0x11 : 0x00)); + n++; + } + enumerator->destroy(enumerator); + ck_assert(n == _i/2); + + attr2->destroy(attr2); +} +END_TEST + +/** + * Offsets in sw_inv_data[4].value + * + * 0 constant header + * 12 segment 1 - 12 octets + * 16 record_id + * 18 segment 2 - 6 octets + * 20 data_model_pen + * 22 segment 3 - 4 octets + * 23 segment 4 - 1 octet + * 23 data_model_type + * 24 segment 5 - 1 octet + * 24 source_id + * 25 sw_id + * 26 segment 6 - 2 octets + * 58 sw_locator + * 59 segment 7 - 33 octets + * 60 record + * 62 segment 8 - 3 octets + * 113 sw record 2 + * 114 segment 9 - 52 octets + * 230 segment 10 - 116 octets + */ + +START_TEST(test_imcv_swima_sw_inv_trunc) +{ + pa_tnc_attr_t *attr; + ietf_swima_attr_sw_inv_t *c_attr; + chunk_t data; + swima_inventory_t *sw_inv; + size_t len = sw_inv_data[4].value.len; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_sw_inv_create_from_data(0, chunk_empty, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Length larger than data */ + data = sw_inv_data[4].value; + attr = ietf_swima_attr_sw_inv_create_from_data(len + 2, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == len); + attr->destroy(attr); + + /* Segment 1 truncates minimum size */ + data = sw_inv_data[4].value; + data.len = 12; + attr = ietf_swima_attr_sw_inv_create_from_data(len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 2 truncates record_id */ + data = chunk_skip(sw_inv_data[4].value, 12); + data.len = 6; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 3 truncates data_model_pen */ + data = chunk_skip(sw_inv_data[4].value, 18); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 4 truncates data_model_type */ + data = chunk_skip(sw_inv_data[4].value, 22); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 5 truncates source_id */ + data = chunk_skip(sw_inv_data[4].value, 23); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 6 truncates sw_id */ + data = chunk_skip(sw_inv_data[4].value, 24); + data.len = 2; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates sw_locator */ + data = chunk_skip(sw_inv_data[4].value, 26); + data.len = 33; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 8 truncates record */ + data = chunk_skip(sw_inv_data[4].value, 59); + data.len = 3; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 9 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 62); + data.len = 52; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process first inventory entry */ + c_attr = (ietf_swima_attr_sw_inv_t*)attr; + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_count(sw_inv) == 1); + c_attr->clear_inventory(c_attr); + + /* Segment 10 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 114); + data.len = 116; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process second inventory entry */ + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_count(sw_inv) == 1); + c_attr->clear_inventory(c_attr); + + attr->destroy(attr); +} +END_TEST + +static char* sw_ev_timestamp_str[] = { + "2017-05-30T18:09:25Z", + "2017-06-14T15:38:00Z" +}; + +START_TEST(test_imcv_swima_event) +{ + chunk_t sw_id, sw_timestamp, timestamp; + swima_event_t *sw_event, *sw_event_cp; + swima_record_t *sw_record; + uint32_t record_id = 1, eid = 7; + uint8_t action = SWIMA_EVENT_ACTION_CREATION; + + sw_id = chunk_from_str(sw_id_str[0]); + sw_timestamp = chunk_from_str(sw_ev_timestamp_str[0]); + + /* Software Identity without Software Locator */ + sw_record = swima_record_create(record_id, sw_id, chunk_empty), + ck_assert(sw_record); + + sw_event = swima_event_create(eid, sw_timestamp, action, sw_record); + ck_assert(sw_event); + sw_event_cp = sw_event->get_ref(sw_event); + + ck_assert(sw_event->get_eid(sw_event, NULL) == eid); + ck_assert(sw_event->get_eid(sw_event, ×tamp) == eid); + ck_assert_chunk_eq(sw_timestamp, timestamp); + ck_assert(sw_event->get_action(sw_event) == action); + sw_event->destroy(sw_event); + + sw_record = sw_event_cp->get_sw_record(sw_event_cp); + ck_assert(sw_record); + ck_assert(sw_record->get_record_id(sw_record) == record_id); + ck_assert_chunk_eq(sw_record->get_sw_id(sw_record, NULL), sw_id); + sw_event_cp->destroy(sw_event_cp); +} +END_TEST + +static pen_type_t sw_ev_types[] = { + { PEN_IETF, IETF_ATTR_SW_EVENTS }, + { PEN_IETF, IETF_ATTR_SW_ID_EVENTS } +}; + +typedef struct sw_ev_data_t sw_ev_data_t; + +struct sw_ev_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t eid_epoch; + uint32_t last_eid; + uint32_t last_consulted_eid; + chunk_t value; +}; + +static sw_ev_data_t sw_ev_data[] = { + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd0, 0x87654321, 0x00000007, + 0x00000007, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD0, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd1, 0x87654321, 0x00000007, + 0x00000007, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD1, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd2, 0x12345678, 0x00000030, + 0x00000030, chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, 0x62, + 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, + 0x00000030, chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000050, + 0x00000034, chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x34, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, 0x62, + 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E, 0x00, 0x00, 0x00, 0x34, '2', '0', '1', '7', + '-', '0', '6', '-', '1', '4', 'T', '1', '5', ':', + '3', '8', ':', '0', '0', 'Z', 0x00, 0x00, 0x00, 0x01, + 0x00, 0x90, 0x2A, 0x19, 0x11, 0x02, 0x00, 0x33, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, + 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, + 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, + 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x64, 0x65, 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000050, + 0x00000034, chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x34, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x34, '2', '0', '1', '7', '-', '0', '6', + '-', '1', '4', 'T', '1', '5', ':', '3', '8', ':', + '0', '0', 'Z', 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, + 0x19, 0x11, 0x02, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, + 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, + 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, + 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, + 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, + 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00) + } +}; + +START_TEST(test_imcv_swima_ev) +{ + pen_type_t type, data_model; + chunk_t sw_id, record, timestamp, value; + ietf_swima_attr_sw_ev_t *c_attr; + pa_tnc_attr_t *attr, *attr1, *attr2; + swima_record_t *sw_record; + swima_event_t *sw_event; + swima_events_t *sw_ev; + enumerator_t *enumerator; + uint32_t offset, epoch, eid, last_eid; + uint8_t source_id, action; + bool sw_id_only = _i % 2; + int n; + + attr = ietf_swima_attr_sw_ev_create(sw_ev_data[_i].flags, + sw_ev_data[_i].request_id, + sw_id_only); + sw_ev = swima_events_create(); + sw_ev->set_eid(sw_ev, sw_ev_data[_i].last_consulted_eid, + sw_ev_data[_i].eid_epoch); + if (sw_ev_data[_i].last_consulted_eid < sw_ev_data[_i].last_eid) + { + sw_ev->set_last_eid(sw_ev, sw_ev_data[_i].last_eid); + } + + for (n = 0; n < _i/2; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + sw_record = swima_record_create(n, sw_id, chunk_empty); + + if (n == 1) + { + sw_record->set_data_model(sw_record, ita_data_model); + sw_record->set_source_id(sw_record, 0x11); + } + if (!sw_id_only) + { + record = chunk_from_str(sw_record_str[n]); + sw_record->set_record(sw_record, record); + } + eid = 0x30 + 4 * n; + timestamp = chunk_from_str(sw_ev_timestamp_str[n]); + action = n + 1; + sw_event = swima_event_create(eid, timestamp, action, sw_record); + sw_ev->add(sw_ev, sw_event); + } + c_attr = (ietf_swima_attr_sw_ev_t*)attr; + c_attr->set_events(c_attr, sw_ev); + c_attr->set_events(c_attr, sw_ev); + + attr->build(attr); + attr->build(attr); + sw_ev->destroy(sw_ev); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, sw_ev_types[sw_id_only])); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + value = attr->get_value(attr); + ck_assert_chunk_eq(value, sw_ev_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_sw_ev_create_from_data(value.len, value, + sw_id_only); + ck_assert(attr2); + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, sw_ev_types[sw_id_only])); + + c_attr = (ietf_swima_attr_sw_ev_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == sw_ev_data[_i].flags); + ck_assert(c_attr->get_event_count(c_attr) == 0); + ck_assert(c_attr->get_request_id(c_attr) == sw_ev_data[_i].request_id); + + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev); + eid = sw_ev->get_eid(sw_ev, NULL, NULL); + ck_assert(eid == sw_ev_data[_i].last_consulted_eid); + eid = sw_ev->get_eid(sw_ev, &epoch, &last_eid); + ck_assert(eid == sw_ev_data[_i].last_consulted_eid); + ck_assert(epoch == sw_ev_data[_i].eid_epoch); + ck_assert(last_eid == sw_ev_data[_i].last_eid); + ck_assert(sw_ev->get_count(sw_ev) == _i/2); + + enumerator = sw_ev->create_enumerator(sw_ev); + ck_assert(enumerator); + + n = 0; + while (enumerator->enumerate(enumerator, &sw_event)) + { + ck_assert(sw_event->get_eid(sw_event, ×tamp) == 0x30 + 4 * n); + ck_assert_chunk_eq(timestamp, chunk_from_str(sw_ev_timestamp_str[n])); + sw_record = sw_event->get_sw_record(sw_event); + ck_assert(sw_record); + ck_assert(sw_record->get_record_id(sw_record) == n); + data_model = sw_record->get_data_model(sw_record); + ck_assert(pen_type_equals(data_model, (n == 1) ? ita_data_model : + swima_data_model_iso_2015_swid_xml)); + source_id = sw_record->get_source_id(sw_record); + ck_assert(source_id == (n == 1 ? 0x11 : 0x00)); + n++; + } + enumerator->destroy(enumerator); + ck_assert(n == _i/2); + + attr2->destroy(attr2); +} +END_TEST + + +/** + * Offsets in sw_ev_data[4].value + * + * 0 constant header + * 16 segment 1 - 16 octets + * 20 eid + * 22 segment 2 - 6 octets + * 24 timestamp + * 26 segment 3 - 4 octets + * 44 record_id + * 46 segment 4 - 20 octets + * 48 data_model_pen + * 50 segment 5 - 4 octets + * 51 segment 6 - 1 octet + * 51 data_model_type + * 52 segment 7 - 1 octet + * 52 source_id + * 53 segment 8 - 1 octet + * 53 action + * 54 sw_id + * 55 segment 9 - 2 octets + * 87 sw_locator + * 88 segment 10 - 33 octets + * 89 record + * 91 segment 11 - 3 octets + * 142 sw record 2 + * 143 segment 12 - 52 octets + * 284 segment 13 - 141 octets + */ + +START_TEST(test_imcv_swima_sw_ev_trunc) +{ + pa_tnc_attr_t *attr; + ietf_swima_attr_sw_ev_t *c_attr; + chunk_t data; + swima_events_t *sw_ev; + size_t len = sw_ev_data[4].value.len; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_sw_ev_create_from_data(0, chunk_empty, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Length larger than data */ + data = sw_ev_data[4].value; + attr = ietf_swima_attr_sw_ev_create_from_data(len + 2, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == len); + attr->destroy(attr); + + /* Segment 1 truncates minimum size */ + data = sw_ev_data[4].value; + data.len = 16; + attr = ietf_swima_attr_sw_ev_create_from_data(len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 2 truncates eid */ + data = chunk_skip(sw_ev_data[4].value, 16); + data.len = 6; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 3 truncates timestamp */ + data = chunk_skip(sw_ev_data[4].value, 22); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 4 truncates record_id */ + data = chunk_skip(sw_ev_data[4].value, 26); + data.len = 20; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 5 truncates data_model_pen */ + data = chunk_skip(sw_ev_data[4].value, 46); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 6 truncates data_model_type */ + data = chunk_skip(sw_ev_data[4].value, 50); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates source_id */ + data = chunk_skip(sw_ev_data[4].value, 51); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 8 truncates action */ + data = chunk_skip(sw_ev_data[4].value, 52); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 9 truncates sw_id */ + data = chunk_skip(sw_ev_data[4].value, 53); + data.len = 2; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 10 truncates sw_locator */ + data = chunk_skip(sw_ev_data[4].value, 55); + data.len = 33; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 11 truncates record */ + data = chunk_skip(sw_ev_data[4].value, 88); + data.len = 3; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 12 truncates second sw_entry */ + data = chunk_skip(sw_ev_data[4].value, 91); + data.len = 52; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process first event entry */ + c_attr = (ietf_swima_attr_sw_ev_t*)attr; + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev->get_count(sw_ev) == 1); + c_attr->clear_events(c_attr); + + /* Segment 13 truncates second sw_record */ + data = chunk_skip(sw_ev_data[4].value, 143); + data.len = 141; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process second event entry */ + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev->get_count(sw_ev) == 1); + c_attr->clear_events(c_attr); + attr->destroy(attr); + + /* Invalid Action values */ + data = chunk_clone(sw_ev_data[2].value); + data.ptr[53] = 0; + attr = ietf_swima_attr_sw_ev_create_from_data(data.len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED); + attr->destroy(attr); + + data.ptr[53] = SWIMA_EVENT_ACTION_LAST + 1; + attr = ietf_swima_attr_sw_ev_create_from_data(data.len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 20); + attr->destroy(attr); + chunk_free(&data); +} +END_TEST + +START_TEST(test_imcv_swima_sw_collector) +{ + swima_collector_t *collector; + swima_inventory_t *targets, *inventory; + swima_events_t *events; + swima_record_t *sw_record; + swima_event_t *sw_event; + chunk_t sw_id, sw_locator, swid_tag; + enumerator_t *enumerator; + uint8_t source_id; + int item = 0, items; + + targets = swima_inventory_create(); + collector = swima_collector_create(); + + /* software identifier events only */ + events = collector->collect_events(collector, TRUE, targets); + if (events) + { + items = events->get_count(events); + DBG1(DBG_IMC, "%d software identifiers collected", items); + + enumerator = events->create_enumerator(events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + item++; + if ( item == 1 || item == items) + { + sw_record = sw_event->get_sw_record(sw_event); + sw_id = sw_record->get_sw_id(sw_record, NULL); + source_id =sw_record->get_source_id(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + } + } + enumerator->destroy(enumerator); + } + + /* software identifier inventory only */ + inventory = collector->collect_inventory(collector, TRUE, targets); + if (inventory) + { + items = inventory->get_count(inventory); + DBG1(DBG_IMC, "%d software identifiers collected", items); + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + item++; + if ( item == 1 || item == items) + { + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + source_id =sw_record->get_source_id(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + if (sw_locator.len > 0) + { + DBG1(DBG_IMC, " locator: %.*s", + sw_locator.len, sw_locator.ptr); + } + targets->add(targets, sw_record->get_ref(sw_record)); + } + } + enumerator->destroy(enumerator); + } + + /* targeted software inventory */ + inventory = collector->collect_inventory(collector, FALSE, targets); + if (inventory) + { + items = inventory->get_count(inventory); + DBG1(DBG_IMC, "%d SWID tags collected", items); + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + sw_id = sw_record->get_sw_id(sw_record, NULL); + source_id =sw_record->get_source_id(sw_record); + swid_tag = sw_record->get_record(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + DBG2(DBG_IMC, "%B", &swid_tag); + } + enumerator->destroy(enumerator); + } + + collector->destroy(collector); + targets->destroy(targets); +} +END_TEST + +Suite *imcv_swima_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("imcv_swima"); + + tc = tcase_create("sw_record"); + tcase_add_test(tc, test_imcv_swima_record); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_req"); + tcase_add_loop_test(tc, test_imcv_swima_sw_req, 0, countof(req_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_req_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_req_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_inv"); + tcase_add_loop_test(tc, test_imcv_swima_inv, 0, 6); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_inv_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_inv_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_event"); + tcase_add_test(tc, test_imcv_swima_event); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_ev"); + tcase_add_loop_test(tc, test_imcv_swima_ev, 0, 6); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_ev_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_ev_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_collector"); + tcase_add_test(tc, test_imcv_swima_sw_collector); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c index a49286954..5f6e50cb7 100644 --- a/src/libimcv/swid/swid_inventory.c +++ b/src/libimcv/swid/swid_inventory.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,9 +16,10 @@ #include "swid_inventory.h" #include "swid_tag.h" #include "swid_tag_id.h" +#include "swid_gen/swid_gen.h" #include <collections/linked_list.h> -#include <bio/bio_writer.h> +#include <utils/lexparser.h> #include <utils/debug.h> #include <stdio.h> @@ -52,192 +53,99 @@ struct private_swid_inventory_t { linked_list_t *list; }; -/** - * Read SWID tags issued by the swid_generator tool - */ -static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file) +static status_t generate_tags(private_swid_inventory_t *this, + swid_inventory_t *targets, bool pretty, bool full) { + swid_gen_t *swid_gen; swid_tag_t *tag; - bio_writer_t *writer; - chunk_t tag_encoding, tag_file_path = chunk_empty; - bool more_tags = TRUE, last_newline; - char line[8192]; - size_t len; - - while (more_tags) - { - last_newline = TRUE; - writer = bio_writer_create(512); - while (TRUE) - { - if (!fgets(line, sizeof(line), file)) - { - more_tags = FALSE; - break; - } - len = strlen(line); - - if (last_newline && line[0] == '\n') - { - break; - } - else - { - last_newline = (line[len-1] == '\n'); - writer->write_data(writer, chunk_create(line, len)); - } - } - - tag_encoding = writer->get_buf(writer); - - if (tag_encoding.len > 1) - { - /* remove trailing newline if present */ - if (tag_encoding.ptr[tag_encoding.len - 1] == '\n') - { - tag_encoding.len--; - } - DBG3(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr); - - tag = swid_tag_create(tag_encoding, tag_file_path); - this->list->insert_last(this->list, tag); - } - writer->destroy(writer); - } - - return SUCCESS; -} - -/** - * Read SWID tag or software IDs issued by the swid_generator tool - */ -static status_t read_swid_tag_ids(private_swid_inventory_t *this, FILE *file) -{ swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty; - char line[BUF_LEN]; - - while (TRUE) - { - char *separator; - size_t len; - - if (!fgets(line, sizeof(line), file)) - { - return SUCCESS; - } - len = strlen(line); - - /* remove trailing newline if present */ - if (len > 0 && line[len - 1] == '\n') - { - len--; - } - DBG3(DBG_IMC, " %.*s", len, line); - - separator = strchr(line, '_'); - if (!separator) - { - DBG1(DBG_IMC, "separation of regid from unique software ID failed"); - return FAILED; - } - tag_creator = chunk_create(line, separator - line); - separator++; - - unique_sw_id = chunk_create(separator, len - (separator - line)); - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path); - this->list->insert_last(this->list, tag_id); - } -} - -static status_t generate_tags(private_swid_inventory_t *this, char *generator, - swid_inventory_t *targets, bool pretty, bool full) -{ - FILE *file; - char command[BUF_LEN]; - char doc_separator[] = "'\n\n'"; - + enumerator_t *enumerator; status_t status = SUCCESS; + chunk_t out; + + swid_gen = swid_gen_create(); if (targets->get_count(targets) == 0) { - /* Assemble the SWID generator command */ - if (this->full_tags) - { - snprintf(command, BUF_LEN, "%s swid --doc-separator %s%s%s", - generator, doc_separator, pretty ? " --pretty" : "", - full ? " --full" : ""); - } - else - { - snprintf(command, BUF_LEN, "%s software-id", generator); - } + DBG2(DBG_IMC, "SWID tag%s generation by package manager", + this->full_tags ? "" : " ID"); - /* Open a pipe stream for reading the SWID generator output */ - file = popen(command, "r"); - if (!file) + enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags, + full, pretty); + if (enumerator) { - DBG1(DBG_IMC, "failed to run swid_generator command"); - return NOT_SUPPORTED; - } + while (enumerator->enumerate(enumerator, &out)) + { + if (this->full_tags) + { + chunk_t swid_tag = out; - if (this->full_tags) - { - DBG2(DBG_IMC, "SWID tag generation by package manager"); - status = read_swid_tags(this, file); + tag = swid_tag_create(swid_tag, chunk_empty); + this->list->insert_last(this->list, tag); + } + else + { + chunk_t tag_creator, sw_id = out; + + if (extract_token_str(&tag_creator, "__", &sw_id)) + { + tag_id = swid_tag_id_create(tag_creator, sw_id, + chunk_empty); + this->list->insert_last(this->list, tag_id); + } + else + { + DBG1(DBG_IMC, "separation of regid from unique " + "software ID failed"); + status = FAILED; + chunk_free(&out); + break; + } + } + chunk_free(&out); + } + enumerator->destroy(enumerator); } else { - DBG2(DBG_IMC, "SWID tag ID generation by package manager"); - status = read_swid_tag_ids(this, file); + status = NOT_SUPPORTED; } - pclose(file); } else if (this->full_tags) { - swid_tag_id_t *tag_id; - enumerator_t *enumerator; + DBG2(DBG_IMC, "targeted SWID tag generation"); enumerator = targets->create_enumerator(targets); while (enumerator->enumerate(enumerator, &tag_id)) { - char software_id[BUF_LEN]; - chunk_t tag_creator, unique_sw_id; + char software_id[BUF_LEN], *swid_tag; + chunk_t tag_creator, sw_id; + /* Construct software ID from tag creator and unique software ID */ tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s_%.*s", - tag_creator.len, tag_creator.ptr, - unique_sw_id.len, unique_sw_id.ptr); - - /* Assemble the SWID generator command */ - snprintf(command, BUF_LEN, "%s swid --software-id %s%s%s", - generator, software_id, pretty ? " --pretty" : "", - full ? " --full" : ""); - - /* Open a pipe stream for reading the SWID generator output */ - file = popen(command, "r"); - if (!file) - { - DBG1(DBG_IMC, "failed to run swid_generator command"); - return NOT_SUPPORTED; - } - status = read_swid_tags(this, file); - pclose(file); - - if (status != SUCCESS) + sw_id = tag_id->get_unique_sw_id(tag_id, NULL); + snprintf(software_id, BUF_LEN, "%.*s__%.*s", + (int)tag_creator.len, tag_creator.ptr, + (int)sw_id.len, sw_id.ptr); + + swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL, + full, pretty); + if (swid_tag) { - break; + tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty); + this->list->insert_last(this->list, tag); + free(swid_tag); } } enumerator->destroy(enumerator); } + swid_gen->destroy(swid_gen); return status; } static bool collect_tags(private_swid_inventory_t *this, char *pathname, - swid_inventory_t *targets) + swid_inventory_t *targets, bool is_swidtag_dir) { char *rel_name, *abs_name; struct stat st; @@ -251,72 +159,49 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, pathname, strerror(errno)); return FALSE; } - DBG2(DBG_IMC, "entering %s", pathname); + if (is_swidtag_dir) + { + DBG2(DBG_IMC, "entering %s", pathname); + } while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) { - char * start, *stop; + char *separator, *suffix; chunk_t tag_creator; chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty; - if (!strstr(rel_name, "regid.")) - { - continue; - } if (S_ISDIR(st.st_mode)) { - /* In case of a targeted request */ - if (targets->get_count(targets)) - { - enumerator_t *target_enumerator; - swid_tag_id_t *tag_id; - bool match = FALSE; - - target_enumerator = targets->create_enumerator(targets); - while (target_enumerator->enumerate(target_enumerator, &tag_id)) - { - if (chunk_equals(tag_id->get_tag_creator(tag_id), - chunk_from_str(rel_name))) - { - match = TRUE; - break; - } - } - target_enumerator->destroy(target_enumerator); - - if (!match) - { - continue; - } - } - - if (!collect_tags(this, abs_name, targets)) + if (!collect_tags(this, abs_name, targets, is_swidtag_dir || + streq(rel_name, "swidtag"))) { goto end; } continue; } + if (!is_swidtag_dir) + { + continue; + } - /* parse the regid filename into its components */ - start = rel_name; - stop = strchr(start, '_'); - if (!stop) + /* found a swidtag file? */ + suffix = strstr(rel_name, ".swidtag"); + if (!suffix) { - DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " '_' separator not found"); - goto end; + continue; } - tag_creator = chunk_create(start, stop-start); - start = stop + 1; - stop = strstr(start, ".swidtag"); - if (!stop) + /* parse the swidtag filename into its components */ + separator = strstr(rel_name, "__"); + if (!separator) { DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " swidtag postfix not found"); + DBG1(DBG_IMC, " '__' separator not found"); goto end; } - unique_sw_id = chunk_create(start, stop-start); + tag_creator = chunk_create(rel_name, separator-rel_name); + + unique_sw_id = chunk_create(separator+2, suffix-separator-2); tag_file_path = chunk_from_str(abs_name); /* In case of a targeted request */ @@ -334,7 +219,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, target_tag_creator = tag_id->get_tag_creator(tag_id); if (chunk_equals(target_unique_sw_id, unique_sw_id) && - chunk_equals(target_tag_creator, tag_creator)) + chunk_equals(target_tag_creator, tag_creator)) { match = TRUE; break; @@ -358,7 +243,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, if (!xml_tag) { DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, - strerror(errno)); + strerror(errno)); goto end; } @@ -378,25 +263,28 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, end: enumerator->destroy(enumerator); - DBG2(DBG_IMC, "leaving %s", pathname); + if (is_swidtag_dir) + { + DBG2(DBG_IMC, "leaving %s", pathname); + } return success; } METHOD(swid_inventory_t, collect, bool, - private_swid_inventory_t *this, char *directory, char *generator, - swid_inventory_t *targets, bool pretty, bool full) + private_swid_inventory_t *this, char *directory, swid_inventory_t *targets, + bool pretty, bool full) { /** * Tags are generated by a package manager */ - generate_tags(this, generator, targets, pretty, full); + generate_tags(this, targets, pretty, full); /** * Collect swidtag files by iteratively entering all directories in * the tree under the "directory" path. */ - return collect_tags(this, directory, targets); + return collect_tags(this, directory, targets, FALSE); } METHOD(swid_inventory_t, add, void, diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h index 04029070e..ba2518e26 100644 --- a/src/libimcv/swid/swid_inventory.h +++ b/src/libimcv/swid/swid_inventory.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -37,13 +37,12 @@ struct swid_inventory_t { * Collect the SWID tags stored on the endpoint * * @param directory SWID directory path - * @param generator Path to SWID generator * @param targets List of target tag IDs * @param pretty Generate indented XML SWID tags * @param full Include file information in SWID tags * @return TRUE if successful */ - bool (*collect)(swid_inventory_t *this, char *directory, char *generator, + bool (*collect)(swid_inventory_t *this, char *directory, swid_inventory_t *targets, bool pretty, bool full); /** diff --git a/src/libimcv/swid_gen/swid_gen.c b/src/libimcv/swid_gen/swid_gen.c new file mode 100644 index 000000000..206d41d11 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen.c @@ -0,0 +1,291 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "swid_gen.h" + +#include <bio/bio_writer.h> + +#define SWID_GENERATOR "/usr/local/bin/swid_generator" + +typedef struct private_swid_gen_t private_swid_gen_t; + +/** + * Private data of a swid_gen_t object. + * + */ +struct private_swid_gen_t { + + /** + * Public swid_gen_t interface. + */ + swid_gen_t public; + + /** + * Path of the SWID generator command + */ + char *generator; + + /** + * Entity name of the tagCreator + */ + char *entity; + + /** + * Regid of the tagCreator + */ + char *regid; + +}; + +METHOD(swid_gen_t, generate_tag, char*, + private_swid_gen_t *this, char *sw_id, char *package, char *version, + bool full, bool pretty) +{ + char *tag = NULL; + size_t tag_buf_len = 8192; + char tag_buf[tag_buf_len], command[BUF_LEN]; + bio_writer_t *writer; + chunk_t swid_tag; + FILE *file; + + /* Compose the SWID generator command */ + if (full || !package || !version) + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" " + "--regid %s --software-id %s%s%s", + this->generator, this->entity, this->regid, sw_id, + full ? " --full" : "", pretty ? " --pretty" : ""); + } + else + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" " + "--regid %s --name %s --version-string %s%s", + this->generator, this->entity, this->regid, package, + version, pretty ? " --pretty" : ""); + } + + /* Open a pipe stream for reading the SWID generator output */ + file = popen(command, "r"); + if (file) + { + writer = bio_writer_create(tag_buf_len); + while (TRUE) + { + if (!fgets(tag_buf, tag_buf_len, file)) + { + break; + } + writer->write_data(writer, chunk_create(tag_buf, strlen(tag_buf))); + } + pclose(file); + swid_tag = writer->extract_buf(writer); + writer->destroy(writer); + + if (swid_tag.len > 0) + { + tag = swid_tag.ptr; + tag[swid_tag.len - 1] = '\0'; + } + else + { + chunk_free(&swid_tag); + } + } + else + { + DBG1(DBG_IMC, "failed to run swid_generator command"); + } + + return tag; +} + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** swid_generator output stream */ + FILE *file; + /** generate software identifier only */ + bool sw_id_only; +} swid_gen_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + swid_gen_enumerator_t *this, va_list args) +{ + chunk_t *out; + + VA_ARGS_VGET(args, out); + + if (this->sw_id_only) + { + char line[BUF_LEN]; + size_t len; + + if (!fgets(line, sizeof(line), this->file)) + { + return FALSE; + } + len = strlen(line); + + if (len == 0) + { + return FALSE; + } + + /* remove trailing newline if present */ + if (line[len - 1] == '\n') + { + len--; + } + DBG3(DBG_IMC, " %.*s", len, line); + *out = chunk_clone(chunk_create(line, len)); + } + else + { + bool last_newline = TRUE; + size_t len, line_len = 8192; + char line[line_len]; + bio_writer_t *writer; + chunk_t swid_tag; + + writer = bio_writer_create(line_len); + while (TRUE) + { + if (!fgets(line, line_len, this->file)) + { + break; + } + len = strlen(line); + + if (last_newline && line[0] == '\n') + { + break; + } + else + { + last_newline = (line[len-1] == '\n'); + writer->write_data(writer, chunk_create(line, len)); + } + } + swid_tag = writer->extract_buf(writer); + writer->destroy(writer); + + if (swid_tag.len <= 1) + { + chunk_free(&swid_tag); + return FALSE; + } + + /* remove trailing newline if present */ + if (swid_tag.ptr[swid_tag.len - 1] == '\n') + { + swid_tag.len--; + } + DBG3(DBG_IMC, " %.*s", swid_tag.len, swid_tag.ptr); + *out = swid_tag; + } + + return TRUE; +} + +METHOD(enumerator_t, enumerator_destroy, void, + swid_gen_enumerator_t *this) +{ + pclose(this->file); + free(this); +} + +METHOD(swid_gen_t, create_tag_enumerator, enumerator_t*, + private_swid_gen_t *this, bool sw_id_only, bool full, bool pretty) +{ + swid_gen_enumerator_t *enumerator; + char command[BUF_LEN]; + char doc_separator[] = "'\n\n'"; + FILE *file; + + /* Assemble the SWID generator command */ + if (sw_id_only) + { + snprintf(command, BUF_LEN, "%s software-id --regid %s ", + this->generator, this->regid); + } + else + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" --regid %s " + "--doc-separator %s%s%s", this->generator, this->entity, + this->regid, doc_separator, pretty ? " --pretty" : "", + full ? " --full" : ""); + } + + /* Open a pipe stream for reading the SWID generator output */ + file = popen(command, "r"); + if (!file) + { + DBG1(DBG_IMC, "failed to run swid_generator command"); + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .sw_id_only = sw_id_only, + .file = file, + ); + + return &enumerator->public; +} + +METHOD(swid_gen_t, destroy, void, + private_swid_gen_t *this) +{ + free(this->generator); + free(this->entity); + free(this->regid); + free(this); +} + +/** + * See header + */ +swid_gen_t *swid_gen_create(void) +{ + private_swid_gen_t *this; + char *entity, *regid, *generator; + + entity = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.name", "strongSwan Project"); + regid = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.regid", "strongswan.org"); + generator = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.command", SWID_GENERATOR); + + INIT(this, + .public = { + .generate_tag = _generate_tag, + .create_tag_enumerator = _create_tag_enumerator, + .destroy = _destroy, + }, + .generator = strdup(generator), + .entity = strdup(entity), + .regid = strdup(regid), + ); + + return &this->public; +} diff --git a/src/libimcv/swid_gen/swid_gen.h b/src/libimcv/swid_gen/swid_gen.h new file mode 100644 index 000000000..c143f292d --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swid_gen swid_gen + * @{ @ingroup libimcv + */ + +#ifndef SWID_GEN_H_ +#define SWID_GEN_H_ + +#include <library.h> + +typedef struct swid_gen_t swid_gen_t; + +/** + * Class generating a either a full or a minimalistic ISO 19770-2:2015 SWID tag + */ +struct swid_gen_t { + + /** + * Generate a SWID tag + * + * @param sw_id Software identifier + * @param package Package name (can be NULL) + * @param version Package version (can be NULL) + * @param full Generate full SWID tags with file information + * @param pretty Generate SWID tags with pretty formatting + * @return SWID tag + */ + char* (*generate_tag)(swid_gen_t *this, char *sw_id, char *package, + char *version, bool full, bool pretty); + + /** + * Generate a SWID tag + * + * @param sw_id_only Return software identifier only + * @param full Generate full SWID tags with file information + * @param pretty Generate SWID tags with pretty formatting + * @return Tag enumerator (sw_id, tag) + */ + enumerator_t* (*create_tag_enumerator)(swid_gen_t *this, bool sw_id_only, + bool full, bool pretty); + + /** + * Destroys a swid_gen_t object. + */ + void (*destroy)(swid_gen_t *this); + +}; + +/** + * Creates a swid_gen_t object + */ +swid_gen_t* swid_gen_create(void); + +#endif /** SWID_GEN_H_ @}*/ diff --git a/src/libimcv/swid_gen/swid_gen_info.c b/src/libimcv/swid_gen/swid_gen_info.c new file mode 100644 index 000000000..bdaeedce7 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen_info.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "swid_gen_info.h" + +#include <library.h> +#include <utils/lexparser.h> + +typedef struct private_swid_gen_info_t private_swid_gen_info_t; + +/** + * Private data of an swid_gen_info_t object. + */ +struct private_swid_gen_info_t { + + /** + * Public members of swid_gen_info_state_t + */ + swid_gen_info_t public; + + /** + * tagCreator + */ + char *tag_creator; + + /** + * OS string 'Name_Version-Arch' + */ + char *os; + + /** + * Product string 'Name Version Arch' + */ + char *product; + + /** + * OS info about endpoint + */ + imc_os_info_t *os_info; + +}; + +/** + * Replaces invalid character by a valid one + */ +static void sanitize_uri(char *uri, char a, char b) +{ + char *pos = uri; + + while (TRUE) + { + pos = strchr(pos, a); + if (!pos) + { + break; + } + *pos = b; + pos++; + } +} + +METHOD(swid_gen_info_t, get_os_type, os_type_t, + private_swid_gen_info_t *this) +{ + return this->os_info->get_type(this->os_info); +} + +METHOD(swid_gen_info_t, get_os, char*, + private_swid_gen_info_t *this, char **product) +{ + if (product) + { + *product = this->product; + } + return this->os; +} + +METHOD(swid_gen_info_t, create_sw_id, char*, + private_swid_gen_info_t *this, char *package, char *version) +{ + char *sw_id; + + if (asprintf(&sw_id, "%s__%s-%s%s%s", this->tag_creator, this->os, + package, strlen(version) ? "-" : "", version) == -1) + { + return NULL; + } + sanitize_uri(sw_id, ':', '~'); + sanitize_uri(sw_id, '+', '~'); + + return sw_id; +} + +METHOD(swid_gen_info_t, destroy, void, + private_swid_gen_info_t *this) +{ + this->os_info->destroy(this->os_info); + free(this->os); + free(this->product); + free(this->tag_creator); + free(this); +} + +/** + * Described in header. + */ +swid_gen_info_t *swid_gen_info_create(void) +{ + private_swid_gen_info_t *this; + chunk_t os_name, os_version, os_arch; + char *tag_creator; + + tag_creator = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.regid", "strongswan.org"); + + INIT(this, + .public = { + .get_os_type = _get_os_type, + .get_os = _get_os, + .create_sw_id = _create_sw_id, + .destroy = _destroy, + }, + .os_info = imc_os_info_create(), + .tag_creator = strdup(tag_creator), + ); + + os_name = this->os_info->get_name(this->os_info); + os_arch = this->os_info->get_version(this->os_info); + + /* get_version() returns version followed by arch */ + if (!extract_token(&os_version, ' ', &os_arch)) + { + DBG1(DBG_IMC, "separation of OS version from arch failed"); + destroy(this); + return NULL; + } + + /* construct OS string */ + if (asprintf(&this->os, "%.*s_%.*s-%.*s", (int)os_name.len, os_name.ptr, + (int)os_version.len, os_version.ptr, (int)os_arch.len, + os_arch.ptr) == -1) + { + DBG1(DBG_IMC, "constructon of OS string failed"); + destroy(this); + return NULL; + } + + /* construct product string */ + if (asprintf(&this->product, "%.*s %.*s %.*s", (int)os_name.len, + os_name.ptr, (int)os_version.len, os_version.ptr, + (int)os_arch.len, os_arch.ptr) == -1) + { + DBG1(DBG_IMC, "constructon of product string failed"); + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libimcv/swid_gen/swid_gen_info.h b/src/libimcv/swid_gen/swid_gen_info.h new file mode 100644 index 000000000..b99fec4f3 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen_info.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector sw-collector + * + * @defgroup swid_gen_info_t swid_gen_info + * @{ @ingroup sw_collector + */ + +#ifndef SWID_GEN_INFO_H_ +#define SWID_GEN_INFO_H_ + +typedef struct swid_gen_info_t swid_gen_info_t; + +#include "imc/imc_os_info.h" + +struct swid_gen_info_t { + + /** + * Get OS type + * + * @return OS type + */ + os_type_t (*get_os_type)(swid_gen_info_t *this); + + /** + * Get OS and product strings + * + * @param product Product string 'Name Version Arch' + * @return OS string 'Name_Version-Arch' + */ + char* (*get_os)(swid_gen_info_t *this, char **product); + + /** + * Create software identifier including tagCreator and OS + * + * @param package Package string + * @param version Version string + * @return Software Identifier string + */ + char* (*create_sw_id)(swid_gen_info_t *this, char *package, + char *version); + + /** + * Destroy swid_gen_info_t object + */ + void (*destroy)(swid_gen_info_t *this); + +}; + +/** + * Create an swid_gen_info_t instance + */ +swid_gen_info_t* swid_gen_info_create(void); + +#endif /** SWID_GEN_INFO_H_ @}*/ diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c new file mode 100644 index 000000000..096093b01 --- /dev/null +++ b/src/libimcv/swima/swima_collector.c @@ -0,0 +1,592 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_collector.h" + +#include <swid_gen/swid_gen.h> + +#include <collections/linked_list.h> +#include <utils/debug.h> + +#include <stdio.h> +#include <fcntl.h> +#include <unistd.h> +#include <sys/stat.h> +#include <libgen.h> +#include <errno.h> + +#define SOURCE_ID_GENERATOR 1 +#define SOURCE_ID_COLLECTOR 2 + +#ifndef SWID_DIRECTORY +#define SWID_DIRECTORY NULL +#endif + +/** + * Directories to be skipped by collector + */ +static const char* skip_directories[] = { + "/usr/share/doc", + "/usr/share/help", + "/usr/share/icons", + "/usr/share/gnome/help" +}; + +typedef struct private_swima_collector_t private_swima_collector_t; + +/** + * Private data of a swima_collector_t object. + * + */ +struct private_swima_collector_t { + + /** + * Public swima_collector_t interface. + */ + swima_collector_t public; + + /** + * Collect Software Identifiers only + */ + bool sw_id_only; + + /** + * Software Collector Database [if it exists] + */ + database_t *db; + + /** + * List of Software [Identifier] records + */ + swima_inventory_t *inventory; + + /** + * List of Software [Identifier] events + */ + swima_events_t *events; + +}; + +/** + * Extract Software Identifier from SWID tag + */ +static status_t extract_sw_id(chunk_t swid_tag, chunk_t *sw_id) +{ + char *pos, *tag, *tagid, *regid; + size_t len, tagid_len, regid_len; + status_t status = NOT_FOUND; + + /* Copy at most 1023 bytes of the SWID tag and null-terminate it */ + len = min(1023, swid_tag.len); + pos = tag = strndup(swid_tag.ptr, len); + + tagid= strstr(pos, "tagId=\""); + if (tagid == NULL) + { + goto end; + } + tagid += 7; + len -= tagid - pos - 7; + + pos = strchr(tagid, '"'); + if (pos == NULL) + { + goto end; + } + tagid_len = pos - tagid; + + regid= strstr(pos, "regid=\""); + if (regid == NULL) + { + goto end; + } + regid += 7; + len -= regid - pos - 7; + + pos = strchr(regid, '"'); + if (pos == NULL) + { + goto end; + } + regid_len = pos - regid; + + *sw_id = chunk_cat("ccc", chunk_create(regid, regid_len), + chunk_from_chars('_','_'), + chunk_create(tagid, tagid_len)); + status = SUCCESS; +end: + free(tag); + + return status; +} + +static status_t retrieve_inventory(private_swima_collector_t *this, + swima_inventory_t *targets) +{ + char *name; + uint32_t record_id, source; + swima_record_t *sw_record; + chunk_t sw_id; + enumerator_t *e; + + /* Retrieve complete software identifier inventory */ + e = this->db->query(this->db, + "SELECT id, name, source FROM sw_identifiers WHERE installed = 1 " + "ORDER BY name ASC", DB_UINT, DB_TEXT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for installed sw_identifiers failed"); + return FAILED; + } + while (e->enumerate(e, &record_id, &name, &source)) + { + sw_id = chunk_from_str(name); + sw_record = swima_record_create(record_id, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, source); + this->inventory->add(this->inventory, sw_record); + } + e->destroy(e); + + return SUCCESS; +} + +static status_t retrieve_events(private_swima_collector_t *this, + swima_inventory_t *targets) +{ + enumerator_t *e; + char *name, *timestamp; + uint32_t record_id, source, action, eid, earliest_eid; + chunk_t sw_id, ev_ts; + swima_record_t *sw_record; + swima_event_t *sw_event; + + earliest_eid = targets->get_eid(targets, NULL); + + /* Retrieve complete software identifier inventory */ + e = this->db->query(this->db, + "SELECT e.id, e.timestamp, i.id, i.name, i.source, s.action " + "FROM sw_events as s JOIN events AS e ON s.eid = e.id " + "JOIN sw_identifiers as i ON s.sw_id = i.id WHERE s.eid >= ?" + "ORDER BY s.eid, i.name, s.action ASC", DB_UINT, earliest_eid, + DB_UINT, DB_TEXT, DB_UINT, DB_TEXT, DB_UINT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_events failed"); + return FAILED; + } + while (e->enumerate(e, &eid, ×tamp, &record_id, &name, &source, &action)) + { + sw_id = chunk_from_str(name); + ev_ts = chunk_from_str(timestamp); + sw_record = swima_record_create(record_id, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, source); + sw_event = swima_event_create(eid, ev_ts, action, sw_record); + this->events->add(this->events, sw_event); + } + e->destroy(e); + + return SUCCESS; +} + +static status_t generate_tags(private_swima_collector_t *this, + swima_inventory_t *targets, bool pretty, bool full) +{ + swid_gen_t *swid_gen; + swima_record_t *target, *sw_record; + enumerator_t *enumerator; + status_t status = SUCCESS; + + swid_gen = swid_gen_create(); + + if (targets->get_count(targets) == 0) + { + chunk_t out, sw_id, swid_tag = chunk_empty; + + DBG2(DBG_IMC, "SWID tag%s generation by package manager", + this->sw_id_only ? " ID" : ""); + + enumerator = swid_gen->create_tag_enumerator(swid_gen, this->sw_id_only, + full, pretty); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &out)) + { + if (this->sw_id_only) + { + sw_id = out; + } + else + { + swid_tag = out; + status = extract_sw_id(swid_tag, &sw_id); + if (status != SUCCESS) + { + DBG1(DBG_IMC, "software id could not be extracted " + "from tag"); + chunk_free(&swid_tag); + break; + } + } + sw_record = swima_record_create(0, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, SOURCE_ID_GENERATOR); + if (!this->sw_id_only) + { + sw_record->set_record(sw_record, swid_tag); + chunk_free(&swid_tag); + } + this->inventory->add(this->inventory, sw_record); + chunk_free(&sw_id); + } + enumerator->destroy(enumerator); + } + else + { + status = NOT_SUPPORTED; + } + } + else if (!this->sw_id_only) + { + DBG2(DBG_IMC, "targeted SWID tag generation"); + + enumerator = targets->create_enumerator(targets); + while (enumerator->enumerate(enumerator, &target)) + { + swima_record_t *sw_record; + char *tag = NULL, *name, *package, *version; + u_int installed; + chunk_t sw_id; + enumerator_t *e; + + sw_id = target->get_sw_id(target, NULL); + name = strndup(sw_id.ptr, sw_id.len); + + if (this->db) + { + e = this->db->query(this->db, + "SELECT package, version, installed " + "FROM sw_identifiers WHERE name = ?", DB_TEXT, name, + DB_TEXT, DB_TEXT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifiers failed"); + status = FAILED; + free(name); + break; + } + if (e->enumerate(e, &package, &version, &installed)) + { + tag = swid_gen->generate_tag(swid_gen, name, package, + version, full && installed, pretty); + } + e->destroy(e); + } + else + { + tag = swid_gen->generate_tag(swid_gen, name, NULL, NULL, + full, pretty); + } + free(name); + + if (tag) + { + DBG2(DBG_IMC, " %.*s", sw_id.len, sw_id.ptr); + sw_record = swima_record_create(0, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, SOURCE_ID_GENERATOR); + sw_record->set_record(sw_record, chunk_from_str(tag)); + this->inventory->add(this->inventory, sw_record); + free(tag); + } + } + enumerator->destroy(enumerator); + } + swid_gen->destroy(swid_gen); + + return status; +} + +static bool collect_tags(private_swima_collector_t *this, char *pathname, + swima_inventory_t *targets, bool is_swidtag_dir) +{ + char *rel_name, *abs_name, *suffix, *pos; + chunk_t *swid_tag, sw_id, sw_locator; + swima_record_t *sw_record; + struct stat st; + bool success = FALSE, skip, is_new_swidtag_dir; + enumerator_t *enumerator; + int i; + + if (!pathname) + { + return TRUE; + } + + enumerator = enumerator_create_directory(pathname); + if (!enumerator) + { + DBG1(DBG_IMC, "directory '%s' can not be opened, %s", + pathname, strerror(errno)); + return FALSE; + } + + while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) + { + if (S_ISDIR(st.st_mode)) + { + skip = FALSE; + + for (i = 0; i < countof(skip_directories); i++) + { + if (streq(abs_name, skip_directories[i])) + { + skip = TRUE; + break; + } + } + + if (skip) + { + continue; + } + + is_new_swidtag_dir = streq(rel_name, "swidtag"); + if (is_new_swidtag_dir) + { + DBG2(DBG_IMC, "entering %s", pathname); + } + if (!collect_tags(this, abs_name, targets, is_swidtag_dir || + is_new_swidtag_dir)) + { + goto end; + } + if (is_new_swidtag_dir) + { + DBG2(DBG_IMC, "leaving %s", pathname); + } + } + + if (!is_swidtag_dir) + { + continue; + } + + /* found a swidtag file? */ + suffix = strstr(rel_name, ".swidtag"); + if (!suffix) + { + continue; + } + + /* load the swidtag file */ + swid_tag = chunk_map(abs_name, FALSE); + if (!swid_tag) + { + DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, + strerror(errno)); + goto end; + } + + /* extract software identity from SWID tag */ + if (extract_sw_id(*swid_tag, &sw_id) != SUCCESS) + { + DBG1(DBG_IMC, "software id could not be extracted from SWID tag"); + chunk_unmap(swid_tag); + goto end; + } + + /* In case of a targeted request */ + if (targets->get_count(targets)) + { + enumerator_t *target_enumerator; + swima_record_t *target; + bool match = FALSE; + + target_enumerator = targets->create_enumerator(targets); + while (target_enumerator->enumerate(target_enumerator, &target)) + { + if (chunk_equals(target->get_sw_id(target, NULL), sw_id)) + { + DBG2(DBG_IMC, " %.*s", sw_id.len, sw_id.ptr); + match = TRUE; + break; + } + } + target_enumerator->destroy(target_enumerator); + + if (!match) + { + chunk_unmap(swid_tag); + chunk_free(&sw_id); + continue; + } + } + DBG2(DBG_IMC, " %s", rel_name); + + pos = strstr(pathname, "/swidtag"); + sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty; + sw_record = swima_record_create(0, sw_id, sw_locator); + sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR); + if (!this->sw_id_only) + { + sw_record->set_record(sw_record, *swid_tag); + } + this->inventory->add(this->inventory, sw_record); + chunk_unmap(swid_tag); + chunk_free(&sw_id); + } + success = TRUE; + +end: + enumerator->destroy(enumerator); + + return success; +} + +METHOD(swima_collector_t, collect_inventory, swima_inventory_t*, + private_swima_collector_t *this, bool sw_id_only, swima_inventory_t *targets) +{ + bool pretty, full; + char *directory; + status_t status; + + directory = lib->settings->get_str(lib->settings, + "%s.plugins.imc-swima.swid_directory", + SWID_DIRECTORY, lib->ns); + pretty = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.swid_pretty", + FALSE, lib->ns); + full = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.swid_full", + FALSE, lib->ns); + + /** + * Re-initialize collector + */ + this->sw_id_only = sw_id_only; + this->inventory->clear(this->inventory); + + /** + * Source 1: Tags are generated by a package manager + */ + if (sw_id_only && this->db) + { + status = retrieve_inventory(this, targets); + } + else + { + status = generate_tags(this, targets, pretty, full); + } + + /** + * Source 2: Collect swidtag files by iteratively entering all + * directories in the tree under the "directory" path. + */ + DBG2(DBG_IMC, "SWID tag%s collection", sw_id_only ? " ID" : ""); + collect_tags(this, directory, targets, FALSE); + + return status == SUCCESS ? this->inventory : NULL; +} + +METHOD(swima_collector_t, collect_events, swima_events_t*, + private_swima_collector_t *this, bool sw_id_only, swima_inventory_t *targets) +{ + if (!sw_id_only || !this->db) + { + return NULL; + } + + /** + * Re-initialize collector + */ + this->sw_id_only = sw_id_only; + this->events->clear(this->events); + + return retrieve_events(this, targets) == SUCCESS ? this->events : NULL; +} + +METHOD(swima_collector_t, destroy, void, + private_swima_collector_t *this) +{ + DESTROY_IF(this->db); + this->inventory->destroy(this->inventory); + this->events->destroy(this->events); + free(this); +} + +/** + * See header + */ +swima_collector_t *swima_collector_create(void) +{ + private_swima_collector_t *this; + char *database; + uint32_t last_eid = 1, eid_epoch = 0x11223344; + + INIT(this, + .public = { + .collect_inventory = _collect_inventory, + .collect_events = _collect_events, + .destroy = _destroy, + }, + .inventory = swima_inventory_create(), + .events = swima_events_create(), + ); + + database = lib->settings->get_str(lib->settings, + "%s.plugins.imc-swima.swid_database", NULL, lib->ns); + + /* If we have an URI, try to connect to sw_collector database */ + if (database) + { + database_t *db = lib->db->create(lib->db, database); + + if (db) + { + enumerator_t *e; + + /* Get last event ID and corresponding epoch */ + e = db->query(db, + "SELECT id, epoch FROM events ORDER BY timestamp DESC", + DB_UINT, DB_UINT); + if (!e || !e->enumerate(e, &last_eid, &eid_epoch)) + { + DBG1(DBG_IMC, "database query for last event failed"); + DESTROY_IF(e); + db->destroy(db); + } + else + { + /* The query worked, attach collector database permanently */ + e->destroy(e); + this->db = db; + } + } + else + { + DBG1(DBG_IMC, "opening sw-collector database URI '%s' failed", + database); + } + } + if (!this->db) + { + /* Set the event ID epoch and last event ID smanually */ + eid_epoch = lib->settings->get_int(lib->settings, + "%s.plugins.imc-swima.eid_epoch", + eid_epoch, lib->ns); + } + this->inventory->set_eid(this->inventory, last_eid, eid_epoch); + this->events->set_eid(this->events, last_eid, eid_epoch); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_collector.h b/src/libimcv/swima/swima_collector.h new file mode 100644 index 000000000..848dc1696 --- /dev/null +++ b/src/libimcv/swima/swima_collector.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_collector swima_collector + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_COLLECTOR_H_ +#define SWIMA_COLLECTOR_H_ + +#include "swima/swima_inventory.h" +#include "swima/swima_events.h" + +typedef struct swima_collector_t swima_collector_t; + +/** + * Class collecting Software [Identity] Inventory + */ +struct swima_collector_t { + + /** + * Collect the Software [Identity] Inventory + * + * @param sw_id_only TRUE to request Software Identity Inventory only + * @param targets Software Identity targets + * @return Software [Identity] Inventory + */ + swima_inventory_t* (*collect_inventory)(swima_collector_t *this, + bool sw_id_only, + swima_inventory_t *targets); + + /** + * Collect Software [Identity] Events + * + * @param sw_id_only TRUE to request Software Identity Inventory only + * @param targets Software Identity targets + * @return Software [Identity] Events + */ + swima_events_t* (*collect_events)(swima_collector_t *this, + bool sw_id_only, + swima_inventory_t *targets); + + /** + * Destroys a swima_collector_t object. + */ + void (*destroy)(swima_collector_t *this); + +}; + +/** + * Creates a swima_collector_t object + */ +swima_collector_t* swima_collector_create(void); + +#endif /** SWIMA_COLLECTOR_H_ @}*/ diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c new file mode 100644 index 000000000..f444724c1 --- /dev/null +++ b/src/libimcv/swima/swima_data_model.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima/swima_data_model.h" + +/** + * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 }; + +/** + * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 }; diff --git a/src/libimcv/swima/swima_data_model.h b/src/libimcv/swima/swima_data_model.h new file mode 100644 index 000000000..40f0ba7b9 --- /dev/null +++ b/src/libimcv/swima/swima_data_model.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_data_model swima_data_model + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_DATA_MODEL_H_ +#define SWIMA_DATA_MODEL_H_ + +#include <pen/pen.h> + +/** + * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +extern pen_type_t swima_data_model_iso_2015_swid_xml; + +/** + * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +extern pen_type_t swima_data_model_iso_2009_swid_xml; + +#endif /** SWIMA_DATA_MODEL_H_ @}*/ diff --git a/src/libimcv/swima/swima_error.c b/src/libimcv/swima/swima_error.c new file mode 100644 index 000000000..2aed2966b --- /dev/null +++ b/src/libimcv/swima/swima_error.c @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_error.h" + +#include <bio/bio_writer.h> +#include <ietf/ietf_attr_pa_tnc_error.h> + +/** + * SW_ERROR, SW_SUBSCRIPTION_DENIED_ERROR and SW_SUBSCRIPTION_ID_REUSE_ERROR + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Copy of Request ID / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Description (variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * SW_RESPONSE_TOO_LARGE_ERROR + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Copy of Request ID / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Maximum Allowed Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Description (variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Described in header. + */ +pa_tnc_attr_t* swima_error_create(pa_tnc_error_code_t code, uint32_t request_id, + uint32_t max_attr_size, char *description) +{ + bio_writer_t *writer; + chunk_t msg_info; + pa_tnc_attr_t *attr; + pen_type_t error_code; + + error_code = pen_type_create( PEN_IETF, code); + writer = bio_writer_create(4); + writer->write_uint32(writer, request_id); + + if (code == PA_ERROR_SW_RESPONSE_TOO_LARGE) + { + writer->write_uint32(writer, max_attr_size); + } + + if (description) + { + writer->write_data(writer, chunk_from_str(description)); + } + msg_info = writer->get_buf(writer); + attr = ietf_attr_pa_tnc_error_create(error_code, msg_info); + writer->destroy(writer); + + return attr; +} + diff --git a/src/libimcv/swima/swima_error.h b/src/libimcv/swima/swima_error.h new file mode 100644 index 000000000..4073b075f --- /dev/null +++ b/src/libimcv/swima/swima_error.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_error swima_error + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_ERROR_H_ +#define SWIMA_ERROR_H_ + +typedef enum swima_error_code_t swima_error_code_t; + +#include "pa_tnc/pa_tnc_attr.h" +#include "ietf/ietf_attr_pa_tnc_error.h" + +#include <library.h> + +/** + * Creates a SWIMA Error Attribute + * see section 5.16 of IETF SW Inventory Message and Attributes for PA-TNC + * + * @param code PA-TNC error code + * @param request SWID request ID + * @param max_attr_size Maximum PA-TNC attribute size (if applicable) + * @param description Optional description string or NULL + */ +pa_tnc_attr_t* swima_error_create(pa_tnc_error_code_t code, uint32_t request, + uint32_t max_attr_size, char *description); + +#endif /** SWIMA_ERROR_H_ @}*/ diff --git a/src/libimcv/swima/swima_event.c b/src/libimcv/swima/swima_event.c new file mode 100644 index 000000000..20cfa8da7 --- /dev/null +++ b/src/libimcv/swima/swima_event.c @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_event.h" +#include "swima_data_model.h" + +typedef struct private_swima_event_t private_swima_event_t; + +/** + * Private data of a swima_event_t object. + * + */ +struct private_swima_event_t { + + /** + * Public swima_event_t interface. + */ + swima_event_t public; + + /** + * Event ID + */ + uint32_t eid; + + /** + * Timestamp + */ + chunk_t timestamp; + + /** + * Action + */ + uint8_t action; + + /** + * Software [Identifier] record + */ + swima_record_t *sw_record; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(swima_event_t, get_eid, uint32_t, + private_swima_event_t *this, chunk_t *timestamp) +{ + if (timestamp) + { + *timestamp = this->timestamp; + } + return this->eid; +} + +METHOD(swima_event_t, get_action, uint8_t, + private_swima_event_t *this) +{ + return this->action; +} + +METHOD(swima_event_t, get_sw_record, swima_record_t*, + private_swima_event_t *this) +{ + return this->sw_record; +} + + +METHOD(swima_event_t, get_ref, swima_event_t*, + private_swima_event_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_event_t, destroy, void, + private_swima_event_t *this) +{ + if (ref_put(&this->ref)) + { + this->sw_record->destroy(this->sw_record); + free(this->timestamp.ptr); + free(this); + } +} + +/** + * See header + */ +swima_event_t *swima_event_create(uint32_t eid, chunk_t timestamp, + uint8_t action, swima_record_t *sw_record) +{ + private_swima_event_t *this; + + INIT(this, + .public = { + .get_eid = _get_eid, + .get_action = _get_action, + .get_sw_record = _get_sw_record, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .eid = eid, + .timestamp = chunk_clone(timestamp), + .action = action, + .sw_record = sw_record, + .ref = 1, + ); + + return &this->public; +} + diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h new file mode 100644 index 000000000..fe69d6aad --- /dev/null +++ b/src/libimcv/swima/swima_event.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_event swima_event + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_EVENT_H_ +#define SWIMA_EVENT_H_ + +#include "swima_record.h" + +#include <library.h> + +#define SWIMA_EVENT_ACTION_CREATION 1 +#define SWIMA_EVENT_ACTION_DELETION 2 +#define SWIMA_EVENT_ACTION_ALTERATION 3 +#define SWIMA_EVENT_ACTION_LAST 3 + +typedef struct swima_event_t swima_event_t; + +/** + * Class storing a Software [Identifier] event + */ +struct swima_event_t { + + /** + * Get Event ID and optionally the associated timestamp + * + * @param timestamp Timestamp associated with Event + * @return Event ID + */ + uint32_t (*get_eid)(swima_event_t *this, chunk_t *timestamp); + + /** + * Get Action associated with Event + * + * @return Action associated with event + */ + uint8_t (*get_action)(swima_event_t *this); + + /** + * Get Software [Identifier] record + * + * @return Software [Identifier] record + */ + swima_record_t* (*get_sw_record)(swima_event_t *this); + + /** + * Get a new reference to a swima_event object + * + * @return this, with an increased refcount + */ + swima_event_t* (*get_ref)(swima_event_t *this); + + /** + * Destroys a swima_event_t object. + */ + void (*destroy)(swima_event_t *this); + +}; + +/** + * Creates a swima_event_t object + * + * @param eid Event ID + * @param timestamp Time of Event + * @param action Action (CREATION, DELETION, ALTERATION) + * @param sw_record Software [Identifier] record + */ +swima_event_t* swima_event_create(uint32_t eid, chunk_t timestamp, + uint8_t action, swima_record_t *sw_record); + +#endif /** SWIMA_EVENT_H_ @}*/ diff --git a/src/libimcv/swima/swima_events.c b/src/libimcv/swima/swima_events.c new file mode 100644 index 000000000..ba0810d5f --- /dev/null +++ b/src/libimcv/swima/swima_events.c @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_events.h" +#include "swima_record.h" + +#include <collections/linked_list.h> +#include <utils/debug.h> + +typedef struct private_swima_events_t private_swima_events_t; + +/** + * Private data of a swima_events_t object. + * + */ +struct private_swima_events_t { + + /** + * Public swima_events_t interface. + */ + swima_events_t public; + + /** + * Epoch of Event IDs + */ + uint32_t epoch; + + /** + * Last Event ID + */ + uint32_t last_eid; + + /** + * Last Consulted Event ID + */ + uint32_t last_consulted_eid; + + /** + * List of SW records + */ + linked_list_t *list; + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(swima_events_t, add, void, + private_swima_events_t *this, swima_event_t *event) +{ + this->list->insert_last(this->list, event); +} + +METHOD(swima_events_t, get_count, int, + private_swima_events_t *this) +{ + return this->list->get_count(this->list); +} + +METHOD(swima_events_t, set_eid, void, + private_swima_events_t *this, uint32_t eid, uint32_t epoch) +{ + this->last_eid = this->last_consulted_eid = eid; + this->epoch = epoch; +} + +METHOD(swima_events_t, set_last_eid, void, + private_swima_events_t *this, uint32_t last_eid) +{ + this->last_eid = last_eid; +} + +METHOD(swima_events_t, get_eid, uint32_t, + private_swima_events_t *this, uint32_t *epoch, uint32_t *last_eid) +{ + if (epoch) + { + *epoch = this->epoch; + } + if (last_eid) + { + *last_eid = this->last_eid; + } + return this->last_consulted_eid; +} + +METHOD(swima_events_t, create_enumerator, enumerator_t*, + private_swima_events_t *this) +{ + return this->list->create_enumerator(this->list); +} + +METHOD(swima_events_t, get_ref, swima_events_t*, + private_swima_events_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_events_t, clear, void, + private_swima_events_t *this) +{ + this->list->destroy_offset(this->list, offsetof(swima_event_t, destroy)); + this->list = linked_list_create(); +} + +METHOD(swima_events_t, destroy, void, + private_swima_events_t *this) +{ + if (ref_put(&this->ref)) + { + this->list->destroy_offset(this->list, offsetof(swima_event_t, destroy)); + free(this); + } +} + +/** + * See header + */ +swima_events_t *swima_events_create(void) +{ + private_swima_events_t *this; + + INIT(this, + .public = { + .add = _add, + .get_count = _get_count, + .set_eid = _set_eid, + .set_last_eid = _set_last_eid, + .get_eid = _get_eid, + .create_enumerator = _create_enumerator, + .get_ref = _get_ref, + .clear = _clear, + .destroy = _destroy, + }, + .list = linked_list_create(), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_events.h b/src/libimcv/swima/swima_events.h new file mode 100644 index 000000000..66bbedf7e --- /dev/null +++ b/src/libimcv/swima/swima_events.h @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_events swima_events + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_EVENTS_H_ +#define SWIMA_EVENTS_H_ + +#define SWIMA_MAX_ATTR_SIZE 10000000 + +#include "swima_event.h" + +#include <library.h> + +typedef struct swima_events_t swima_events_t; + +/** + * Class managing list of Software [Identifier] Events + */ +struct swima_events_t { + + /** + * Add event to list + * + * @param event Event to be added + */ + void (*add)(swima_events_t *this, swima_event_t *event); + + /** + * Get the number of events in the event list + * + * @return Number of events + */ + int (*get_count)(swima_events_t *this); + + /** + * Set both the Last and Last Consulted Event ID + * + * @param Last [Consulted] Event ID + * @param Epoch of event IDs + */ + void (*set_eid)(swima_events_t *this, uint32_t eid, uint32_t epoch); + + /** + * Set Last Event ID if different from Last Consulted Event ID + * + * @param last_eid Last Event ID + */ + void (*set_last_eid)(swima_events_t *this, uint32_t last_eid); + + /** + * Get both the Last and Last Consulted Event ID + * + * @param eid_epoch Event ID Epoch + * @param last_eid Last Event ID + * @return Last Consulted Event ID + */ + uint32_t (*get_eid)(swima_events_t *this, uint32_t *epoch, uint32_t *last_eid); + + /** + * Create an event enumerator + * + * @return Enumerator returning events + */ + enumerator_t* (*create_enumerator)(swima_events_t *this); + + /** + * Get a new reference to a swima_events object + * + * @return this, with an increased refcount + */ + swima_events_t* (*get_ref)(swima_events_t *this); + + /** + * Clears the events, keeping the eid and epoch values. + */ + void (*clear)(swima_events_t *this); + + /** + * Destroys a swima_events_t object. + */ + void (*destroy)(swima_events_t *this); + +}; + +/** + * Creates a swima_events_t object + */ +swima_events_t* swima_events_create(void); + +#endif /** SWIMA_EVENTS_H_ @}*/ diff --git a/src/libimcv/swima/swima_inventory.c b/src/libimcv/swima/swima_inventory.c new file mode 100644 index 000000000..acb69b95d --- /dev/null +++ b/src/libimcv/swima/swima_inventory.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_inventory.h" +#include "swima_record.h" + +#include <collections/linked_list.h> +#include <utils/debug.h> + +typedef struct private_swima_inventory_t private_swima_inventory_t; + +/** + * Private data of a swima_inventory_t object. + * + */ +struct private_swima_inventory_t { + + /** + * Public swima_inventory_t interface. + */ + swima_inventory_t public; + + /** + * Earliest or last event ID of the inventory + */ + uint32_t eid; + + /** + * Epoch of event IDs + */ + uint32_t epoch; + + /** + * List of SW records + */ + linked_list_t *list; + + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(swima_inventory_t, add, void, + private_swima_inventory_t *this, swima_record_t *record) +{ + this->list->insert_last(this->list, record); +} + +METHOD(swima_inventory_t, get_count, int, + private_swima_inventory_t *this) +{ + return this->list->get_count(this->list); +} + +METHOD(swima_inventory_t, set_eid, void, + private_swima_inventory_t *this, uint32_t eid, uint32_t epoch) +{ + this->eid = eid; + this->epoch = epoch; +} + +METHOD(swima_inventory_t, get_eid, uint32_t, + private_swima_inventory_t *this, uint32_t *epoch) +{ + if (epoch) + { + *epoch = this->epoch; + } + return this->eid; +} + +METHOD(swima_inventory_t, create_enumerator, enumerator_t*, + private_swima_inventory_t *this) +{ + return this->list->create_enumerator(this->list); +} + +METHOD(swima_inventory_t, get_ref, swima_inventory_t*, + private_swima_inventory_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_inventory_t, clear, void, + private_swima_inventory_t *this) +{ + this->list->destroy_offset(this->list, offsetof(swima_record_t, destroy)); + this->list = linked_list_create(); +} + +METHOD(swima_inventory_t, destroy, void, + private_swima_inventory_t *this) +{ + if (ref_put(&this->ref)) + { + this->list->destroy_offset(this->list, offsetof(swima_record_t, destroy)); + free(this); + } +} + +/** + * See header + */ +swima_inventory_t *swima_inventory_create(void) +{ + private_swima_inventory_t *this; + + INIT(this, + .public = { + .add = _add, + .get_count = _get_count, + .set_eid = _set_eid, + .get_eid = _get_eid, + .create_enumerator = _create_enumerator, + .get_ref = _get_ref, + .clear = _clear, + .destroy = _destroy, + }, + .list = linked_list_create(), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_inventory.h b/src/libimcv/swima/swima_inventory.h new file mode 100644 index 000000000..21953bbd2 --- /dev/null +++ b/src/libimcv/swima/swima_inventory.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_inventory swima_inventory + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_INVENTORY_H_ +#define SWIMA_INVENTORY_H_ + +#define SWIMA_MAX_ATTR_SIZE 10000000 + +#include "swima_record.h" + +#include <library.h> + +typedef struct swima_inventory_t swima_inventory_t; + +/** + * Class managing software inventory + */ +struct swima_inventory_t { + + /** + * Add evidence record to software inventory + * + * @param record Software evidence record to be added + */ + void (*add)(swima_inventory_t *this, swima_record_t *record); + + /** + * Get the number of evidence records in the software inventory + * + * @return Number evidence records + */ + int (*get_count)(swima_inventory_t *this); + + /** + * Set the earliest or last event ID of the inventory + * + * @param Event ID + * @param Epoch of event IDs + */ + void (*set_eid)(swima_inventory_t *this, uint32_t eid, uint32_t epoch); + + /** + * Get the earliest or last event ID of the inventory + * + * @param Epoch of event IDs + * @return Event ID + */ + uint32_t (*get_eid)(swima_inventory_t *this, uint32_t *epoch); + + /** + * Create a software inventory evidence record enumerator + * + * @return Enumerator returning evidence records + */ + enumerator_t* (*create_enumerator)(swima_inventory_t *this); + + /** + * Get a new reference to a swima_inventory object + * + * @return This, with an increased refcount + */ + swima_inventory_t* (*get_ref)(swima_inventory_t *this); + + /** + * Clears the inventory, keeping the eid and epoch values + */ + void (*clear)(swima_inventory_t *this); + + /** + * Destroys a swima_inventory_t object + */ + void (*destroy)(swima_inventory_t *this); + +}; + +/** + * Creates a swima_inventory_t object + * + */ +swima_inventory_t* swima_inventory_create(void); + +#endif /** SWIMA_INVENTORY_H_ @}*/ diff --git a/src/libimcv/swima/swima_record.c b/src/libimcv/swima/swima_record.c new file mode 100644 index 000000000..dc6a5413a --- /dev/null +++ b/src/libimcv/swima/swima_record.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_record.h" +#include "swima_data_model.h" + +typedef struct private_swima_record_t private_swima_record_t; + +/** + * Private data of a swima_record_t object. + * + */ +struct private_swima_record_t { + + /** + * Public swima_record_t interface. + */ + swima_record_t public; + + /** + * Record ID + */ + uint32_t record_id; + + /** + * Software Identity + */ + chunk_t sw_id; + + /** + * Optional Software Locator + */ + chunk_t sw_locator; + + /** + * Data Model + */ + pen_type_t data_model; + + /** + * Source ID + */ + uint8_t source_id; + + /**g + * Optional Software Inventory Evidence Record + */ + chunk_t record; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(swima_record_t, get_record_id, uint32_t, + private_swima_record_t *this) +{ + return this->record_id; +} + +METHOD(swima_record_t, get_sw_id, chunk_t, + private_swima_record_t *this, chunk_t *sw_locator) +{ + if (sw_locator) + { + *sw_locator = this->sw_locator; + } + return this->sw_id; +} + +METHOD(swima_record_t, set_data_model, void, + private_swima_record_t *this, pen_type_t data_model) +{ + this->data_model = data_model; +} + +METHOD(swima_record_t, get_data_model, pen_type_t, + private_swima_record_t *this) +{ + return this->data_model; +} + +METHOD(swima_record_t, set_source_id, void, + private_swima_record_t *this, uint8_t source_id) +{ + this->source_id = source_id; +} + +METHOD(swima_record_t, get_source_id, uint8_t, + private_swima_record_t *this) +{ + return this->source_id; +} + +METHOD(swima_record_t, set_record, void, + private_swima_record_t *this, chunk_t record) +{ + chunk_free(&this->record); + this->record = chunk_clone(record); +} + +METHOD(swima_record_t, get_record, chunk_t, + private_swima_record_t *this) +{ + return this->record; +} + +METHOD(swima_record_t, get_ref, swima_record_t*, + private_swima_record_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_record_t, destroy, void, + private_swima_record_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->sw_id.ptr); + free(this->sw_locator.ptr); + free(this->record.ptr); + free(this); + } +} + +/** + * See header + */ +swima_record_t *swima_record_create(uint32_t record_id, chunk_t sw_id, + chunk_t sw_locator) +{ + private_swima_record_t *this; + + INIT(this, + .public = { + .get_record_id = _get_record_id, + .get_sw_id = _get_sw_id, + .set_data_model = _set_data_model, + .get_data_model = _get_data_model, + .set_source_id = _set_source_id, + .get_source_id = _get_source_id, + .set_record = _set_record, + .get_record = _get_record, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .record_id = record_id, + .data_model = swima_data_model_iso_2015_swid_xml, + .sw_id = chunk_clone(sw_id), + .ref = 1, + ); + + if (sw_locator.len > 0) + { + this->sw_locator = chunk_clone(sw_locator); + } + + return &this->public; +} + diff --git a/src/libimcv/swima/swima_record.h b/src/libimcv/swima/swima_record.h new file mode 100644 index 000000000..c26ffdf64 --- /dev/null +++ b/src/libimcv/swima/swima_record.h @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_record swima_record + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_RECORD_H_ +#define SWIMA_RECORD_H_ + +#include <library.h> +#include <pen/pen.h> + +typedef struct swima_record_t swima_record_t; + +/** + * Class storing a Software Inventory Evidence Collection record + */ +struct swima_record_t { + + /** + * Get Software Identifier and optional Software Location + * + * @return Record ID + */ + uint32_t (*get_record_id)(swima_record_t *this); + + /** + * Get Software Identifier and optional Software Location + * + * @param sw_locator Optional Software Locator + * @return Software Identifier + */ + chunk_t (*get_sw_id)(swima_record_t *this, chunk_t *sw_locator); + + /** + * Set Data Model + * + * @param Data model type in PEN namespace + */ + void (*set_data_model)(swima_record_t *this, pen_type_t data_model); + + /** + * Get Data Model + * + * @return Data model type in PEN namespace + */ + pen_type_t (*get_data_model)(swima_record_t *this); + + /** + * Set Source ID + * + * @param Source ID + */ + void (*set_source_id)(swima_record_t *this, uint8_t source_id); + + /** + * Get Source ID + * + * @return Source ID + */ + uint8_t (*get_source_id)(swima_record_t *this); + + /** + * Set Software Inventory Evidence Record + * + * @param Software Inventory Evidence Record + */ + void (*set_record)(swima_record_t *this, chunk_t record); + + /** + * Get Software Inventory Evidence Record + * + * @return Software Inventory Evidence Record + */ + chunk_t (*get_record)(swima_record_t *this); + + /** + * Get a new reference to a swima_record object + * + * @return this, with an increased refcount + */ + swima_record_t* (*get_ref)(swima_record_t *this); + + /** + * Destroys a swima_record_t object. + */ + void (*destroy)(swima_record_t *this); + +}; + +/** + * Creates a swima_record_t object + * + * @param record_id Record ID + * @param sw_id Software Identifierl + * @param sw_locator Software Locator or empty chunk + */ +swima_record_t* swima_record_create(uint32_t record_id, chunk_t sw_id, + chunk_t sw_locator); + +#endif /** SWIMA_RECORD_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c index f02bbcb85..be35ee49d 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c @@ -32,7 +32,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * |R|S|C| Reserved| Tag ID Count | + * |C|S|R| Reserved| Tag ID Count | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Request ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -201,6 +201,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (!reader->read_data16(reader, &tag_creator)) { DBG1(DBG_TNC, "insufficient data for Tag Creator field"); + reader->destroy(reader); return FAILED; } *offset += 2 + tag_creator.len; @@ -208,6 +209,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (!reader->read_data16(reader, &unique_sw_id)) { DBG1(DBG_TNC, "insufficient data for Unique Software ID"); + reader->destroy(reader); return FAILED; } *offset += 2 + unique_sw_id.len; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h index b28c33a8b..2c85aaf6d 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,9 +28,9 @@ typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t; enum tcg_swid_attr_req_flag_t { TCG_SWID_ATTR_REQ_FLAG_NONE = 0, - TCG_SWID_ATTR_REQ_FLAG_R = (1 << 7), + TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7), TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6), - TCG_SWID_ATTR_REQ_FLAG_C = (1 << 5) + TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5) }; #include "tcg/tcg_attr.h" diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 55d1d58b5..e4f0c4411 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -353,8 +353,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -455,6 +453,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -483,6 +483,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index b1fdea499..5b6c53075 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -306,8 +306,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -408,6 +406,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,6 +436,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index 803d68722..0185a3961 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 9e7b7372b..794b4b447 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -306,8 +306,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -408,6 +406,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,6 +436,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 6ecbaecaa..df1da70f4 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index a5e6b7273..afca13428 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -113,6 +113,8 @@ LOCAL_SRC_FILES += $(call add_plugin, pubkey) LOCAL_SRC_FILES += $(call add_plugin, random) +LOCAL_SRC_FILES += $(call add_plugin, revocation) + LOCAL_SRC_FILES += $(call add_plugin, sha1) LOCAL_SRC_FILES += $(call add_plugin, sha2) @@ -133,6 +135,6 @@ LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false -LOCAL_SHARED_LIBRARIES += libdl +LOCAL_LDLIBS += -ldl include $(BUILD_SHARED_LIBRARY) diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 9b1c26b35..16e585654 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -786,8 +786,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -888,6 +886,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -916,6 +916,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index a9c8b3904..07da596e4 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -840,7 +840,7 @@ METHOD(auth_cfg_t, complies, bool, { /* also verify identity against subjectAltNames */ certificate_t *cert; - cert = get(this, AUTH_HELPER_SUBJECT_CERT); + cert = get(this, AUTH_RULE_SUBJECT_CERT); if (cert && cert->has_subject(cert, id1)) { break; diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 0a8d3d101..9be7407ef 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -774,6 +774,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, { DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", current->get_subject(current)); + DBG1(DBG_CFG, " issuer is \"%Y\"", + current->get_issuer(current)); call_hook(this, CRED_HOOK_NO_ISSUER, current); break; } diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 34dfa9489..1b02cb469 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -83,7 +83,7 @@ struct signer_test_vector_t { size_t len; /** input data */ u_char *data; - /** expected output, with ouput size of the tested algorithm */ + /** expected output, with output size of the tested algorithm */ u_char *mac; }; diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 6b7f8f851..a26010aae 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -115,8 +115,8 @@ METHOD(prf_plus_t, allocate_bytes, bool, METHOD(prf_plus_t, destroy, void, private_prf_plus_t *this) { - free(this->buffer.ptr); - free(this->seed.ptr); + chunk_clear(&this->buffer); + chunk_clear(&this->seed); free(this); } diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index a52a1eb51..68c3935b9 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -66,8 +66,21 @@ bool mark_from_string(const char *value, mark_t *mark) } if (strcasepfx(value, "%unique")) { - mark->value = MARK_UNIQUE; endptr = (char*)value + strlen("%unique"); + if (strcasepfx(endptr, "-dir")) + { + mark->value = MARK_UNIQUE_DIR; + endptr += strlen("-dir"); + } + else if (!*endptr || *endptr == '/') + { + mark->value = MARK_UNIQUE; + } + else + { + DBG1(DBG_APP, "invalid mark value: %s", value); + return FALSE; + } } else { diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index c93d95562..1db78ba6f 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -178,9 +178,11 @@ struct mark_t { }; /** - * Special mark value that uses a unique mark for each CHILD_SA + * Special mark value that uses a unique mark for each CHILD_SA (and direction) */ #define MARK_UNIQUE (0xFFFFFFFF) +#define MARK_UNIQUE_DIR (0xFFFFFFFE) +#define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR) /** * Try to parse a mark_t from the given string of the form mark[/mask]. diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in index 93bd93508..439c0f32d 100644 --- a/src/libstrongswan/math/libnttfft/Makefile.in +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -304,8 +304,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -406,6 +404,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -434,6 +434,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in index 80ecd3ea7..1f3ee6d60 100644 --- a/src/libstrongswan/math/libnttfft/tests/Makefile.in +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 1dcc0489e..10e6fa460 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 2b16ae7d2..08f965596 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index d32e7f55c..fbc7d9230 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index e93140279..2c45ce5ba 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index a4e7e2931..8183de939 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am index b2d09427e..cbe47063d 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.am +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -3,8 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these file are also used by bliss_huffman noinst_LTLIBRARIES = libbliss-params.la diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index a6caf7bdf..eb8eaecb0 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -335,8 +335,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -437,6 +435,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -465,6 +465,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -473,8 +477,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these file are also used by bliss_huffman diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 5dbaf9b9b..a2d56cdd1 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 0876475d0..0d091d196 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 5f768ec8c..008407097 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index 12ad6f1b8..0b2998c95 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -325,8 +325,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -427,6 +425,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -455,6 +455,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index c6bb24a91..2586d77c4 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index aa2fd790f..25632d745 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index d112676e7..275a76273 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 2aedb2f75..0dbcca895 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 9207f11b6..b52b35ba0 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -58,6 +58,11 @@ struct private_curl_fetcher_t { * Timeout for a transfer */ long timeout; + + /** + * Maximum number of redirects to follow + */ + long redir; }; /** @@ -85,7 +90,7 @@ static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data) METHOD(fetcher_t, fetch, status_t, private_curl_fetcher_t *this, char *uri, void *userdata) { - char error[CURL_ERROR_SIZE], *enc_uri; + char error[CURL_ERROR_SIZE], *enc_uri, *p1, *p2; CURLcode curl_status; status_t status; long result = 0; @@ -116,6 +121,8 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_TIMEOUT, this->timeout); } curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, CONNECT_TIMEOUT); + curl_easy_setopt(this->curl, CURLOPT_FOLLOWLOCATION, TRUE); + curl_easy_setopt(this->curl, CURLOPT_MAXREDIRS, this->redir); curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)curl_cb); curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, &data); if (this->headers) @@ -123,7 +130,17 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - DBG2(DBG_LIB, " sending request to '%s'...", uri); + /* if the URI contains a username[:password] prefix then mask it */ + p1 = strstr(uri, "://"); + p2 = strchr(uri, '@'); + if (p1 && p2) + { + DBG2(DBG_LIB, " sending request to '%.*sxxxx%s'...", p1+3-uri, uri, p2); + } + else + { + DBG2(DBG_LIB, " sending request to '%s'...", uri); + } curl_status = curl_easy_perform(this->curl); switch (curl_status) { @@ -250,6 +267,8 @@ curl_fetcher_t *curl_fetcher_create() }, .curl = curl_easy_init(), .cb = fetcher_default_callback, + .redir = lib->settings->get_int(lib->settings, "%s.plugins.curl.redir", + -1, lib->ns), ); if (!this->curl) diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in index 616f3d83b..21b0e75f7 100644 --- a/src/libstrongswan/plugins/curve25519/Makefile.in +++ b/src/libstrongswan/plugins/curve25519/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index c3f3775d2..89b279875 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 26c69e239..385749a11 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index d8c7daec4..7708f9551 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 45934d79a..478ae818e 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 5d6c1a4e9..91ea7c673 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 26930dced..2212be0e2 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 2fcdce774..39a2bcabb 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 32a72ac96..065c88903 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) mpz_t m, c; chunk_t encrypted; - mpz_init(c); mpz_init(m); - mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); + if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0) + { /* m must be <= n-1, and while 0 is technically a valid value, it + * doesn't really make sense here, so we filter that too */ + mpz_clear(m); + return chunk_empty; + } + + mpz_init(c); mpz_powm(c, m, this->e, this->n); encrypted.len = this->k; @@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, */ /* check magic bytes */ - if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) { goto end; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index aa640156a..cddeace7f 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index c9e4e40e0..e072c9225 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 1f4d44706..229a0cad0 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index eb9426ccc..d135c291f 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index eaafd9fe5..e81213c2a 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in index 991c5421e..8a2788319 100644 --- a/src/libstrongswan/plugins/mgf1/Makefile.in +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index d549f2e71..c99e4f806 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/newhope/Makefile.am b/src/libstrongswan/plugins/newhope/Makefile.am index b01987d22..8dd6c5fab 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.am +++ b/src/libstrongswan/plugins/newhope/Makefile.am @@ -3,8 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these files are also used by the tests, we can't directly refer to them # because of the subdirectory, which would cause distclean to fail diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in index a884b30b6..786337420 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.in +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -319,8 +319,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -421,6 +419,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,6 +449,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -457,8 +461,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these files are also used by the tests, we can't directly refer to them diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in index 80fcf4dc5..be6ffef28 100644 --- a/src/libstrongswan/plugins/newhope/tests/Makefile.in +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 783eaf436..fca8309e5 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index c9fcee982..4045544d4 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -2,8 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ntru.la diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index 41ec4cec4..2ef9aa8dc 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -449,8 +453,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ntru.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ntru.la diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 9c0523652..dcf4c2c8a 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index e95eb729b..e03a4255d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -686,15 +686,13 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this, { flags |= usage->data[1] << 8; } - switch (flags) + if (flags & X509v3_KU_CRL_SIGN) { - case X509v3_KU_CRL_SIGN: - this->flags |= X509_CRL_SIGN; - break; - case X509v3_KU_KEY_CERT_SIGN: - /* we use the caBasicContraint, MUST be set */ - default: - break; + this->flags |= X509_CRL_SIGN; + } + if (flags & X509v3_KU_KEY_CERT_SIGN) + { + /* we use the caBasicContraint, MUST be set */ } } ASN1_BIT_STRING_free(usage); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index b71749589..101119300 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 8ff3dd021..4b69f9f49 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 3ffafd020..8104a2a94 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index cbf227680..6f6c6237f 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index ca7b5a8a9..7bf33d967 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 73f15d26c..d25a1af44 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 3bf44de30..e5698a302 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 2066d8792..3ff09f5f2 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 04888cde2..02607958f 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 940c5572a..98702d0d3 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index c432cf810..b874e9081 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 849c89630..40b1d7644 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 5840c7dd0..8254c1424 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index fa596e6f4..0c68798a9 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 6e3d6a390..109726b6a 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 89e7675e3..2c56a2f1b 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -226,7 +226,7 @@ static void sha256_write(private_sha256_hasher_t *ctx, /** * finalize SHA256 hash */ -static void sha256_final(private_sha256_hasher_t *ctx) +static void sha256_final(private_sha256_hasher_t *ctx, u_char *buf, size_t len) { register int j; uint64_t bitLength; @@ -255,8 +255,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) ctx->sha_out[63] = bitLength; sha256_transform(ctx, &ctx->sha_out[0]); - /* return results in ctx->sha_out[0...31] */ - datap = &ctx->sha_out[0]; + datap = buf; j = 0; do { i = ctx->sha_H[j]; @@ -265,7 +264,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) datap[2] = i >> 8; datap[3] = i; datap += 4; - } while(++j < 8); + } while(++j < len / 4); } /* update macros for SHA512 */ @@ -371,7 +370,7 @@ static void sha512_write(private_sha512_hasher_t *ctx, /** * Finalize a SHA384/SHA512 hash */ -static void sha512_final(private_sha512_hasher_t *ctx) +static void sha512_final(private_sha512_hasher_t *ctx, u_char *buf, size_t len) { register int j; uint64_t bitLength, bitLengthMSB; @@ -409,8 +408,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) ctx->sha_out[127] = bitLength; sha512_transform(ctx, &ctx->sha_out[0]); - /* return results in ctx->sha_out[0...63] */ - datap = &ctx->sha_out[0]; + datap = buf; j = 0; do { i = ctx->sha_H[j]; @@ -423,7 +421,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) datap[6] = i >> 8; datap[7] = i; datap += 8; - } while(++j < 8); + } while(++j < len / 8); } METHOD(hasher_t, reset224, bool, @@ -432,7 +430,6 @@ METHOD(hasher_t, reset224, bool, memcpy(&this->sha_H[0], &sha224_hashInit[0], sizeof(this->sha_H)); this->sha_blocks = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -442,7 +439,6 @@ METHOD(hasher_t, reset256, bool, memcpy(&this->sha_H[0], &sha256_hashInit[0], sizeof(this->sha_H)); this->sha_blocks = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -453,7 +449,6 @@ METHOD(hasher_t, reset384, bool, this->sha_blocks = 0; this->sha_blocksMSB = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -464,7 +459,6 @@ METHOD(hasher_t, reset512, bool, this->sha_blocks = 0; this->sha_blocksMSB = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -474,8 +468,7 @@ METHOD(hasher_t, get_hash224, bool, sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha256_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA224); + sha256_final(this, buffer, HASH_SIZE_SHA224); reset224(this); } return TRUE; @@ -487,8 +480,7 @@ METHOD(hasher_t, get_hash256, bool, sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha256_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA256); + sha256_final(this, buffer, HASH_SIZE_SHA256); reset256(this); } return TRUE; @@ -500,8 +492,7 @@ METHOD(hasher_t, get_hash384, bool, sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha512_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA384); + sha512_final(this, buffer, HASH_SIZE_SHA384); reset384(this); } return TRUE; @@ -513,8 +504,7 @@ METHOD(hasher_t, get_hash512, bool, sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha512_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA512); + sha512_final(this, buffer, HASH_SIZE_SHA512); reset512(this); } return TRUE; @@ -523,69 +513,49 @@ METHOD(hasher_t, get_hash512, bool, METHOD(hasher_t, allocate_hash224, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha256_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha256_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA224); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA224); - reset224(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA224); } - return TRUE; + return get_hash224(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash256, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha256_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha256_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA256); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA256); - reset256(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA256); } - return TRUE; + return get_hash256(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash384, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha512_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha512_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA384); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA384); - reset384(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA384); } - return TRUE; + return get_hash384(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash512, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha512_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha512_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA512); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA512); - reset512(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA512); } - return TRUE; + return get_hash512(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, get_hash_size224, size_t, diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 2c249343c..a1f79740b 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 02e398729..ceccab7f1 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 5e23cb91c..39d705622 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index a6663999d..ded2bf8f1 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 33c5720a4..b7332d4a7 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -331,8 +331,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -433,6 +431,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -461,6 +461,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 15c8c27cc..93159ff17 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index b417d6e66..91033262d 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index e1ed6b7ee..3596d1f85 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index e32f8eefe..aef76af32 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this) } rng->destroy(rng); return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, - asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_simple_object(ASN1_OCTET_STRING, this->nonce))); } /** diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index a23130851..d5d47694f 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 279e179ea..ce0ad3772 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -351,8 +351,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -453,6 +451,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -481,6 +481,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 5ddd0bb9a..9d0a6dea1 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -549,10 +549,14 @@ END_TEST #ifdef WIN32 # define include1 "C:\\Windows\\Temp\\strongswan-settings-test-include1" +# define include1_str "C:\\\\Windows\\\\Temp\\\\strongswan-settings-test-include1" # define include2 "C:\\Windows\\Temp\\strongswan-settings-test-include2" +# define include2_str "C:\\\\Windows\\\\Temp\\\\strongswan-settings-test-include2" #else # define include1 "/tmp/strongswan-settings-test-include1" +# define include1_str include1 # define include2 "/tmp/strongswan-settings-test-include2" +# define include2_str include2 #endif static char *include_content1 = @@ -638,10 +642,10 @@ START_TEST(test_include_string) " include this/does/not/exist.conf\n" " include = value\n" " key2 = value2\n" - " include \"" include2 "\"\n" + " include \"" include2_str "\"\n" " }\n" "}\n" - "include \"" include1 "\""); + "include \"" include1_str "\""); create_settings(contents); verify_include(); diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c index 0af34c847..8541cdaef 100644 --- a/src/libstrongswan/tests/test_suite.c +++ b/src/libstrongswan/tests/test_suite.c @@ -381,7 +381,7 @@ void test_setup_handler() sigaction(SIGSEGV, &action, NULL); sigaction(SIGILL, &action, NULL); sigaction(SIGBUS, &action, NULL); - /* ignore ALRM/USR1, these are catched by main thread only */ + /* ignore ALRM/USR1, these are caught by main thread only */ action.sa_handler = SIG_IGN; sigaction(SIGALRM, &action, NULL); sigaction(SIGUSR1, &action, NULL); diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 79a88e27d..c19cac25a 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -41,7 +41,7 @@ TEST_SUITE(auth_cfg_suite_create) TEST_SUITE(hasher_suite_create) TEST_SUITE(crypter_suite_create) TEST_SUITE(crypto_factory_suite_create) -TEST_SUITE(iv_gen_suite_create) +TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG) TEST_SUITE(pen_suite_create) TEST_SUITE(asn1_suite_create) TEST_SUITE(asn1_parser_suite_create) diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c index 30c6f546c..4b4b6ccee 100644 --- a/src/libstrongswan/utils/utils/memory.c +++ b/src/libstrongswan/utils/utils/memory.c @@ -20,7 +20,7 @@ /** * Described in header. */ -void memxor(uint8_t dst[], uint8_t src[], size_t n) +void memxor(uint8_t dst[], const uint8_t src[], size_t n) { int m, i; diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index b978e7c48..e84033010 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -80,7 +80,7 @@ static inline void *memset_noop(void *s, int c, size_t n) /** * Same as memcpy, but XORs src into dst instead of copy */ -void memxor(uint8_t dest[], uint8_t src[], size_t n); +void memxor(uint8_t dest[], const uint8_t src[], size_t n); /** * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index ee1d7fc7e..292d10f0b 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -363,8 +363,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -465,6 +463,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -493,6 +493,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index 8c87e1dd0..2e2c3debf 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -307,8 +307,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -409,6 +407,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -437,6 +437,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tls.h b/src/libtls/tls.h index f3dc198cf..f832ef50e 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -169,7 +169,7 @@ struct tls_t { * Query upper layer for one or more TLS records, build fragments. * * The TLS stack automatically fragments the records to the given buffer - * size. Fragmentation is indicated by the reclen ouput parameter and + * size. Fragmentation is indicated by the reclen output parameter and * the return value. For the first fragment of a TLS record, a non-zero * record length is returned in reclen. If more fragments follow, NEED_MORE * is returned. A return value of ALREADY_DONE indicates that the final diff --git a/src/libtls/tls_aead.h b/src/libtls/tls_aead.h index 8b5cda5a7..389a498a5 100644 --- a/src/libtls/tls_aead.h +++ b/src/libtls/tls_aead.h @@ -75,7 +75,7 @@ struct tls_aead_t { size_t (*get_mac_key_size)(tls_aead_t *this); /** - * Get the encrytion key size, if used. + * Get the encryption key size, if used. * * @return key size, in bytes, 0 if not used */ diff --git a/src/libtnccs/Android.mk b/src/libtnccs/Android.mk index e37973202..ba7496517 100644 --- a/src/libtnccs/Android.mk +++ b/src/libtnccs/Android.mk @@ -16,7 +16,7 @@ LOCAL_SRC_FILES := $(filter %.c,$(libtnccs_la_SOURCES)) LOCAL_SRC_FILES += $(call add_plugin, tnc-imc) ifneq ($(call plugin_enabled, tnc-imc),) -LOCAL_SHARED_LIBRARIES += libdl +LOCAL_LDLIBS += -ldl endif LOCAL_SRC_FILES += $(call add_plugin, tnc-tnccs) diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index 653d841a3..9a7639e06 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -367,8 +367,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -469,6 +467,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -497,6 +497,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 84dbf1461..5824c4597 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index 5fd128faa..4de4bccb3 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index acddd84a2..a8607d3b4 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index b6b80749b..eac0e1f63 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -325,8 +325,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -427,6 +425,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -455,6 +455,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 2a1d327b4..0d1e73aa4 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -328,8 +328,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -430,6 +428,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -458,6 +458,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 65201ddaa..ebe42fe5d 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 2432a704f..1fc797c7f 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -277,8 +277,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -379,6 +377,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -407,6 +407,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtncif/tncif_pa_subtypes.c b/src/libtncif/tncif_pa_subtypes.c index d83c3255d..2789e7d3e 100644 --- a/src/libtncif/tncif_pa_subtypes.c +++ b/src/libtncif/tncif_pa_subtypes.c @@ -1,6 +1,5 @@ /* - * Copyright (C) 2010-2015 Andreas Steffen - * + * Copyright (C) 2010-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,7 +16,7 @@ #include "tncif_pa_subtypes.h" /* IETF PA Subtype names */ -ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_NEA_CLIENT, +ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_SW, "Testing", "Operating System", "Anti-Virus", @@ -26,10 +25,11 @@ ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_NEA_C "Firewall", "IDPS", "VPN", - "NEA Client" + "NEA Client", + "Software" ); ENUM_NEXT(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY, PA_SUBTYPE_IETF_ANY, - PA_SUBTYPE_IETF_NEA_CLIENT, + PA_SUBTYPE_IETF_SW, "ANY" ); ENUM_END(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY); diff --git a/src/libtncif/tncif_pa_subtypes.h b/src/libtncif/tncif_pa_subtypes.h index d6dcad025..696441029 100644 --- a/src/libtncif/tncif_pa_subtypes.h +++ b/src/libtncif/tncif_pa_subtypes.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -43,6 +43,7 @@ typedef enum pa_subtype_ita_t pa_subtype_ita_t; PA_SUBTYPE_IETF_IDPS = 0x06, PA_SUBTYPE_IETF_VPN = 0x07, PA_SUBTYPE_IETF_NEA_CLIENT = 0x08, + PA_SUBTYPE_IETF_SW = 0x09, PA_SUBTYPE_IETF_ANY = 0xff }; diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in index 405d717d9..90d5e54f5 100644 --- a/src/libtpmtss/Makefile.in +++ b/src/libtpmtss/Makefile.in @@ -355,8 +355,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -457,6 +455,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -485,6 +485,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in index eb9489eb4..f80c0f736 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.in +++ b/src/libtpmtss/plugins/tpm/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c index 9a4b9a40c..dcba05c43 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -23,8 +23,18 @@ #include <bio/bio_reader.h> #include <tpm20.h> + +#ifdef TSS2_TCTI_TABRMD +#include <tcti/tcti-tabrmd.h> +#endif /* TSS2_TCTI_TABRMD */ + +#ifdef TSS2_TCTI_SOCKET #include <tcti_socket.h> +#define TCTI_SOCKET_DEFAULT_ADDRESS "127.0.0.1" +#define TCTI_SOCKET_DEFAULT_PORT 2323 +#endif /* TSS2_TCTI_SOCKET */ + #define LABEL "TPM 2.0 -" typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t; @@ -209,23 +219,52 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this) } /** - * Initialize TSS context + * Initialize TSS2 TCTI TABRMD context */ -static bool initialize_context(private_tpm_tss_tss2_t *this) +static bool initialize_tcti_tabrmd_context(private_tpm_tss_tss2_t *this) { +#ifdef TSS2_TCTI_TABRMD size_t tcti_context_size; - uint32_t sys_context_size; uint32_t rval; - TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME, - DEFAULT_RESMGR_TPM_PORT - }; + /* determine size of tcti context */ + rval = tss2_tcti_tabrmd_init(NULL, &tcti_context_size); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context size: 0x%06x", + LABEL, rval); + return FALSE; + } - TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, - TSS_SAPI_FIRST_FAMILY, - TSS_SAPI_FIRST_LEVEL, - TSS_SAPI_FIRST_VERSION - }; + /* allocate memory for tcti context */ + this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + + /* initialize tcti context */ + rval = tss2_tcti_tabrmd_init(this->tcti_context, &tcti_context_size); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x " + "via tabrmd interface", LABEL, rval); + return FALSE; + } + return TRUE; +#else /* TSS2_TCTI_TABRMD */ + return FALSE; +#endif /* TSS2_TCTI_TABRMD */ +} + +/** + * Initialize TSS2 TCTI Socket context + */ +static bool initialize_tcti_socket_context(private_tpm_tss_tss2_t *this) +{ +#ifdef TSS2_TCTI_SOCKET + size_t tcti_context_size; + uint32_t rval; + + TCTI_SOCKET_CONF rm_if_config = { TCTI_SOCKET_DEFAULT_ADDRESS, + TCTI_SOCKET_DEFAULT_PORT + }; /* determine size of tcti context */ rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0); @@ -244,10 +283,29 @@ static bool initialize_context(private_tpm_tss_tss2_t *this) &rm_if_config, 0); if (rval != TSS2_RC_SUCCESS) { - DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x", - LABEL, rval); + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x " + "via socket interface", LABEL, rval); return FALSE; } + return TRUE; +#else /* TSS2_TCTI_SOCKET */ + return FALSE; +#endif /* TSS2_TCTI_SOCKET */ +} + +/** + * Initialize TSS2 Sys context + */ +static bool initialize_sys_context(private_tpm_tss_tss2_t *this) +{ + uint32_t sys_context_size; + uint32_t rval; + + TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, + TSS_SAPI_FIRST_FAMILY, + TSS_SAPI_FIRST_LEVEL, + TSS_SAPI_FIRST_VERSION + }; /* determine size of sys context */ sys_context_size = Tss2_Sys_GetContextSize(0); @@ -885,7 +943,15 @@ tpm_tss_t *tpm_tss_tss2_create() }, ); - available = initialize_context(this); + available = initialize_tcti_tabrmd_context(this); + if (!available) + { + available = initialize_tcti_socket_context(this); + } + if (available) + { + available = initialize_sys_context(this); + } DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not "); if (!available) diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 58c247e1b..0c128c1a8 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -329,8 +329,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -431,6 +429,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -459,6 +459,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 7561ad91c..6ebe48691 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -318,8 +318,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -420,6 +418,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,6 +448,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index ed95d812a..58de24aca 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -331,8 +331,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -433,6 +431,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -461,6 +461,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index a469f8b1c..bf8092bd4 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -268,8 +268,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -370,6 +368,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -398,6 +398,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in index 65fb8bc46..ad85fb381 100644 --- a/src/pki/man/pki---print.1.in +++ b/src/pki/man/pki---print.1.in @@ -46,9 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR. .BI "\-t, \-\-type " type Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), -\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private -key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private key), -\fIpriv\fR (private key), defaults to \fIx509\fR. +\fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA +private key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private +key), defaults to \fIx509\fR. . .SH "SEE ALSO" . diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 415de5503..1da001d09 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pt-tls-client/Makefile.am b/src/pt-tls-client/Makefile.am index 8d1567eef..a17b5ddf0 100644 --- a/src/pt-tls-client/Makefile.am +++ b/src/pt-tls-client/Makefile.am @@ -1,4 +1,4 @@ -ipsec_PROGRAMS = pt-tls-client +bin_PROGRAMS = pt-tls-client pt_tls_client_SOURCES = pt-tls-client.c @@ -19,3 +19,7 @@ pt_tls_client_LDADD = \ $(top_builddir)/src/libpttls/libpttls.la \ $(top_builddir)/src/libtnccs/libtnccs.la +man1_MANS = pt-tls-client.1 + +CLEANFILES = $(man1_MANS) + diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 7912c6058..820bec9f3 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -88,7 +88,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ipsec_PROGRAMS = pt-tls-client$(EXEEXT) +bin_PROGRAMS = pt-tls-client$(EXEEXT) subdir = src/pt-tls-client ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -106,10 +106,10 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = pt-tls-client.1 CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" -PROGRAMS = $(ipsec_PROGRAMS) +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" +PROGRAMS = $(bin_PROGRAMS) am_pt_tls_client_OBJECTS = pt-tls-client.$(OBJEXT) pt_tls_client_OBJECTS = $(am_pt_tls_client_OBJECTS) pt_tls_client_DEPENDENCIES = \ @@ -162,6 +162,36 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +NROFF = nroff +MANS = $(man1_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -181,7 +211,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pt-tls-client.1.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -282,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -384,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -412,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -431,6 +466,8 @@ pt_tls_client_LDADD = \ $(top_builddir)/src/libpttls/libpttls.la \ $(top_builddir)/src/libtnccs/libtnccs.la +man1_MANS = pt-tls-client.1 +CLEANFILES = $(man1_MANS) all: all-am .SUFFIXES: @@ -464,12 +501,14 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-ipsecPROGRAMS: $(ipsec_PROGRAMS) +pt-tls-client.1: $(top_builddir)/config.status $(srcdir)/pt-tls-client.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ @@ -489,24 +528,24 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done -uninstall-ipsecPROGRAMS: +uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files -clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ @@ -555,6 +594,47 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-man1: $(man1_MANS) + @$(NORMAL_INSTALL) + @list1='$(man1_MANS)'; \ + list2=''; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -640,9 +720,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) +all-am: Makefile $(PROGRAMS) $(MANS) installdirs: - for dir in "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -667,6 +747,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -677,8 +758,7 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ - mostlyclean-am +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -698,13 +778,13 @@ info: info-am info-am: -install-data-am: install-ipsecPROGRAMS +install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: -install-exec-am: +install-exec-am: install-binPROGRAMS install-html: install-html-am @@ -714,7 +794,7 @@ install-info: install-info-am install-info-am: -install-man: +install-man: install-man1 install-pdf: install-pdf-am @@ -744,23 +824,26 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS +uninstall-am: uninstall-binPROGRAMS uninstall-man + +uninstall-man: uninstall-man1 .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man1 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-man uninstall-man1 .PRECIOUS: Makefile diff --git a/src/pt-tls-client/pt-tls-client.1.in b/src/pt-tls-client/pt-tls-client.1.in new file mode 100644 index 000000000..d7c9dffe5 --- /dev/null +++ b/src/pt-tls-client/pt-tls-client.1.in @@ -0,0 +1,130 @@ +.TH PT-TLS-CLIENT 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pt-tls-client \- Simple client using PT-TLS to collect integrity information +. +.SH "SYNOPSIS" +. +.SY "pt-tls-client" +.BI \-\-connect +.IR hostname |\fIaddress +.OP \-\-port hex +.RB [ \-\-cert +.IR file ]+ +.RB [ \-\-keyid +.IR hex |\fB\-\-key +.IR file ] +.RB [ \-\-key-type +.BR rsa |\fBecdsa\fR] +.OP \-\-client client-id +.OP \-\-secret password +.OP \-\-mutual +.OP \-\-optionsfrom filename +.OP \-\-quiet +.OP \-\-debug level +.YS +. +.SY "pt-tls-client" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +.B pt-tls-client +is a simple client using the PT-TLS (RFC 6876) transport protocol to collect +integrity measurements on the client platform. PT-TLS does an initial TLS +handshake with certificate-based server authentication and optional +certificate-based client authentication. Alternatively simple password-based +SASL client authentication protected by TLS can be used. +.P +Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC +5792) message protocol between any number of Integrity Measurement Verifiers +(IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement +Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list +defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several +PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data +batches which in turn are transported via PT-TLS. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Prints usage information and a short summary of the available commands. +.TP +.BI "\-c, \-\-connect " hostname\fR|\fIaddress +Set the hostname or IP address of the PT-TLS server. +.TP +.BI "\-p, \-\-port " port +Set the port of the PT-TLS server, default: 271. +.TP +.BI "\-x, \-\-cert " file +Set the path to an X.509 certificate file. This option can be repeated to load +multiple client and CA certificates. +.TP +.BI "\-k, \-\-key " file +Set the path to the client's PKCS#1 or PKCS#8 private key file +.TP +.BI "\-t, \-\-key\-type " type +Define the type of the private key if stored in PKCS#1 format. Can be omitted +with PKCS#8 keys. +.TP +.BI "\-x, \-\-keyid " hex +Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted +Platform Module. +.TP +.BI "\-i, \-\-client " client-id +Set the username or client ID of the client required for password-based SASL +authentication. +.TP +.BI "\-s, \-\-secret " password +Set the preshared secret or client password required for password-based SASL +authentication. +.TP +.B "\-q, \-\-mutual +Enable mutual attestation between PT-TLS client and PT-TLS server. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.B "\-q, \-\-quiet +Disable debug output to stderr. +.TP +.BI "\-+, \-\-optionsfrom " file +Read command line options from \fIfile\fR. +. +.SH "EXAMPLES" +. +Connect to a PT-TLS server using certificate-based authentication, +storing the private ECDSA key in a file: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ + \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa +.EE +.PP +Connect to a PT-TLS server using certificate-based authentication, +storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ + \-\-cert client.crt \-\-keyid 0x81010002 +.EE +.PP +Connect to a PT-TLS server listening on port 443, using SASL password-based +authentication: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\ + \-\-client jane \-\-password p2Nl9trKlb +.EE +.SH FILES +.TP +/etc/tnc_config +. +.SH "SEE ALSO" +. +.BR strongswan.conf (5) + diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 6f200c316..d7e78c497 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -42,9 +42,10 @@ static void usage(FILE *out) { fprintf(out, "Usage: pt-tls --connect <hostname|address> [--port <port>]\n" - " [--cert <file>]+ [--key <file>] [--key-type rsa|ecdsa]\n" - " [--client <client-id>] [--secret <password>]\n" - " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n"); + " [--cert <file>]+ [--keyid <hex>|--key <file>]\n" + " [--key-type rsa|ecdsa] [--client <client-id>]\n" + " [--secret <password>] [--mutual] [--quiet]\n" + " [--debug <level>] [--optionsfrom <filename>]\n"); } /** @@ -121,15 +122,26 @@ static bool load_certificate(char *filename) /** * Load private key from file */ -static bool load_key(char *filename, key_type_t type) +static bool load_key(char *keyid, char *filename, key_type_t type) { private_key_t *key; + chunk_t chunk; - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FILE, filename, BUILD_END); + if (keyid) + { + chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + chunk_free(&chunk); + } + else + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, filename, BUILD_END); + } if (!key) { - DBG1(DBG_TLS, "loading key from '%s' failed", filename); + DBG1(DBG_TLS, "loading key from '%s' failed", keyid ? keyid : filename); return FALSE; } creds->add_key(creds, key); @@ -255,7 +267,8 @@ static void init() int main(int argc, char *argv[]) { - char *address = NULL, *identity = "%any", *secret = NULL, *key_file = NULL; + char *address = NULL, *identity = "%any", *secret = NULL; + char *keyid = NULL, *key_file = NULL; key_type_t key_type = KEY_RSA; int port = PT_TLS_PORT; @@ -270,15 +283,17 @@ int main(int argc, char *argv[]) {"secret", required_argument, NULL, 's' }, {"port", required_argument, NULL, 'p' }, {"cert", required_argument, NULL, 'x' }, + {"keyid", required_argument, NULL, 'K' }, {"key", required_argument, NULL, 'k' }, - {"key-type", required_argument, NULL, 't' }, + {"key-type", required_argument, NULL, 't' }, {"mutual", no_argument, NULL, 'm' }, {"quiet", no_argument, NULL, 'q' }, {"debug", required_argument, NULL, 'd' }, {"optionsfrom", required_argument, NULL, '+' }, {0,0,0,0 } }; - switch (getopt_long(argc, argv, "", long_opts, NULL)) + switch (getopt_long(argc, argv, "hc:i:s:p:x:K:k:t:mqd:+:", long_opts, + NULL)) { case EOF: break; @@ -291,6 +306,9 @@ int main(int argc, char *argv[]) return 1; } continue; + case 'K': /* --keyid <hex> */ + keyid = optarg; + continue; case 'k': /* --key <file> */ key_file = optarg; continue; @@ -352,7 +370,7 @@ int main(int argc, char *argv[]) usage(stderr); return 1; } - if (key_file && !load_key(key_file, key_type)) + if ((keyid || key_file) && !load_key(keyid, key_file, key_type)) { return 1; } diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 9b2023f7d..85522ad7b 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 97a0713c3..2fa22ae97 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -355,8 +355,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -457,6 +455,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -485,6 +485,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 6ce8bdaee..fc5b86397 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -307,8 +307,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -409,6 +407,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -437,6 +437,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 6af83d9b7..9d17733ba 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -281,8 +281,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -383,6 +381,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -411,6 +411,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/sw-collector/Makefile.am b/src/sw-collector/Makefile.am new file mode 100644 index 000000000..4ed73c925 --- /dev/null +++ b/src/sw-collector/Makefile.am @@ -0,0 +1,32 @@ +sbin_PROGRAMS = sw-collector + +sw_collector_SOURCES = \ + sw-collector.c \ + sw_collector_db.h sw_collector_db.c \ + sw_collector_dpkg.h sw_collector_dpkg.c \ + sw_collector_history.h sw_collector_history.c \ + sw_collector_rest_api.h sw_collector_rest_api.c + +sw-collector.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -DPLUGINS=\""random openssl sqlite curl"\" + +AM_CFLAGS = $(json_CFLAGS) + +sw_collector_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(json_LIBS) + +templatesdir = $(pkgdatadir)/templates/database/sw-collector +dist_templates_DATA = sw_collector_tables.sql + +man8_MANS = sw-collector.8 + +CLEANFILES = $(man8_MANS) + + diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in new file mode 100644 index 000000000..73016ad72 --- /dev/null +++ b/src/sw-collector/Makefile.in @@ -0,0 +1,894 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +sbin_PROGRAMS = sw-collector$(EXEEXT) +subdir = src/sw-collector +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = sw-collector.8 +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" \ + "$(DESTDIR)$(templatesdir)" +PROGRAMS = $(sbin_PROGRAMS) +am_sw_collector_OBJECTS = sw-collector.$(OBJEXT) \ + sw_collector_db.$(OBJEXT) sw_collector_dpkg.$(OBJEXT) \ + sw_collector_history.$(OBJEXT) sw_collector_rest_api.$(OBJEXT) +sw_collector_OBJECTS = $(am_sw_collector_OBJECTS) +am__DEPENDENCIES_1 = +sw_collector_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(sw_collector_SOURCES) +DIST_SOURCES = $(sw_collector_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man8_MANS) +DATA = $(dist_templates_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/sw-collector.8.in \ + $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +sw_collector_SOURCES = \ + sw-collector.c \ + sw_collector_db.h sw_collector_db.c \ + sw_collector_dpkg.h sw_collector_dpkg.c \ + sw_collector_history.h sw_collector_history.c \ + sw_collector_rest_api.h sw_collector_rest_api.c + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -DPLUGINS=\""random openssl sqlite curl"\" + +AM_CFLAGS = $(json_CFLAGS) +sw_collector_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(json_LIBS) + +templatesdir = $(pkgdatadir)/templates/database/sw-collector +dist_templates_DATA = sw_collector_tables.sql +man8_MANS = sw-collector.8 +CLEANFILES = $(man8_MANS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/sw-collector/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/sw-collector/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +sw-collector.8: $(top_builddir)/config.status $(srcdir)/sw-collector.8.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +sw-collector$(EXEEXT): $(sw_collector_OBJECTS) $(sw_collector_DEPENDENCIES) $(EXTRA_sw_collector_DEPENDENCIES) + @rm -f sw-collector$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sw_collector_OBJECTS) $(sw_collector_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw-collector.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_db.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_dpkg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_history.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_rest_api.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man8: $(man8_MANS) + @$(NORMAL_INSTALL) + @list1='$(man8_MANS)'; \ + list2=''; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +install-dist_templatesDATA: $(dist_templates_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \ + done + +uninstall-dist_templatesDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(templatesdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_templatesDATA install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_templatesDATA uninstall-man \ + uninstall-sbinPROGRAMS + +uninstall-man: uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_templatesDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man8 install-pdf install-pdf-am install-ps \ + install-ps-am install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am \ + uninstall-dist_templatesDATA uninstall-man uninstall-man8 \ + uninstall-sbinPROGRAMS + +.PRECIOUS: Makefile + + +sw-collector.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/sw-collector/sw-collector.8.in b/src/sw-collector/sw-collector.8.in new file mode 100644 index 000000000..8560ba095 --- /dev/null +++ b/src/sw-collector/sw-collector.8.in @@ -0,0 +1,124 @@ +.TH SW-COLLECTOR 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +sw-collector \- Extracts software installation events from dpkg history log +. +.SH "SYNOPSIS" +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-count event-count +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-installed\fR|\fB\--removed +.BR \-\-list |\fB\-\-unregistered +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-installed\fR|\fB\--removed +.OP \-\-full +.BR \-\-generate +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.BR \-\-migrate +.YS +. +.SY "sw-collector" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +.B sw-collector +extracts information about software package installation, update or removal +events from the apt history log and stores the software events in an SQLite +database. The retrieved history information is then merged and made consistent +with the actual list of installed software packages obtained with dpkg-query. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Prints usage information and a short summary of the available commands. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 2. +.TP +.B "\-q, \-\-quiet +Disable debug output to stderr. +.TP +.B "\-i, \-\-installed +Apply command to installed software packages, only. +.TP +.B "\-r, \-\-removed +Apply command to removed software packages, only. +.TP +.B "\-f, \-\-full +Generate ISO 19770-2:2015 SWID tags with full file information (possible for +installed software packages, only). +.TP +.B "\-l, \-\-list +Lists all software packages stored in the collector database showing their +installation status. +.TP +.B "\-u, \-\-unregistered +Lists all software packages residing in the local collector database but for +which no SWID tags exist yet in a central collector database reachable via a +REST interface. +.TP +.B "\-g, \-\-generate +Generates ISO 19770-2:2015 SWID tags for all software packages residing in the +local collector database but for which no SWID tags exist in a central collector +database reachable via a REST interface. +.TP +.B "\-m, \-\-migrate +Can be used to migrate collector database versions. Currently all architecture +suffixes are removed from dpkg package names. +. +.SH "CONFIGURATION" +. +The following parameters can be configured in strongswan.conf: +.P + sw-collector { + database = sqlite:///etc/pts/collector.db + history = /var/log/apt/history.log + first_time = 2016-04-22T20:55:14Z + rest_api { + uri = https://admin-user:ietf99hackathon@tnc.strongswan.org/api/ + timeout = 120 + } + } +.P +The parameters of the swid_generator used with the \-\-generate command can +be changed in the libimcv section of strongswan.conf: +.P + libimcv { + swid_gen { + command = /usr/local/bin/swid_generator + tag_creator { + name = strongSwan Project + regid = strongswan.org + } + } + } +. +.SH "FILES" +. +@PKGDATADIR@/templates/database/sw-collector/sw_collector_tables.sql +. +.SH "SEE ALSO" +. +.BR strongswan.conf (5) + diff --git a/src/sw-collector/sw-collector.c b/src/sw-collector/sw-collector.c new file mode 100644 index 000000000..e673dd657 --- /dev/null +++ b/src/sw-collector/sw-collector.c @@ -0,0 +1,652 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <getopt.h> +#include <unistd.h> +#ifdef HAVE_SYSLOG +# include <syslog.h> +#endif + +#include "sw_collector_db.h" +#include "sw_collector_history.h" +#include "sw_collector_rest_api.h" +#include "sw_collector_dpkg.h" +# +#include <library.h> +#include <utils/debug.h> +#include <utils/lexparser.h> + +#include <swid_gen/swid_gen.h> + +/** + * global debug output variables + */ +static int debug_level = 2; +static bool stderr_quiet = FALSE; +static int count = 0; + +typedef enum collector_op_t collector_op_t; + +enum collector_op_t { + COLLECTOR_OP_EXTRACT, + COLLECTOR_OP_LIST, + COLLECTOR_OP_UNREGISTERED, + COLLECTOR_OP_GENERATE, + COLLECTOR_OP_MIGRATE +}; + +/** + * sw_collector dbg function + */ +static void sw_collector_dbg(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= debug_level) + { + if (!stderr_quiet) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } + +#ifdef HAVE_SYSLOG + { + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "%s\n", current); + current = next; + } + } +#endif /* HAVE_SYSLOG */ + } +} + +/** + * atexit handler + */ +static void cleanup(void) +{ + library_deinit(); +#ifdef HAVE_SYSLOG + closelog(); +#endif +} + +/** + * Display usage of sw-collector command + */ +static void usage(void) +{ + printf("\ +Usage:\n\ + sw-collector --help\n\ + sw-collector [--debug <level>] [--quiet] [--count <event count>]\n\ + sw-collector [--debug <level>] [--quiet] [--installed|--removed] \ +--list|-unregistered\n\ + sw-collector [--debug <level>] [--quiet] [--installed|--removed] \ +[--full] --generate\n\ + sw-collector [--debug <level>] [--quiet] --migrate\n"); +} + +/** + * Parse command line options + */ +static collector_op_t do_args(int argc, char *argv[], bool *full_tags, + sw_collector_db_query_t *query_type) +{ + collector_op_t op = COLLECTOR_OP_EXTRACT; + bool installed = FALSE, removed = FALSE, full = FALSE; + + /* reinit getopt state */ + optind = 0; + + while (TRUE) + { + int c; + + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + { "count", required_argument, NULL, 'c' }, + { "debug", required_argument, NULL, 'd' }, + { "full", no_argument, NULL, 'f' }, + { "generate", no_argument, NULL, 'g' }, + { "installed", no_argument, NULL, 'i' }, + { "list", no_argument, NULL, 'l' }, + { "migrate", no_argument, NULL, 'm' }, + { "quiet", no_argument, NULL, 'q' }, + { "removed", no_argument, NULL, 'r' }, + { "unregistered", no_argument, NULL, 'u' }, + { 0,0,0,0 } + }; + + c = getopt_long(argc, argv, "hc:d:fgilmqru", long_opts, NULL); + switch (c) + { + case EOF: + break; + case 'h': + usage(); + exit(SUCCESS); + break; + case 'c': + count = atoi(optarg); + continue; + case 'd': + debug_level = atoi(optarg); + continue; + case 'f': + full = TRUE; + continue; + case 'g': + op = COLLECTOR_OP_GENERATE; + continue; + case 'i': + installed = TRUE; + continue; + case 'l': + op = COLLECTOR_OP_LIST; + continue; + case 'm': + op = COLLECTOR_OP_MIGRATE; + continue; + case 'q': + stderr_quiet = TRUE; + continue; + case 'r': + removed = TRUE; + continue; + case 'u': + op = COLLECTOR_OP_UNREGISTERED; + continue; + default: + usage(); + exit(EXIT_FAILURE); + } + break; + } + + if ((!installed && !removed) || (installed && removed)) + { + *query_type = SW_QUERY_ALL; + } + else if (installed) + { + *query_type = SW_QUERY_INSTALLED; + } + else + { + *query_type = SW_QUERY_REMOVED; + } + *full_tags = full; + + return op; +} + +/** + * Extract software events from apt history log files + */ +static int extract_history(sw_collector_db_t *db) +{ + sw_collector_history_t *history = NULL; + uint32_t epoch, last_eid, eid = 0; + char *history_path, *last_time = NULL, rfc_time[21]; + chunk_t *h, history_chunk, line, cmd; + int status = EXIT_FAILURE; + bool skip = TRUE; + + /* open history file for reading */ + history_path = lib->settings->get_str(lib->settings, "%s.history", NULL, + lib->ns); + if (!history_path) + { + fprintf(stderr, "sw-collector.history path not set.\n"); + return EXIT_FAILURE; + } + h = chunk_map(history_path, FALSE); + if (!h) + { + fprintf(stderr, "opening '%s' failed: %s", history_path, + strerror(errno)); + return EXIT_FAILURE; + } + history_chunk = *h; + + /* Instantiate history extractor */ + history = sw_collector_history_create(db, 1); + if (!history) + { + return EXIT_FAILURE; + } + + /* retrieve last event in database */ + if (!db->get_last_event(db, &last_eid, &epoch, &last_time) || !last_eid) + { + goto end; + } + DBG0(DBG_IMC, "Last-Event: %s, eid = %u, epoch = %u", + last_time, last_eid, epoch); + + /* parse history file */ + while (fetchline(&history_chunk, &line)) + { + if (line.len == 0) + { + continue; + } + if (!extract_token(&cmd, ':', &line)) + { + fprintf(stderr, "terminator symbol ':' not found.\n"); + goto end; + } + if (match("Start-Date", &cmd)) + { + if (!history->extract_timestamp(history, line, rfc_time)) + { + goto end; + } + + /* have we reached new history entries? */ + if (skip && strcmp(rfc_time, last_time) > 0) + { + skip = FALSE; + } + if (skip) + { + continue; + } + + /* insert new event into database */ + eid = db->add_event(db, rfc_time); + if (!eid) + { + goto end; + } + DBG1(DBG_IMC, "Start-Date: %s, eid = %u, epoch = %u", + rfc_time, eid, epoch); + } + else if (skip) + { + /* skip old history entries which have already been processed */ + continue; + } + else if (match("Install", &cmd)) + { + DBG1(DBG_IMC, " Install:"); + if (!history->extract_packages(history, line, eid, SW_OP_INSTALL)) + { + goto end; + } + } + else if (match("Upgrade", &cmd)) + { + DBG1(DBG_IMC, " Upgrade:"); + if (!history->extract_packages(history, line, eid, SW_OP_UPGRADE)) + { + goto end; + } + } + else if (match("Remove", &cmd)) + { + DBG1(DBG_IMC, " Remove:"); + if (!history->extract_packages(history, line, eid, SW_OP_REMOVE)) + { + goto end; + } + } + else if (match("Purge", &cmd)) + { + DBG1(DBG_IMC, " Purge:"); + if (!history->extract_packages(history, line, eid, SW_OP_REMOVE)) + { + goto end; + } + } + else if (match("End-Date", &cmd)) + { + /* Process 'count' events at a time */ + if (count > 0 && eid - last_eid == count) + { + fprintf(stderr, "added %d events\n", count); + goto end; + } + } + } + + if (history->merge_installed_packages(history)) + { + status = EXIT_SUCCESS; + } + +end: + free(last_time); + history->destroy(history); + chunk_unmap(h); + + return status; +} + +/** + * List all endpoint software identifiers stored in local collector database + */ +static int list_identifiers(sw_collector_db_t *db, sw_collector_db_query_t type) +{ + enumerator_t *e; + char *name, *package, *version; + uint32_t sw_id, count = 0, installed_count = 0, removed_count, installed; + + e = db->create_sw_enumerator(db, type, NULL); + if (!e) + { + return EXIT_FAILURE; + } + while (e->enumerate(e, &sw_id, &name, &package, &version, &installed)) + { + printf("%s,%s,%s,%d\n", name, package, version, installed); + if (installed) + { + installed_count++; + } + count++; + } + removed_count = count - installed_count; + e->destroy(e); + + switch (type) + { + case SW_QUERY_ALL: + DBG1(DBG_IMC, "retrieved %u software identities with %u installed " + "and %u removed", count, installed_count, removed_count); + break; + case SW_QUERY_INSTALLED: + DBG1(DBG_IMC, "retrieved %u installed software identities", count); + break; + case SW_QUERY_REMOVED: + DBG1(DBG_IMC, "retrieved %u removed software identities", count); + break; + } + + return EXIT_SUCCESS; +} + +static bool query_registry(sw_collector_rest_api_t *rest_api, bool installed) +{ + sw_collector_db_query_t type; + enumerator_t *enumerator; + char *sw_id; + int count = 0; + + type = installed ? SW_QUERY_INSTALLED : SW_QUERY_REMOVED; + enumerator = rest_api->create_sw_enumerator(rest_api, type); + if (!enumerator) + { + return FALSE; + } + while (enumerator->enumerate(enumerator, &sw_id)) + { + printf("%s,%s\n", sw_id, installed ? "1" : "0"); + count++; + } + enumerator->destroy(enumerator); + DBG1(DBG_IMC, "%d %s software identifiers not registered", count, + installed ? "installed" : "removed"); + return TRUE; +} + + +/** + * List all endpoint software identifiers stored in local collector database + * that are not registered yet in central collelector database + */ +static int unregistered_identifiers(sw_collector_db_t *db, + sw_collector_db_query_t type) +{ + sw_collector_rest_api_t *rest_api; + int status = EXIT_SUCCESS; + + rest_api = sw_collector_rest_api_create(db); + if (!rest_api) + { + return EXIT_FAILURE; + } + + /* List installed software identifiers not registered centrally */ + if (type != SW_QUERY_REMOVED && !query_registry(rest_api, TRUE)) + { + status = EXIT_FAILURE; + } + + /* List removed software identifiers not registered centrally */ + if (type != SW_QUERY_INSTALLED && !query_registry(rest_api, FALSE)) + { + status = EXIT_FAILURE; + } + rest_api->destroy(rest_api); + + return status; +} + +/** + * Generate ISO 19770-2:2015 SWID tags for [installed|removed|all] + * SW identifiers that are not registered centrally + */ +static int generate_tags(sw_collector_db_t *db, bool full_tags, + sw_collector_db_query_t type) +{ + swid_gen_t * swid_gen; + sw_collector_rest_api_t *rest_api; + char *name, *package, *version, *tag; + enumerator_t *enumerator; + uint32_t sw_id; + bool installed; + int count = 0, installed_count = 0, status = EXIT_FAILURE; + + swid_gen = swid_gen_create(); + rest_api = sw_collector_rest_api_create(db); + if (!rest_api) + { + goto end; + } + + enumerator = rest_api->create_sw_enumerator(rest_api, type); + if (!enumerator) + { + goto end; + } + while (enumerator->enumerate(enumerator, &name)) + { + sw_id = db->get_sw_id(db, name, &package, &version, NULL, &installed); + if (sw_id) + { + tag = swid_gen->generate_tag(swid_gen, name, package, version, + full_tags && installed, FALSE); + if (tag) + { + DBG2(DBG_IMC, " creating %s", name); + printf("%s\n", tag); + free(tag); + count++; + if (installed) + { + installed_count++; + } + } + free(package); + free(version); + } + } + enumerator->destroy(enumerator); + status = EXIT_SUCCESS; + + switch (type) + { + case SW_QUERY_ALL: + DBG1(DBG_IMC, "created %d tags for unregistered software " + "identifiers with %d installed and %d removed", count, + installed_count, count - installed_count); + break; + case SW_QUERY_INSTALLED: + DBG1(DBG_IMC, "created %d tags for unregistered installed software " + "identifiers", count); + break; + case SW_QUERY_REMOVED: + DBG1(DBG_IMC, "created %d tags for unregistered removed software " + "identifiers", count); + break; + } + +end: + swid_gen->destroy(swid_gen); + DESTROY_IF(rest_api); + + return status; +} + +/** + * Append missing architecture suffix to package entries in the database + */ +static int migrate(sw_collector_db_t *db) +{ + sw_collector_dpkg_t *dpkg; + + char *package, *arch, *version; + char package_filter[BUF_LEN]; + int res, count = 0; + int status = EXIT_SUCCESS; + enumerator_t *enumerator; + + dpkg = sw_collector_dpkg_create(); + if (!dpkg) + { + return FAILED; + } + + enumerator = dpkg->create_sw_enumerator(dpkg); + while (enumerator->enumerate(enumerator, &package, &arch, &version)) + { + + /* Look for package names with architecture suffix */ + snprintf(package_filter, BUF_LEN, "%s:%%", package); + + res = db->update_package(db, package_filter, package); + if (res < 0) + { + status = EXIT_FAILURE; + break; + } + else if (res > 0) + { + count += res; + DBG2(DBG_IMC, "%s: removed arch suffix %d times", package, res); + } + } + enumerator->destroy(enumerator); + dpkg->destroy(dpkg); + + DBG1(DBG_IMC, "migrated %d sw identifier records", count); + + return status; +} + + +int main(int argc, char *argv[]) +{ + sw_collector_db_t *db = NULL; + sw_collector_db_query_t query_type; + collector_op_t op; + bool full_tags; + char *uri; + int status = EXIT_FAILURE; + + op = do_args(argc, argv, &full_tags, &query_type); + + /* enable sw_collector debugging hook */ + dbg = sw_collector_dbg; +#ifdef HAVE_SYSLOG + openlog("sw-collector", 0, LOG_DEBUG); +#endif + + atexit(cleanup); + + /* initialize library */ + if (!library_init(NULL, "sw-collector")) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + + /* load sw-collector plugins */ + if (!lib->plugins->load(lib->plugins, + lib->settings->get_str(lib->settings, "%s.load", PLUGINS, lib->ns))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + + /* connect to sw-collector database */ + uri = lib->settings->get_str(lib->settings, "%s.database", NULL, lib->ns); + if (!uri) + { + fprintf(stderr, "sw-collector.database URI not set.\n"); + exit(EXIT_FAILURE); + } + db = sw_collector_db_create(uri); + if (!db) + { + fprintf(stderr, "connection to sw-collector database failed.\n"); + exit(EXIT_FAILURE); + } + + switch (op) + { + case COLLECTOR_OP_EXTRACT: + status = extract_history(db); + break; + case COLLECTOR_OP_LIST: + status = list_identifiers(db, query_type); + break; + case COLLECTOR_OP_UNREGISTERED: + status = unregistered_identifiers(db, query_type); + break; + case COLLECTOR_OP_GENERATE: + status = generate_tags(db, full_tags, query_type); + break; + case COLLECTOR_OP_MIGRATE: + status = migrate(db); + break; + } + db->destroy(db); + + exit(status); +} diff --git a/src/sw-collector/sw_collector_db.c b/src/sw-collector/sw_collector_db.c new file mode 100644 index 000000000..554c3d624 --- /dev/null +++ b/src/sw-collector/sw_collector_db.c @@ -0,0 +1,427 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <time.h> + +#include "sw_collector_db.h" + +#include "swima/swima_event.h" + +typedef struct private_sw_collector_db_t private_sw_collector_db_t; + +/** + * Private data of an sw_collector_db_t object. + */ +struct private_sw_collector_db_t { + + /** + * Public members of sw_collector_db_state_t + */ + sw_collector_db_t public; + + /** + * Epoch + */ + uint32_t epoch; + + /** + * Event ID of last event stored in database + */ + uint32_t last_eid; + + /** + * Software collector database + */ + database_t *db; + +}; + +METHOD(sw_collector_db_t, add_event, uint32_t, + private_sw_collector_db_t *this, char *timestamp) +{ + uint32_t eid = 0; + + if (this->db->execute(this->db, &eid, + "INSERT INTO events (epoch, timestamp) VALUES (?, ?)", + DB_UINT, this->epoch, DB_TEXT, timestamp) != 1) + { + DBG1(DBG_IMC, "unable to insert event into database"); + return 0; + } + + return eid; +} + +METHOD(sw_collector_db_t, get_last_event, bool, + private_sw_collector_db_t *this, uint32_t *eid, uint32_t *epoch, + char **last_time) +{ + char *timestamp; + enumerator_t *e; + + e = this->db->query(this->db, + "SELECT id, epoch, timestamp FROM events ORDER BY timestamp DESC", + DB_UINT, DB_UINT, DB_TEXT); + if (!e) + { + DBG1(DBG_IMC, "database query for event failed"); + return FALSE; + } + if (e->enumerate(e, eid, epoch, ×tamp)) + { + if (last_time) + { + *last_time = strdup(timestamp); + } + } + else + { + *eid = 0; + } + e->destroy(e); + + return TRUE; +} + +METHOD(sw_collector_db_t, add_sw_event, bool, + private_sw_collector_db_t *this, uint32_t eid, uint32_t sw_id, + uint8_t action) +{ + if (this->db->execute(this->db, NULL, + "INSERT INTO sw_events (eid, sw_id, action) VALUES (?, ?, ?)", + DB_UINT, eid, DB_UINT, sw_id, DB_UINT, action) != 1) + { + DBG1(DBG_IMC, "unable to insert sw_event into database"); + return FALSE; + } + + return TRUE; +} + +METHOD(sw_collector_db_t, set_sw_id, uint32_t, + private_sw_collector_db_t *this, char *name, char *package, char *version, + uint8_t source, bool installed) +{ + uint32_t sw_id; + + if (this->db->execute(this->db, &sw_id, + "INSERT INTO sw_identifiers " + "(name, package, version, source, installed) VALUES (?, ?, ?, ?, ?)", + DB_TEXT, name, DB_TEXT, package, DB_TEXT, version, DB_UINT, source, + DB_UINT, installed) != 1) + { + DBG1(DBG_IMC, "unable to insert sw_id into database"); + return 0; + } + + return sw_id; +} + +METHOD(sw_collector_db_t, get_sw_id, uint32_t, + private_sw_collector_db_t *this, char *name, char **package, char **version, + uint8_t *source, bool *installed) +{ + char *sw_package, *sw_version; + uint32_t sw_id = 0, sw_source, sw_installed; + enumerator_t *e; + + /* Does software identifier already exist in database? */ + e = this->db->query(this->db, + "SELECT id, package, version, source, installed " + "FROM sw_identifiers WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_TEXT, DB_TEXT, DB_UINT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier failed"); + return 0; + } + if (e->enumerate(e, &sw_id, &sw_package, &sw_version, &sw_source, + &sw_installed)) + { + if (package) + { + *package = strdup(sw_package); + } + if (version) + { + *version = strdup(sw_version); + } + if (source) + { + *source = sw_source; + } + if (installed) + { + *installed = sw_installed; + } + } + e->destroy(e); + + return sw_id; +} + +METHOD(sw_collector_db_t, get_sw_id_count, uint32_t, + private_sw_collector_db_t *this, sw_collector_db_query_t type) +{ + uint32_t count, installed; + enumerator_t *e; + + if (type == SW_QUERY_ALL) + { + e = this->db->query(this->db, + "SELECT COUNT(installed) FROM sw_identifiers", DB_UINT); + } + else + { + installed = (type == SW_QUERY_INSTALLED); + e = this->db->query(this->db, + "SELECT COUNT(installed) FROM sw_identifiers WHERE installed = ?", + DB_UINT, installed, DB_UINT); + } + + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier count failed"); + return 0; + } + if (!e->enumerate(e, &count)) + { + count = 0; + } + e->destroy(e); + + return count; +} + +METHOD(sw_collector_db_t, update_sw_id, bool, + private_sw_collector_db_t *this, uint32_t sw_id, char *name, char *version, + bool installed) +{ + int res; + + if (name && version) + { + res = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET name = ?, version = ?, installed = ? " + "WHERE id = ?", DB_TEXT, name, DB_TEXT, version, DB_UINT, installed, + DB_UINT, sw_id); + } + else + { + res = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET installed = ? WHERE id = ?", + DB_UINT, installed, DB_UINT, sw_id); + } + if (res != 1) + { + DBG1(DBG_IMC, "unable to update software identifier in database"); + return FALSE; + } + return TRUE; +} + +METHOD(sw_collector_db_t, update_package, int, + private_sw_collector_db_t *this, char *package_filter, char *package) +{ + int count; + + count = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET package = ? WHERE package LIKE ?", + DB_TEXT, package, DB_TEXT, package_filter); + if (count < 0) + { + DBG1(DBG_IMC, "unable to update package name in database"); + } + + return count; +} + +METHOD(sw_collector_db_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_db_t *this, sw_collector_db_query_t type, char *package) +{ + enumerator_t *e; + u_int installed; + + if (type == SW_QUERY_ALL) + { + if (package) + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE package = ? ORDER BY name ASC", + DB_TEXT, package, DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + else + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers ORDER BY name ASC", + DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + } + else + { + installed = (type == SW_QUERY_INSTALLED); + + if (package) + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE package = ? AND installed = ? " + "ORDER BY name ASC", DB_TEXT, package, DB_UINT, installed, + DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + else + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE installed = ? ORDER BY name ASC", + DB_UINT, installed, DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + } + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier count failed"); + return NULL; + } + + return e; +} + +METHOD(sw_collector_db_t, destroy, void, + private_sw_collector_db_t *this) +{ + this->db->destroy(this->db); + free(this); +} + +/** + * Determine file creation data and convert it into RFC 3339 format + */ +bool get_file_creation_date(char *pathname, char *timestamp) +{ + struct stat st; + struct tm ct; + + if (stat(pathname, &st)) + { + DBG1(DBG_IMC, "unable to obtain statistics on '%s'", pathname); + return FALSE; + } + + /* Convert from local time to UTC */ + gmtime_r(&st.st_mtime, &ct); + ct.tm_year += 1900; + ct.tm_mon += 1; + + /* Form timestamp according to RFC 3339 (20 characters) */ + snprintf(timestamp, 21, "%4d-%02d-%02dT%02d:%02d:%02dZ", + ct.tm_year, ct.tm_mon, ct.tm_mday, + ct.tm_hour, ct.tm_min, ct.tm_sec); + + return TRUE; +} + +/** + * Described in header. + */ +sw_collector_db_t *sw_collector_db_create(char *uri) +{ + private_sw_collector_db_t *this; + uint32_t first_eid, last_eid; + char first_time_buf[21], *first_time, *first_file; + + INIT(this, + .public = { + .add_event = _add_event, + .get_last_event = _get_last_event, + .add_sw_event = _add_sw_event, + .set_sw_id = _set_sw_id, + .get_sw_id = _get_sw_id, + .get_sw_id_count = _get_sw_id_count, + .update_sw_id = _update_sw_id, + .update_package = _update_package, + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + .db = lib->db->create(lib->db, uri), + ); + + if (!this->db) + { + DBG1(DBG_IMC, "opening database URI '%s' failed", uri); + free(this); + return NULL; + } + + /* Retrieve last event in database */ + if (!get_last_event(this, &last_eid, &this->epoch, NULL)) + { + destroy(this); + return NULL; + } + + /* Create random epoch and first event if no events exist yet */ + if (!last_eid) + { + rng_t *rng; + + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng || + !rng->get_bytes(rng, sizeof(uint32_t), (uint8_t*)&this->epoch)) + { + DESTROY_IF(rng); + destroy(this); + DBG1(DBG_IMC, "generating random epoch value failed"); + return NULL; + } + rng->destroy(rng); + + /* strongTNC workaround - limit epoch to 31 bit unsigned integer */ + this->epoch &= 0x7fffffff; + + /* Create first event when the OS was installed */ + first_file = lib->settings->get_str(lib->settings, + "sw-collector.first_file", "/var/log/bootstrap.log"); + first_time = lib->settings->get_str(lib->settings, + "sw-collector.first_time", NULL); + if (!first_time) + { + if (get_file_creation_date(first_file, first_time_buf)) + { + first_time = first_time_buf; + } + else + { + first_time = "0000-00-00T00:00:00Z"; + } + } + first_eid = add_event(this, first_time); + + if (!first_eid) + { + destroy(this); + return NULL; + } + DBG0(DBG_IMC, "First-Date: %s, eid = %u, epoch = %u", + first_time, first_eid, this->epoch); + } + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_db.h b/src/sw-collector/sw_collector_db.h new file mode 100644 index 000000000..e3b56af93 --- /dev/null +++ b/src/sw-collector/sw_collector_db.h @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_db_t sw_collector_db + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_DB_H_ +#define SW_COLLECTOR_DB_H_ + +#include <library.h> + +typedef struct sw_collector_db_t sw_collector_db_t; +typedef enum sw_collector_db_query_t sw_collector_db_query_t; + +/** + * Type of software identifier queries + */ +enum sw_collector_db_query_t { + SW_QUERY_ALL, + SW_QUERY_INSTALLED, + SW_QUERY_REMOVED +}; + +/** + * Software collector database object + */ +struct sw_collector_db_t { + + /** + * bAdd event to database + * + * @param timestamp Timestamp in 20 octet RFC 3339 format + * @return Primary key pointing to event ID or 0 if failed + */ + uint32_t (*add_event)(sw_collector_db_t *this, char *timestamp); + + /** + * Get last event, zero EID if none exists + * + * @param eid Primary key pointing to last event + * @param epoch Epoch + * @param last_time Timestamp in 20 octet RFC 3339 format of last event + * @return + */ + bool (*get_last_event)(sw_collector_db_t *this, uint32_t *eid, + uint32_t *epoch, char **last_time); + + /** + * Add software identifier event to database + * + * @param eid Foreign key pointing to an event ID + * @param sw_id Foreign key pointing to a software identifier + * @param action 1 for CREATION, 2 for deletion + * @return TRUE if successful + */ + bool (*add_sw_event)(sw_collector_db_t *this, uint32_t eid, uint32_t sw_id, + uint8_t action); + + /** + * Set software_identifier, checking if the identifier already exists + * + * @param name Software identifier + * @param package Software package + * @param version Version of software package + * @param source Source ID of the software collector + * @param installed Installation status to be set, TRUE if installed + * @return Primary key pointing to SW ID or 0 if failed + */ + uint32_t (*set_sw_id)(sw_collector_db_t *this, char *name, char *package, + char *version, uint8_t source, bool installed); + + /** + * Get software_identifier record + * + * @param name Software identifier + * @param package Software package + * @param version Version of software package + * @param source Source ID of the software collector + * @param installed Installation status + * @return Primary key pointing to SW ID or 0 if failed + */ + uint32_t (*get_sw_id)(sw_collector_db_t *this, char *name, char **package, + char **version, uint8_t *source, bool *installed); + + /** + * Get number of installed or removed software identifiers + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @return Count + */ + uint32_t (*get_sw_id_count)(sw_collector_db_t *this, + sw_collector_db_query_t type); + + /** + * Update the software identifier version + * + * @param sw_id Primary key of software identifier + * @param name Software identifier + * @param version Package version + * @param installed Installation status + * @return TRUE if update successful + */ + bool (*update_sw_id)(sw_collector_db_t *this, uint32_t sw_id, char *name, + char *version, bool installed); + + /** + * Update the package name + * + * @param package_filter Package name[s] to be changed + * @param package New package name + * @return TRUE if update successful + */ + int (*update_package)(sw_collector_db_t *this, char *package_filter, + char *package); + + /** + * Enumerate over all collected [installed] software identities + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @param package If not NULL enumerate over all package versions + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_db_t *this, + sw_collector_db_query_t type, + char *package); + + /** + * Destroy sw_collector_db_t object + */ + void (*destroy)(sw_collector_db_t *this); + +}; + +/** + * Create an sw_collector_db_t instance + * + * @param uri database URI + */ +sw_collector_db_t* sw_collector_db_create(char *uri); + +#endif /** SW_COLLECTOR_DB_H_ @}*/ diff --git a/src/sw-collector/sw_collector_dpkg.c b/src/sw-collector/sw_collector_dpkg.c new file mode 100644 index 000000000..b5a858297 --- /dev/null +++ b/src/sw-collector/sw_collector_dpkg.c @@ -0,0 +1,152 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "sw_collector_dpkg.h" + +typedef struct private_sw_collector_dpkg_t private_sw_collector_dpkg_t; + +/** + * Private data of an sw_collector_dpkg_t object. + */ +struct private_sw_collector_dpkg_t { + + /** + * Public members of sw_collector_dpkg_state_t + */ + sw_collector_dpkg_t public; + +}; + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** dpkg output stream */ + FILE *file; + /** current dpkg output line */ + char line[BUF_LEN]; +} dpkg_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + dpkg_enumerator_t *this, va_list args) +{ + char **package, **arch, **version, *state, *pos; + + VA_ARGS_VGET(args, package, arch, version); + + while (TRUE) + { + if (!fgets(this->line, BUF_LEN, this->file)) + { + return FALSE; + } + + *package = this->line; + pos = strchr(this->line, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + *arch = ++pos; + pos = strchr(pos, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + *version = ++pos; + pos = strchr(pos, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + state = ++pos; + pos = strchr(pos, '\n'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + if (streq(state, "install ok installed")) + { + return TRUE; + } + } +} + +METHOD(enumerator_t, enumerator_destroy, void, + dpkg_enumerator_t *this) +{ + pclose(this->file); + free(this); +} + +METHOD(sw_collector_dpkg_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_dpkg_t *this) +{ + dpkg_enumerator_t *enumerator; + char cmd[] = "dpkg-query -W -f=" + "\'${Package}\t${Architecture}\t${Version}\t${Status}\n\'"; + FILE *file; + + file = popen(cmd, "r"); + if (!file) + { + DBG1(DBG_IMC, "failed to run dpgk-query command"); + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .file = file, + ); + + return &enumerator->public; +} + +METHOD(sw_collector_dpkg_t, destroy, void, + private_sw_collector_dpkg_t *this) +{ + free(this); +} + +/** + * Described in header. + */ +sw_collector_dpkg_t *sw_collector_dpkg_create(void) +{ + private_sw_collector_dpkg_t *this; + + INIT(this, + .public = { + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_dpkg.h b/src/sw-collector/sw_collector_dpkg.h new file mode 100644 index 000000000..eab792e8a --- /dev/null +++ b/src/sw-collector/sw_collector_dpkg.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_dpkg_t sw_collector_dpkg + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_DPKG_H_ +#define SW_COLLECTOR_DPKG_H_ + +#include <library.h> + +typedef struct sw_collector_dpkg_t sw_collector_dpkg_t; + +/** + * Software collector dpkg object + */ +struct sw_collector_dpkg_t { + + /** + * List of installed software identifiers managed by the + * Debian "dpkg" package manager + * + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_dpkg_t *this); + + /** + * Destroy sw_collector_dpkg_t object + */ + void (*destroy)(sw_collector_dpkg_t *this); + +}; + +/** + * Create an sw_collector_dpkg_t instance + */ +sw_collector_dpkg_t* sw_collector_dpkg_create(void); + +#endif /** SW_COLLECTOR_DPKG_H_ @}*/ diff --git a/src/sw-collector/sw_collector_history.c b/src/sw-collector/sw_collector_history.c new file mode 100644 index 000000000..f1fd9f60f --- /dev/null +++ b/src/sw-collector/sw_collector_history.c @@ -0,0 +1,519 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <time.h> + +#include "sw_collector_history.h" +#include "sw_collector_dpkg.h" + +#include <swima/swima_event.h> +#include <swid_gen/swid_gen_info.h> + +typedef struct private_sw_collector_history_t private_sw_collector_history_t; + +/** + * Private data of an sw_collector_history_t object. + */ +struct private_sw_collector_history_t { + + /** + * Public members of sw_collector_history_state_t + */ + sw_collector_history_t public; + + /** + * Software Event Source Number + */ + uint8_t source; + + /** + * Reference to OS info object + */ + swid_gen_info_t *info; + + /** + * Reference to collector database + */ + sw_collector_db_t *db; + +}; + +/** + * Define auxiliary package_t list item object + */ +typedef struct package_t package_t; + +struct package_t { + char *package; + char *version; + char *old_version; + char *sw_id; + char *old_sw_id; +}; + +/** + * Create package_t list item object + */ +static package_t* create_package(swid_gen_info_t *info, chunk_t package, + chunk_t version, chunk_t old_version) +{ + package_t *this; + + INIT(this, + .package = strndup(package.ptr, package.len), + .version = strndup(version.ptr, version.len), + .old_version = strndup(old_version.ptr, old_version.len), + ) + + this->sw_id = info->create_sw_id(info, this->package, this->version); + if (old_version.len) + { + this->old_sw_id = info->create_sw_id(info, this->package, + this->old_version); + } + + return this; +} + +/** + * Free package_t list item object + */ +static void free_package(package_t *this) +{ + if (this) + { + free(this->package); + free(this->version); + free(this->old_version); + free(this->sw_id); + free(this->old_sw_id); + free(this); + } +} + +/** + * Extract and parse a single package item + */ +static package_t* extract_package(chunk_t item, swid_gen_info_t *info, + sw_collector_history_op_t op) +{ + chunk_t package, package_stripped, version, old_version; + package_t *p; + + /* extract package name */ + if (!extract_token(&package, ' ', &item)) + { + fprintf(stderr, "version not found.\n"); + return NULL; + } + item = chunk_skip(item, 1); + + /* strip architecture suffix if present */ + if (extract_token(&package_stripped, ':', &package)) + { + package = package_stripped; + } + + /* extract versions */ + version = old_version = chunk_empty; + + if (item.len > 0) + { + if (extract_token(&version, ',', &item)) + { + eat_whitespace(&item); + if (!match("automatic", &item)) + { + old_version = version; + version = item; + } + } + else + { + version = item; + } + } + p = create_package(info, package, version, old_version); + + /* generate log entry */ + if (op == SW_OP_UPGRADE) + { + DBG2(DBG_IMC, " %s (%s, %s)", p->package, p->old_version, p->version); + DBG2(DBG_IMC, " +%s", p->sw_id); + DBG2(DBG_IMC, " -%s", p->old_sw_id); + } + else + { + DBG2(DBG_IMC, " %s (%s)", p->package, p->version); + DBG2(DBG_IMC, " %s%s", (op == SW_OP_INSTALL) ? "+" : "-", p->sw_id); + } + + return p; +} + +METHOD(sw_collector_history_t, extract_timestamp, bool, + private_sw_collector_history_t *this, chunk_t args, char *buf) +{ + struct tm loc, utc; + chunk_t t1, t2; + time_t t; + + /* Break down local time with format t1 = yyyy-mm-dd and t2 = hh:mm:ss */ + if (!eat_whitespace(&args) || !extract_token(&t1, ' ', &args) || + !eat_whitespace(&args) || t1.len != 10 || args.len != 8) + { + DBG1(DBG_IMC, "unable to parse start-date"); + return FALSE; + } + t2 = args; + + if (sscanf(t1.ptr, "%4d-%2d-%2d", + &loc.tm_year, &loc.tm_mon, &loc.tm_mday) != 3) + { + DBG1(DBG_IMC, "unable to parse date format yyyy-mm-dd"); + return FALSE; + } + loc.tm_year -= 1900; + loc.tm_mon -= 1; + loc.tm_isdst = -1; + + if (sscanf(t2.ptr, "%2d:%2d:%2d", + &loc.tm_hour, &loc.tm_min, &loc.tm_sec) != 3) + { + DBG1(DBG_IMC, "unable to parse time format hh:mm:ss"); + return FALSE; + } + + /* Convert from local time to UTC */ + t = mktime(&loc); + gmtime_r(&t, &utc); + utc.tm_year += 1900; + utc.tm_mon += 1; + + /* Form timestamp according to RFC 3339 (20 characters) */ + snprintf(buf, 21, "%4d-%02d-%02dT%02d:%02d:%02dZ", + utc.tm_year, utc.tm_mon, utc.tm_mday, + utc.tm_hour, utc.tm_min, utc.tm_sec); + + return TRUE; +} + +METHOD(sw_collector_history_t, extract_packages, bool, + private_sw_collector_history_t *this, chunk_t args, uint32_t eid, + sw_collector_history_op_t op) +{ + bool success = FALSE; + package_t *p = NULL; + chunk_t item; + + eat_whitespace(&args); + + while (extract_token(&item, ')', &args)) + { + char *del_sw_id = NULL, *del_version = NULL; + char *nx, *px, *vx, *v1; + bool installed; + u_int sw_idx, ix; + uint32_t sw_id, sw_id_epoch_less = 0; + enumerator_t *e; + + p = extract_package(item, this->info, op); + if (!p) + { + goto end; + } + + /* packages without version information cannot be handled */ + if (strlen(p->version) == 0) + { + free_package(p); + continue; + } + + switch (op) + { + case SW_OP_REMOVE: + /* prepare subsequent deletion sw event */ + del_sw_id = p->sw_id; + del_version = p->version; + break; + case SW_OP_UPGRADE: + /* prepare subsequent deletion sw event */ + del_sw_id = p->old_sw_id; + del_version = p->old_version; + /* fall through to next case */ + case SW_OP_INSTALL: + sw_id = this->db->get_sw_id(this->db, p->sw_id, NULL, NULL, + NULL, &installed); + if (sw_id) + { + /* sw identifier exists - update state to 'installed' */ + if (installed) + { + /* this case should not occur */ + DBG1(DBG_IMC, " warning: sw_id %d is already " + "installed", sw_id); + } + else if (!this->db->update_sw_id(this->db, sw_id, NULL, + NULL, TRUE)) + { + goto end; + } + } + else + { + /* new sw identifier - create with state 'installed' */ + sw_id = this->db->set_sw_id(this->db, p->sw_id, p->package, + p->version, this->source, TRUE); + if (!sw_id) + { + goto end; + } + } + + /* add creation sw event with current eid */ + if (!this->db->add_sw_event(this->db, eid, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + goto end; + } + break; + } + + if (op != SW_OP_INSTALL) + { + sw_id = 0; + + /* look for existing installed package versions */ + e = this->db->create_sw_enumerator(this->db, SW_QUERY_INSTALLED, + p->package); + if (!e) + { + goto end; + } + + while (e->enumerate(e, &sw_idx, &nx, &px, &vx, &ix)) + { + if (streq(vx, del_version)) + { + /* full match with epoch */ + sw_id = sw_idx; + break; + } + v1 = strchr(vx, ':'); + if (v1 && streq(++v1, del_version)) + { + /* match with stripped epoch */ + sw_id_epoch_less = sw_idx; + } + } + e->destroy(e); + + if (!sw_id && sw_id_epoch_less) + { + /* no full match - fall back to epoch-less match */ + sw_id = sw_id_epoch_less; + } + if (sw_id) + { + /* sw identifier exists - update state to 'removed' */ + if (!this->db->update_sw_id(this->db, sw_id, NULL, NULL, FALSE)) + { + goto end; + } + } + else + { + /* new sw identifier - create with state 'removed' */ + sw_id = this->db->set_sw_id(this->db, del_sw_id, p->package, + del_version, this->source, FALSE); + + /* add creation sw event with eid = 1 */ + if (!sw_id || !this->db->add_sw_event(this->db, 1, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + goto end; + } + } + + /* add creation sw event with current eid */ + if (!this->db->add_sw_event(this->db, eid, sw_id, + SWIMA_EVENT_ACTION_DELETION)) + { + goto end; + } + } + free_package(p); + + if (args.len < 2) + { + break; + } + args = chunk_skip(args, 2); + } + p = NULL; + success = TRUE; + +end: + free_package(p); + + return success; +} + +METHOD(sw_collector_history_t, merge_installed_packages, bool, + private_sw_collector_history_t *this) +{ + uint32_t sw_id, count = 0; + char *package, *arch, *version, *v1, *name, *n1; + bool installed, success = FALSE; + sw_collector_dpkg_t *dpkg; + enumerator_t *enumerator; + + DBG1(DBG_IMC, "Merging:"); + + dpkg = sw_collector_dpkg_create(); + if (!dpkg) + { + return FALSE; + } + + enumerator = dpkg->create_sw_enumerator(dpkg); + while (enumerator->enumerate(enumerator, &package, &arch, &version)) + { + name = this->info->create_sw_id(this->info, package, version); + DBG3(DBG_IMC, " %s merged", name); + + sw_id = this->db->get_sw_id(this->db, name, NULL, NULL, NULL, + &installed); + if (sw_id) + { + if (!installed) + { + DBG1(DBG_IMC, " warning: existing sw_id %u" + " is not installed", sw_id); + + if (!this->db->update_sw_id(this->db, sw_id, name, version, + TRUE)) + { + free(name); + goto end; + } + } + } + else + { + /* check for a Debian epoch number */ + v1 = strchr(version, ':'); + if (v1) + { + /* check for existing and installed epoch-less version */ + n1 = this->info->create_sw_id(this->info, package, ++v1); + sw_id = this->db->get_sw_id(this->db, n1, NULL, NULL, NULL, + &installed); + free(n1); + + if (sw_id && installed) + { + /* add epoch to existing version */ + if (!this->db->update_sw_id(this->db, sw_id, name, version, + installed)) + { + free(name); + goto end; + } + } + else + { + sw_id = 0; + } + } + } + + if (!sw_id) + { + /* new sw identifier - create with state 'installed' */ + sw_id = this->db->set_sw_id(this->db, name, package, version, + this->source, TRUE); + + /* add creation sw event with eid = 1 */ + if (!sw_id || !this->db->add_sw_event(this->db, 1, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + free(name); + goto end; + } + + } + free(name); + count++; + } + success = TRUE; + + DBG1(DBG_IMC, " merged %u installed packages, %u registered in database", + count, this->db->get_sw_id_count(this->db, SW_QUERY_INSTALLED)); + +end: + enumerator->destroy(enumerator); + dpkg->destroy(dpkg); + + return success; +} + +METHOD(sw_collector_history_t, destroy, void, + private_sw_collector_history_t *this) +{ + this->info->destroy(this->info); + free(this); +} + +/** + * Described in header. + */ +sw_collector_history_t *sw_collector_history_create(sw_collector_db_t *db, + uint8_t source) +{ + private_sw_collector_history_t *this; + swid_gen_info_t *info; + os_type_t os_type; + char *os; + + info = swid_gen_info_create(); + + /* check if OS supports apg/dpkg history logs */ + info->get_os(info, &os); + os_type = info->get_os_type(info); + if (os_type != OS_TYPE_DEBIAN && os_type != OS_TYPE_UBUNTU) + { + DBG1(DBG_IMC, "%.*s not supported", os); + info->destroy(info); + return NULL; + } + + INIT(this, + .public = { + .extract_timestamp = _extract_timestamp, + .extract_packages = _extract_packages, + .merge_installed_packages = _merge_installed_packages, + .destroy = _destroy, + }, + .source = source, + .info = info, + .db = db, + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_history.h b/src/sw-collector/sw_collector_history.h new file mode 100644 index 000000000..aa354e8f4 --- /dev/null +++ b/src/sw-collector/sw_collector_history.h @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_history_t sw_collector_history + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_HISTORY_H_ +#define SW_COLLECTOR_HISTORY_H_ + +#include "sw_collector_db.h" + +#include <library.h> +#include <utils/debug.h> +#include <utils/lexparser.h> + +typedef struct sw_collector_history_t sw_collector_history_t; +typedef enum sw_collector_history_op_t sw_collector_history_op_t; + +/** + * Define major history event operations + */ +enum sw_collector_history_op_t { + SW_OP_INSTALL, + SW_OP_UPGRADE, + SW_OP_REMOVE +}; + +/** + * Software collector history object + */ +struct sw_collector_history_t { + + /** + * Extract timestamp from event in installation history + * + * @param args Arguments to be processed + * @param buf timestamp buffer for 21 byte RFC 3339 string + * @return TRUE if extraction succeeded + */ + bool (*extract_timestamp)(sw_collector_history_t *this, chunk_t args, + char *buf); + + /** + * Extract packages from event in installation history + * + * @param args Arguments to be processed + * @param eid Primary key pointing to current event + * @param op Extraction operation + * @return TRUE if extraction succeeded + */ + bool (*extract_packages)(sw_collector_history_t *this, chunk_t args, + uint32_t eid, sw_collector_history_op_t op); + + /** + * Merge packages from initial installation + * + * @return TRUE if merge succeeded + */ + bool (*merge_installed_packages)(sw_collector_history_t *this); + + /** + * Destroy sw_collector_history_t object + */ + void (*destroy)(sw_collector_history_t *this); + +}; + +/** + * Create an sw_collector_history_t instance + * + * @param db Internal reference to collector database + * @param source Software event source number + */ +sw_collector_history_t* sw_collector_history_create(sw_collector_db_t *db, + uint8_t source); + +#endif /** SW_COLLECTOR_HISTORY_H_ @}*/ diff --git a/src/sw-collector/sw_collector_rest_api.c b/src/sw-collector/sw_collector_rest_api.c new file mode 100644 index 000000000..6b9b7b96a --- /dev/null +++ b/src/sw-collector/sw_collector_rest_api.c @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "sw_collector_rest_api.h" + +#include <rest/rest.h> +#include <utils/debug.h> + +typedef struct private_sw_collector_rest_api_t private_sw_collector_rest_api_t; + +/** + * Private data of an sw_collector_rest_api_t object. + */ +struct private_sw_collector_rest_api_t { + + /** + * Public members of sw_collector_rest_api_state_t + */ + sw_collector_rest_api_t public; + + /** + * Software collector database + */ + sw_collector_db_t *db; + + /** + * REST API of central collector database + */ + rest_t *rest_api; + +}; + +/** + * Put all locally retrieved software identifiers into a json object + */ +static json_object* create_rest_request(private_sw_collector_rest_api_t *this, + sw_collector_db_query_t type) +{ + json_object *jrequest, *jarray, *jstring; + char *name, *package, *version; + uint32_t sw_id, i; + enumerator_t *e; + + jrequest = json_object_new_object(); + jarray = json_object_new_array(); + json_object_object_add(jrequest, "data", jarray); + + e = this->db->create_sw_enumerator(this->db, type, NULL); + if (!e) + { + return NULL; + } + while (e->enumerate(e, &sw_id, &name, &package, &version, &i)) + { + jstring = json_object_new_string(name); + json_object_array_add(jarray, jstring); + } + e->destroy(e); + + return jrequest; +} + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** enumerated json array */ + json_object *jarray; + /** current index +1, initialized at 0 */ + int idx; +} json_array_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + json_array_enumerator_t *this, va_list args) +{ + json_object *jvalue; + char **out; + + VA_ARGS_VGET(args, out); + + if (this->idx >= json_object_array_length(this->jarray)) + { + return FALSE; + } + + jvalue = json_object_array_get_idx(this->jarray, this->idx++); + if (json_object_get_type(jvalue) != json_type_string) + { + DBG1(DBG_IMC, "json_string element expected in json_array"); + return FALSE; + } + *out = (char*)json_object_get_string(jvalue); + + return TRUE; +} + +METHOD(enumerator_t, enumerator_destroy, void, + json_array_enumerator_t *this) +{ + json_object_put(this->jarray); + free(this); +} + +METHOD(sw_collector_rest_api_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_rest_api_t *this, sw_collector_db_query_t type) +{ + json_array_enumerator_t *enumerator; + json_object *jrequest, *jresponse; + char cmd[BUF_LEN]; + status_t status; + + jrequest = create_rest_request(this, type); + if (!jrequest) + { + return NULL; + } + snprintf(cmd, BUF_LEN, "sessions/0/swid-measurement/"); + + status = this->rest_api->post(this->rest_api, cmd, jrequest, &jresponse); + json_object_put(jrequest); + + switch (status) + { + case SUCCESS: + case NOT_FOUND: + jresponse = json_object_new_array(); + break; + case NEED_MORE: + if (json_object_get_type(jresponse) != json_type_array) + { + DBG1(DBG_IMC, "REST response was not a json_array"); + json_object_put(jresponse); + return NULL; + } + break; + case FAILED: + default: + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .jarray = jresponse, + ); + + return &enumerator->public; +} + +METHOD(sw_collector_rest_api_t, destroy, void, + private_sw_collector_rest_api_t *this) +{ + this->rest_api->destroy(this->rest_api); + free(this); +} + +/** + * Described in header. + */ +sw_collector_rest_api_t *sw_collector_rest_api_create(sw_collector_db_t *db) +{ + private_sw_collector_rest_api_t *this; + int timeout; + char *uri; + + uri = lib->settings->get_str(lib->settings, "%s.rest_api.uri", NULL, + lib->ns); + timeout = lib->settings->get_int(lib->settings, "%s.rest_api.timeout", 120, + lib->ns); + if (!uri) + { + DBG1(DBG_IMC, "REST URI to central collector database not set"); + return NULL; + } + + INIT(this, + .public = { + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + .db = db, + .rest_api = rest_create(uri, timeout), + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_rest_api.h b/src/sw-collector/sw_collector_rest_api.h new file mode 100644 index 000000000..fe142fc66 --- /dev/null +++ b/src/sw-collector/sw_collector_rest_api.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_rest_api_t sw_collector_rest_api + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_REST_API_H_ +#define SW_COLLECTOR_REST_API_H_ + +#include "sw_collector_db.h" + +typedef struct sw_collector_rest_api_t sw_collector_rest_api_t; + +/** + * Software collector REST API object + */ +struct sw_collector_rest_api_t { + + /** + * List of locally stored software identifiers that are not registered + * in a central collector database + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_rest_api_t *this, + sw_collector_db_query_t type); + + /** + * Destroy sw_collector_rest_api_t object + */ + void (*destroy)(sw_collector_rest_api_t *this); + +}; + +/** + * Create an sw_collector_rest_api_t instance + * + * @param db Software collector database to be used + */ +sw_collector_rest_api_t* sw_collector_rest_api_create(sw_collector_db_t *db); + +#endif /** SW_COLLECTOR_REST_API_H_ @}*/ diff --git a/src/sw-collector/sw_collector_tables.sql b/src/sw-collector/sw_collector_tables.sql new file mode 100644 index 000000000..b7b430b3c --- /dev/null +++ b/src/sw-collector/sw_collector_tables.sql @@ -0,0 +1,31 @@ +/* SQLit database for an Endpoint Collector */ + +DROP TABLE IF EXISTS "events"; +CREATE TABLE "events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "epoch" INTEGER NOT NULL, + "timestamp" CHAR(20) NOT NULL +); + +DROP TABLE IF EXISTS "sw_identifiers"; +CREATE TABLE "sw_identifiers" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "name" VARCHAR(255) NOT NULL, + "package" VARCHAR(255) NOT NULL, + "version" VARCHAR(255) NOT NULL, + "source" INTEGER DEFAULT 0, + "installed" INTEGER DEFAULT 1, + "tag" TEXT + ); +DROP INDEX IF EXISTS "sw_identifiers_name"; +CREATE INDEX "sw_identifiers_name" ON "sw_identifiers" ( + "name" +); + +DROP TABLE IF EXISTS "sw_events"; +CREATE TABLE "sw_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "eid" INTEGER REFERENCES "events" ("id"), + "sw_id" INTEGER NOT NULL REFERENCES "sw_identifiers" ("id"), + "action" INTEGER NOT NULL +); diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 2fc998262..19815c51a 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -64,6 +64,7 @@ maintainer-clean-local: install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true + test -e "$(DESTDIR)$(swanctldir)/conf.d" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/conf.d" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index b5313a37d..6da739b88 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -330,8 +330,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -432,6 +430,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -460,6 +460,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1039,6 +1043,7 @@ maintainer-clean-local: install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true + test -e "$(DESTDIR)$(swanctldir)/conf.d" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/conf.d" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/command.c b/src/swanctl/command.c index fd9bc0083..7f65d2b0e 100644 --- a/src/swanctl/command.c +++ b/src/swanctl/command.c @@ -315,6 +315,10 @@ int command_dispatch(int c, char *v[]) { int op, i; + uri = lib->settings->get_str(lib->settings, "%s.socket", + lib->settings->get_str(lib->settings, "%s.plugins.vici.socket", + NULL, lib->ns), lib->ns); + options = options_create(); atexit(cleanup); active = help_idx = registered; diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index b2045a3d8..1ff5ee8fb 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -151,6 +151,9 @@ # IKE identity to expect for authentication round. # id = %any + # Identity to use as peer identity during EAP authentication. + # eap_id = id + # Authorization group memberships to require. # groups = @@ -502,3 +505,6 @@ # } +# Include config snippets +include conf.d/*.conf + diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 9f4044d7e..d1aced493 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -569,6 +569,13 @@ IKE identity to expect for authentication round. Refer to the section for details. .TP +.BR connections.<conn>.remote<suffix>.eap_id " [id]" +Identity to use as peer identity during EAP authentication. If set to +.RI "" "%any" "" +the +EAP\-Identity method will be used to ask the client for an identity. + +.TP .BR connections.<conn>.remote<suffix>.groups " []" Comma separated authorization group memberships to require. The peer must prove membership to at least one of the specified groups. Group membership can be @@ -1050,9 +1057,14 @@ Netfilter mark and mask for input traffic. On Linux Netfilter may require marks on each packet to match an SA having that option set. This allows Netfilter rules to select specific tunnels for incoming traffic. The special value .RI "" "%unique" "" -sets a unique mark on each CHILD_SA instance. - -An additional mask may be appended to the mark, separated by _/_. The default +sets a unique mark on each CHILD_SA instance, beyond that the value +.RI "" "%unique\-dir" "" +assigns a different unique mark for each CHILD_SA direction +(in/out). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default mask if omitted is 0xffffffff. .TP @@ -1061,9 +1073,14 @@ Netfilter mark and mask for output traffic. On Linux Netfilter may require marks on each packet to match a policy having that option set. This allows Netfilter rules to select specific tunnels for outgoing traffic. The special value .RI "" "%unique" "" -sets a unique mark on each CHILD_SA instance. - -An additional mask may be appended to the mark, separated by _/_. The default +sets a unique mark on each CHILD_SA instance, beyond that the value +.RI "" "%unique\-dir" "" +assigns a different unique mark for each CHILD_SA direction +(in/out). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default mask if omitted is 0xffffffff. .TP diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 7e204db61..d0a0d21dd 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -460,6 +460,12 @@ connections.<conn>.remote<suffix>.id = %any IKE identity to expect for authentication round. Refer to the _local_ _id_ section for details. +connections.<conn>.remote<suffix>.eap_id = id + Identity to use as peer identity during EAP authentication. + + Identity to use as peer identity during EAP authentication. If set to _%any_ + the EAP-Identity method will be used to ask the client for an identity. + connections.<conn>.remote<suffix>.groups = Authorization group memberships to require. @@ -864,7 +870,9 @@ connections.<conn>.children.<child>.mark_in = 0/0x00000000 Netfilter mark and mask for input traffic. On Linux Netfilter may require marks on each packet to match an SA having that option set. This allows Netfilter rules to select specific tunnels for incoming traffic. The - special value _%unique_ sets a unique mark on each CHILD_SA instance. + special value _%unique_ sets a unique mark on each CHILD_SA instance, + beyond that the value _%unique-dir_ assigns a different unique mark for each + CHILD_SA direction (in/out). An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. @@ -875,7 +883,9 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000 Netfilter mark and mask for output traffic. On Linux Netfilter may require marks on each packet to match a policy having that option set. This allows Netfilter rules to select specific tunnels for outgoing traffic. The - special value _%unique_ sets a unique mark on each CHILD_SA instance. + special value _%unique_ sets a unique mark on each CHILD_SA instance, + beyond that the value _%unique-dir_ assigns a different unique mark for each + CHILD_SA direction (in/out). An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. @@ -1152,3 +1162,5 @@ authorities.<name>.cert_uri_base = built by appending the SHA1 hash of the DER encoded certificates to this base URI. +include conf.d/*.conf + Include config snippets diff --git a/testing/Makefile.in b/testing/Makefile.in index af153d3ea..3f6f1e4dd 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/testing/do-tests b/testing/do-tests index 60c34c798..e3fd9b464 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -49,6 +49,25 @@ passed_cnt="0" subdir_cnt="0" ############################################################################## +# parse optional arguments +# +while getopts "v" opt +do + case "$opt" in + v) + verbose=YES + ;; + esac +done +shift $((OPTIND-1)) + + +function print_time() +{ + [ "$verbose" == "YES" ] && echo "$(date +%T.%N) ~ " +} + +############################################################################## # copy default tests to $BUILDDIR # @@ -207,12 +226,16 @@ for SUBDIR in $TESTS do SUBTESTS="`basename $SUBDIR`" - if [ $SUBTESTS = $SUBDIR ] - then - SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" - else - SUBDIR="`dirname $SUBDIR`" - fi + if [ $SUBTESTS = $SUBDIR ] + then + SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" + else + if [[ $SUBTESTS == *'*'* ]] + then + SUBTESTS="`basename -a $DEFAULTTESTSDIR/$SUBDIR`" + fi + SUBDIR="`dirname $SUBDIR`" + fi if [ ! -d $TODAYDIR/$SUBDIR ] then @@ -326,7 +349,7 @@ do host=`echo $host_iface | awk -F ":" '{print $1}'` iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` tcpdump_cmd="tcpdump -l $TCPDUMP_IM -i $iface not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log &" - echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG + echo "$(print_time)${host}# $tcpdump_cmd" >> $CONSOLE_LOG ssh $SSHCONF root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` eval TDUP_${host}="true" done @@ -381,7 +404,7 @@ do eval `awk -F "::" '{ if ($1 !~ /^#.*/ && $2 != "") { - printf("echo \"%s# %s\"; ", $1, $2) + printf("echo \"$(print_time)%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) printf("echo;\n") } @@ -395,7 +418,7 @@ do function stop_tcpdump { # wait for packets to get processed, but don't wait longer than 1s eval ssh $SSHCONF root@\$ipv4_${1} "\"i=100; while [ \\\$i -gt 0 ]; do pkill -USR1 tcpdump; tail -1 /tmp/tcpdump.err.log | perl -n -e '/(\\d+).*?(\\d+)/; exit (\\\$1 == \\\$2)' || break; sleep 0.01; i=\\\$((\\\$i-1)); done;\"" - echo "${1}# killall tcpdump" >> $CONSOLE_LOG + echo "$(print_time)${1}# killall tcpdump" >> $CONSOLE_LOG eval ssh $SSHCONF root@\$ipv4_${1} "\"killall tcpdump; while true; do killall -q -0 tcpdump || break; sleep 0.01; done;\"" eval TDUP_${1}="false" echo "" >> $CONSOLE_LOG @@ -412,29 +435,50 @@ do STATUS="passed" eval `awk -F "::" '{ - host=$1 - command=$2 - pattern=$3 - hit=$4 - if (host !~ /^#.*/ && command != "") - { + host=$1 + command=$2 + pattern=$3 + hit=$4 + if (host ~ /^#.*/ || command == "") + { + next + } + printf("cmd_err=\044(tempfile -p test -s err); ") if (command == "tcpdump") { - printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) - printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) - printf("ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern) + printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) + printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"); ", host, pattern) } else { - printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) - printf("ssh \044SSHCONF root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern) + printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s %s 2>\044cmd_err | grep \"%s\"); ", host, command, pattern) } printf("cmd_exit=\044?; ") + printf("cmd_fail=0; ") + if (hit ~ /^[0-9]+$/) + { + printf("if [ \044(echo \"\044cmd_out\" | wc -l) -ne %d ] ", hit) + } + else + { + printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) + printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) + } + printf("; then STATUS=\"failed\"; cmd_fail=1; fi; \n") + + printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~ FAIL ~~~~~~~\"; fi; \n") + if (command == "tcpdump") + { + printf("echo \"$(print_time)%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) + } + else + { + printf("echo \"$(print_time)%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) + } + printf("if [ -n \"\044cmd_out\" ]; then echo \"\044cmd_out\"; fi; \n") + printf("cat \044cmd_err; rm -f -- \044cmd_err; \n") + printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n") printf("echo; ") - printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) - printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) - printf("; then STATUS=\"failed\"; fi; \n") - } }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 @@ -718,7 +762,7 @@ do eval `awk -F "::" '{ if ($1 !~ /^#.*/ && $2 != "") { - printf("echo \"%s# %s\"; ", $1, $2) + printf("echo \"$(print_time)%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) printf("echo;\n") } diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/alice/etc/strongswan.conf +++ b/testing/hosts/alice/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/bob/etc/strongswan.conf +++ b/testing/hosts/bob/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/carol/etc/strongswan.conf +++ b/testing/hosts/carol/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/dave/etc/strongswan.conf +++ b/testing/hosts/dave/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/default/usr/local/bin/init_collector b/testing/hosts/default/usr/local/bin/init_collector new file mode 100755 index 000000000..c522de874 --- /dev/null +++ b/testing/hosts/default/usr/local/bin/init_collector @@ -0,0 +1,4 @@ +#! /bin/sh + +cat /usr/local/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/db.d/collector.db +LEAK_DETECTIVE_DISABLE=1 /usr/local/sbin/sw-collector diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/moon/etc/strongswan.conf +++ b/testing/hosts/moon/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/sun/etc/strongswan.conf +++ b/testing/hosts/sun/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/venus/etc/strongswan.conf +++ b/testing/hosts/venus/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages index 43a71b921..7dd7188c2 100755 --- a/testing/scripts/build-guestimages +++ b/testing/scripts/build-guestimages @@ -48,11 +48,11 @@ do execute "cp -rf $HOSTSDIR/${host}/etc $LOOPDIR" 0 execute "cp -rf $HOSTSDIR/default/* $LOOPDIR" 0 execute_chroot "ldconfig" 0 + execute "mkdir $LOOPDIR/etc/pts" 0 if [ "$host" = "alice" ] then execute "mkdir $LOOPDIR/var/log/apache2/tnc" 0 - execute "mkdir $LOOPDIR/etc/pts" 0 execute_chroot "chgrp www-data /etc/pts" 0 execute_chroot "chmod g+w /etc/pts" 0 fi diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan index 8c6ecaafd..d4e9e922f 100755 --- a/testing/scripts/build-strongswan +++ b/testing/scripts/build-strongswan @@ -51,6 +51,7 @@ do_on_exit umount $LOOPDIR/root/strongswan log_action "Remove SWID tags of previous versions" execute_chroot 'find /usr/local/share/regid.2004-03.org.strongswan -name *.swidtag -delete' +execute_chroot 'find /usr/local/share/strongswan -name *.swidtag -delete' echo "Building and installing strongSwan" diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index a5b2d8060..3c5f41834 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -56,6 +56,8 @@ CONFIG_OPTS = \ --enable-imv-attestation \ --enable-imc-swid \ --enable-imv-swid \ + --enable-imc-swima \ + --enable-imv-swima \ --enable-imc-hcd \ --enable-imv-hcd \ --enable-sql \ diff --git a/testing/testing.conf b/testing/testing.conf index eeb69ea3d..e22afc3e4 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -31,7 +31,7 @@ fi : ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.5.3} +: ${SWANVERSION=5.6.0} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ikev2/net2net-rekey/description.txt b/testing/tests/ikev2/net2net-rekey/description.txt new file mode 100644 index 000000000..c3122a76f --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/description.txt @@ -0,0 +1,10 @@ +A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. +The authentication is based on <b>X.509 certificates</b>. Upon the successful +establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +After a while the CHILD_SA is rekeyed by <b>moon</b> (after a deliberately short +time in this test scenario). +In order to test both tunnel and firewall after the rekeying, client <b>alice</b> +behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> +twice, once right after the rekeying and once after the old inbound SA has been +deleted. diff --git a/testing/tests/ikev2/net2net-rekey/evaltest.dat b/testing/tests/ikev2/net2net-rekey/evaltest.dat new file mode 100644 index 000000000..0a34efe9d --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/evaltest.dat @@ -0,0 +1,14 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +moon::sleep 6::wait for rekeying::NO +moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA::YES +moon::cat /var/log/daemon.log::generating CREATE_CHILD_SA request.*REKEY_SA::YES +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::1 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::2 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..dcd98b4de --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="knl 2" + +conn %default + ikelifetime=60m + lifetime=10s + margintime=5s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..3dcbf76ea --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 +} diff --git a/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..5b391db4b --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..93f434598 --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/net2net-rekey/posttest.dat b/testing/tests/ikev2/net2net-rekey/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/ikev2/net2net-rekey/pretest.dat b/testing/tests/ikev2/net2net-rekey/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-rekey/test.conf b/testing/tests/ikev2/net2net-rekey/test.conf new file mode 100644 index 000000000..afa2accbe --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf index f6feda0bb..b81e9b277 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf @@ -9,7 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev2 ike=aes256gcm128-prfsha384-ecp384! - esp=aes256cm128-ecp384! + esp=aes256gcm128-ecp384! conn peer left=PH_IP_DAVE diff --git a/testing/tests/pfkey/net2net-rekey/description.txt b/testing/tests/pfkey/net2net-rekey/description.txt new file mode 100644 index 000000000..c3122a76f --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/description.txt @@ -0,0 +1,10 @@ +A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. +The authentication is based on <b>X.509 certificates</b>. Upon the successful +establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +After a while the CHILD_SA is rekeyed by <b>moon</b> (after a deliberately short +time in this test scenario). +In order to test both tunnel and firewall after the rekeying, client <b>alice</b> +behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> +twice, once right after the rekeying and once after the old inbound SA has been +deleted. diff --git a/testing/tests/pfkey/net2net-rekey/evaltest.dat b/testing/tests/pfkey/net2net-rekey/evaltest.dat new file mode 100644 index 000000000..3bf3b274b --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/evaltest.dat @@ -0,0 +1,16 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +# deleting the inbound SPI +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::1 +moon::sleep 6::wait for rekeying::NO +moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA::YES +moon::cat /var/log/daemon.log::generating CREATE_CHILD_SA request.*REKEY_SA::YES +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::3 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::4 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..dcd98b4de --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="knl 2" + +conn %default + ikelifetime=60m + lifetime=10s + margintime=5s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4234eb134 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 +} diff --git a/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..5b391db4b --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..0ecc2f847 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown +} diff --git a/testing/tests/pfkey/net2net-rekey/posttest.dat b/testing/tests/pfkey/net2net-rekey/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/pfkey/net2net-rekey/pretest.dat b/testing/tests/pfkey/net2net-rekey/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/pfkey/net2net-rekey/test.conf b/testing/tests/pfkey/net2net-rekey/test.conf new file mode 100644 index 000000000..afa2accbe --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat index 05bf42057..a3f45871c 100644 --- a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat +++ b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat @@ -2,20 +2,24 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES -sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES -sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::sleep 2::wait for rekeying::NO moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES moon::cat /var/log/daemon.log::ees: expire received for reqid 1, spi.*, dst 192.168.0.2::YES moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA ESP/0x.*/192.168.0.2::YES +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::NO +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::sleep 2::wait until inbound SA is deleted::NO moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.2 \]::YES moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES moon::cat /tmp/tkm.log::Creating first new ESA context with ID 1 (Isa 1, Sp 1, Ea 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES moon::cat /tmp/tkm.log::Creating ESA context with ID 2 (Isa 1, Sp 1, Ea 1, Dh_Id 1, Nc_Loc_Id 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES -moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 2, hard 60 \]' | wc -l::2::YES +moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 4, hard 60 \]' | wc -l::2::YES moon::cat /tmp/tkm.log::Resetting ESA context 1::YES moon::cat /tmp/tkm.log::Deleting ESA \[ 1, 192.168.0.1 <=> 192.168.0.2, SPI_in.*, SPI_out.* \]::YES moon::cat /tmp/xfrm_proxy.log::Initiating ESA acquire for reqid 1::YES diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf index cc9d6e072..5b79af9f4 100644 --- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf @@ -1,6 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon-tkm { + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 dh_mapping { 15 = 1 16 = 2 diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf index 23e958ab0..62b103a80 100644 --- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf +++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf @@ -14,7 +14,7 @@ <ip>192.168.0.2</ip> </remote> <lifetime> - <soft>2</soft> + <soft>4</soft> <hard>60</hard> </lifetime> </policy> diff --git a/testing/tests/tkm/xfrmproxy-rekey/description.txt b/testing/tests/tkm/xfrmproxy-rekey/description.txt new file mode 100644 index 000000000..648011b11 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/description.txt @@ -0,0 +1,6 @@ +A transport connection between the hosts <b>moon</b> and <b>sun</b> is set up. +The host <b>moon</b> starts the Trusted Key Manager (TKM) and the Ada XFRM +proxy, which relays XFRM kernel messages to charon. The authentication is based +on X.509 certificates. The connection is initiated by a ping from <b>moon</b> +to <b>sun</b>. The test asserts that a rekeying initiated by <b>sun</b> works +as expected. diff --git a/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat b/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat new file mode 100644 index 000000000..15bdf3b39 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat @@ -0,0 +1,23 @@ +moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES +sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +moon::sleep 2::wait for rekeying::NO +sun::cat /var/log/daemon.log::creating rekey job for CHILD_SA ESP/0x.*/192.168.0.2::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::NO +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES +moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.2 \]::YES +moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES +moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES +moon::cat /tmp/tkm.log::Creating first new ESA context with ID 1 (Isa 1, Sp 1, Ea 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES +moon::cat /tmp/tkm.log::Creating ESA context with ID 2 (Isa 1, Sp 1, Ea 1, Dh_Id 1, Nc_Loc_Id 1, Initiator FALSE, spi_loc.*, spi_rem.*)::YES +moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 30, hard 60 \]' | wc -l::2::YES +moon::cat /tmp/tkm.log::Resetting ESA context 1::YES +moon::cat /tmp/tkm.log::Deleting ESA \[ 1, 192.168.0.1 <=> 192.168.0.2, SPI_in.*, SPI_out.* \]::YES +moon::cat /tmp/xfrm_proxy.log::Initiating ESA acquire for reqid 1::YES diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..5b79af9f4 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon-tkm { + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 + dh_mapping { + 15 = 1 + 16 = 2 + } +} diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der Binary files differnew file mode 100644 index 000000000..d3748930a --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der Binary files differnew file mode 100644 index 000000000..a5a631f4b --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf new file mode 100644 index 000000000..2619c0089 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf @@ -0,0 +1,21 @@ +<tkmconfig> + <local_identity id="1"> + <identity>moon.strongswan.org</identity> + <certificate>moonCert.pem</certificate> + </local_identity> + <policy id="1"> + <mode>transport</mode> + <local> + <identity_id>1</identity_id> + <ip>192.168.0.1</ip> + </local> + <remote> + <identity>sun.strongswan.org</identity> + <ip>192.168.0.2</ip> + </remote> + <lifetime> + <soft>30</soft> + <hard>60</hard> + </lifetime> + </policy> +</tkmconfig> diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..9dc641240 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=10s + rekeymargin=6s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + +conn host-host + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=sun.strongswan.org + right=PH_IP_MOON + rightid=moon.strongswan.org + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + type=transport + auto=add diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..f585edfca --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/tkm/xfrmproxy-rekey/posttest.dat b/testing/tests/tkm/xfrmproxy-rekey/posttest.dat new file mode 100644 index 000000000..99efe7b00 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::DAEMON_NAME=charon-tkm ipsec stop +moon::killall xfrm_proxy +moon::killall tkm_keymanager +moon::rm -f /tmp/tkm.rpc.ike /tmp/tkm.rpc.ees /tmp/tkm.log /tmp/xfrm_proxy.log +sun::ipsec stop diff --git a/testing/tests/tkm/xfrmproxy-rekey/pretest.dat b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat new file mode 100644 index 000000000..d645ddbfe --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat @@ -0,0 +1,12 @@ +sun::ipsec start +moon::rm /etc/ipsec.secrets +moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd +moon::cat /etc/ipsec.conf +moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 & +moon::expect-file /tmp/tkm.rpc.ike +moon::DAEMON_NAME=charon-tkm ipsec start +moon::expect-file /tmp/tkm.rpc.ees +moon::xfrm_proxy >/tmp/xfrm_proxy.log 2>&1 & +moon::DAEMON_NAME=charon-tkm expect-connection conn1 +sun::expect-connection host-host +moon::ping -c 3 192.168.0.2 diff --git a/testing/tests/tkm/xfrmproxy-rekey/test.conf b/testing/tests/tkm/xfrmproxy-rekey/test.conf new file mode 100644 index 000000000..9647dc6a2 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon winnetou sun" + +# Corresponding block diagram +# +DIAGRAM="m-w-s.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt new file mode 100644 index 000000000..a4d9b4cf4 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt @@ -0,0 +1,9 @@ +The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision +point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the +<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication +during the <b>TLS setup phase</b>. +<p/> +During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs +loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages +embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver +all <b>Software ID Events</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>. diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat new file mode 100644 index 000000000..2248d002c --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat @@ -0,0 +1,24 @@ +dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES +dave:: cat /var/log/auth.log::collected ... SW records::YES +dave:: cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/auth.log::received SASL Success result::YES +carol::cat /var/log/auth.log::collected ... SW ID events::YES +carol::cat /var/log/auth.log::collected 3 SW records::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES +alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES +alice::cat /var/log/daemon.log::certificate status is good::YES +alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES +alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES +alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::role=.softwareCreator licensor tagCreator::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES +moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES +alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES +alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES +alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES +alice::cat /var/log/daemon.log::received software ID events with ... items for request 9 at last eid 2 of epoch::YES +alice::cat /var/log/daemon.log::3 SWID tag target::YES +alice::cat /var/log/daemon.log::received software inventory with 3 items for request 9 at last eid 2 of epoch::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES +moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + +<VirtualHost *:80> + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + <Directory /var/www/tnc/config> + <Files wsgi.py> + <IfModule mod_authz_core.c> + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + Order deny,allow + Allow from all + </IfModule> + </Files> + </Directory> + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined +</VirtualHost> diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default new file mode 100644 index 000000000..1dc8b5688 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -0,0 +1 @@ +Include sites-available/000-default.conf
\ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules new file mode 100644 index 000000000..c556d9483 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules @@ -0,0 +1,28 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# open loopback interface +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# allow PT-TLS +-A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT + +# allow inbound ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow outbound ssh +-A OUTPUT -p tcp --dport 22 -j ACCEPT +-A INPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..16ab96d58 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) +SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) +SELECT NOW, 1, 1, 1, id, 0 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini new file mode 100644 index 000000000..5ae53c47a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -0,0 +1,19 @@ +[debug] +DEBUG=0 +TEMPLATE_DEBUG=0 +DEBUG_TOOLBAR=0 + +[db] +DJANGO_DB_URL=sqlite:////var/www/tnc/django.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db + +[localization] +LANGUAGE_CODE=en-us +TIME_ZONE=Europe/Zurich + +[admins] +Your Name: alice@strongswan.org + +[security] +SECRET_KEY=strongSwan +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..1148b945a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf @@ -0,0 +1,49 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + auth { + default = 0 + } + daemon { + tls = 2 + tnc = 2 + imv = 3 + } + } + plugins { + tnc-pdp { + server = aaa.strongswan.org + radius { + secret = gv6URkSs + } + } + tnc-imv { + dlclose = no + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + database = sqlite:///etc/db.d/config.db + policy_script = /usr/local/libexec/ipsec/imv_policy_manager + + plugins { + imv-swima { + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } + } + } +} + +imv_policy_manager { + command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' + command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem new file mode 100644 index 000000000..adc47dd33 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl +h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l +0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a +VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S +W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD +e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k +nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj +AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/ +/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs +P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF +sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek +uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj +PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5 +hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg +Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+ +Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL +SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU +zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH +xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I +XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF +hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9 +AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO +Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH +yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5 +9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..635620b7d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,7 @@ +secrets { + + eap-carol { + id = carol + secret = "Ar3etTnp" + } +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem new file mode 100644 index 000000000..42083c2a9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX +z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii +95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS +rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6 +fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR +dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig +kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs +nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/ +TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2 +FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ +GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH +sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73 +xyr/Qw== +-----END CERTIFICATE----- diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..1499dfc90 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options new file mode 100644 index 000000000..52a3673b3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options @@ -0,0 +1,6 @@ +--connect aaa.strongswan.org +--client carol +--secret "Ar3etTnp" +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..87c3745a3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf @@ -0,0 +1,25 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + plugins { + imc-swima { + swid_database = sqlite:///etc/db.d/collector.db + } + } +} + +pt-tls-client { + load = revocation constraints pem openssl curl sqlite nonce tnc-tnccs tnc-imc tnccs-20 +} + +sw-collector { + database = sqlite:///etc/db.d/collector.db + history = /var/log/apt/history.log + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options new file mode 100644 index 000000000..08953142f --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options @@ -0,0 +1,7 @@ +--connect aaa.strongswan.org +--client dave@strongswan.org +--key /etc/swanctl/rsa/daveKey.pem +--cert /etc/swanctl/x509/daveCert.pem +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..93cbb7101 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf @@ -0,0 +1,20 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libimcv { + plugins { + imc-os { + push_info = no + } + imc-swima { + swid_pretty = yes + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..d99a4b78a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,3 @@ +# /etc/strongswan.conf - strongSwan configuration file + +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..27f96a620 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat new file mode 100644 index 000000000..09c8a6cbc --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat @@ -0,0 +1,10 @@ +carol::ip route del 10.1.0.0/16 via 192.168.0.1 +dave::ip route del 10.1.0.0/16 via 192.168.0.1 +winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 +alice::service charon stop +alice::service apache2 stop +alice::rm /etc/swanctl/rsa/aaaKey.pem +alice::rm /etc/swanctl/x509/aaaCert.pem +alice::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat new file mode 100644 index 000000000..c0d732368 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat @@ -0,0 +1,26 @@ +alice::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +alice::cat /etc/tnc_config +carol::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +dave::cat /etc/tnc_config +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db +alice::/usr/local/bin/init_tnc +alice::rm /etc/swanctl/x509/aliceCert.pem +alice::rm /etc/swanctl/rsa/aliceKey.pem +alice::service charon start +alice::service apache2 start +alice::swanctl --load-creds +winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::cat /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options +carol::/usr/local/bin/init_collector +carol::ip route add 10.1.0.0/16 via 192.168.0.1 +carol::cat /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf new file mode 100644 index 000000000..f434789b9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf @@ -0,0 +1,29 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="carol moon dave alice" + +# Guest instances on which databases are used +# +DBHOSTS="alice carol" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat index af53e6c9b..8642292a8 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat @@ -1,4 +1,4 @@ sun::service charon start moon::cat /etc/pts/options moon::sleep 1 -moon::ipsec pt-tls-client --optionsfrom /etc/pts/options +moon::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt new file mode 100644 index 000000000..90e85485c --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt @@ -0,0 +1,9 @@ +The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision +point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the +<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication +during the <b>TLS setup phase</b>. +<p/> +During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs +loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages +embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver +a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>. diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat new file mode 100644 index 000000000..198b2bde3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat @@ -0,0 +1,25 @@ +dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES +dave:: cat /var/log/auth.log::collected ... SW records::YES +carol::cat /var/log/auth.log::received SASL Success result::YES +carol::cat /var/log/auth.log::collected ... SW ID records::YES +carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/auth.log::collected 1 SW record::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES +alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES +alice::cat /var/log/daemon.log::certificate status is good::YES +alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES +alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES +alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES +moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES +alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES +alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES +alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES +alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES +alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::1 SWID tag target::YES +alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES +moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + +<VirtualHost *:80> + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + <Directory /var/www/tnc/config> + <Files wsgi.py> + <IfModule mod_authz_core.c> + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + Order deny,allow + Allow from all + </IfModule> + </Files> + </Directory> + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined +</VirtualHost> diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default new file mode 100644 index 000000000..1dc8b5688 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -0,0 +1 @@ +Include sites-available/000-default.conf
\ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules new file mode 100644 index 000000000..c556d9483 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules @@ -0,0 +1,28 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# open loopback interface +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# allow PT-TLS +-A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT + +# allow inbound ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow outbound ssh +-A OUTPUT -p tcp --dport 22 -j ACCEPT +-A INPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..16ab96d58 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) +SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) +SELECT NOW, 1, 1, 1, id, 0 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini new file mode 100644 index 000000000..5ae53c47a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -0,0 +1,19 @@ +[debug] +DEBUG=0 +TEMPLATE_DEBUG=0 +DEBUG_TOOLBAR=0 + +[db] +DJANGO_DB_URL=sqlite:////var/www/tnc/django.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db + +[localization] +LANGUAGE_CODE=en-us +TIME_ZONE=Europe/Zurich + +[admins] +Your Name: alice@strongswan.org + +[security] +SECRET_KEY=strongSwan +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..1148b945a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf @@ -0,0 +1,49 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + auth { + default = 0 + } + daemon { + tls = 2 + tnc = 2 + imv = 3 + } + } + plugins { + tnc-pdp { + server = aaa.strongswan.org + radius { + secret = gv6URkSs + } + } + tnc-imv { + dlclose = no + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + database = sqlite:///etc/db.d/config.db + policy_script = /usr/local/libexec/ipsec/imv_policy_manager + + plugins { + imv-swima { + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } + } + } +} + +imv_policy_manager { + command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' + command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem new file mode 100644 index 000000000..adc47dd33 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl +h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l +0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a +VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S +W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD +e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k +nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj +AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/ +/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs +P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF +sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek +uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj +PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5 +hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg +Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+ +Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL +SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU +zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH +xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I +XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF +hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9 +AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO +Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH +yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5 +9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..635620b7d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,7 @@ +secrets { + + eap-carol { + id = carol + secret = "Ar3etTnp" + } +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem new file mode 100644 index 000000000..42083c2a9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX +z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii +95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS +rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6 +fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR +dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig +kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs +nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/ +TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2 +FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ +GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH +sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73 +xyr/Qw== +-----END CERTIFICATE----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..1499dfc90 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options new file mode 100644 index 000000000..52a3673b3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options @@ -0,0 +1,6 @@ +--connect aaa.strongswan.org +--client carol +--secret "Ar3etTnp" +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5aad08905 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options new file mode 100644 index 000000000..08953142f --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options @@ -0,0 +1,7 @@ +--connect aaa.strongswan.org +--client dave@strongswan.org +--key /etc/swanctl/rsa/daveKey.pem +--cert /etc/swanctl/x509/daveCert.pem +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..cf08b969d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf @@ -0,0 +1,27 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } + plugins { + imc-os { + push_info = no + } + imc-swima { + swid_directory = /usr/share + swid_pretty = yes + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..d99a4b78a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,3 @@ +# /etc/strongswan.conf - strongSwan configuration file + +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..27f96a620 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat new file mode 100644 index 000000000..09c8a6cbc --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat @@ -0,0 +1,10 @@ +carol::ip route del 10.1.0.0/16 via 192.168.0.1 +dave::ip route del 10.1.0.0/16 via 192.168.0.1 +winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 +alice::service charon stop +alice::service apache2 stop +alice::rm /etc/swanctl/rsa/aaaKey.pem +alice::rm /etc/swanctl/x509/aaaCert.pem +alice::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat new file mode 100644 index 000000000..d8ac3ab41 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat @@ -0,0 +1,25 @@ +alice::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +alice::cat /etc/tnc_config +carol::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +dave::cat /etc/tnc_config +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db +alice::/usr/local/bin/init_tnc +alice::rm /etc/swanctl/x509/aliceCert.pem +alice::rm /etc/swanctl/rsa/aliceKey.pem +alice::service charon start +alice::service apache2 start +alice::swanctl --load-creds +winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::cat /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options +carol::ip route add 10.1.0.0/16 via 192.168.0.1 +carol::cat /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf new file mode 100644 index 000000000..08ea543e2 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf @@ -0,0 +1,29 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="carol moon dave alice" + +# Guest instances on which databases are used +# +DBHOSTS="alice" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat index c3409fd66..fc232bfde 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat @@ -18,6 +18,6 @@ alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by passwo alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES alice::cat /var/log/daemon.log::1 SWID tag target::YES alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES -alice::cat /var/log/daemon.log::regid.2004-03.org.strongswan_strongSwan-::YES +alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index 17951e811..d8ac3ab41 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -19,7 +19,7 @@ alice::swanctl --load-creds winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 dave::cat /etc/pts/options -dave::ipsec pt-tls-client --optionsfrom /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options carol::ip route add 10.1.0.0/16 via 192.168.0.1 carol::cat /etc/pts/options -carol::ipsec pt-tls-client --optionsfrom /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options |