diff options
488 files changed, 7526 insertions, 877 deletions
diff --git a/Doxyfile.in b/Doxyfile.in index fb746a61d..54f6596f0 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -1,220 +1,1420 @@ -# Doxyfile 1.4.1-KDevelop +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- -PROJECT_NAME = "@PACKAGE_NAME@" -PROJECT_NUMBER = "@PACKAGE_VERSION@" -OUTPUT_DIRECTORY = apidoc -CREATE_SUBDIRS = NO -OUTPUT_LANGUAGE = English -USE_WINDOWS_ENCODING = NO -BRIEF_MEMBER_DESC = YES -REPEAT_BRIEF = YES -ABBREVIATE_BRIEF = -ALWAYS_DETAILED_SEC = NO -INLINE_INHERITED_MEMB = NO -FULL_PATH_NAMES = YES -STRIP_FROM_PATH = -STRIP_FROM_INC_PATH = -SHORT_NAMES = NO -JAVADOC_AUTOBRIEF = YES + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = "@PACKAGE_NAME@" + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = "@PACKAGE_VERSION@" + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = apidoc + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = YES + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + MULTILINE_CPP_IS_BRIEF = NO -DETAILS_AT_TOP = YES -INHERIT_DOCS = YES -DISTRIBUTE_GROUP_DOC = NO -TAB_SIZE = 1 -ALIASES = -OPTIMIZE_OUTPUT_FOR_C = NO -OPTIMIZE_OUTPUT_JAVA = NO -SUBGROUPING = YES + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = YES + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 4 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = YES + #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- -EXTRACT_ALL = NO -EXTRACT_PRIVATE = NO -EXTRACT_STATIC = NO -EXTRACT_LOCAL_CLASSES = NO -EXTRACT_LOCAL_METHODS = NO -HIDE_UNDOC_MEMBERS = NO -HIDE_UNDOC_CLASSES = NO -HIDE_FRIEND_COMPOUNDS = NO -HIDE_IN_BODY_DOCS = NO -INTERNAL_DOCS = NO -CASE_SENSE_NAMES = YES -HIDE_SCOPE_NAMES = NO -SHOW_INCLUDE_FILES = YES -INLINE_INFO = YES -SORT_MEMBER_DOCS = YES -SORT_BRIEF_DOCS = NO -SORT_BY_SCOPE_NAME = NO -GENERATE_TODOLIST = YES -GENERATE_TESTLIST = NO -GENERATE_BUGLIST = YES -GENERATE_DEPRECATEDLIST = YES -ENABLED_SECTIONS = -MAX_INITIALIZER_LINES = 30 -SHOW_USED_FILES = YES -SHOW_DIRECTORIES = NO -FILE_VERSION_FILTER = + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = NO + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = NO + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = NO + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = NO + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = NO + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = NO + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = NO + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= NO + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = NO + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = YES + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = NO + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command <command> <input-file>, where <command> is the value of +# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- -QUIET = NO -WARNINGS = YES -WARN_IF_UNDOCUMENTED = YES -WARN_IF_DOC_ERROR = YES -WARN_NO_PARAMDOC = NO -WARN_FORMAT = "$file:$line: $text" -WARN_LOGFILE = + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = NO + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- -INPUT = src/libstrongswan src/charon src/libfast src/manager -FILE_PATTERNS = *.h -RECURSIVE = YES -EXCLUDE = -EXCLUDE_SYMLINKS = NO -EXCLUDE_PATTERNS = */.svn/* -EXAMPLE_PATH = -EXAMPLE_PATTERNS = -EXAMPLE_RECURSIVE = NO -IMAGE_PATH = -INPUT_FILTER = -FILTER_PATTERNS = -FILTER_SOURCE_FILES = NO + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = src/libstrongswan \ + src/charon \ + src/libfast \ + src/manager + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = *.h + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = */.svn/* + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command <filter> <input-file>, where <filter> +# is the value of the INPUT_FILTER tag, and <input-file> is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- -SOURCE_BROWSER = NO -INLINE_SOURCES = NO -STRIP_CODE_COMMENTS = NO + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = NO + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + REFERENCED_BY_RELATION = NO -REFERENCES_RELATION = NO -VERBATIM_HEADERS = YES + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- -ALPHABETICAL_INDEX = NO -COLS_IN_ALPHA_INDEX = 5 -IGNORE_PREFIX = + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- -GENERATE_HTML = YES -HTML_OUTPUT = . -HTML_FILE_EXTENSION = .html -HTML_HEADER = -HTML_FOOTER = -HTML_STYLESHEET = -HTML_ALIGN_MEMBERS = YES -GENERATE_HTMLHELP = NO -CHM_FILE = -HHC_LOCATION = -GENERATE_CHI = NO -BINARY_TOC = NO -TOC_EXPAND = NO -DISABLE_INDEX = YES -ENUM_VALUES_PER_LINE = 1 -GENERATE_TREEVIEW = YES -TREEVIEW_WIDTH = 250 + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = . + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = YES + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 1 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = YES + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- -GENERATE_LATEX = NO -LATEX_OUTPUT = latex -LATEX_CMD_NAME = latex -MAKEINDEX_CMD_NAME = makeindex -COMPACT_LATEX = NO -PAPER_TYPE = a4wide -EXTRA_PACKAGES = -LATEX_HEADER = -PDF_HYPERLINKS = NO -USE_PDFLATEX = NO -LATEX_BATCHMODE = NO -LATEX_HIDE_INDICES = NO + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = NO + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = NO + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- -GENERATE_RTF = NO -RTF_OUTPUT = rtf -COMPACT_RTF = NO -RTF_HYPERLINKS = NO -RTF_STYLESHEET_FILE = -RTF_EXTENSIONS_FILE = + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- -GENERATE_MAN = NO -MAN_OUTPUT = man -MAN_EXTENSION = .3 -MAN_LINKS = YES + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = YES + #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- -GENERATE_XML = NO -XML_OUTPUT = xml -XML_SCHEMA = -XML_DTD = -XML_PROGRAMLISTING = YES + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- -GENERATE_AUTOGEN_DEF = NO + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- -GENERATE_PERLMOD = NO -PERLMOD_LATEX = NO -PERLMOD_PRETTY = YES + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + PERLMOD_MAKEVAR_PREFIX = + #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- -ENABLE_PREPROCESSING = YES -MACRO_EXPANSION = YES -EXPAND_ONLY_PREDEF = NO -SEARCH_INCLUDES = YES -INCLUDE_PATH = -INCLUDE_FILE_PATTERNS = -PREDEFINED = LEAK_DETECTIVE -EXPAND_AS_DEFINED = -SKIP_FUNCTION_MACROS = YES + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = YES + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = LEAK_DETECTIVE + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- -TAGFILES = -GENERATE_TAGFILE = -ALLEXTERNALS = NO -EXTERNAL_GROUPS = YES -PERL_PATH = /usr/bin/perl + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- -CLASS_DIAGRAMS = YES -HIDE_UNDOC_RELATIONS = YES -HAVE_DOT = NO -CLASS_GRAPH = YES -COLLABORATION_GRAPH = YES -GROUP_GRAPHS = YES -UML_LOOK = NO -TEMPLATE_RELATIONS = NO -INCLUDE_GRAPH = YES -INCLUDED_BY_GRAPH = YES -CALL_GRAPH = NO -GRAPHICAL_HIERARCHY = YES -DIRECTORY_GRAPH = YES -DOT_IMAGE_FORMAT = png -DOT_PATH = -DOTFILE_DIRS = -MAX_DOT_GRAPH_WIDTH = 1024 -MAX_DOT_GRAPH_HEIGHT = 1024 -MAX_DOT_GRAPH_DEPTH = 0 -DOT_TRANSPARENT = NO -DOT_MULTI_TARGETS = NO -GENERATE_LEGEND = YES -DOT_CLEANUP = YES + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = NO + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + #--------------------------------------------------------------------------- # Configuration::additions related to the search engine #--------------------------------------------------------------------------- -SEARCHENGINE = NO + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/Makefile.am b/Makefile.am index e6a73e996..b8c380cb3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,6 +2,8 @@ SUBDIRS = src testing scripts EXTRA_DIST = Doxyfile.in CREDITS CLEANFILES = apidoc Doxyfile +ACLOCAL_AMFLAGS = -I m4 + Doxyfile : Doxyfile.in sed \ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ diff --git a/Makefile.in b/Makefile.in index dfe5a2eca..5d298a7ee 100644 --- a/Makefile.in +++ b/Makefile.in @@ -208,6 +208,7 @@ xml_LIBS = @xml_LIBS@ SUBDIRS = src testing scripts EXTRA_DIST = Doxyfile.in CREDITS CLEANFILES = apidoc Doxyfile +ACLOCAL_AMFLAGS = -I m4 all: all-recursive .SUFFIXES: @@ -1,3 +1,29 @@ +strongswan-4.2.14 +----------------- + +- The new server-side EAP RADIUS plugin (--enable-eap-radius) + relays EAP messages to and from a RADIUS server. Succesfully + tested with with a freeradius server using EAP-MD5 and EAP-SIM. + +- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by + Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting + all Openswan and strongSwan releases. A malicious (or expired ISAKMP) + R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the + pluto IKE daemon to crash and restart. No authentication or encryption + is required to trigger this bug. One spoofed UDP packet can cause the + pluto IKE daemon to restart and be unresponsive for a few seconds while + restarting. This DPD null state vulnerability has been officially + registered as CVE-2009-0790 and is fixed by this release. + +- ASN.1 to time_t conversion caused a time wrap-around for + dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms. + As a workaround such dates are set to the maximum representable + time, i.e. Jan 19 03:14:07 UTC 2038. + +- Distinguished Names containing wildcards (*) are not sent in the + IDr payload anymore. + + strongswan-4.2.13 ----------------- @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for strongSwan 4.2.13. +# Generated by GNU Autoconf 2.61 for strongSwan 4.2.14. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. @@ -721,8 +721,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.2.13' -PACKAGE_STRING='strongSwan 4.2.13' +PACKAGE_VERSION='4.2.14' +PACKAGE_STRING='strongSwan 4.2.14' PACKAGE_BUGREPORT='' # Factoring default headers for most tests. @@ -965,6 +965,8 @@ USE_EAP_AKA_TRUE USE_EAP_AKA_FALSE USE_EAP_MSCHAPV2_TRUE USE_EAP_MSCHAPV2_FALSE +USE_EAP_RADIUS_TRUE +USE_EAP_RADIUS_FALSE USE_KERNEL_NETLINK_TRUE USE_KERNEL_NETLINK_FALSE USE_KERNEL_PFKEY_TRUE @@ -1536,7 +1538,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.2.13 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.2.14 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1606,7 +1608,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.2.13:";; + short | recursive ) echo "Configuration of strongSwan 4.2.14:";; esac cat <<\_ACEOF @@ -1682,6 +1684,8 @@ Optional Features: NO). --enable-eap-mschapv2 build MS-CHAPv2 authenication module for EAP (default is NO). + --enable-eap-radius build RADIUS proxy authenication module for EAP + (default is NO). --disable-kernel-netlink disable the netlink kernel interface. (default is NO). @@ -1856,7 +1860,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.2.13 +strongSwan configure 4.2.14 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1870,7 +1874,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 4.2.13, which was +It was created by strongSwan $as_me 4.2.14, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2560,7 +2564,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.2.13' + VERSION='4.2.14' cat >>confdefs.h <<_ACEOF @@ -2787,6 +2791,7 @@ echo "${ECHO_T}$am_cv_prog_tar_ustar" >&6; } + DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" @@ -5480,6 +5485,15 @@ if test "${enable_eap_mschapv2+set}" = set; then fi +# Check whether --enable-eap-radius was given. +if test "${enable_eap_radius+set}" = set; then + enableval=$enable_eap_radius; if test x$enableval = xyes; then + eap_radius=true + fi + +fi + + # Check whether --enable-kernel-netlink was given. if test "${enable_kernel_netlink+set}" = set; then enableval=$enable_kernel_netlink; if test x$enableval = xyes; then @@ -6398,13 +6412,13 @@ if test "${lt_cv_nm_interface+set}" = set; then else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:6401: $ac_compile\"" >&5) + (eval echo "\"\$as_me:6415: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:6404: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:6418: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:6407: output\"" >&5) + (eval echo "\"\$as_me:6421: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -7514,7 +7528,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 7517 "configure"' > conftest.$ac_ext + echo '#line 7531 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8887,11 +8901,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8890: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8904: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8894: \$? = $ac_status" >&5 + echo "$as_me:8908: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9211,11 +9225,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9214: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9228: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9218: \$? = $ac_status" >&5 + echo "$as_me:9232: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9316,11 +9330,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9319: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9333: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9323: \$? = $ac_status" >&5 + echo "$as_me:9337: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9371,11 +9385,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9374: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9388: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9378: \$? = $ac_status" >&5 + echo "$as_me:9392: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12132,7 +12146,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12135 "configure" +#line 12149 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12232,7 +12246,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12235 "configure" +#line 12249 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -17077,6 +17091,14 @@ else USE_EAP_MSCHAPV2_FALSE= fi + if test x$eap_radius = xtrue; then + USE_EAP_RADIUS_TRUE= + USE_EAP_RADIUS_FALSE='#' +else + USE_EAP_RADIUS_TRUE='#' + USE_EAP_RADIUS_FALSE= +fi + if test x$kernel_netlink = xtrue; then USE_KERNEL_NETLINK_TRUE= USE_KERNEL_NETLINK_FALSE='#' @@ -17286,7 +17308,7 @@ _ACEOF fi -ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/fips/Makefile src/libcrypto/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/dumm/Makefile src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/fips/Makefile src/libcrypto/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/dumm/Makefile src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -17694,6 +17716,13 @@ echo "$as_me: error: conditional \"USE_EAP_MSCHAPV2\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_EAP_RADIUS\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_EAP_RADIUS\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_NETLINK\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -18162,7 +18191,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.2.13, which was +This file was extended by strongSwan $as_me 4.2.14, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18209,7 +18238,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -strongSwan config.status 4.2.13 +strongSwan config.status 4.2.14 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -18606,6 +18635,7 @@ do "src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;; "src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;; "src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;; + "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;; "src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;; "src/charon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfkey/Makefile" ;; "src/charon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_klips/Makefile" ;; @@ -18980,6 +19010,8 @@ USE_EAP_AKA_TRUE!$USE_EAP_AKA_TRUE$ac_delim USE_EAP_AKA_FALSE!$USE_EAP_AKA_FALSE$ac_delim USE_EAP_MSCHAPV2_TRUE!$USE_EAP_MSCHAPV2_TRUE$ac_delim USE_EAP_MSCHAPV2_FALSE!$USE_EAP_MSCHAPV2_FALSE$ac_delim +USE_EAP_RADIUS_TRUE!$USE_EAP_RADIUS_TRUE$ac_delim +USE_EAP_RADIUS_FALSE!$USE_EAP_RADIUS_FALSE$ac_delim USE_KERNEL_NETLINK_TRUE!$USE_KERNEL_NETLINK_TRUE$ac_delim USE_KERNEL_NETLINK_FALSE!$USE_KERNEL_NETLINK_FALSE$ac_delim USE_KERNEL_PFKEY_TRUE!$USE_KERNEL_PFKEY_TRUE$ac_delim @@ -19032,7 +19064,7 @@ LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 60; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 62; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.in b/configure.in index 81909c078..e5b3f76e2 100644 --- a/configure.in +++ b/configure.in @@ -16,8 +16,9 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.2.13) +AC_INIT(strongSwan,4.2.14) AM_INIT_AUTOMAKE(tar-ustar) +AC_CONFIG_MACRO_DIR([m4]) AC_C_BIGENDIAN AC_SUBST(confdir, '${sysconfdir}') PKG_PROG_PKG_CONFIG @@ -466,6 +467,14 @@ AC_ARG_ENABLE( ) AC_ARG_ENABLE( + [eap-radius], + AS_HELP_STRING([--enable-eap-radius],[build RADIUS proxy authenication module for EAP (default is NO).]), + [if test x$enableval = xyes; then + eap_radius=true + fi] +) + +AC_ARG_ENABLE( [kernel-netlink], AS_HELP_STRING([--disable-kernel-netlink],[disable the netlink kernel interface. (default is NO).]), [if test x$enableval = xyes; then @@ -963,6 +972,7 @@ AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue) AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) +AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue) AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) @@ -1044,6 +1054,7 @@ AC_OUTPUT( src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile + src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_klips/Makefile diff --git a/debian/changelog b/debian/changelog index 71d2f2061..4930bb2c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +strongswan (4.2.14-1) unstable; urgency=low + + * New upstream release + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200 + strongswan (4.2.13-2) unstable; urgency=low * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the diff --git a/debian/rules b/debian/rules index 2ab2b68de..d5f60230d 100755 --- a/debian/rules +++ b/debian/rules @@ -18,6 +18,7 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ --enable-mediation --enable-medsrv --enable-medcli \ --enable-openssl --enable-agent \ + --enable-eap-radius \ --disable-aes --disable-des --disable-fips-prf --disable-gmp \ --disable-md5 --disable-sha1 --disable-sha2 \ --enable-nm diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 3393b4516..9da2b238a 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -221,6 +221,11 @@ if USE_EAP_MSCHAPV2 PLUGINS += eapmschapv2 endif +if USE_EAP_RADIUS + SUBDIRS += plugins/eap_radius + PLUGINS += eapradius +endif + if USE_MEDSRV SUBDIRS += plugins/medsrv PLUGINS += medsrv diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 33098d4a7..f74577c8c 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -80,16 +80,18 @@ ipsec_PROGRAMS = charon$(EXEEXT) @USE_EAP_AKA_TRUE@am__append_34 = eapaka @USE_EAP_MSCHAPV2_TRUE@am__append_35 = plugins/eap_mschapv2 @USE_EAP_MSCHAPV2_TRUE@am__append_36 = eapmschapv2 -@USE_MEDSRV_TRUE@am__append_37 = plugins/medsrv -@USE_MEDSRV_TRUE@am__append_38 = medsrv -@USE_MEDCLI_TRUE@am__append_39 = plugins/medcli -@USE_MEDCLI_TRUE@am__append_40 = medcli -@USE_NM_TRUE@am__append_41 = plugins/nm -@USE_NM_TRUE@am__append_42 = nm -@USE_UCI_TRUE@am__append_43 = plugins/uci -@USE_UCI_TRUE@am__append_44 = uci -@USE_UNIT_TESTS_TRUE@am__append_45 = plugins/unit_tester -@USE_UNIT_TESTS_TRUE@am__append_46 = unit-tester +@USE_EAP_RADIUS_TRUE@am__append_37 = plugins/eap_radius +@USE_EAP_RADIUS_TRUE@am__append_38 = eapradius +@USE_MEDSRV_TRUE@am__append_39 = plugins/medsrv +@USE_MEDSRV_TRUE@am__append_40 = medsrv +@USE_MEDCLI_TRUE@am__append_41 = plugins/medcli +@USE_MEDCLI_TRUE@am__append_42 = medcli +@USE_NM_TRUE@am__append_43 = plugins/nm +@USE_NM_TRUE@am__append_44 = nm +@USE_UCI_TRUE@am__append_45 = plugins/uci +@USE_UCI_TRUE@am__append_46 = uci +@USE_UNIT_TESTS_TRUE@am__append_47 = plugins/unit_tester +@USE_UNIT_TESTS_TRUE@am__append_48 = unit-tester subdir = src/charon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -311,8 +313,8 @@ DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \ plugins/smp plugins/sql plugins/updown plugins/eap_identity \ plugins/eap_sim plugins/eap_sim_file plugins/eap_md5 \ plugins/eap_gtc plugins/eap_aka plugins/eap_mschapv2 \ - plugins/medsrv plugins/medcli plugins/nm plugins/uci \ - plugins/unit_tester + plugins/eap_radius plugins/medsrv plugins/medcli plugins/nm \ + plugins/uci plugins/unit_tester DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -587,14 +589,15 @@ SUBDIRS = . $(am__append_7) $(am__append_9) $(am__append_11) \ $(am__append_25) $(am__append_27) $(am__append_29) \ $(am__append_31) $(am__append_33) $(am__append_35) \ $(am__append_37) $(am__append_39) $(am__append_41) \ - $(am__append_43) $(am__append_45) + $(am__append_43) $(am__append_45) $(am__append_47) PLUGINS = ${libstrongswan_plugins} $(am__append_8) $(am__append_10) \ $(am__append_12) $(am__append_14) $(am__append_16) \ $(am__append_18) $(am__append_20) $(am__append_22) \ $(am__append_24) $(am__append_26) $(am__append_28) \ $(am__append_30) $(am__append_32) $(am__append_34) \ $(am__append_36) $(am__append_38) $(am__append_40) \ - $(am__append_42) $(am__append_44) $(am__append_46) + $(am__append_42) $(am__append_44) $(am__append_46) \ + $(am__append_48) all: all-recursive .SUFFIXES: diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h index 383678488..fe7d1e53d 100644 --- a/src/charon/bus/bus.h +++ b/src/charon/bus/bus.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: bus.h 4622 2008-11-11 10:52:37Z martin $ + * $Id: bus.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -350,4 +350,4 @@ struct bus_t { */ bus_t *bus_create(); -#endif /* BUS_H_ @} */ +#endif /** BUS_H_ @}*/ diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h index 18a7c9765..5cd37adc0 100644 --- a/src/charon/bus/listeners/file_logger.h +++ b/src/charon/bus/listeners/file_logger.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: file_logger.h 4434 2008-10-14 08:52:13Z martin $ + * $Id: file_logger.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -59,4 +59,4 @@ struct file_logger_t { */ file_logger_t *file_logger_create(FILE *out); -#endif /* FILE_LOGGER_H_ @} */ +#endif /** FILE_LOGGER_H_ @}*/ diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h index 08cf4dd63..50301924e 100644 --- a/src/charon/bus/listeners/sys_logger.h +++ b/src/charon/bus/listeners/sys_logger.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: sys_logger.h 4434 2008-10-14 08:52:13Z martin $ + * $Id: sys_logger.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -61,4 +61,4 @@ struct sys_logger_t { */ sys_logger_t *sys_logger_create(int facility); -#endif /* SYS_LOGGER_H_ @} */ +#endif /** SYS_LOGGER_H_ @}*/ diff --git a/src/charon/config/attributes/attribute_manager.h b/src/charon/config/attributes/attribute_manager.h index d2b69e02d..aef6e7b6e 100644 --- a/src/charon/config/attributes/attribute_manager.h +++ b/src/charon/config/attributes/attribute_manager.h @@ -80,4 +80,4 @@ struct attribute_manager_t { */ attribute_manager_t *attribute_manager_create(); -#endif /* ATTRIBUTE_MANAGER_H_ @}*/ +#endif /** ATTRIBUTE_MANAGER_H_ @}*/ diff --git a/src/charon/config/attributes/attribute_provider.h b/src/charon/config/attributes/attribute_provider.h index 9810c0354..5d563e86b 100644 --- a/src/charon/config/attributes/attribute_provider.h +++ b/src/charon/config/attributes/attribute_provider.h @@ -58,4 +58,4 @@ struct attribute_provider_t { char *pool, host_t *address, identification_t *id); }; -#endif /* ATTRIBUTE_PROVIDER_H_ @}*/ +#endif /** ATTRIBUTE_PROVIDER_H_ @}*/ diff --git a/src/charon/config/backend.h b/src/charon/config/backend.h index ec2c481bd..3a22f61ac 100644 --- a/src/charon/config/backend.h +++ b/src/charon/config/backend.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: backend.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: backend.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -72,4 +72,4 @@ struct backend_t { peer_cfg_t *(*get_peer_cfg_by_name)(backend_t *this, char *name); }; -#endif /* BACKEND_H_ @} */ +#endif /** BACKEND_H_ @}*/ diff --git a/src/charon/config/backend_manager.h b/src/charon/config/backend_manager.h index 17df26dad..657e5af94 100644 --- a/src/charon/config/backend_manager.h +++ b/src/charon/config/backend_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: backend_manager.h 4132 2008-07-01 09:05:20Z martin $ + * $Id: backend_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -119,5 +119,4 @@ struct backend_manager_t { */ backend_manager_t* backend_manager_create(void); -#endif /*BACKEND_MANAGER_H_ @} */ - +#endif /** BACKEND_MANAGER_H_ @}*/ diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index 787324dca..6e3b0ba00 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: child_cfg.h 4611 2008-11-11 06:29:25Z andreas $ + * $Id: child_cfg.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -234,10 +234,10 @@ struct child_cfg_t { /** * Sets two options needed for Mobile IPv6 interoperability * - * @proxy_mode use IPsec transport proxy mode (default FALSE) - * @install_policy install IPsec kernel policies (default TRUE) + * @param proxy_mode use IPsec transport proxy mode (default FALSE) + * @param install_policy install IPsec kernel policies (default TRUE) */ - void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mod, + void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mode, bool install_policy); /** @@ -299,4 +299,4 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, char *updown, bool hostaccess, ipsec_mode_t mode, action_t dpd_action, action_t close_action, bool ipcomp); -#endif /* CHILD_CFG_H_ @} */ +#endif /** CHILD_CFG_H_ @}*/ diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h index 6169af96b..c2f1f2867 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/charon/config/ike_cfg.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_cfg.h 4044 2008-06-06 15:05:54Z martin $ + * $Id: ike_cfg.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -133,7 +133,6 @@ struct ike_cfg_t { * * Supplied hosts become owned by ike_cfg, the name gets cloned. * - * @param name ike_cfg identifier * @param certreq TRUE to send a certificate request * @param force_encap enforce UDP encapsulation by faking NATD notify * @param me address/DNS name of local peer @@ -143,4 +142,4 @@ struct ike_cfg_t { ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, char *me, char *other); -#endif /* IKE_CFG_H_ @} */ +#endif /** IKE_CFG_H_ @}*/ diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index 473cdfd04..93bc7d495 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: peer_cfg.h 4276 2008-08-22 10:44:51Z martin $ + * $Id: peer_cfg.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -340,7 +340,6 @@ struct peer_cfg_t { * @param reauth_time timeout before starting reauthentication * @param jitter_time timerange to randomly substract from rekey/reauth time * @param over_time maximum overtime before closing a rekeying/reauth SA - * @param reauth sould be done reauthentication instead of rekeying? * @param mobike use MOBIKE (RFC4555) if peer supports it * @param dpd DPD check interval, 0 to disable * @param virtual_ip virtual IP for local host, or NULL @@ -350,7 +349,7 @@ struct peer_cfg_t { * @param peer_id ID that identifies our peer at the mediation server * @return peer_cfg_t object */ -peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg, +peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, identification_t *my_id, identification_t *other_id, cert_policy_t cert_policy, unique_policy_t unique, u_int32_t keyingtries, u_int32_t rekey_time, @@ -360,4 +359,4 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg, bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id); -#endif /* PEER_CFG_H_ @} */ +#endif /** PEER_CFG_H_ @}*/ diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index ea01120f9..6096158e6 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: proposal.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: proposal.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -243,4 +243,4 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* PROPOSAL_H_ @} */ +#endif /** PROPOSAL_H_ @}*/ diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h index fcec4e50b..2721f8993 100644 --- a/src/charon/config/traffic_selector.h +++ b/src/charon/config/traffic_selector.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: traffic_selector.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: traffic_selector.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -264,6 +264,8 @@ traffic_selector_t *traffic_selector_create_from_bytes( * * @param net subnet to use * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation + * @param protocol protocol for this ts, such as TCP or UDP + * @param port port number, host order * @return * - traffic_selector_t object * - NULL if address family of net not supported @@ -301,4 +303,4 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* TRAFFIC_SELECTOR_H_ @} */ +#endif /** TRAFFIC_SELECTOR_H_ @}*/ diff --git a/src/charon/control/controller.h b/src/charon/control/controller.h index 4609d7a8b..b2eaf480b 100644 --- a/src/charon/control/controller.h +++ b/src/charon/control/controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: controller.h 4624 2008-11-11 13:11:44Z tobias $ + * $Id: controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -171,4 +171,4 @@ struct controller_t { */ controller_t *controller_create(void); -#endif /* CONTROLLER_H_ @} */ +#endif /** CONTROLLER_H_ @}*/ diff --git a/src/charon/credentials/auth_info.h b/src/charon/credentials/auth_info.h index 161698a65..f480a6e08 100644 --- a/src/charon/credentials/auth_info.h +++ b/src/charon/credentials/auth_info.h @@ -195,4 +195,4 @@ struct auth_info_t { */ auth_info_t *auth_info_create(); -#endif /* AUTH_INFO_H_ @}*/ +#endif /** AUTH_INFO_H_ @}*/ diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h index 3a64437e6..ff2dc3645 100644 --- a/src/charon/credentials/credential_manager.h +++ b/src/charon/credentials/credential_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: credential_manager.h 3835 2008-04-18 10:11:41Z tobias $ + * $Id: credential_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -204,4 +204,4 @@ struct credential_manager_t { */ credential_manager_t *credential_manager_create(); -#endif /* CREDENTIAL_MANAGER_H_ @} */ +#endif /** CREDENTIAL_MANAGER_H_ @}*/ diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h index 4166d05a3..14b2a8ebd 100644 --- a/src/charon/credentials/credential_set.h +++ b/src/charon/credentials/credential_set.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: credential_set.h 4229 2008-07-30 11:38:44Z martin $ + * $Id: credential_set.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -107,4 +107,4 @@ struct credential_set_t { void (*cache_cert)(credential_set_t *this, certificate_t *cert); }; -#endif /* CREDENTIAL_SET_H_ @} */ +#endif /** CREDENTIAL_SET_H_ @}*/ diff --git a/src/charon/credentials/sets/auth_info_wrapper.h b/src/charon/credentials/sets/auth_info_wrapper.h index c382e9870..9186715f0 100644 --- a/src/charon/credentials/sets/auth_info_wrapper.h +++ b/src/charon/credentials/sets/auth_info_wrapper.h @@ -52,4 +52,4 @@ struct auth_info_wrapper_t { */ auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth); -#endif /* AUTH_INFO_WRAPPER_H_ @}*/ +#endif /** AUTH_INFO_WRAPPER_H_ @}*/ diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h index 281189d53..40e38e913 100644 --- a/src/charon/credentials/sets/cert_cache.h +++ b/src/charon/credentials/sets/cert_cache.h @@ -70,4 +70,4 @@ struct cert_cache_t { */ cert_cache_t *cert_cache_create(); -#endif /* CERT_CACHE_H_ @}*/ +#endif /** CERT_CACHE_H_ @}*/ diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/charon/credentials/sets/ocsp_response_wrapper.h index 6d32c2ca8..068035884 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.h +++ b/src/charon/credentials/sets/ocsp_response_wrapper.h @@ -52,4 +52,4 @@ struct ocsp_response_wrapper_t { */ ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response); -#endif /* OCSP_RESPONSE_WRAPPER_H_ @}*/ +#endif /** OCSP_RESPONSE_WRAPPER_H_ @}*/ diff --git a/src/charon/daemon.h b/src/charon/daemon.h index 1b9392f8e..d70a88010 100644 --- a/src/charon/daemon.h +++ b/src/charon/daemon.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: daemon.h 4797 2008-12-12 09:13:06Z martin $ + * $Id: daemon.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -330,4 +330,4 @@ struct daemon_t { */ extern daemon_t *charon; -#endif /*DAEMON_H_ @} */ +#endif /** DAEMON_H_ @}*/ diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h index d1d3522d0..5c8755d04 100644 --- a/src/charon/encoding/generator.h +++ b/src/charon/encoding/generator.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: generator.h 4702 2008-11-26 10:42:54Z martin $ + * $Id: generator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -84,4 +84,4 @@ struct generator_t { */ generator_t *generator_create(void); -#endif /*GENERATOR_H_ @} */ +#endif /** GENERATOR_H_ @}*/ diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h index 8cc604ea7..40941c2c9 100644 --- a/src/charon/encoding/message.h +++ b/src/charon/encoding/message.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: message.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: message.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -353,4 +353,4 @@ message_t * message_create_from_packet(packet_t *packet); */ message_t * message_create(void); -#endif /*MESSAGE_H_ @} */ +#endif /** MESSAGE_H_ @}*/ diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h index 58778b57a..222e328d1 100644 --- a/src/charon/encoding/parser.h +++ b/src/charon/encoding/parser.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: parser.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: parser.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -78,4 +78,4 @@ struct parser_t { */ parser_t *parser_create(chunk_t data); -#endif /*PARSER_H_ @} */ +#endif /** PARSER_H_ @}*/ diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h index bdbba9e35..26375a398 100644 --- a/src/charon/encoding/payloads/auth_payload.h +++ b/src/charon/encoding/payloads/auth_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: auth_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: auth_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -101,4 +101,4 @@ struct auth_payload_t { */ auth_payload_t *auth_payload_create(void); -#endif /* AUTH_PAYLOAD_H_ @} */ +#endif /** AUTH_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h index aa16104a8..d6e328850 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/charon/encoding/payloads/cert_payload.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $ + * $Id: cert_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -115,7 +115,6 @@ struct cert_payload_t { /** * Creates an empty certificate payload. * - * @param cert certificate to embed * @return cert_payload_t object */ cert_payload_t *cert_payload_create(void); @@ -137,4 +136,4 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); */ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); -#endif /* CERT_PAYLOAD_H_ @} */ +#endif /** CERT_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h index b835d7ad6..a246f0e93 100644 --- a/src/charon/encoding/payloads/certreq_payload.h +++ b/src/charon/encoding/payloads/certreq_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: certreq_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: certreq_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -89,4 +89,4 @@ certreq_payload_t *certreq_payload_create(void); */ certreq_payload_t *certreq_payload_create_type(certificate_type_t type); -#endif /* CERTREQ_PAYLOAD_H_ @} */ +#endif /** CERTREQ_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h index 4c8673a26..13aaa0e90 100644 --- a/src/charon/encoding/payloads/configuration_attribute.h +++ b/src/charon/encoding/payloads/configuration_attribute.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: configuration_attribute.h 4844 2009-01-20 22:55:13Z andreas $ + * $Id: configuration_attribute.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -127,4 +127,4 @@ struct configuration_attribute_t { */ configuration_attribute_t *configuration_attribute_create(void); -#endif /* CONFIGURATION_ATTRIBUTE_H_ @} */ +#endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h index 0ca75e71d..c31b1667d 100644 --- a/src/charon/encoding/payloads/cp_payload.h +++ b/src/charon/encoding/payloads/cp_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: cp_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: cp_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -110,4 +110,4 @@ struct cp_payload_t { */ cp_payload_t *cp_payload_create(void); -#endif /*CP_PAYLOAD_H_ @} */ +#endif /** CP_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h index 2c1a596b9..862deb9dc 100644 --- a/src/charon/encoding/payloads/delete_payload.h +++ b/src/charon/encoding/payloads/delete_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: delete_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: delete_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -83,4 +83,4 @@ struct delete_payload_t { */ delete_payload_t *delete_payload_create(protocol_id_t protocol_id); -#endif /* DELETE_PAYLOAD_H_ @} */ +#endif /** DELETE_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h index 23558053d..337f82e12 100644 --- a/src/charon/encoding/payloads/eap_payload.h +++ b/src/charon/encoding/payloads/eap_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: eap_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -128,4 +128,4 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); */ eap_payload_t *eap_payload_create_nak(u_int8_t identifier); -#endif /* EAP_PAYLOAD_H_ @} */ +#endif /** EAP_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h index 73c5f9c36..ad98874a2 100644 --- a/src/charon/encoding/payloads/encodings.h +++ b/src/charon/encoding/payloads/encodings.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: encodings.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: encodings.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -527,4 +527,4 @@ struct encoding_rule_t { u_int32_t offset; }; -#endif /*ENCODINGS_H_ @} */ +#endif /** ENCODINGS_H_ @}*/ diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h index e20ff6acc..1d3eeb793 100644 --- a/src/charon/encoding/payloads/encryption_payload.h +++ b/src/charon/encoding/payloads/encryption_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: encryption_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: encryption_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -172,4 +172,4 @@ struct encryption_payload_t { */ encryption_payload_t *encryption_payload_create(void); -#endif /*ENCRYPTION_PAYLOAD_H_ @} */ +#endif /** ENCRYPTION_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h index 9a4a4d7a1..36f483c67 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/charon/encoding/payloads/endpoint_notify.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: endpoint_notify.h 3701 2008-03-31 10:56:49Z tobias $ + * $Id: endpoint_notify.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -172,4 +172,4 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify); -#endif /*ENDPOINT_NOTIFY_H_ @} */ +#endif /** ENDPOINT_NOTIFY_H_ @}*/ diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h index 49e6c214b..9de21cc6a 100644 --- a/src/charon/encoding/payloads/id_payload.h +++ b/src/charon/encoding/payloads/id_payload.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: id_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: id_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -121,4 +121,4 @@ id_payload_t *id_payload_create(payload_type_t payload_type); id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *identification); -#endif /* ID_PAYLOAD_H_ @} */ +#endif /** ID_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h index 5568f081b..7292c2c9c 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/charon/encoding/payloads/ike_header.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_header.h 3666 2008-03-26 18:40:19Z tobias $ + * $Id: ike_header.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -227,4 +227,4 @@ struct ike_header_t { */ ike_header_t *ike_header_create(void); -#endif /*IKE_HEADER_H_ @} */ +#endif /** IKE_HEADER_H_ @}*/ diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h index 222d2ec7c..bc5c9224a 100644 --- a/src/charon/encoding/payloads/ke_payload.h +++ b/src/charon/encoding/payloads/ke_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ke_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ke_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -103,4 +103,4 @@ ke_payload_t *ke_payload_create(void); ke_payload_t *ke_payload_create_from_diffie_hellman( diffie_hellman_t *diffie_hellman); -#endif /* KE_PAYLOAD_H_ @} */ +#endif /** KE_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h index f1e49491d..b433c7023 100644 --- a/src/charon/encoding/payloads/nonce_payload.h +++ b/src/charon/encoding/payloads/nonce_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: nonce_payload.h 4819 2008-12-31 08:58:49Z martin $ + * $Id: nonce_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -77,4 +77,4 @@ struct nonce_payload_t { */ nonce_payload_t *nonce_payload_create(void); -#endif /*NONCE_PAYLOAD_H_ @} */ +#endif /** NONCE_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index 6ee137543..9f7577c26 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: notify_payload.h 4842 2009-01-19 12:32:42Z andreas $ + * $Id: notify_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -215,4 +215,4 @@ notify_payload_t *notify_payload_create(void); notify_payload_t *notify_payload_create_from_protocol_and_type( protocol_id_t protocol_id, notify_type_t type); -#endif /*NOTIFY_PAYLOAD_H_ @} */ +#endif /** NOTIFY_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h index 7a19cc76c..7cb1b7735 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/charon/encoding/payloads/payload.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: payload.h 4875 2009-02-17 17:14:15Z tobias $ + * $Id: payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -271,4 +271,4 @@ struct payload_t { */ payload_t *payload_create(payload_type_t type); -#endif /*PAYLOAD_H_ @} */ +#endif /** PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h index 85daadddc..212366d77 100644 --- a/src/charon/encoding/payloads/proposal_substructure.h +++ b/src/charon/encoding/payloads/proposal_substructure.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: proposal_substructure.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: proposal_substructure.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -172,4 +172,4 @@ proposal_substructure_t *proposal_substructure_create(void); proposal_substructure_t *proposal_substructure_create_from_proposal( proposal_t *proposal); -#endif /*PROPOSAL_SUBSTRUCTURE_H_ @} */ +#endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/ diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h index 34906c889..237432422 100644 --- a/src/charon/encoding/payloads/sa_payload.h +++ b/src/charon/encoding/payloads/sa_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: sa_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: sa_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -114,4 +114,4 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals); */ sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal); -#endif /*SA_PAYLOAD_H_ @} */ +#endif /** SA_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h index 2a2769fb6..9179d1478 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.h +++ b/src/charon/encoding/payloads/traffic_selector_substructure.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: traffic_selector_substructure.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: traffic_selector_substructure.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -150,4 +150,4 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void); traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector( traffic_selector_t *traffic_selector); -#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @} */ +#endif /** TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @}*/ diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h index 891155913..6755ff74c 100644 --- a/src/charon/encoding/payloads/transform_attribute.h +++ b/src/charon/encoding/payloads/transform_attribute.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: transform_attribute.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: transform_attribute.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -131,4 +131,4 @@ transform_attribute_t *transform_attribute_create(void); */ transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length); -#endif /*TRANSFORM_ATTRIBUTE_H_ @} */ +#endif /** TRANSFORM_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h index 6be4b6d1e..cc8adc38a 100644 --- a/src/charon/encoding/payloads/transform_substructure.h +++ b/src/charon/encoding/payloads/transform_substructure.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: transform_substructure.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: transform_substructure.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -173,4 +173,4 @@ transform_substructure_t *transform_substructure_create_type( transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length); -#endif /*TRANSFORM_SUBSTRUCTURE_H_ @} */ +#endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/ diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h index d8a108ddd..91f26f55d 100644 --- a/src/charon/encoding/payloads/ts_payload.h +++ b/src/charon/encoding/payloads/ts_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ts_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ts_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -126,4 +126,4 @@ ts_payload_t *ts_payload_create(bool is_initiator); ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors); -#endif /* TS_PAYLOAD_H_ @} */ +#endif /** TS_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h index 045448f06..03894c619 100644 --- a/src/charon/encoding/payloads/unknown_payload.h +++ b/src/charon/encoding/payloads/unknown_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: unknown_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: unknown_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -78,4 +78,4 @@ struct unknown_payload_t { */ unknown_payload_t *unknown_payload_create(void); -#endif /* UNKNOWN_PAYLOAD_H_ @} */ +#endif /** UNKNOWN_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h index e489bfd5a..b8798f24e 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.h +++ b/src/charon/encoding/payloads/vendor_id_payload.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: vendor_id_payload.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: vendor_id_payload.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -86,4 +86,4 @@ struct vendor_id_payload_t { */ vendor_id_payload_t *vendor_id_payload_create(void); -#endif /* VENDOR_ID_PAYLOAD_H_ @} */ +#endif /** VENDOR_ID_PAYLOAD_H_ @}*/ diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index f078f3a00..f099a94ac 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_interface.c 4655 2008-11-14 13:04:22Z martin $ + * $Id: kernel_interface.c 4997 2009-03-24 10:24:58Z martin $ */ #include "kernel_interface.h" diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h index 3c3b05c81..29a07f74f 100644 --- a/src/charon/kernel/kernel_interface.h +++ b/src/charon/kernel/kernel_interface.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_interface.h 4618 2008-11-11 09:22:00Z tobias $ + * $Id: kernel_interface.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -379,4 +379,4 @@ struct kernel_interface_t { */ kernel_interface_t *kernel_interface_create(void); -#endif /* KERNEL_INTERFACE_H_ @} */ +#endif /** KERNEL_INTERFACE_H_ @}*/ diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h index de7068fb9..24834c4b1 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/charon/kernel/kernel_ipsec.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_ipsec.h 4618 2008-11-11 09:22:00Z tobias $ + * $Id: kernel_ipsec.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -258,4 +258,4 @@ struct kernel_ipsec_t { void (*destroy) (kernel_ipsec_t *this); }; -#endif /* KERNEL_IPSEC_H_ @} */ +#endif /** KERNEL_IPSEC_H_ @}*/ diff --git a/src/charon/kernel/kernel_net.h b/src/charon/kernel/kernel_net.h index 80a71ebc6..df73bc1f9 100644 --- a/src/charon/kernel/kernel_net.h +++ b/src/charon/kernel/kernel_net.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_net.h 4386 2008-10-08 08:23:46Z martin $ + * $Id: kernel_net.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -142,4 +142,4 @@ struct kernel_net_t { void (*destroy) (kernel_net_t *this); }; -#endif /* KERNEL_NET_H_ @} */ +#endif /** KERNEL_NET_H_ @}*/ diff --git a/src/charon/network/packet.h b/src/charon/network/packet.h index 2f126d465..8c1a07ab5 100644 --- a/src/charon/network/packet.h +++ b/src/charon/network/packet.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: packet.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: packet.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -114,4 +114,4 @@ struct packet_t { */ packet_t *packet_create(void); -#endif /*PACKET_H_ @} */ +#endif /** PACKET_H_ @}*/ diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h index 810a51849..36a57df79 100644 --- a/src/charon/network/receiver.h +++ b/src/charon/network/receiver.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: receiver.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: receiver.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -69,4 +69,4 @@ struct receiver_t { */ receiver_t * receiver_create(void); -#endif /*RECEIVER_H_ @} */ +#endif /** RECEIVER_H_ @}*/ diff --git a/src/charon/network/sender.h b/src/charon/network/sender.h index 4a67c7e72..0c92017e4 100644 --- a/src/charon/network/sender.h +++ b/src/charon/network/sender.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: sender.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: sender.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -61,4 +61,4 @@ struct sender_t { */ sender_t * sender_create(void); -#endif /*SENDER_H_ @} */ +#endif /** SENDER_H_ @}*/ diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h index 4e967f721..af5d64edf 100644 --- a/src/charon/network/socket.h +++ b/src/charon/network/socket.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: socket.h 4647 2008-11-13 07:48:27Z martin $ + * $Id: socket.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -101,4 +101,4 @@ struct socket_t { */ socket_t *socket_create(); -#endif /*SOCKET_H_ @} */ +#endif /** SOCKET_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka.h b/src/charon/plugins/eap_aka/eap_aka.h index 118f2c44f..196eaf429 100644 --- a/src/charon/plugins/eap_aka/eap_aka.h +++ b/src/charon/plugins/eap_aka/eap_aka.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_aka.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: eap_aka.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -49,7 +49,7 @@ typedef struct eap_aka_t eap_aka_t; * a sequence number derived from time. It is initialized to the startup * time of the daemon. As long as the (UTC) time of the system is not * turned back while the daemon is not running, this method is secure. - * To enable time based SEQs, #define SEQ_CHECK as 1. Default is to accept + * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept * any SEQ numbers. This allows an attacker to do replay attacks. But since * the server has proven his identity via IKE, such an attack is only * possible between server and AAA (if any). @@ -80,4 +80,4 @@ eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *pee */ eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_AKA_H_ @}*/ +#endif /** EAP_AKA_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/charon/plugins/eap_aka/eap_aka_plugin.h index 506d47f98..5fdc5c768 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.h +++ b/src/charon/plugins/eap_aka/eap_aka_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_aka_plugin.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: eap_aka_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct eap_aka_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_AKA_PLUGIN_H_ @}*/ +#endif /** EAP_AKA_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/charon/plugins/eap_gtc/eap_gtc.h index 478ac81cf..722881249 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.h +++ b/src/charon/plugins/eap_gtc/eap_gtc.h @@ -59,4 +59,4 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee */ eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_GTC_H_ @}*/ +#endif /** EAP_GTC_H_ @}*/ diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h index 8b2f5435f..f858f0d15 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h +++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h @@ -46,4 +46,4 @@ struct eap_gtc_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_GTC_PLUGIN_H_ @}*/ +#endif /** EAP_GTC_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_identity/eap_identity.h b/src/charon/plugins/eap_identity/eap_identity.h index 27b04b7d5..60f62e17c 100644 --- a/src/charon/plugins/eap_identity/eap_identity.h +++ b/src/charon/plugins/eap_identity/eap_identity.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_identity.h 4276 2008-08-22 10:44:51Z martin $ + * $Id: eap_identity.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -58,4 +58,4 @@ eap_identity_t *eap_identity_create_server(identification_t *server, eap_identity_t *eap_identity_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_IDENTITY_H_ @}*/ +#endif /** EAP_IDENTITY_H_ @}*/ diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.h b/src/charon/plugins/eap_identity/eap_identity_plugin.h index d7fa525ce..ddb3ed457 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.h +++ b/src/charon/plugins/eap_identity/eap_identity_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_identity_plugin.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: eap_identity_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct eap_identity_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_IDENTITY_PLUGIN_H_ @}*/ +#endif /** EAP_IDENTITY_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_md5/eap_md5.h b/src/charon/plugins/eap_md5/eap_md5.h index 421e1e602..2617b9aea 100644 --- a/src/charon/plugins/eap_md5/eap_md5.h +++ b/src/charon/plugins/eap_md5/eap_md5.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_md5.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: eap_md5.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee */ eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_MD5_H_ @}*/ +#endif /** EAP_MD5_H_ @}*/ diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.h b/src/charon/plugins/eap_md5/eap_md5_plugin.h index d13794f2e..3adbcfe27 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.h +++ b/src/charon/plugins/eap_md5/eap_md5_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_md5_plugin.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: eap_md5_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct eap_md5_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_MD5_PLUGIN_H_ @}*/ +#endif /** EAP_MD5_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h b/src/charon/plugins/eap_mschapv2/eap_mschapv2.h index 4b6e4531a..d5638db00 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_mschapv2.h 4882 2009-02-18 19:57:15Z tobias $ + * $Id: eap_mschapv2.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat */ eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_MSCHAPV2_H_ @}*/ +#endif /** EAP_MSCHAPV2_H_ @}*/ diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h index 97177947b..0e671c3d6 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_mschapv2_plugin.h 4882 2009-02-18 19:57:15Z tobias $ + * $Id: eap_mschapv2_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct eap_mschapv2_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_MSCHAPV2_PLUGIN_H_ @}*/ +#endif /** EAP_MSCHAPV2_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am new file mode 100644 index 000000000..f7de2f14f --- /dev/null +++ b/src/charon/plugins/eap_radius/Makefile.am @@ -0,0 +1,14 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-eapradius.la + +libstrongswan_eapradius_la_SOURCES = \ + eap_radius_plugin.h eap_radius_plugin.c \ + eap_radius.h eap_radius.c \ + radius_client.h radius_client.c \ + radius_message.h radius_message.c +libstrongswan_eapradius_la_LDFLAGS = -module + diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/charon/plugins/eap_radius/Makefile.in new file mode 100644 index 000000000..329ff981b --- /dev/null +++ b/src/charon/plugins/eap_radius/Makefile.in @@ -0,0 +1,506 @@ +# Makefile.in generated by automake 1.10.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/charon/plugins/eap_radius +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(plugindir)" +pluginLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_eapradius_la_LIBADD = +am_libstrongswan_eapradius_la_OBJECTS = eap_radius_plugin.lo \ + eap_radius.lo radius_client.lo radius_message.lo +libstrongswan_eapradius_la_OBJECTS = \ + $(am_libstrongswan_eapradius_la_OBJECTS) +libstrongswan_eapradius_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapradius_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eapradius_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eapradius_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ +IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LINUX_HEADERS = @LINUX_HEADERS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +confdir = @confdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linuxdir = @linuxdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +resolv_conf = @resolv_conf@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +simreader = @simreader@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-eapradius.la +libstrongswan_eapradius_la_SOURCES = \ + eap_radius_plugin.h eap_radius_plugin.c \ + eap_radius.h eap_radius.c \ + radius_client.h radius_client.c \ + radius_message.h radius_message.c + +libstrongswan_eapradius_la_LDFLAGS = -module +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + else :; fi; \ + done + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eapradius.la: $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_DEPENDENCIES) + $(libstrongswan_eapradius_la_LINK) -rpath $(plugindir) $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_client.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_message.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c new file mode 100644 index 000000000..1a02c5acf --- /dev/null +++ b/src/charon/plugins/eap_radius/eap_radius.c @@ -0,0 +1,276 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "eap_radius.h" + +#include "radius_message.h" +#include "radius_client.h" + +#include <daemon.h> + + +typedef struct private_eap_radius_t private_eap_radius_t; + +/** + * Private data of an eap_radius_t object. + */ +struct private_eap_radius_t { + + /** + * Public authenticator_t interface. + */ + eap_radius_t public; + + /** + * ID of the server + */ + identification_t *server; + + /** + * ID of the peer + */ + identification_t *peer; + + /** + * EAP method type we are proxying + */ + eap_type_t type; + + /** + * EAP vendor, if any + */ + u_int32_t vendor; + + /** + * EAP MSK, if method established one + */ + chunk_t msk; + + /** + * RADIUS client instance + */ + radius_client_t *client; +}; + +/** + * Add EAP-Identity to RADIUS message + */ +static void add_eap_identity(private_eap_radius_t *this, + radius_message_t *request) +{ + struct { + /** EAP code (REQUEST/RESPONSE) */ + u_int8_t code; + /** unique message identifier */ + u_int8_t identifier; + /** length of whole message */ + u_int16_t length; + /** EAP type */ + u_int8_t type; + /** identity data */ + u_int8_t data[]; + } __attribute__((__packed__)) *hdr; + chunk_t id; + size_t len; + + id = this->peer->get_encoding(this->peer); + len = sizeof(*hdr) + id.len; + + hdr = alloca(len); + hdr->code = EAP_RESPONSE; + hdr->identifier = 0; + hdr->length = htons(len); + hdr->type = EAP_IDENTITY; + memcpy(hdr->data, id.ptr, id.len); + + request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len)); +} + +/** + * Copy EAP-Message attribute from RADIUS message to an new EAP payload + */ +static bool radius2ike(private_eap_radius_t *this, + radius_message_t *msg, eap_payload_t **out) +{ + enumerator_t *enumerator; + eap_payload_t *payload; + chunk_t data; + int type; + + enumerator = msg->create_enumerator(msg); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == RAT_EAP_MESSAGE) + { + *out = payload = eap_payload_create_data(data); + /* apply EAP method selected by RADIUS server */ + this->type = payload->get_type(payload, &this->vendor); + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +/** + * Implementation of eap_method_t.initiate + */ +static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) +{ + radius_message_t *request, *response; + status_t status = FAILED; + + request = radius_message_create_request(); + request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); + add_eap_identity(this, request); + response = this->client->request(this->client, request); + if (response) + { + if (radius2ike(this, response, out)) + { + status = NEED_MORE; + } + response->destroy(response); + } + request->destroy(request); + return status; +} + +/** + * Implementation of eap_method_t.process + */ +static status_t process(private_eap_radius_t *this, + eap_payload_t *in, eap_payload_t **out) +{ + radius_message_t *request, *response; + status_t status = FAILED; + + request = radius_message_create_request(); + request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); + request->add(request, RAT_EAP_MESSAGE, in->get_data(in)); + + response = this->client->request(this->client, request); + if (response) + { + switch (response->get_code(response)) + { + case RMC_ACCESS_CHALLENGE: + if (radius2ike(this, response, out)) + { + status = NEED_MORE; + break; + } + status = FAILED; + break; + case RMC_ACCESS_ACCEPT: + this->msk = this->client->decrypt_msk(this->client, + response, request); + status = SUCCESS; + break; + case RMC_ACCESS_REJECT: + default: + DBG1(DBG_CFG, "received %N from RADIUS server", + radius_message_code_names, response->get_code(response)); + status = FAILED; + break; + } + response->destroy(response); + } + request->destroy(request); + return status; +} + +/** + * Implementation of eap_method_t.get_type. + */ +static eap_type_t get_type(private_eap_radius_t *this, u_int32_t *vendor) +{ + *vendor = this->vendor; + return this->type; +} + +/** + * Implementation of eap_method_t.get_msk. + */ +static status_t get_msk(private_eap_radius_t *this, chunk_t *msk) +{ + if (this->msk.ptr) + { + *msk = this->msk; + return SUCCESS; + } + return FAILED; +} + +/** + * Implementation of eap_method_t.is_mutual. + */ +static bool is_mutual(private_eap_radius_t *this) +{ + switch (this->type) + { + case EAP_AKA: + case EAP_SIM: + return TRUE; + default: + return FALSE; + } +} + +/** + * Implementation of eap_method_t.destroy. + */ +static void destroy(private_eap_radius_t *this) +{ + this->peer->destroy(this->peer); + this->server->destroy(this->server); + this->client->destroy(this->client); + chunk_clear(&this->msk); + free(this); +} + +/** + * Generic constructor + */ +eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer) +{ + private_eap_radius_t *this = malloc_thing(private_eap_radius_t); + + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; + this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; + this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; + this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; + this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; + this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; + + this->client = radius_client_create(); + if (!this->client) + { + free(this); + return NULL; + } + this->peer = peer->clone(peer); + this->server = server->clone(server); + /* initially EAP_RADIUS, but is set to the method selected by RADIUS */ + this->type = EAP_RADIUS; + this->vendor = 0; + this->msk = chunk_empty; + + return &this->public; +} + diff --git a/src/charon/plugins/eap_radius/eap_radius.h b/src/charon/plugins/eap_radius/eap_radius.h new file mode 100644 index 000000000..7cb0a8615 --- /dev/null +++ b/src/charon/plugins/eap_radius/eap_radius.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup eap_radius_i eap_radius + * @{ @ingroup eap_radius + */ + +#ifndef EAP_RADIUS_H_ +#define EAP_RADIUS_H_ + +typedef struct eap_radius_t eap_radius_t; + +#include <sa/authenticators/eap/eap_method.h> + +/** + * Implementation of the eap_method_t interface using a RADIUS server. + */ +struct eap_radius_t { + + /** + * Implemented eap_method_t interface. + */ + eap_method_t eap_method_interface; +}; + +/** + * Create a EAP RADIUS proxy. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_radius_t object + */ +eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer); + +#endif /** EAP_RADIUS_H_ @}*/ diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/charon/plugins/eap_radius/eap_radius_plugin.c new file mode 100644 index 000000000..a429859a7 --- /dev/null +++ b/src/charon/plugins/eap_radius/eap_radius_plugin.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "eap_radius_plugin.h" + +#include "eap_radius.h" +#include "radius_client.h" + +#include <daemon.h> + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(eap_radius_plugin_t *this) +{ + charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_radius_create); + radius_client_cleanup(); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + eap_radius_plugin_t *this; + + if (!radius_client_init()) + { + DBG1(DBG_CFG, "RADIUS plugin initialization failed"); + return NULL; + } + + this = malloc_thing(eap_radius_plugin_t); + this->plugin.destroy = (void(*)(plugin_t*))destroy; + + charon->eap->add_method(charon->eap, EAP_RADIUS, 0, + EAP_SERVER, (eap_constructor_t)eap_radius_create); + + return &this->plugin; +} + diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.h b/src/charon/plugins/eap_radius/eap_radius_plugin.h new file mode 100644 index 000000000..3ed194619 --- /dev/null +++ b/src/charon/plugins/eap_radius/eap_radius_plugin.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup eap_radius eap_radius + * @ingroup cplugins + * + * @defgroup eap_radius_plugin eap_radius_plugin + * @{ @ingroup eap_radius + */ + +#ifndef EAP_RADIUS_PLUGIN_H_ +#define EAP_RADIUS_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct eap_radius_plugin_t eap_radius_plugin_t; + +/** + * EAP RADIUS proxy plugin. + * + * This plugin provides not a single EAP method, but a proxy to forwared + * EAP packets to a RADIUS server. It only provides server implementations. + */ +struct eap_radius_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a eap_radius_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** EAP_RADIUS_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c new file mode 100644 index 000000000..a3ab1dd78 --- /dev/null +++ b/src/charon/plugins/eap_radius/radius_client.c @@ -0,0 +1,495 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "radius_client.h" + +#include <unistd.h> +#include <errno.h> + +#include <daemon.h> +#include <utils/host.h> +#include <utils/linked_list.h> +#include <utils/mutex.h> + +/** + * Default RADIUS server port, when not configured + */ +#define RADIUS_PORT 1812 + +/** + * Vendor-Id of Microsoft specific attributes + */ +#define VENDOR_ID_MICROSOFT 311 + +/** + * Microsoft specific vendor attributes + */ +#define MS_MPPE_SEND_KEY 16 +#define MS_MPPE_RECV_KEY 17 + +typedef struct private_radius_client_t private_radius_client_t; + +typedef struct entry_t entry_t; + +/** + * A socket pool entry. + */ +struct entry_t { + /** socket file descriptor */ + int fd; + /** current RADIUS identifier */ + u_int8_t identifier; + /** hasher to use for response verification */ + hasher_t *hasher; + /** HMAC-MD5 signer to build Message-Authenticator attribute */ + signer_t *signer; + /** random number generator for RADIUS request authenticator */ + rng_t *rng; +}; + +/** + * Private data of an radius_client_t object. + */ +struct private_radius_client_t { + + /** + * Public radius_client_t interface. + */ + radius_client_t public; + + /** + * RADIUS servers State attribute + */ + chunk_t state; +}; + +/** + * Global list of radius sockets, contains entry_t's + */ +static linked_list_t *sockets; + +/** + * mutex to lock sockets list + */ +static mutex_t *mutex; + +/** + * condvar to wait for sockets + */ +static condvar_t *condvar; + +/** + * RADIUS secret + */ +static chunk_t secret; + +/** + * NAS-Identifier + */ +static chunk_t nas_identifier; + +/** + * Clean up socket list + */ +void radius_client_cleanup() +{ + entry_t *entry; + + mutex->destroy(mutex); + condvar->destroy(condvar); + while (sockets->remove_last(sockets, (void**)&entry) == SUCCESS) + { + entry->rng->destroy(entry->rng); + entry->hasher->destroy(entry->hasher); + entry->signer->destroy(entry->signer); + close(entry->fd); + free(entry); + } + sockets->destroy(sockets); +} + +/** + * Initialize the socket list + */ +bool radius_client_init() +{ + int i, count, fd; + u_int16_t port; + entry_t *entry; + host_t *host; + char *server; + + nas_identifier.ptr = lib->settings->get_str(lib->settings, + "charon.plugins.eap_radius.nas_identifier", "strongSwan"); + nas_identifier.len = strlen(nas_identifier.ptr); + + secret.ptr = lib->settings->get_str(lib->settings, + "charon.plugins.eap_radius.secret", NULL); + if (!secret.ptr) + { + DBG1(DBG_CFG, "no RADUIS secret defined"); + return FALSE; + } + secret.len = strlen(secret.ptr); + server = lib->settings->get_str(lib->settings, + "charon.plugins.eap_radius.server", NULL); + if (!server) + { + DBG1(DBG_CFG, "no RADUIS server defined"); + return FALSE; + } + port = lib->settings->get_int(lib->settings, + "charon.plugins.eap_radius.port", RADIUS_PORT); + host = host_create_from_dns(server, 0, port); + if (!host) + { + return FALSE; + } + count = lib->settings->get_int(lib->settings, + "charon.plugins.eap_radius.sockets", 1); + + sockets = linked_list_create(); + mutex = mutex_create(MUTEX_DEFAULT); + condvar = condvar_create(CONDVAR_DEFAULT); + for (i = 0; i < count; i++) + { + fd = socket(host->get_family(host), SOCK_DGRAM, IPPROTO_UDP); + if (fd < 0) + { + DBG1(DBG_CFG, "opening RADIUS socket failed"); + host->destroy(host); + radius_client_cleanup(); + return FALSE; + } + if (connect(fd, host->get_sockaddr(host), + *host->get_sockaddr_len(host)) < 0) + { + DBG1(DBG_CFG, "connecting RADIUS socket failed"); + host->destroy(host); + radius_client_cleanup(); + return FALSE; + } + entry = malloc_thing(entry_t); + entry->fd = fd; + /* we use per-socket crypto elements: this reduces overhead, but + * is still thread-save. */ + entry->hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + entry->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128); + entry->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!entry->hasher || !entry->signer || !entry->rng) + { + DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required"); + DESTROY_IF(entry->hasher); + DESTROY_IF(entry->signer); + DESTROY_IF(entry->rng); + free(entry); + host->destroy(host); + radius_client_cleanup(); + return FALSE; + } + entry->signer->set_key(entry->signer, secret); + /* we use a random identifier, helps if we restart often (testing) */ + entry->identifier = random(); + sockets->insert_last(sockets, entry); + } + host->destroy(host); + return TRUE; +} + +/** + * Get a socket from the pool, block if none available + */ +static entry_t* get_socket() +{ + entry_t *entry; + + mutex->lock(mutex); + while (sockets->remove_first(sockets, (void**)&entry) != SUCCESS) + { + condvar->wait(condvar, mutex); + } + mutex->unlock(mutex); + return entry; +} + +/** + * Release a socket to the pool + */ +static void put_socket(entry_t *entry) +{ + mutex->lock(mutex); + sockets->insert_last(sockets, entry); + mutex->unlock(mutex); + condvar->signal(condvar); +} + +/** + * Save the state attribute to include in further request + */ +static void save_state(private_radius_client_t *this, radius_message_t *msg) +{ + enumerator_t *enumerator; + int type; + chunk_t data; + + enumerator = msg->create_enumerator(msg); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == RAT_STATE) + { + free(this->state.ptr); + this->state = chunk_clone(data); + enumerator->destroy(enumerator); + return; + } + } + enumerator->destroy(enumerator); + /* no state attribute found, remove state */ + chunk_free(&this->state); +} + +/** + * Implementation of radius_client_t.request + */ +static radius_message_t* request(private_radius_client_t *this, + radius_message_t *req) +{ + char virtual[] = {0x00,0x00,0x00,0x05}; + entry_t *socket; + chunk_t data; + int i; + + socket = get_socket(); + + /* set Message Identifier */ + req->set_identifier(req, socket->identifier++); + /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */ + req->add(req, RAT_NAS_PORT_TYPE, chunk_create(virtual, sizeof(virtual))); + /* add our NAS-Identifier */ + req->add(req, RAT_NAS_IDENTIFIER, nas_identifier); + /* add State attribute, if server sent one */ + if (this->state.ptr) + { + req->add(req, RAT_STATE, this->state); + } + /* sign the request */ + req->sign(req, socket->rng, socket->signer); + + data = req->get_encoding(req); + /* timeout after 2, 3, 4, 5 seconds */ + for (i = 2; i <= 5; i++) + { + radius_message_t *response; + bool retransmit = FALSE; + struct timeval tv; + char buf[1024]; + fd_set fds; + int res; + + if (send(socket->fd, data.ptr, data.len, 0) != data.len) + { + DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno)); + put_socket(socket); + return NULL; + } + tv.tv_sec = i; + tv.tv_usec = 0; + + while (TRUE) + { + FD_ZERO(&fds); + FD_SET(socket->fd, &fds); + res = select(socket->fd + 1, &fds, NULL, NULL, &tv); + /* TODO: updated tv to time not waited. Linux does this for us. */ + if (res < 0) + { /* failed */ + DBG1(DBG_CFG, "waiting for RADIUS message failed: %s", + strerror(errno)); + break; + } + if (res == 0) + { /* timeout */ + DBG1(DBG_CFG, "retransmitting RADIUS message"); + retransmit = TRUE; + break; + } + res = recv(socket->fd, buf, sizeof(buf), MSG_DONTWAIT); + if (res <= 0) + { + DBG1(DBG_CFG, "receiving RADIUS message failed: %s", + strerror(errno)); + break; + } + response = radius_message_parse_response(chunk_create(buf, res)); + if (response) + { + if (response->verify(response, req->get_authenticator(req), + secret, socket->hasher, socket->signer)) + { + save_state(this, response); + put_socket(socket); + return response; + } + response->destroy(response); + } + DBG1(DBG_CFG, "received invalid RADIUS message, ignored"); + } + if (!retransmit) + { + break; + } + } + DBG1(DBG_CFG, "RADIUS server is not responding"); + put_socket(socket); + return NULL; +} + +/** + * Decrypt a MS-MPPE-Send/Recv-Key + */ +static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, + chunk_t C, radius_message_t *request) +{ + chunk_t A, R, P, seed; + u_char *c, *p; + hasher_t *hasher; + + /** + * From RFC2548 (encryption): + * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) + * b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2) + * . . . + * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) + */ + + if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5) + { + return chunk_empty; + } + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + if (!hasher) + { + return chunk_empty; + } + + A = chunk_create((u_char*)&salt, sizeof(salt)); + R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5); + P = chunk_alloca(C.len); + p = P.ptr; + c = C.ptr; + + seed = chunk_cata("cc", R, A); + + while (c < C.ptr + C.len) + { + /* b(i) = MD5(S + c(i-1)) */ + hasher->get_hash(hasher, secret, NULL); + hasher->get_hash(hasher, seed, p); + + /* p(i) = b(i) xor c(1) */ + memxor(p, c, HASH_SIZE_MD5); + + /* prepare next round */ + seed = chunk_create(c, HASH_SIZE_MD5); + c += HASH_SIZE_MD5; + p += HASH_SIZE_MD5; + } + hasher->destroy(hasher); + + /* remove truncation, first byte is key length */ + if (*P.ptr >= P.len) + { /* decryption failed? */ + return chunk_empty; + } + return chunk_clone(chunk_create(P.ptr + 1, *P.ptr)); +} + +/** + * Implementation of radius_client_t.decrypt_msk + */ +static chunk_t decrypt_msk(private_radius_client_t *this, + radius_message_t *response, radius_message_t *request) +{ + struct { + u_int32_t id; + u_int8_t type; + u_int8_t length; + u_int16_t salt; + u_int8_t key[]; + } __attribute__((packed)) *mppe_key; + enumerator_t *enumerator; + chunk_t data, send = chunk_empty, recv = chunk_empty; + int type; + + enumerator = response->create_enumerator(response); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == RAT_VENDOR_SPECIFIC && + data.len > sizeof(*mppe_key)) + { + mppe_key = (void*)data.ptr; + if (ntohl(mppe_key->id) == VENDOR_ID_MICROSOFT && + mppe_key->length == data.len - sizeof(mppe_key->id)) + { + data = chunk_create(mppe_key->key, data.len - sizeof(*mppe_key)); + if (mppe_key->type == MS_MPPE_SEND_KEY) + { + send = decrypt_mppe_key(this, mppe_key->salt, data, request); + } + if (mppe_key->type == MS_MPPE_RECV_KEY) + { + recv = decrypt_mppe_key(this, mppe_key->salt, data, request); + } + } + } + } + enumerator->destroy(enumerator); + if (send.ptr && recv.ptr) + { + return chunk_cat("mm", recv, send); + } + chunk_clear(&send); + chunk_clear(&recv); + return chunk_empty; +} + +/** + * Implementation of radius_client_t.destroy. + */ +static void destroy(private_radius_client_t *this) +{ + free(this->state.ptr); + free(this); +} + +/** + * See header + */ +radius_client_t *radius_client_create() +{ + private_radius_client_t *this = malloc_thing(private_radius_client_t); + + this->public.request = (radius_message_t*(*)(radius_client_t*, radius_message_t *msg))request; + this->public.decrypt_msk = (chunk_t(*)(radius_client_t*, radius_message_t *, radius_message_t *))decrypt_msk; + this->public.destroy = (void(*)(radius_client_t*))destroy; + + this->state = chunk_empty; + + return &this->public; +} + diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/charon/plugins/eap_radius/radius_client.h new file mode 100644 index 000000000..2207b8713 --- /dev/null +++ b/src/charon/plugins/eap_radius/radius_client.h @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup radius_client radius_client + * @{ @ingroup eap_radius + */ + +#ifndef RADIUS_CLIENT_H_ +#define RADIUS_CLIENT_H_ + +#include "radius_message.h" + +typedef struct radius_client_t radius_client_t; + +/** + * RADIUS client functionality. + * + * To communicate with a RADIUS server, create a client and send messages over + * it. All instances share a fixed size pool of sockets. The client reserves + * a socket during request() and releases it afterwards. + */ +struct radius_client_t { + + /** + * Send a RADIUS request and wait for the response. + * + * The client fills in RADIUS Message identifier, NAS-Identifier, + * NAS-Port-Type, builds a Request-Authenticator and calculates the + * Message-Authenticator attribute. + * The received response gets verified using the Response-Identifier + * and the Message-Authenticator attribute. + * + * @param msg RADIUS request message to send + * @return response, NULL if timed out/verification failed + */ + radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg); + + /** + * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key. + * + * @param response RADIUS response message containing attributes + * @param request associated RADIUS request message + * @return allocated MSK, empty chunk if none found + */ + chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response, + radius_message_t *request); + + /** + * Destroy the client, release the socket. + */ + void (*destroy)(radius_client_t *this); +}; + +/** + * Create a RADIUS client, acquire a socket. + * + * This call might block if the socket pool is empty. + * + * @return radius_client_t object + */ +radius_client_t *radius_client_create(); + +/** + * Initialize the socket pool. + * + * @return TRUE if initialization successful + */ +bool radius_client_init(); + +/** + * Cleanup the socket pool. + */ +void radius_client_cleanup(); + +#endif /** RADIUS_CLIENT_H_ @}*/ diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/charon/plugins/eap_radius/radius_message.c new file mode 100644 index 000000000..a95d2bb93 --- /dev/null +++ b/src/charon/plugins/eap_radius/radius_message.c @@ -0,0 +1,477 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "radius_message.h" + +#include <daemon.h> +#include <crypto/hashers/hasher.h> + +typedef struct private_radius_message_t private_radius_message_t; +typedef struct rmsg_t rmsg_t; +typedef struct rattr_t rattr_t; + +/** + * RADIUS message header + */ +struct rmsg_t { + /** message code, radius_message_code_t */ + u_int8_t code; + /** message identifier */ + u_int8_t identifier; + /** length of Code, Identifier, Length, Authenticator and Attributes */ + u_int16_t length; + /** message authenticator, MD5 hash */ + u_int8_t authenticator[HASH_SIZE_MD5]; + /** variable list of packed attributes */ + u_int8_t attributes[]; +} __attribute__((packed)); + +/** + * RADIUS message attribute. + */ +struct rattr_t { + /** attribute type, radius_attribute_type_t */ + u_int8_t type; + /** length of the attriubte, including the Type, Length and Value fields */ + u_int8_t length; + /** variable length attribute value */ + u_int8_t value[]; +} __attribute__((packed)); + +/** + * Private data of an radius_message_t object. + */ +struct private_radius_message_t { + + /** + * Public radius_message_t interface. + */ + radius_message_t public; + + /** + * message data, allocated + */ + rmsg_t *msg; +}; + +ENUM_BEGIN(radius_message_code_names, RMC_ACCESS_REQUEST, RMC_ACCOUNTING_RESPONSE, + "Access-Request", + "Access-Accept", + "Access-Reject", + "Accounting-Request", + "Accounting-Response"); +ENUM_NEXT(radius_message_code_names, RMC_ACCESS_CHALLENGE, RMC_ACCESS_CHALLENGE, RMC_ACCOUNTING_RESPONSE, + "Access-Challenge"); +ENUM_END(radius_message_code_names, RMC_ACCESS_CHALLENGE); + +ENUM(radius_attribute_type_names, RAT_USER_NAME, RAT_MIP6_HOME_LINK_PREFIX, + "User-Name", + "User-Password", + "CHAP-Password", + "NAS-IP-Address", + "NAS-Port", + "Service-Type", + "Framed-Protocol", + "Framed-IP-Address", + "Framed-IP-Netmask", + "Framed-Routing", + "Filter-Id", + "Framed-MTU", + "Framed-Compression", + "Login-IP-Host", + "Login-Service", + "Login-TCP-Port", + "Unassigned", + "Reply-Message", + "Callback-Number", + "Callback-Id", + "Unassigned", + "Framed-Route", + "Framed-IPX-Network", + "State", + "Class", + "Vendor-Specific", + "Session-Timeout", + "Idle-Timeout", + "Termination-Action", + "Called-Station-Id", + "Calling-Station-Id", + "NAS-Identifier", + "Proxy-State", + "Login-LAT-Service", + "Login-LAT-Node", + "Login-LAT-Group", + "Framed-AppleTalk-Link", + "Framed-AppleTalk-Network", + "Framed-AppleTalk-Zone", + "Acct-Status-Type", + "Acct-Delay-Time", + "Acct-Input-Octets", + "Acct-Output-Octets", + "Acct-Session-Id", + "Acct-Authentic", + "Acct-Session-Time", + "Acct-Input-Packets", + "Acct-Output-Packets", + "Acct-Terminate-Cause", + "Acct-Multi-Session-Id", + "Acct-Link-Count", + "Acct-Input-Gigawords", + "Acct-Output-Gigawords", + "Unassigned", + "Event-Timestamp", + "Egress-VLANID", + "Ingress-Filters", + "Egress-VLAN-Name", + "User-Priority-Table", + "CHAP-Challenge", + "NAS-Port-Type", + "Port-Limit", + "Login-LAT-Port", + "Tunnel-Type", + "Tunnel-Medium-Type", + "Tunnel-Client-Endpoint", + "Tunnel-Server-Endpoint", + "Acct-Tunnel-Connection", + "Tunnel-Password", + "ARAP-Password", + "ARAP-Features", + "ARAP-Zone-Access", + "ARAP-Security", + "ARAP-Security-Data", + "Password-Retry", + "Prompt", + "Connect-Info", + "Configuration-Token", + "EAP-Message", + "Message-Authenticator", + "Tunnel-Private-Group-ID", + "Tunnel-Assignment-ID", + "Tunnel-Preference", + "ARAP-Challenge-Response", + "Acct-Interim-Interval", + "Acct-Tunnel-Packets-Lost", + "NAS-Port-Id", + "Framed-Pool", + "CUI", + "Tunnel-Client-Auth-ID", + "Tunnel-Server-Auth-ID", + "NAS-Filter-Rule", + "Unassigned", + "Originating-Line-Info", + "NAS-IPv6-Address", + "Framed-Interface-Id", + "Framed-IPv6-Prefix", + "Login-IPv6-Host", + "Framed-IPv6-Route", + "Framed-IPv6-Pool", + "Error-Cause", + "EAP-Key-Name", + "Digest-Response", + "Digest-Realm", + "Digest-Nonce", + "Digest-Response-Auth", + "Digest-Nextnonce", + "Digest-Method", + "Digest-URI", + "Digest-Qop", + "Digest-Algorithm", + "Digest-Entity-Body-Hash", + "Digest-CNonce", + "Digest-Nonce-Count", + "Digest-Username", + "Digest-Opaque", + "Digest-Auth-Param", + "Digest-AKA-Auts", + "Digest-Domain", + "Digest-Stale", + "Digest-HA1", + "SIP-AOR", + "Delegated-IPv6-Prefix", + "MIP6-Feature-Vector", + "MIP6-Home-Link-Prefix"); + +/** + * Attribute enumerator implementation + */ +typedef struct { + /** implements enumerator interface */ + enumerator_t public; + /** currently pointing attribute */ + rattr_t *next; + /** bytes left */ + int left; +} attribute_enumerator_t; + + +/** + * Implementation of attribute_enumerator_t.enumerate + */ +static bool attribute_enumerate(attribute_enumerator_t *this, + int *type, chunk_t *data) + +{ + if (this->left == 0) + { + return FALSE; + } + if (this->left < sizeof(rattr_t) || + this->left < this->next->length) + { + DBG1(DBG_IKE, "RADIUS message truncated"); + return FALSE; + } + *type = this->next->type; + data->ptr = this->next->value; + data->len = this->next->length - sizeof(rattr_t); + this->left -= this->next->length; + this->next = ((void*)this->next) + this->next->length; + return TRUE; +} + +/** + * Implementation of radius_message_t.create_enumerator + */ +static enumerator_t* create_enumerator(private_radius_message_t *this) +{ + attribute_enumerator_t *e; + + if (ntohs(this->msg->length) < sizeof(rmsg_t) + sizeof(rattr_t)) + { + return enumerator_create_empty(); + } + + e = malloc_thing(attribute_enumerator_t); + e->public.enumerate = (void*)attribute_enumerate; + e->public.destroy = (void*)free; + e->next = (rattr_t*)this->msg->attributes; + e->left = ntohs(this->msg->length) - sizeof(rmsg_t); + return &e->public; +} + +/** + * Implementation of radius_message_t.add + */ +static void add(private_radius_message_t *this, radius_attribute_type_t type, + chunk_t data) +{ + rattr_t *attribute; + + this->msg = realloc(this->msg, + ntohs(this->msg->length) + sizeof(rattr_t) + data.len); + attribute = ((void*)this->msg) + ntohs(this->msg->length); + attribute->type = type; + attribute->length = data.len + sizeof(rattr_t); + memcpy(attribute->value, data.ptr, data.len); + this->msg->length = htons(ntohs(this->msg->length) + attribute->length); +} + +/** + * Implementation of radius_message_t.sign + */ +static void sign(private_radius_message_t *this, rng_t *rng, signer_t *signer) +{ + char buf[HASH_SIZE_MD5]; + + /* build Request-Authenticator */ + rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator); + + /* build Message-Authenticator attribute, using 16 null bytes */ + memset(buf, 0, sizeof(buf)); + add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf))); + signer->get_signature(signer, + chunk_create((u_char*)this->msg, ntohs(this->msg->length)), + ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5); +} + +/** + * Implementation of radius_message_t.verify + */ +static bool verify(private_radius_message_t *this, u_int8_t *req_auth, + chunk_t secret, hasher_t *hasher, signer_t *signer) +{ + char buf[HASH_SIZE_MD5], res_auth[HASH_SIZE_MD5]; + enumerator_t *enumerator; + int type; + chunk_t data, msg; + bool has_eap = FALSE, has_auth = FALSE; + + /* replace Response by Request Authenticator for verification */ + memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5); + memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5); + msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); + + /* verify Response-Authenticator */ + hasher->get_hash(hasher, msg, NULL); + hasher->get_hash(hasher, secret, buf); + if (!memeq(buf, res_auth, HASH_SIZE_MD5)) + { + DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed"); + return FALSE; + } + + /* verify Message-Authenticator attribute */ + enumerator = create_enumerator(this); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == RAT_MESSAGE_AUTHENTICATOR) + { + if (data.len != HASH_SIZE_MD5) + { + DBG1(DBG_CFG, "RADIUS Message-Authenticator invalid length"); + enumerator->destroy(enumerator); + return FALSE; + } + memcpy(buf, data.ptr, data.len); + memset(data.ptr, 0, data.len); + if (signer->verify_signature(signer, msg, + chunk_create(buf, sizeof(buf)))) + { + /* restore Message-Authenticator */ + memcpy(data.ptr, buf, data.len); + has_auth = TRUE; + break; + } + else + { + DBG1(DBG_CFG, "RADIUS Message-Authenticator verification failed"); + enumerator->destroy(enumerator); + return FALSE; + } + } + else if (type == RAT_EAP_MESSAGE) + { + has_eap = TRUE; + } + } + enumerator->destroy(enumerator); + /* restore Response-Authenticator */ + memcpy(this->msg->authenticator, res_auth, HASH_SIZE_MD5); + + if (has_eap && !has_auth) + { /* Message-Authenticator is required if we have an EAP-Message */ + DBG1(DBG_CFG, "RADIUS Message-Authenticator attribute missing"); + return FALSE; + } + return TRUE; +} + +/** + * Implementation of radius_message_t.get_code + */ +static radius_message_code_t get_code(private_radius_message_t *this) +{ + return this->msg->code; +} + +/** + * Implementation of radius_message_t.get_identifier + */ +static u_int8_t get_identifier(private_radius_message_t *this) +{ + return this->msg->identifier; +} + +/** + * Implementation of radius_message_t.set_identifier + */ +static void set_identifier(private_radius_message_t *this, u_int8_t identifier) +{ + this->msg->identifier = identifier; +} + +/** + * Implementation of radius_message_t.get_authenticator + */ +static u_int8_t* get_authenticator(private_radius_message_t *this) +{ + return this->msg->authenticator; +} + + +/** + * Implementation of radius_message_t.get_encoding + */ +static chunk_t get_encoding(private_radius_message_t *this) +{ + return chunk_create((u_char*)this->msg, ntohs(this->msg->length)); +} + +/** + * Implementation of radius_message_t.destroy. + */ +static void destroy(private_radius_message_t *this) +{ + free(this->msg); + free(this); +} + +/** + * Generic constructor + */ +static private_radius_message_t *radius_message_create() +{ + private_radius_message_t *this = malloc_thing(private_radius_message_t); + + this->public.create_enumerator = (enumerator_t*(*)(radius_message_t*))create_enumerator; + this->public.add = (void(*)(radius_message_t*, radius_attribute_type_t,chunk_t))add; + this->public.get_code = (radius_message_code_t(*)(radius_message_t*))get_code; + this->public.get_identifier = (u_int8_t(*)(radius_message_t*))get_identifier; + this->public.set_identifier = (void(*)(radius_message_t*, u_int8_t identifier))set_identifier; + this->public.get_authenticator = (u_int8_t*(*)(radius_message_t*))get_authenticator; + this->public.get_encoding = (chunk_t(*)(radius_message_t*))get_encoding; + this->public.sign = (void(*)(radius_message_t*, rng_t *rng, signer_t *signer))sign; + this->public.verify = (bool(*)(radius_message_t*, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer))verify; + this->public.destroy = (void(*)(radius_message_t*))destroy; + + return this; +} + +/** + * See header + */ +radius_message_t *radius_message_create_request() +{ + private_radius_message_t *this = radius_message_create(); + + this->msg = malloc_thing(rmsg_t); + this->msg->code = RMC_ACCESS_REQUEST; + this->msg->identifier = 0; + this->msg->length = htons(sizeof(rmsg_t)); + + return &this->public; +} + +/** + * See header + */ +radius_message_t *radius_message_parse_response(chunk_t data) +{ + private_radius_message_t *this = radius_message_create(); + + this->msg = malloc(data.len); + memcpy(this->msg, data.ptr, data.len); + if (data.len < sizeof(rmsg_t) || + ntohs(this->msg->length) != data.len) + { + DBG1(DBG_IKE, "RADIUS message has invalid length"); + destroy(this); + return NULL; + } + return &this->public; +} + diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/charon/plugins/eap_radius/radius_message.h new file mode 100644 index 000000000..d195bbe23 --- /dev/null +++ b/src/charon/plugins/eap_radius/radius_message.h @@ -0,0 +1,278 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup radius_message radius_message + * @{ @ingroup eap_radius + */ + +#ifndef RADIUS_MESSAGE_H_ +#define RADIUS_MESSAGE_H_ + +#include <library.h> + +typedef struct radius_message_t radius_message_t; +typedef enum radius_message_code_t radius_message_code_t; +typedef enum radius_attribute_type_t radius_attribute_type_t; + +/** + * RADIUS Message Codes. + */ +enum radius_message_code_t { + RMC_ACCESS_REQUEST = 1, + RMC_ACCESS_ACCEPT = 2, + RMC_ACCESS_REJECT = 3, + RMC_ACCOUNTING_REQUEST = 4, + RMC_ACCOUNTING_RESPONSE = 5, + RMC_ACCESS_CHALLENGE = 11, +}; + +/** + * Enum names for radius_attribute_type_t. + */ +extern enum_name_t *radius_message_code_names; + +/** + * RADIUS Attribute Types. + */ +enum radius_attribute_type_t { + RAT_USER_NAME = 1, + RAT_USER_PASSWORD = 2, + RAT_CHAP_PASSWORD = 3, + RAT_NAS_IP_ADDRESS = 4, + RAT_NAS_PORT = 5, + RAT_SERVICE_TYPE = 6, + RAT_FRAMED_PROTOCOL = 7, + RAT_FRAMED_IP_ADDRESS = 8, + RAT_FRAMED_IP_NETMASK = 9, + RAT_FRAMED_ROUTING = 10, + RAT_FILTER_ID = 11, + RAT_FRAMED_MTU = 12, + RAT_FRAMED_COMPRESSION = 13, + RAT_LOGIN_IP_HOST = 14, + RAT_LOGIN_SERVICE = 15, + RAT_LOGIN_TCP_PORT = 16, + RAT_REPLY_MESSAGE = 18, + RAT_CALLBACK_NUMBER = 19, + RAT_CALLBACK_ID = 20, + RAT_FRAMED_ROUTE = 22, + RAT_FRAMED_IPX_NETWORK = 23, + RAT_STATE = 24, + RAT_CLASS = 25, + RAT_VENDOR_SPECIFIC = 26, + RAT_SESSION_TIMEOUT = 27, + RAT_IDLE_TIMEOUT = 28, + RAT_TERMINATION_ACTION = 29, + RAT_CALLED_STATION_ID = 30, + RAT_CALLING_STATION_ID = 31, + RAT_NAS_IDENTIFIER = 32, + RAT_PROXY_STATE = 33, + RAT_LOGIN_LAT_SERVICE = 34, + RAT_LOGIN_LAT_NODE = 35, + RAT_LOGIN_LAT_GROUP = 36, + RAT_FRAMED_APPLETALK_LINK = 37, + RAT_FRAMED_APPLETALK_NETWORK = 38, + RAT_FRAMED_APPLETALK_ZONE = 39, + RAT_ACCT_STATUS_TYPE = 40, + RAT_ACCT_DELAY_TIME = 41, + RAT_ACCT_INPUT_OCTETS = 42, + RAT_ACCT_OUTPUT_OCTETS = 43, + RAT_ACCT_SESSION_ID = 44, + RAT_ACCT_AUTHENTIC = 45, + RAT_ACCT_SESSION_TIME = 46, + RAT_ACCT_INPUT_PACKETS = 47, + RAT_ACCT_OUTPUT_PACKETS = 48, + RAT_ACCT_TERMINATE_CAUSE = 49, + RAT_ACCT_MULTI_SESSION_ID = 50, + RAT_ACCT_LINK_COUNT = 51, + RAT_ACCT_INPUT_GIGAWORDS = 52, + RAT_ACCT_OUTPUT_GIGAWORDS = 53, + RAT_EVENT_TIMESTAMP = 55, + RAT_EGRESS_VLANID = 56, + RAT_INGRESS_FILTERS = 57, + RAT_EGRESS_VLAN_NAME = 58, + RAT_USER_PRIORITY_TABLE = 59, + RAT_CHAP_CHALLENGE = 60, + RAT_NAS_PORT_TYPE = 61, + RAT_PORT_LIMIT = 62, + RAT_LOGIN_LAT_PORT = 63, + RAT_TUNNEL_TYPE = 64, + RAT_TUNNEL_MEDIUM_TYPE = 65, + RAT_TUNNEL_CLIENT_ENDPOINT = 66, + RAT_TUNNEL_SERVER_ENDPOINT = 67, + RAT_ACCT_TUNNEL_CONNECTION = 68, + RAT_TUNNEL_PASSWORD = 69, + RAT_ARAP_PASSWORD = 70, + RAT_ARAP_FEATURES = 71, + RAT_ARAP_ZONE_ACCESS = 72, + RAT_ARAP_SECURITY = 73, + RAT_ARAP_SECURITY_DATA = 74, + RAT_PASSWORD_RETRY = 75, + RAT_PROMPT = 76, + RAT_CONNECT_INFO = 77, + RAT_CONFIGURATION_TOKEN = 78, + RAT_EAP_MESSAGE = 79, + RAT_MESSAGE_AUTHENTICATOR = 80, + RAT_TUNNEL_PRIVATE_GROUP_ID = 81, + RAT_TUNNEL_ASSIGNMENT_ID = 82, + RAT_TUNNEL_PREFERENCE = 83, + RAT_ARAP_CHALLENGE_RESPONSE = 84, + RAT_ACCT_INTERIM_INTERVAL = 85, + RAT_ACCT_TUNNEL_PACKETS_LOST = 86, + RAT_NAS_PORT_ID = 87, + RAT_FRAMED_POOL = 88, + RAT_CUI = 89, + RAT_TUNNEL_CLIENT_AUTH_ID = 90, + RAT_TUNNEL_SERVER_AUTH_ID = 91, + RAT_NAS_FILTER_RULE = 92, + RAT_UNASSIGNED = 93, + RAT_ORIGINATING_LINE_INFO = 94, + RAT_NAS_IPV6_ADDRESS = 95, + RAT_FRAMED_INTERFACE_ID = 96, + RAT_FRAMED_IPV6_PREFIX = 97, + RAT_LOGIN_IPV6_HOST = 98, + RAT_FRAMED_IPV6_ROUTE = 99, + RAT_FRAMED_IPV6_POOL = 100, + RAT_ERROR_CAUSE = 101, + RAT_EAP_KEY_NAME = 102, + RAT_DIGEST_RESPONSE = 103, + RAT_DIGEST_REALM = 104, + RAT_DIGEST_NONCE = 105, + RAT_DIGEST_RESPONSE_AUTH = 106, + RAT_DIGEST_NEXTNONCE = 107, + RAT_DIGEST_METHOD = 108, + RAT_DIGEST_URI = 109, + RAT_DIGEST_QOP = 110, + RAT_DIGEST_ALGORITHM = 111, + RAT_DIGEST_ENTITY_BODY_HASH = 112, + RAT_DIGEST_CNONCE = 113, + RAT_DIGEST_NONCE_COUNT = 114, + RAT_DIGEST_USERNAME = 115, + RAT_DIGEST_OPAQUE = 116, + RAT_DIGEST_AUTH_PARAM = 117, + RAT_DIGEST_AKA_AUTS = 118, + RAT_DIGEST_DOMAIN = 119, + RAT_DIGEST_STALE = 120, + RAT_DIGEST_HA1 = 121, + RAT_SIP_AOR = 122, + RAT_DELEGATED_IPV6_PREFIX = 123, + RAT_MIP6_FEATURE_VECTOR = 124, + RAT_MIP6_HOME_LINK_PREFIX = 125, +}; + +/** + * Enum names for radius_attribute_type_t. + */ +extern enum_name_t *radius_attribute_type_names; + +/** + * A RADIUS message, contains attributes. + */ +struct radius_message_t { + + /** + * Create an enumerator over contained RADIUS attributes. + * + * @return enumerator over (int type, chunk_t data) + */ + enumerator_t* (*create_enumerator)(radius_message_t *this); + + /** + * Add a RADIUS attribute to the message. + * + * @param type type of attribute to add + * @param attribute data, gets cloned + */ + void (*add)(radius_message_t *this, radius_attribute_type_t type, + chunk_t data); + + /** + * Get the message type (code). + * + * @return message code + */ + radius_message_code_t (*get_code)(radius_message_t *this); + + /** + * Get the message identifier. + * + * @return message identifier + */ + u_int8_t (*get_identifier)(radius_message_t *this); + + /** + * Set the message identifier. + * + * @param identifier message identifier + */ + void (*set_identifier)(radius_message_t *this, u_int8_t identifier); + + /** + * Get the 16 byte authenticator. + * + * @return pointer to the Authenticator field + */ + u_int8_t* (*get_authenticator)(radius_message_t *this); + + /** + * Get the RADIUS message in its encoded form. + * + * @return chunk pointing to internal RADIUS message. + */ + chunk_t (*get_encoding)(radius_message_t *this); + + /** + * Calculate and add the Message-Authenticator attribute to the message. + * + * @param rng RNG to create Request-Authenticator + * @param signer HMAC-MD5 signer with secret set + */ + void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer); + + /** + * Verify the integrity of a received RADIUS response. + * + * @param req_auth 16 byte Authenticator of the corresponding request + * @param secret shared RADIUS secret + * @param hasher hasher to verify Response-Authenticator + * @param signer signer to verify Message-Authenticator attribute + */ + bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + hasher_t *hasher, signer_t *signer); + + /** + * Destroy the message. + */ + void (*destroy)(radius_message_t *this); +}; + +/** + * Create an empty RADIUS request message (RMT_ACCESS_REQUEST). + * + * @return radius_message_t object + */ +radius_message_t *radius_message_create_request(); + +/** + * Parse and verify a recevied RADIUS response. + * + * @param data received message data + * @return radius_message_t object, NULL if length invalid + */ +radius_message_t *radius_message_parse_response(chunk_t data); + +#endif /** RADIUS_MESSAGE_H_ @}*/ diff --git a/src/charon/plugins/eap_sim/eap_sim.h b/src/charon/plugins/eap_sim/eap_sim.h index ec061b6f4..af1aa2aa5 100644 --- a/src/charon/plugins/eap_sim/eap_sim.h +++ b/src/charon/plugins/eap_sim/eap_sim.h @@ -58,4 +58,4 @@ eap_sim_t *eap_sim_create_server(identification_t *server, identification_t *pee */ eap_sim_t *eap_sim_create_peer(identification_t *server, identification_t *peer); -#endif /* EAP_SIM_H_ @}*/ +#endif /** EAP_SIM_H_ @}*/ diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.h b/src/charon/plugins/eap_sim/eap_sim_plugin.h index 13152358a..d90a72092 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.h +++ b/src/charon/plugins/eap_sim/eap_sim_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_sim_plugin.h 4406 2008-10-10 08:36:01Z martin $ + * $Id: eap_sim_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct eap_sim_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_SIM_PLUGIN_H_ @}*/ +#endif /** EAP_SIM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h index 953a3e915..9f28aa8fc 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h @@ -52,4 +52,4 @@ struct eap_sim_file_card_t { */ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets); -#endif /* EAP_SIM_FILE_CARD_ @}*/ +#endif /** EAP_SIM_FILE_CARD_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h index c1828527d..8e603258f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h @@ -46,4 +46,4 @@ struct eap_sim_file_plugin_t { */ plugin_t *plugin_create(); -#endif /* EAP_SIM_FILE_PLUGIN_H_ @}*/ +#endif /** EAP_SIM_FILE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h index bc8f6cca0..efd73802a 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h @@ -51,4 +51,4 @@ struct eap_sim_file_provider_t { eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets); -#endif /* EAP_SIM_FILE_PROVIDER_ @}*/ +#endif /** EAP_SIM_FILE_PROVIDER_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h index 5f3adfe62..a6e9188a5 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h @@ -71,4 +71,4 @@ struct eap_sim_file_triplets_t { */ eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file); -#endif /* EAP_SIM_FILE_TRIPLETS_ @}*/ +#endif /** EAP_SIM_FILE_TRIPLETS_ @}*/ diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h index b16390ab4..4d4e33813 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_klips_ipsec.h 4617 2008-11-11 08:45:19Z tobias $ + * $Id: kernel_klips_ipsec.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -45,4 +45,4 @@ struct kernel_klips_ipsec_t { */ kernel_klips_ipsec_t *kernel_klips_ipsec_create(); -#endif /* KERNEL_KLIPS_IPSEC_H_ @} */ +#endif /** KERNEL_KLIPS_IPSEC_H_ @}*/ diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h b/src/charon/plugins/kernel_klips/kernel_klips_plugin.h index 67c3b74c6..8dd2f1895 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h +++ b/src/charon/plugins/kernel_klips/kernel_klips_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_klips_plugin.h 4617 2008-11-11 08:45:19Z tobias $ + * $Id: kernel_klips_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct kernel_klips_plugin_t { */ plugin_t *plugin_create(); -#endif /* KERNEL_KLIPS_PLUGIN_H_ @} */ +#endif /** KERNEL_KLIPS_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 8a13ed489..ee47914d3 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -17,7 +17,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_netlink_ipsec.c 4831 2009-01-09 09:37:13Z andreas $ + * $Id: kernel_netlink_ipsec.c 4997 2009-03-24 10:24:58Z martin $ */ #include <sys/types.h> diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h index a78004e09..0b65c5213 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_netlink_ipsec.h 4358 2008-09-25 13:56:23Z tobias $ + * $Id: kernel_netlink_ipsec.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -45,4 +45,4 @@ struct kernel_netlink_ipsec_t { */ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create(); -#endif /* KERNEL_NETLINK_IPSEC_H_ @} */ +#endif /** KERNEL_NETLINK_IPSEC_H_ @}*/ diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h b/src/charon/plugins/kernel_netlink/kernel_netlink_net.h index 393167a71..39b96837b 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_netlink_net.h 4350 2008-09-18 15:16:43Z tobias $ + * $Id: kernel_netlink_net.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -45,4 +45,4 @@ struct kernel_netlink_net_t { */ kernel_netlink_net_t *kernel_netlink_net_create(); -#endif /* KERNEL_NETLINK_NET_H_ @} */ +#endif /** KERNEL_NETLINK_NET_H_ @}*/ diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h index 80a6c27e1..f08dbc023 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_netlink_plugin.h 4358 2008-09-25 13:56:23Z tobias $ + * $Id: kernel_netlink_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct kernel_netlink_plugin_t { */ plugin_t *plugin_create(); -#endif /* KERNEL_NETLINK_PLUGIN_H_ @} */ +#endif /** KERNEL_NETLINK_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h index 6e2ec5377..db05462f4 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_pfkey_ipsec.h 4361 2008-10-01 16:47:51Z tobias $ + * $Id: kernel_pfkey_ipsec.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -45,4 +45,4 @@ struct kernel_pfkey_ipsec_t { */ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create(); -#endif /* KERNEL_PFKEY_IPSEC_H_ @} */ +#endif /** KERNEL_PFKEY_IPSEC_H_ @}*/ diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h index 5e256ca74..f091c6d81 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: kernel_pfkey_plugin.h 4361 2008-10-01 16:47:51Z tobias $ + * $Id: kernel_pfkey_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct kernel_pfkey_plugin_t { */ plugin_t *plugin_create(); -#endif /* KERNEL_PFKEY_PLUGIN_H_ @} */ +#endif /** KERNEL_PFKEY_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/charon/plugins/load_tester/load_tester_config.h index d5391da63..92a0ff95b 100644 --- a/src/charon/plugins/load_tester/load_tester_config.h +++ b/src/charon/plugins/load_tester/load_tester_config.h @@ -50,4 +50,4 @@ struct load_tester_config_t { */ load_tester_config_t *load_tester_config_create(); -#endif /* LOAD_TESTER_CONFIG_H_ @}*/ +#endif /** LOAD_TESTER_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/charon/plugins/load_tester/load_tester_creds.h index bc092bd12..ed73f14c3 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.h +++ b/src/charon/plugins/load_tester/load_tester_creds.h @@ -50,4 +50,4 @@ struct load_tester_creds_t { */ load_tester_creds_t *load_tester_creds_create(); -#endif /* LOAD_TESTER_CREDS_H_ @}*/ +#endif /** LOAD_TESTER_CREDS_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h index 1f66e7f2b..422428a54 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h @@ -47,4 +47,4 @@ struct load_tester_diffie_hellman_t { load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( diffie_hellman_group_t group); -#endif /* LOAD_TESTER_DIFFIE_HELLMAN_ @}*/ +#endif /** LOAD_TESTER_DIFFIE_HELLMAN_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.h b/src/charon/plugins/load_tester/load_tester_ipsec.h index 34a99dcbd..4f374032f 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.h +++ b/src/charon/plugins/load_tester/load_tester_ipsec.h @@ -45,4 +45,4 @@ struct load_tester_ipsec_t { */ load_tester_ipsec_t *load_tester_ipsec_create(); -#endif /* LOAD_TESTER_IPSEC_H_ @} */ +#endif /** LOAD_TESTER_IPSEC_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h index 6ef749b96..b61da0cb3 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/charon/plugins/load_tester/load_tester_listener.h @@ -51,4 +51,4 @@ struct load_tester_listener_t { */ load_tester_listener_t *load_tester_listener_create(u_int shutdown_on); -#endif /* LOAD_TESTER_LISTENER_H_ @}*/ +#endif /** LOAD_TESTER_LISTENER_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/charon/plugins/load_tester/load_tester_plugin.h index 10088bfa2..e0b64cfef 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.h +++ b/src/charon/plugins/load_tester/load_tester_plugin.h @@ -48,4 +48,4 @@ struct load_tester_plugin_t { */ plugin_t *plugin_create(); -#endif /* LOAD_TESTER_PLUGIN_H_ @}*/ +#endif /** LOAD_TESTER_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/charon/plugins/medcli/medcli_config.h index 789a73243..9c0357a26 100644 --- a/src/charon/plugins/medcli/medcli_config.h +++ b/src/charon/plugins/medcli/medcli_config.h @@ -52,4 +52,4 @@ struct medcli_config_t { */ medcli_config_t *medcli_config_create(database_t *db); -#endif /* MEDCLI_CONFIG_H_ @}*/ +#endif /** MEDCLI_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/charon/plugins/medcli/medcli_creds.h index 5a81edaf2..4e563b4ac 100644 --- a/src/charon/plugins/medcli/medcli_creds.h +++ b/src/charon/plugins/medcli/medcli_creds.h @@ -52,4 +52,4 @@ struct medcli_creds_t { */ medcli_creds_t *medcli_creds_create(database_t *database); -#endif /* MEDCLI_CREDS_H_ @}*/ +#endif /** MEDCLI_CREDS_H_ @}*/ diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/charon/plugins/medcli/medcli_listener.h index 4cec3caad..291e66097 100644 --- a/src/charon/plugins/medcli/medcli_listener.h +++ b/src/charon/plugins/medcli/medcli_listener.h @@ -52,4 +52,4 @@ struct medcli_listener_t { */ medcli_listener_t *medcli_listener_create(database_t *database); -#endif /* MEDCLI_LISTENER_H_ @}*/ +#endif /** MEDCLI_LISTENER_H_ @}*/ diff --git a/src/charon/plugins/medcli/medcli_plugin.h b/src/charon/plugins/medcli/medcli_plugin.h index 1a8c5b5e7..791a5cea5 100644 --- a/src/charon/plugins/medcli/medcli_plugin.h +++ b/src/charon/plugins/medcli/medcli_plugin.h @@ -46,4 +46,4 @@ struct medcli_plugin_t { */ plugin_t *plugin_create(); -#endif /* MEDCLI_PLUGIN_H_ @}*/ +#endif /** MEDCLI_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/charon/plugins/medsrv/medsrv_config.h index ebb62037e..a92780144 100644 --- a/src/charon/plugins/medsrv/medsrv_config.h +++ b/src/charon/plugins/medsrv/medsrv_config.h @@ -52,4 +52,4 @@ struct medsrv_config_t { */ medsrv_config_t *medsrv_config_create(database_t *db); -#endif /* MEDSRV_CONFIG_H_ @}*/ +#endif /** MEDSRV_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/charon/plugins/medsrv/medsrv_creds.h index f65e98411..0ce77167c 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.h +++ b/src/charon/plugins/medsrv/medsrv_creds.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: medsrv_creds.h 3915 2008-05-08 12:11:30Z martin $ + * $Id: medsrv_creds.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -52,4 +52,4 @@ struct medsrv_creds_t { */ medsrv_creds_t *medsrv_creds_create(database_t *database); -#endif /* MEDSRV_CREDS_H_ @}*/ +#endif /** MEDSRV_CREDS_H_ @}*/ diff --git a/src/charon/plugins/medsrv/medsrv_plugin.h b/src/charon/plugins/medsrv/medsrv_plugin.h index 8aa56d607..fbe04021f 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.h +++ b/src/charon/plugins/medsrv/medsrv_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: medsrv_plugin.h 3915 2008-05-08 12:11:30Z martin $ + * $Id: medsrv_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct medsrv_plugin_t { */ plugin_t *plugin_create(); -#endif /* MEDSRV_PLUGIN_H_ @}*/ +#endif /** MEDSRV_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h index 4bcc32191..b0cc7a098 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/charon/plugins/nm/nm_creds.h @@ -76,4 +76,4 @@ struct nm_creds_t { */ nm_creds_t *nm_creds_create(); -#endif /* NM_CREDS_H_ @}*/ +#endif /** NM_CREDS_H_ @}*/ diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/charon/plugins/nm/nm_plugin.h index 2604b80dd..fadcbfb96 100644 --- a/src/charon/plugins/nm/nm_plugin.h +++ b/src/charon/plugins/nm/nm_plugin.h @@ -46,4 +46,4 @@ struct nm_plugin_t { */ plugin_t *plugin_create(); -#endif /* NM_PLUGIN_H_ @}*/ +#endif /** NM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/nm/nm_service.h b/src/charon/plugins/nm/nm_service.h index 7cd0fc5e3..bc6ebcf99 100644 --- a/src/charon/plugins/nm/nm_service.h +++ b/src/charon/plugins/nm/nm_service.h @@ -52,4 +52,4 @@ GType nm_strongswan_plugin_get_type(void); NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds); -#endif /* NM_SERVICE_H_ */ +#endif /** NM_SERVICE_H_ @}*/ diff --git a/src/charon/plugins/smp/smp.h b/src/charon/plugins/smp/smp.h index e65d5ea2c..1f45befa6 100644 --- a/src/charon/plugins/smp/smp.h +++ b/src/charon/plugins/smp/smp.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: smp.h 3689 2008-03-28 12:44:01Z martin $ + * $Id: smp.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -49,4 +49,4 @@ struct smp_t { */ plugin_t *plugin_create(); -#endif /* XML_H_ @}*/ +#endif /** XML_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h index 211204ced..57db4617e 100644 --- a/src/charon/plugins/sql/sql_attribute.h +++ b/src/charon/plugins/sql/sql_attribute.h @@ -48,4 +48,4 @@ struct sql_attribute_t { */ sql_attribute_t *sql_attribute_create(database_t *db); -#endif /* SQL_ATTRIBUTE_H_ @}*/ +#endif /** SQL_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h index d34705c71..bfcd7a7c1 100644 --- a/src/charon/plugins/sql/sql_config.h +++ b/src/charon/plugins/sql/sql_config.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: sql_config.h 3594 2008-03-13 14:53:57Z martin $ + * $Id: sql_config.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -52,4 +52,4 @@ struct sql_config_t { */ sql_config_t *sql_config_create(database_t *db); -#endif /* SQL_CONFIG_H_ @}*/ +#endif /** SQL_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h index e251abe00..a614f0cba 100644 --- a/src/charon/plugins/sql/sql_cred.h +++ b/src/charon/plugins/sql/sql_cred.h @@ -52,4 +52,4 @@ struct sql_cred_t { */ sql_cred_t *sql_cred_create(database_t *db); -#endif /* SQL_CRED_H_ @}*/ +#endif /** SQL_CRED_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h index a2c6fb5e9..3346430a1 100644 --- a/src/charon/plugins/sql/sql_logger.h +++ b/src/charon/plugins/sql/sql_logger.h @@ -52,4 +52,4 @@ struct sql_logger_t { */ sql_logger_t *sql_logger_create(database_t *db); -#endif /* SQL_LOGGER_H_ @}*/ +#endif /** SQL_LOGGER_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/charon/plugins/sql/sql_plugin.h index 8a7ba3e85..d4f2d29f2 100644 --- a/src/charon/plugins/sql/sql_plugin.h +++ b/src/charon/plugins/sql/sql_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: sql_plugin.h 3577 2008-03-12 14:38:35Z martin $ + * $Id: sql_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct sql_plugin_t { */ plugin_t *plugin_create(); -#endif /* SQL_PLUGIN_H_ @}*/ +#endif /** SQL_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h index 5060dc987..41ab6299b 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/charon/plugins/stroke/stroke_attribute.h @@ -85,4 +85,4 @@ struct stroke_attribute_t { */ stroke_attribute_t *stroke_attribute_create(); -#endif /* STROKE_ATTRIBUTE_H_ @}*/ +#endif /** STROKE_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h index 882446afe..ee759ff4e 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/charon/plugins/stroke/stroke_ca.h @@ -79,4 +79,4 @@ struct stroke_ca_t { */ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred); -#endif /* STROKE_CA_H_ @}*/ +#endif /** STROKE_CA_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h index 22b493cd2..12eb11a8f 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/charon/plugins/stroke/stroke_config.h @@ -65,4 +65,4 @@ struct stroke_config_t { */ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred); -#endif /* STROKE_CONFIG_H_ @}*/ +#endif /** STROKE_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h index 926964458..26dc99b94 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/charon/plugins/stroke/stroke_control.h @@ -80,4 +80,4 @@ struct stroke_control_t { */ stroke_control_t *stroke_control_create(); -#endif /* STROKE_CONTROL_H_ @}*/ +#endif /** STROKE_CONTROL_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index 1b9ef986e..fc7121622 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -80,4 +80,4 @@ struct stroke_cred_t { */ stroke_cred_t *stroke_cred_create(); -#endif /* STROKE_CRED_H_ @}*/ +#endif /** STROKE_CRED_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h index 1f7f19d62..73a6ff6e4 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/charon/plugins/stroke/stroke_list.h @@ -73,4 +73,4 @@ struct stroke_list_t { */ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute); -#endif /* STROKE_LIST_H_ @}*/ +#endif /** STROKE_LIST_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h index 7ea18b8af..b4c367c6e 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/charon/plugins/stroke/stroke_plugin.h @@ -49,4 +49,4 @@ struct stroke_plugin_t { */ plugin_t *plugin_create(); -#endif /* STROKE_PLUGIN_H_ @}*/ +#endif /** STROKE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h index e93d8cee2..b456095ae 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/charon/plugins/stroke/stroke_shared_key.h @@ -59,4 +59,4 @@ struct stroke_shared_key_t { */ stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key); -#endif /* STROKE_SHARED_KEY_H_ @}*/ +#endif /** STROKE_SHARED_KEY_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h index 7bc96686f..7a772c56c 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/charon/plugins/stroke/stroke_socket.h @@ -41,4 +41,4 @@ struct stroke_socket_t { */ stroke_socket_t *stroke_socket_create(); -#endif /* STROKE_SOCKET_H_ @}*/ +#endif /** STROKE_SOCKET_H_ @}*/ diff --git a/src/charon/plugins/uci/uci_config.h b/src/charon/plugins/uci/uci_config.h index 4d8b286c6..67893f771 100644 --- a/src/charon/plugins/uci/uci_config.h +++ b/src/charon/plugins/uci/uci_config.h @@ -54,4 +54,4 @@ struct uci_config_t { */ uci_config_t *uci_config_create(uci_parser_t *parser); -#endif /* UCI_CONFIG_H_ @}*/ +#endif /** UCI_CONFIG_H_ @}*/ diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h index 774c42661..b5db32226 100644 --- a/src/charon/plugins/uci/uci_control.h +++ b/src/charon/plugins/uci/uci_control.h @@ -25,19 +25,20 @@ typedef struct uci_control_t uci_control_t; +/** + * UCI control interface, uses a simple FIFO file + */ struct uci_control_t { - + /** - * Destroy the controller - */ - + * Destroy the controller + */ void (*destroy)(uci_control_t *this); }; /** * Create a UCI based configuration backend. */ - uci_control_t *uci_control_create(); -#endif /*UCI_CONTROL_H_@}*/ +#endif /** UCI_CONTROL_H_ @}*/ diff --git a/src/charon/plugins/uci/uci_creds.h b/src/charon/plugins/uci/uci_creds.h index cf82f1c07..f1573a8a3 100644 --- a/src/charon/plugins/uci/uci_creds.h +++ b/src/charon/plugins/uci/uci_creds.h @@ -54,4 +54,4 @@ struct uci_creds_t { */ uci_creds_t *uci_creds_create(uci_parser_t *parser); -#endif /* UCI_CREDS_H_ @}*/ +#endif /** UCI_CREDS_H_ @}*/ diff --git a/src/charon/plugins/uci/uci_parser.h b/src/charon/plugins/uci/uci_parser.h index a8633ca2e..b3e76962b 100644 --- a/src/charon/plugins/uci/uci_parser.h +++ b/src/charon/plugins/uci/uci_parser.h @@ -58,5 +58,4 @@ struct uci_parser_t { */ uci_parser_t *uci_parser_create(char *package); -#endif /* UCI_PARSER_H_ @}*/ - +#endif /** UCI_PARSER_H_ @}*/ diff --git a/src/charon/plugins/uci/uci_plugin.h b/src/charon/plugins/uci/uci_plugin.h index cac95dc13..d9a888aa1 100644 --- a/src/charon/plugins/uci/uci_plugin.h +++ b/src/charon/plugins/uci/uci_plugin.h @@ -47,4 +47,4 @@ struct uci_plugin_t { */ plugin_t *plugin_create(); -#endif /* UCI_PLUGIN_H_ @}*/ +#endif /** UCI_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h index 0673c309a..7a5aa5ab8 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/charon/plugins/unit_tester/tests.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: tests.h 4815 2008-12-18 16:24:22Z martin $ + * $Id: tests.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -41,3 +41,5 @@ DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE) DEFINE_TEST("IP pool", test_pool, FALSE) DEFINE_TEST("SSH agent", test_agent, FALSE) DEFINE_TEST("RNG quality", test_rng, FALSE) + +/** @}*/ diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/charon/plugins/unit_tester/unit_tester.h index af946c2e0..760b0389b 100644 --- a/src/charon/plugins/unit_tester/unit_tester.h +++ b/src/charon/plugins/unit_tester/unit_tester.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: unit_tester.h 3491 2008-02-22 14:04:00Z martin $ + * $Id: unit_tester.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -48,4 +48,4 @@ struct unit_tester_t { */ plugin_t *plugin_create(); -#endif /* UNIT_TESTER_H_ @}*/ +#endif /** UNIT_TESTER_H_ @}*/ diff --git a/src/charon/plugins/updown/updown_listener.h b/src/charon/plugins/updown/updown_listener.h index 569d5817e..0d09a4cea 100644 --- a/src/charon/plugins/updown/updown_listener.h +++ b/src/charon/plugins/updown/updown_listener.h @@ -48,4 +48,4 @@ struct updown_listener_t { */ updown_listener_t *updown_listener_create(); -#endif /* UPDOWN_LISTENER_ @}*/ +#endif /** UPDOWN_LISTENER_ @}*/ diff --git a/src/charon/plugins/updown/updown_plugin.h b/src/charon/plugins/updown/updown_plugin.h index 4d0a930c2..99779d04e 100644 --- a/src/charon/plugins/updown/updown_plugin.h +++ b/src/charon/plugins/updown/updown_plugin.h @@ -46,4 +46,4 @@ struct updown_plugin_t { */ plugin_t *plugin_create(); -#endif /* UPDOWN_PLUGIN_H_ @}*/ +#endif /** UPDOWN_PLUGIN_H_ @}*/ diff --git a/src/charon/processing/jobs/acquire_job.h b/src/charon/processing/jobs/acquire_job.h index 7459ccc21..feea5c72a 100644 --- a/src/charon/processing/jobs/acquire_job.h +++ b/src/charon/processing/jobs/acquire_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: acquire_job.h 4535 2008-10-31 01:43:23Z andreas $ + * $Id: acquire_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -55,4 +55,4 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); -#endif /* REKEY_CHILD_SA_JOB_H_ @} */ +#endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/callback_job.h b/src/charon/processing/jobs/callback_job.h index 4e2eab235..012bb271c 100644 --- a/src/charon/processing/jobs/callback_job.h +++ b/src/charon/processing/jobs/callback_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: callback_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: callback_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -116,4 +116,4 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_cleanup_t cleanup, callback_job_t *parent); -#endif /* CALLBACK_JOB_H_ @} */ +#endif /** CALLBACK_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/charon/processing/jobs/delete_child_sa_job.h index c11e8fab4..a17c86b22 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.h +++ b/src/charon/processing/jobs/delete_child_sa_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: delete_child_sa_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: delete_child_sa_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -58,4 +58,4 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi); -#endif /* DELETE_CHILD_SA_JOB_H_ @} */ +#endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/charon/processing/jobs/delete_ike_sa_job.h index cf666bb48..fcb712e43 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.h +++ b/src/charon/processing/jobs/delete_ike_sa_job.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: delete_ike_sa_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: delete_ike_sa_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ struct delete_ike_sa_job_t { delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool delete_if_established); -#endif /* DELETE_IKE_SA_JOB_H_ @} */ +#endif /** DELETE_IKE_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h index 966da95d3..17f5e4d18 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.h +++ b/src/charon/processing/jobs/initiate_mediation_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: initiate_mediation_job.h 3792 2008-04-10 12:51:04Z tobias $ + * $Id: initiate_mediation_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -60,4 +60,4 @@ initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id); initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, ike_sa_id_t *mediated_sa_id); -#endif /*INITIATE_MEDIATION_JOB_H_ @} */ +#endif /** INITIATE_MEDIATION_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/job.h b/src/charon/processing/jobs/job.h index 61f639936..e0a2d1df7 100644 --- a/src/charon/processing/jobs/job.h +++ b/src/charon/processing/jobs/job.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -51,4 +51,4 @@ struct job_t { void (*destroy) (job_t *job); }; -#endif /* JOB_H_ @} */ +#endif /** JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h index 0e2901180..08e37915f 100644 --- a/src/charon/processing/jobs/mediation_job.h +++ b/src/charon/processing/jobs/mediation_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: mediation_job.h 3666 2008-03-26 18:40:19Z tobias $ + * $Id: mediation_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -73,4 +73,4 @@ mediation_job_t *mediation_job_create(identification_t *peer_id, mediation_job_t *mediation_callback_job_create(identification_t *requester, identification_t *peer_id); -#endif /*MEDIATION_JOB_H_ @} */ +#endif /** MEDIATION_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/migrate_job.h b/src/charon/processing/jobs/migrate_job.h index a99ffbb0c..9f39b9730 100644 --- a/src/charon/processing/jobs/migrate_job.h +++ b/src/charon/processing/jobs/migrate_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: migrate_job.h 4662 2008-11-16 21:19:58Z andreas $ + * $Id: migrate_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -62,4 +62,4 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, policy_dir_t dir, host_t *local, host_t *remote); -#endif /* MIGRATE_JOB_H_ @} */ +#endif /** MIGRATE_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/process_message_job.h b/src/charon/processing/jobs/process_message_job.h index 920444db1..0aae4c24e 100644 --- a/src/charon/processing/jobs/process_message_job.h +++ b/src/charon/processing/jobs/process_message_job.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: process_message_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: process_message_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -48,4 +48,4 @@ struct process_message_job_t { */ process_message_job_t *process_message_job_create(message_t *message); -#endif /*PROCESS_MESSAGE_JOB_H_ @} */ +#endif /** PROCESS_MESSAGE_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/charon/processing/jobs/rekey_child_sa_job.h index 38fd04f10..14e4af5e1 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.h +++ b/src/charon/processing/jobs/rekey_child_sa_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: rekey_child_sa_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: rekey_child_sa_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ struct rekey_child_sa_job_t { rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi); -#endif /* REKEY_CHILD_SA_JOB_H_ @} */ +#endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/charon/processing/jobs/rekey_ike_sa_job.h index c8d9abee3..c03711d73 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.h +++ b/src/charon/processing/jobs/rekey_ike_sa_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: rekey_ike_sa_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: rekey_ike_sa_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -50,4 +50,4 @@ struct rekey_ike_sa_job_t { */ rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth); -#endif /* REKEY_IKE_SA_JOB_H_ @} */ +#endif /** REKEY_IKE_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/charon/processing/jobs/retransmit_job.h index 60932b304..a20369a1b 100644 --- a/src/charon/processing/jobs/retransmit_job.h +++ b/src/charon/processing/jobs/retransmit_job.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: retransmit_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: retransmit_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -54,4 +54,4 @@ struct retransmit_job_t { retransmit_job_t *retransmit_job_create(u_int32_t message_id, ike_sa_id_t *ike_sa_id); -#endif /* RETRANSMIT_JOB_H_ @} */ +#endif /** RETRANSMIT_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/roam_job.h b/src/charon/processing/jobs/roam_job.h index 763416b4a..6c0cbc2b7 100644 --- a/src/charon/processing/jobs/roam_job.h +++ b/src/charon/processing/jobs/roam_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: roam_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: roam_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -51,4 +51,4 @@ struct roam_job_t { */ roam_job_t *roam_job_create(bool address); -#endif /*ROAM_JOB_H_ @} */ +#endif /** ROAM_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/charon/processing/jobs/send_dpd_job.h index 032823edd..2b6b5fee3 100644 --- a/src/charon/processing/jobs/send_dpd_job.h +++ b/src/charon/processing/jobs/send_dpd_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: send_dpd_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: send_dpd_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -51,4 +51,4 @@ struct send_dpd_job_t { */ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id); -#endif /*SEND_DPD_JOB_H_ @} */ +#endif /** SEND_DPD_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/charon/processing/jobs/send_keepalive_job.h index 44bab09b4..7b3fe9f60 100644 --- a/src/charon/processing/jobs/send_keepalive_job.h +++ b/src/charon/processing/jobs/send_keepalive_job.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: send_keepalive_job.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: send_keepalive_job.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -50,4 +50,4 @@ struct send_keepalive_job_t { */ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id); -#endif /*SEND_KEEPALIVE_JOB_H_ @} */ +#endif /** SEND_KEEPALIVE_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/charon/processing/jobs/update_sa_job.h index 5a350d939..79b89bbe3 100644 --- a/src/charon/processing/jobs/update_sa_job.h +++ b/src/charon/processing/jobs/update_sa_job.h @@ -49,4 +49,4 @@ struct update_sa_job_t { */ update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new); -#endif /*UPDATE_SA_JOB_H_ @} */ +#endif /** UPDATE_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/processor.h b/src/charon/processing/processor.h index 530fbc24b..6ab643b1f 100644 --- a/src/charon/processing/processor.h +++ b/src/charon/processing/processor.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: processor.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: processor.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -93,4 +93,4 @@ struct processor_t { */ processor_t *processor_create(); -#endif /*PROCESSOR_H_ @} */ +#endif /** PROCESSOR_H_ @}*/ diff --git a/src/charon/processing/scheduler.h b/src/charon/processing/scheduler.h index edc17a02b..c3e177727 100644 --- a/src/charon/processing/scheduler.h +++ b/src/charon/processing/scheduler.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: scheduler.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: scheduler.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -66,4 +66,4 @@ struct scheduler_t { */ scheduler_t *scheduler_create(void); -#endif /*SCHEDULER_H_ @} */ +#endif /** SCHEDULER_H_ @}*/ diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h index aa5a73e86..345cc7deb 100644 --- a/src/charon/sa/authenticators/authenticator.h +++ b/src/charon/sa/authenticators/authenticator.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: authenticator.h 4276 2008-08-22 10:44:51Z martin $ + * $Id: authenticator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -162,4 +162,4 @@ authenticator_t *authenticator_create_from_class(ike_sa_t *ike_sa, authenticator_t *authenticator_create_from_method(ike_sa_t *ike_sa, auth_method_t method); -#endif /* AUTHENTICATOR_H_ @} */ +#endif /** AUTHENTICATOR_H_ @}*/ diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/charon/sa/authenticators/eap/eap_manager.h index 74bfa1f51..db5535a81 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.h +++ b/src/charon/sa/authenticators/eap/eap_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_manager.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: eap_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -81,4 +81,4 @@ struct eap_manager_t { */ eap_manager_t *eap_manager_create(); -#endif /* EAP_MANAGER_H_ @}*/ +#endif /** EAP_MANAGER_H_ @}*/ diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c index 6babab212..2e4307eb4 100644 --- a/src/charon/sa/authenticators/eap/eap_method.c +++ b/src/charon/sa/authenticators/eap/eap_method.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_method.c 4882 2009-02-18 19:57:15Z tobias $ + * $Id: eap_method.c 4997 2009-03-24 10:24:58Z martin $ */ #include "eap_method.h" @@ -30,7 +30,8 @@ ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM, "EAP_AKA"); ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, "EAP_MSCHAPV2"); -ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_EXPERIMENTAL, EAP_MSCHAPV2, +ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, + "EAP_RADIUS", "EAP_EXPANDED", "EAP_EXPERIMENTAL"); ENUM_END(eap_type_names, EAP_EXPERIMENTAL); diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/charon/sa/authenticators/eap/eap_method.h index 1fd7bd24b..6f3da1ba7 100644 --- a/src/charon/sa/authenticators/eap/eap_method.h +++ b/src/charon/sa/authenticators/eap/eap_method.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_method.h 4882 2009-02-18 19:57:15Z tobias $ + * $Id: eap_method.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -57,6 +57,8 @@ enum eap_type_t { EAP_SIM = 18, EAP_AKA = 23, EAP_MSCHAPV2 = 26, + /** not a method, but an implementation providing different methods */ + EAP_RADIUS = 253, EAP_EXPANDED = 254, EAP_EXPERIMENTAL = 255, }; @@ -185,4 +187,4 @@ struct eap_method_t { typedef eap_method_t *(*eap_constructor_t)(identification_t *server, identification_t *peer); -#endif /* EAP_METHOD_H_ @} */ +#endif /** EAP_METHOD_H_ @}*/ diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h index 7fb1f2858..69a2e4df9 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.h +++ b/src/charon/sa/authenticators/eap/sim_manager.h @@ -133,4 +133,4 @@ struct sim_manager_t { */ sim_manager_t *sim_manager_create(); -#endif /* SIM_MANAGER_H_ @}*/ +#endif /** SIM_MANAGER_H_ @}*/ diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/charon/sa/authenticators/eap_authenticator.c index 0c0abcf2e..7b97fe56c 100644 --- a/src/charon/sa/authenticators/eap_authenticator.c +++ b/src/charon/sa/authenticators/eap_authenticator.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_authenticator.c 4754 2008-12-04 10:09:21Z martin $ + * $Id: eap_authenticator.c 5037 2009-03-26 13:58:17Z andreas $ */ #include <string.h> @@ -141,7 +141,8 @@ static identification_t *get_peer_id(private_eap_authenticator_t *this) { config = this->ike_sa->get_peer_cfg(this->ike_sa); auth = config->get_auth(config); - if (!auth->get_item(auth, AUTHN_EAP_IDENTITY, (void**)&id)) + if (!auth->get_item(auth, AUTHN_EAP_IDENTITY, (void**)&id) || + id->get_type(id) == ID_ANY) { if (this->role == EAP_PEER) { @@ -252,7 +253,7 @@ static status_t initiate(private_eap_authenticator_t *this, eap_type_t type, if (this->method->initiate(this->method, out) != NEED_MORE) { DBG1(DBG_IKE, "failed to initiate EAP exchange, sending %N", - eap_type_names, type, eap_code_names, EAP_FAILURE); + eap_code_names, EAP_FAILURE); *out = eap_payload_create_code(EAP_FAILURE, 0); return FAILED; } @@ -412,7 +413,7 @@ static status_t process_server(private_eap_authenticator_t *this, } else { - DBG1(DBG_IKE, "EAP method %N failed for peer %D", + DBG1(DBG_IKE, "EAP method %N failed for peer '%D'", eap_type_names, type, this->ike_sa->get_other_id(this->ike_sa)); } diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/charon/sa/authenticators/eap_authenticator.h index bd300a584..3ee6839fa 100644 --- a/src/charon/sa/authenticators/eap_authenticator.h +++ b/src/charon/sa/authenticators/eap_authenticator.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: eap_authenticator.h 4276 2008-08-22 10:44:51Z martin $ + * $Id: eap_authenticator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -144,4 +144,4 @@ struct eap_authenticator_t { */ eap_authenticator_t *eap_authenticator_create(ike_sa_t *ike_sa); -#endif /* EAP_AUTHENTICATOR_H_ @} */ +#endif /** EAP_AUTHENTICATOR_H_ @}*/ diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/charon/sa/authenticators/psk_authenticator.h index c7cb5a23c..df65076a4 100644 --- a/src/charon/sa/authenticators/psk_authenticator.h +++ b/src/charon/sa/authenticators/psk_authenticator.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: psk_authenticator.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: psk_authenticator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct psk_authenticator_t { */ psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa); -#endif /* PSK_AUTHENTICATOR_H_ @} */ +#endif /** PSK_AUTHENTICATOR_H_ @}*/ diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h index 038d8b1d2..d2189fa97 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.h +++ b/src/charon/sa/authenticators/pubkey_authenticator.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: pubkey_authenticator.h 4051 2008-06-10 09:08:27Z tobias $ + * $Id: pubkey_authenticator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -47,4 +47,4 @@ struct pubkey_authenticator_t { */ pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa); -#endif /* PUBKEY_AUTHENTICATOR_H_ @} */ +#endif /** PUBKEY_AUTHENTICATOR_H_ @}*/ diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h index 277fd0a79..70169f515 100644 --- a/src/charon/sa/child_sa.h +++ b/src/charon/sa/child_sa.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: child_sa.h 4677 2008-11-19 15:31:27Z martin $ + * $Id: child_sa.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -323,8 +323,6 @@ struct child_sa_t { * * @param me own address * @param other remote address - * @param my_id id of own peer - * @param other_id id of remote peer * @param config config to use for this CHILD_SA * @param reqid reqid of old CHILD_SA when rekeying, 0 otherwise * @param encap TRUE to enable UDP encapsulation (NAT traversal) @@ -333,4 +331,4 @@ struct child_sa_t { child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config, u_int32_t reqid, bool encap); -#endif /*CHILD_SA_H_ @} */ +#endif /** CHILD_SA_H_ @}*/ diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h index 38d8e7a49..c16f87352 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/charon/sa/connect_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: connect_manager.h 3792 2008-04-10 12:51:04Z tobias $ + * $Id: connect_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -120,4 +120,4 @@ struct connect_manager_t { */ connect_manager_t *connect_manager_create(void); -#endif /*CONNECT_MANAGER_H_ @} */ +#endif /** CONNECT_MANAGER_H_ @}*/ diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h index d3976527b..3ca8d9521 100644 --- a/src/charon/sa/ike_sa.h +++ b/src/charon/sa/ike_sa.h @@ -15,7 +15,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_sa.h 4810 2008-12-16 17:21:28Z tobias $ + * $Id: ike_sa.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -920,4 +920,4 @@ struct ike_sa_t { */ ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id); -#endif /* IKE_SA_H_ @} */ +#endif /** IKE_SA_H_ @}*/ diff --git a/src/charon/sa/ike_sa_id.h b/src/charon/sa/ike_sa_id.h index 652c968b6..db36fda95 100644 --- a/src/charon/sa/ike_sa_id.h +++ b/src/charon/sa/ike_sa_id.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_sa_id.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_sa_id.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -125,4 +125,4 @@ struct ike_sa_id_t { ike_sa_id_t * ike_sa_id_create(u_int64_t initiator_spi, u_int64_t responder_spi, bool is_initiaor); -#endif /*IKE_SA_ID_H_ @} */ +#endif /** IKE_SA_ID_H_ @}*/ diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index 447fa2dd5..e2aacddd5 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_sa_manager.c 4811 2008-12-17 09:00:22Z martin $ + * $Id: ike_sa_manager.c 5035 2009-03-26 13:18:19Z andreas $ */ #include <string.h> @@ -1476,8 +1476,8 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) switch (policy) { case UNIQUE_REPLACE: - DBG1(DBG_IKE, "deleting duplicate IKE_SA due" - " uniqueness policy"); + DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer " + "'%D' due to uniqueness policy", other); status = duplicate->delete(duplicate); break; case UNIQUE_KEEP: diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h index 6b6d5a32d..8fe991521 100644 --- a/src/charon/sa/ike_sa_manager.h +++ b/src/charon/sa/ike_sa_manager.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_sa_manager.h 4811 2008-12-17 09:00:22Z martin $ + * $Id: ike_sa_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -216,4 +216,4 @@ struct ike_sa_manager_t { */ ike_sa_manager_t *ike_sa_manager_create(void); -#endif /*IKE_SA_MANAGER_H_ @} */ +#endif /** IKE_SA_MANAGER_H_ @}*/ diff --git a/src/charon/sa/keymat.h b/src/charon/sa/keymat.h index 0d6d08f51..659e4dff2 100644 --- a/src/charon/sa/keymat.h +++ b/src/charon/sa/keymat.h @@ -162,4 +162,4 @@ struct keymat_t { */ keymat_t *keymat_create(bool initiator); -#endif /* KEYMAT_ @}*/ +#endif /** KEYMAT_ @}*/ diff --git a/src/charon/sa/mediation_manager.h b/src/charon/sa/mediation_manager.h index d21c93244..7eee09d67 100644 --- a/src/charon/sa/mediation_manager.h +++ b/src/charon/sa/mediation_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: mediation_manager.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: mediation_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -88,4 +88,4 @@ struct mediation_manager_t { */ mediation_manager_t *mediation_manager_create(void); -#endif /*MEDIATION_MANAGER_H_ @} */ +#endif /** MEDIATION_MANAGER_H_ @}*/ diff --git a/src/charon/sa/task_manager.h b/src/charon/sa/task_manager.h index 2aa6018fd..db21684c3 100644 --- a/src/charon/sa/task_manager.h +++ b/src/charon/sa/task_manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: task_manager.h 4689 2008-11-24 12:46:06Z martin $ + * $Id: task_manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -87,7 +87,7 @@ typedef struct task_manager_t task_manager_t; 4s * (1.8 ** 4) = 42s 89s 4s * (1.8 ** 5) = 76s 165s - @endberbatim + @endverbatim * The peer is considered dead after 2min 45s when no reply comes in. */ struct task_manager_t { @@ -172,4 +172,4 @@ struct task_manager_t { */ task_manager_t *task_manager_create(ike_sa_t *ike_sa); -#endif /* TASK_MANAGER_H_ @} */ +#endif /** TASK_MANAGER_H_ @}*/ diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h index cee37121e..d01baa594 100644 --- a/src/charon/sa/tasks/child_create.h +++ b/src/charon/sa/tasks/child_create.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: child_create.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: child_create.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -77,4 +77,4 @@ struct child_create_t { */ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config); -#endif /* CHILD_CREATE_H_ @} */ +#endif /** CHILD_CREATE_H_ @}*/ diff --git a/src/charon/sa/tasks/child_delete.h b/src/charon/sa/tasks/child_delete.h index c5ebec338..8886ff4a1 100644 --- a/src/charon/sa/tasks/child_delete.h +++ b/src/charon/sa/tasks/child_delete.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: child_delete.h 4730 2008-12-01 18:38:28Z martin $ + * $Id: child_delete.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -59,4 +59,4 @@ struct child_delete_t { child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi); -#endif /* CHILD_DELETE_H_ @} */ +#endif /** CHILD_DELETE_H_ @}*/ diff --git a/src/charon/sa/tasks/child_rekey.h b/src/charon/sa/tasks/child_rekey.h index 37b61a9ef..42fce0742 100644 --- a/src/charon/sa/tasks/child_rekey.h +++ b/src/charon/sa/tasks/child_rekey.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: child_rekey.h 4730 2008-12-01 18:38:28Z martin $ + * $Id: child_rekey.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -63,4 +63,4 @@ struct child_rekey_t { child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi); -#endif /* CHILD_REKEY_H_ @} */ +#endif /** CHILD_REKEY_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_auth.h b/src/charon/sa/tasks/ike_auth.h index 15f98f312..a4719ec24 100644 --- a/src/charon/sa/tasks/ike_auth.h +++ b/src/charon/sa/tasks/ike_auth.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_auth.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_auth.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ struct ike_auth_t { */ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_AUTH_H_ @} */ +#endif /** IKE_AUTH_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/charon/sa/tasks/ike_auth_lifetime.h index 21a3bbfdc..46595e6ed 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.h +++ b/src/charon/sa/tasks/ike_auth_lifetime.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_auth_lifetime.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_auth_lifetime.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -52,4 +52,4 @@ struct ike_auth_lifetime_t { */ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_MOBIKE_H_ @} */ +#endif /** IKE_MOBIKE_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/charon/sa/tasks/ike_cert_post.h index 78b32d67a..ec9d172e1 100644 --- a/src/charon/sa/tasks/ike_cert_post.h +++ b/src/charon/sa/tasks/ike_cert_post.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_cert_post.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_cert_post.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -52,4 +52,4 @@ struct ike_cert_post_t { */ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_CERT_POST_H_ @} */ +#endif /** IKE_CERT_POST_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/charon/sa/tasks/ike_cert_pre.h index d8793a8e2..d6d06b04f 100644 --- a/src/charon/sa/tasks/ike_cert_pre.h +++ b/src/charon/sa/tasks/ike_cert_pre.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_cert_pre.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_cert_pre.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -52,4 +52,4 @@ struct ike_cert_pre_t { */ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_CERT_PRE_H_ @} */ +#endif /** IKE_CERT_PRE_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_config.h b/src/charon/sa/tasks/ike_config.h index 23410a196..cc709f4d6 100644 --- a/src/charon/sa/tasks/ike_config.h +++ b/src/charon/sa/tasks/ike_config.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_config.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_config.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -50,4 +50,4 @@ struct ike_config_t { */ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_CONFIG_H_ @} */ +#endif /** IKE_CONFIG_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_delete.h b/src/charon/sa/tasks/ike_delete.h index 6d08d345d..ea4e9832b 100644 --- a/src/charon/sa/tasks/ike_delete.h +++ b/src/charon/sa/tasks/ike_delete.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_delete.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_delete.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -49,4 +49,4 @@ struct ike_delete_t { */ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_DELETE_H_ @} */ +#endif /** IKE_DELETE_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_dpd.h b/src/charon/sa/tasks/ike_dpd.h index 62b8a6a10..0eadd0db7 100644 --- a/src/charon/sa/tasks/ike_dpd.h +++ b/src/charon/sa/tasks/ike_dpd.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_dpd.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_dpd.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -50,4 +50,4 @@ struct ike_dpd_t { */ ike_dpd_t *ike_dpd_create(bool initiator); -#endif /* IKE_DPD_H_ @} */ +#endif /** IKE_DPD_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_init.h b/src/charon/sa/tasks/ike_init.h index 0e5a913fd..84f28a98d 100644 --- a/src/charon/sa/tasks/ike_init.h +++ b/src/charon/sa/tasks/ike_init.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_init.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_init.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -59,4 +59,4 @@ struct ike_init_t { */ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa); -#endif /* IKE_INIT_H_ @} */ +#endif /** IKE_INIT_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_me.h b/src/charon/sa/tasks/ike_me.h index c9a515c8f..3bef0a7f1 100644 --- a/src/charon/sa/tasks/ike_me.h +++ b/src/charon/sa/tasks/ike_me.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_me.h 3666 2008-03-26 18:40:19Z tobias $ + * $Id: ike_me.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -97,4 +97,4 @@ struct ike_me_t { */ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator); -#endif /*IKE_ME_H_ @} */ +#endif /** IKE_ME_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/charon/sa/tasks/ike_mobike.h index f8f094456..4a2006a80 100644 --- a/src/charon/sa/tasks/ike_mobike.h +++ b/src/charon/sa/tasks/ike_mobike.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_mobike.h 4368 2008-10-06 13:37:04Z martin $ + * $Id: ike_mobike.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -87,4 +87,4 @@ struct ike_mobike_t { */ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_MOBIKE_H_ @} */ +#endif /** IKE_MOBIKE_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c index 9e62fcbdf..eb84c876f 100644 --- a/src/charon/sa/tasks/ike_natd.c +++ b/src/charon/sa/tasks/ike_natd.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_natd.c 4386 2008-10-08 08:23:46Z martin $ + * $Id: ike_natd.c 5029 2009-03-26 11:49:07Z martin $ */ #include "ike_natd.h" @@ -356,7 +356,11 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) charon->kernel_interface, FALSE, FALSE); while (enumerator->enumerate(enumerator, (void**)&host)) { + /* apply port 500 to host, but work on a copy */ + host = host->clone(host); + host->set_port(host, IKEV2_UDP_PORT); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); + host->destroy(host); message->add_payload(message, (payload_t*)notify); } enumerator->destroy(enumerator); diff --git a/src/charon/sa/tasks/ike_natd.h b/src/charon/sa/tasks/ike_natd.h index 7e1e58bc0..155ae4b4c 100644 --- a/src/charon/sa/tasks/ike_natd.h +++ b/src/charon/sa/tasks/ike_natd.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_natd.h 4368 2008-10-06 13:37:04Z martin $ + * $Id: ike_natd.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -58,4 +58,4 @@ struct ike_natd_t { */ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_NATD_H_ @} */ +#endif /** IKE_NATD_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_reauth.h b/src/charon/sa/tasks/ike_reauth.h index 1076cc7cc..689550c92 100644 --- a/src/charon/sa/tasks/ike_reauth.h +++ b/src/charon/sa/tasks/ike_reauth.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_reauth.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_reauth.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -50,4 +50,4 @@ struct ike_reauth_t { */ ike_reauth_t *ike_reauth_create(ike_sa_t *ike_sa); -#endif /* IKE_REAUTH_H_ @} */ +#endif /** IKE_REAUTH_H_ @}*/ diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/charon/sa/tasks/ike_rekey.h index 1bfde8a54..ab82789f3 100644 --- a/src/charon/sa/tasks/ike_rekey.h +++ b/src/charon/sa/tasks/ike_rekey.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ike_rekey.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ike_rekey.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -60,4 +60,4 @@ struct ike_rekey_t { */ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator); -#endif /* IKE_REKEY_H_ @} */ +#endif /** IKE_REKEY_H_ @}*/ diff --git a/src/charon/sa/tasks/task.h b/src/charon/sa/tasks/task.h index 26b4f214e..a5eb2caa3 100644 --- a/src/charon/sa/tasks/task.h +++ b/src/charon/sa/tasks/task.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: task.h 3666 2008-03-26 18:40:19Z tobias $ + * $Id: task.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -145,4 +145,4 @@ struct task_t { void (*destroy) (task_t *this); }; -#endif /* TASK_H_ @} */ +#endif /** TASK_H_ @}*/ diff --git a/src/libfast/context.h b/src/libfast/context.h index dc1450bd1..3f21ea6f2 100644 --- a/src/libfast/context.h +++ b/src/libfast/context.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: context.h 3489 2008-02-22 09:40:58Z martin $ + * $Id: context.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -41,4 +41,4 @@ struct context_t { void (*destroy) (context_t *this); }; -#endif /* CONTEXT_H_ @}*/ +#endif /** CONTEXT_H_ @}*/ diff --git a/src/libfast/controller.h b/src/libfast/controller.h index 162e114e3..9bfb04bab 100644 --- a/src/libfast/controller.h +++ b/src/libfast/controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: controller.h 3489 2008-02-22 09:40:58Z martin $ + * $Id: controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -76,4 +76,4 @@ struct controller_t { void (*destroy) (controller_t *this); }; -#endif /* CONTROLLER_H_ @} */ +#endif /** CONTROLLER_H_ @}*/ diff --git a/src/libfast/dispatcher.h b/src/libfast/dispatcher.h index 98a7b7e30..bcd1712ce 100644 --- a/src/libfast/dispatcher.h +++ b/src/libfast/dispatcher.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: dispatcher.h 3519 2008-03-02 12:14:34Z martin $ + * $Id: dispatcher.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -136,4 +136,4 @@ struct dispatcher_t { dispatcher_t *dispatcher_create(char *socket, bool debug, int timeout, context_constructor_t constructor, void *param); -#endif /* DISPATCHER_H_ @} */ +#endif /** DISPATCHER_H_ @}*/ diff --git a/src/libfast/request.h b/src/libfast/request.h index b0d5bd89c..25fa5fc60 100644 --- a/src/libfast/request.h +++ b/src/libfast/request.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: request.h 3531 2008-03-06 09:50:56Z martin $ + * $Id: request.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -183,4 +183,4 @@ struct request_t { */ request_t *request_create(int fd, bool debug); -#endif /* REQUEST_H_ @} */ +#endif /** REQUEST_H_ @}*/ diff --git a/src/libfast/session.h b/src/libfast/session.h index 0df5d5482..a782a8fe4 100644 --- a/src/libfast/session.h +++ b/src/libfast/session.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: session.h 3519 2008-03-02 12:14:34Z martin $ + * $Id: session.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -77,4 +77,4 @@ struct session_t { */ session_t *session_create(context_t *context); -#endif /* SESSION_H_ @} */ +#endif /** SESSION_H_ @}*/ diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 1359dcd2d..8b9762777 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $ + * $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $ */ #include <stdio.h> @@ -264,13 +264,15 @@ u_int asn1_length(chunk_t *blob) return len; } +#define TIME_MAX 0x7fffffff + /** * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time */ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { struct tm t; - time_t tz_offset; + time_t tc, tz_offset; u_char *eot = NULL; if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) @@ -296,12 +298,13 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) return 0; /* error in time format */ } + /* parse ASN.1 time string */ { - const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": - "%4d%2d%2d%2d%2d"; + const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": + "%4d%2d%2d%2d%2d"; - sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, - &t.tm_hour, &t.tm_min); + sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, + &t.tm_hour, &t.tm_min); } /* is there a seconds field? */ @@ -334,9 +337,11 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) /* set daylight saving time to off */ t.tm_isdst = 0; - /* compensate timezone */ - - return mktime(&t) - timezone - tz_offset; + /* convert to time_t */ + tc = mktime(&t); + + /* if no conversion overflow occurred, compensate timezone */ + return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset); } /** diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 0f2e6e5c0..4ea89730c 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: asn1.h 3876 2008-04-26 09:24:14Z andreas $ + * $Id: asn1.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -110,7 +110,7 @@ int asn1_known_oid(chunk_t object); * Returns the length of an ASN.1 object * The blob pointer is advanced past the tag length fields * - * @param pointer to an ASN.1 coded blob + * @param blob pointer to an ASN.1 coded blob * @return length of ASN.1 object */ u_int asn1_length(chunk_t *blob); @@ -168,7 +168,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type); * Parse an ASN.1 UTCTIME or GENERALIZEDTIME object * * @param blob ASN.1 coded time object - * @param level top-most level offset + * @param level0 top-most level offset * @return time_t in UTC */ time_t asn1_parse_time(chunk_t blob, int level0); @@ -223,10 +223,10 @@ chunk_t asn1_bitstring(const char *mode, chunk_t content); /** * Build an ASN.1 object from a variable number of individual chunks * - * @param typ ASN.1 type to be created + * @param type ASN.1 type to be created * @param mode for each list member: 'c' for copy or 'm' for move * @return chunk containing the ASN.1 coded object */ chunk_t asn1_wrap(asn1_t type, const char *mode, ...); -#endif /* ASN1_H_ @}*/ +#endif /** ASN1_H_ @}*/ diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index d84a5336f..bcc966e04 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: asn1_parser.h 3894 2008-04-28 18:44:21Z andreas $ + * $Id: asn1_parser.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -116,4 +116,4 @@ struct asn1_parser_t { */ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob); -#endif /* ASN1_PARSER_H_ @}*/ +#endif /** ASN1_PARSER_H_ @}*/ diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index 5eb8f8d8a..125b86b12 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: chunk.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: chunk.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -92,11 +92,11 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force); /** * Convert a chunk of data to hex encoding. * - * The resulting string is '\0' terminated, but the chunk does not include - * the '\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1). + * The resulting string is '\\0' terminated, but the chunk does not include + * the '\\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1). * * @param chunk data to convert - * @param buff buffer to write to, NULL to malloc + * @param buf buffer to write to, NULL to malloc * @param uppercase TRUE to use uppercase letters * @return chunk of encoded data */ @@ -117,11 +117,11 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf); /** * Convert a chunk of data to its base64 encoding. * - * The resulting string is '\0' terminated, but the chunk does not include - * the '\0'. If buf is supplied, it must hold at least (chunk.len * 4 / 3 + 1). + * The resulting string is '\\0' terminated, but the chunk does not include + * the '\\0'. If buf is supplied, it must hold at least (chunk.len * 4 / 3 + 1). * * @param chunk data to convert - * @param buff buffer to write to, NULL to malloc + * @param buf buffer to write to, NULL to malloc * @return chunk of encoded data */ chunk_t chunk_to_base64(chunk_t chunk, char *buf); @@ -249,4 +249,4 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); int chunk_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* CHUNK_H_ @}*/ +#endif /** CHUNK_H_ @}*/ diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 332d52d52..4b3fb1ae4 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -129,4 +129,4 @@ struct builder_t { */ void* builder_free(builder_t *this); -#endif /* BUILDER_H_ @}*/ +#endif /** BUILDER_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h index 4e33390bb..39ab8fe71 100644 --- a/src/libstrongswan/credentials/certificates/ac.h +++ b/src/libstrongswan/credentials/certificates/ac.h @@ -82,5 +82,4 @@ struct ac_t { bool (*equals_holder) (ac_t *this, ac_t *other); }; -#endif /* AC_H_ @}*/ - +#endif /** AC_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index 14f4de389..1fb151d9f 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -189,4 +189,4 @@ struct certificate_t { void (*destroy)(certificate_t *this); }; -#endif /* CERTIFICATE_H_ @}*/ +#endif /** CERTIFICATE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index f1fb70efd..0c0493940 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: crl.h 3656 2008-03-25 22:28:27Z andreas $ + * $Id: crl.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -85,4 +85,4 @@ struct crl_t { }; -#endif /* CRL_H_ @}*/ +#endif /** CRL_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h index 377eabd23..25ecb8d35 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_request.h +++ b/src/libstrongswan/credentials/certificates/ocsp_request.h @@ -38,4 +38,4 @@ struct ocsp_request_t { certificate_t interface; }; -#endif /* OCSP_REQUEST_H_ @}*/ +#endif /** OCSP_REQUEST_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h index 416f712f3..3c9794956 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_response.h +++ b/src/libstrongswan/credentials/certificates/ocsp_response.h @@ -81,4 +81,4 @@ struct ocsp_response_t { enumerator_t* (*create_cert_enumerator)(ocsp_response_t *this); }; -#endif /* OCSP_RESPONSE_H_ @}*/ +#endif /** OCSP_RESPONSE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 737dcdc67..704f11522 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509.h 3656 2008-03-25 22:28:27Z andreas $ + * $Id: x509.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -104,4 +104,4 @@ struct x509_t { enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this); }; -#endif /* X509_H_ @}*/ +#endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index dc4d62679..42fb2df6d 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -109,4 +109,4 @@ struct credential_factory_t { */ credential_factory_t *credential_factory_create(); -#endif /* CREDENTIAL_FACTORY_H_ @}*/ +#endif /** CREDENTIAL_FACTORY_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index c28988309..219926af1 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: private_key.h 3620 2008-03-19 14:21:56Z martin $ + * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -111,4 +111,4 @@ struct private_key_t { void (*destroy)(private_key_t *this); }; -#endif /* PRIVATE_KEY_H_ @} */ +#endif /** PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 62dbe4303..65bb5f64d 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: public_key.h 4051 2008-06-10 09:08:27Z tobias $ + * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -152,4 +152,4 @@ struct public_key_t { void (*destroy)(public_key_t *this); }; -#endif /* PUBLIC_KEY_H_ @} */ +#endif /** PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h index 1a70bd125..d61d98f95 100644 --- a/src/libstrongswan/crypto/crypters/crypter.h +++ b/src/libstrongswan/crypto/crypters/crypter.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: crypter.h 4886 2009-02-19 13:46:08Z tobias $ + * $Id: crypter.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -122,4 +122,4 @@ struct crypter_t { void (*destroy) (crypter_t *this); }; -#endif /*CRYPTER_H_ @} */ +#endif /** CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index cdb9b47ba..e2d2de71a 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -267,4 +267,4 @@ struct crypto_factory_t { */ crypto_factory_t *crypto_factory_create(); -#endif /* CRYPTO_FACTORY_H_ @}*/ +#endif /** CRYPTO_FACTORY_H_ @}*/ diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 4147d85af..5aaba383e 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: diffie_hellman.h 4685 2008-11-22 16:14:55Z martin $ + * $Id: diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -108,4 +108,4 @@ struct diffie_hellman_t { void (*destroy) (diffie_hellman_t *this); }; -#endif /*DIFFIE_HELLMAN_H_ @} */ +#endif /** DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index fe2f48be6..1db5c14cc 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: hasher.h 4880 2009-02-18 19:45:46Z tobias $ + * $Id: hasher.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -133,4 +133,4 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg); */ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg); -#endif /* HASHER_H_ @} */ +#endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h index 89cdec83d..698f3c172 100644 --- a/src/libstrongswan/crypto/pkcs9.h +++ b/src/libstrongswan/crypto/pkcs9.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: pkcs9.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: pkcs9.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -92,9 +92,8 @@ pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level); /** * Create an empty PKCS#9 attribute list * - * @param chunk chunk containing data * @return created pkcs9 attribute list. */ pkcs9_t *pkcs9_create(void); -#endif /* PKCS9_H_ @} */ +#endif /** PKCS9_H_ @}*/ diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index e63827858..4c98e4ad1 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: prf_plus.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: prf_plus.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -77,4 +77,4 @@ struct prf_plus_t { */ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed); -#endif /*PRF_PLUS_H_ @} */ +#endif /** PRF_PLUS_H_ @}*/ diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index 324eb89b4..e2b4f6fe0 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: prf.h 3916 2008-05-08 12:43:27Z martin $ + * $Id: prf.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -115,4 +115,4 @@ struct prf_t { void (*destroy) (prf_t *this); }; -#endif /*PRF_H_ @} */ +#endif /** PRF_H_ @}*/ diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index 08f7af209..1c4d204f3 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -72,4 +72,4 @@ struct rng_t { void (*destroy) (rng_t *this); }; -#endif /*RNG_H_ @} */ +#endif /** RNG_H_ @}*/ diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index f67c38f07..b2be2c030 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: signer.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: signer.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -51,6 +51,8 @@ enum integrity_algorithm_t { AUTH_HMAC_SHA2_512_256 = 14, /** Implemented via hmac_signer_t */ AUTH_HMAC_SHA1_128 = 1025, + /** Implemented via hmac_signer_t */ + AUTH_HMAC_MD5_128 = 1026, }; /** @@ -120,4 +122,4 @@ struct signer_t { void (*destroy) (signer_t *this); }; -#endif /*SIGNER_H_ @} */ +#endif /** SIGNER_H_ @}*/ diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h index 39f909cd7..16472d869 100644 --- a/src/libstrongswan/database/database.h +++ b/src/libstrongswan/database/database.h @@ -120,4 +120,4 @@ struct database_t { void (*destroy)(database_t *this); }; -#endif /* DATABASE_H_ @}*/ +#endif /** DATABASE_H_ @}*/ diff --git a/src/libstrongswan/database/database_factory.h b/src/libstrongswan/database/database_factory.h index 358f49054..8875adad7 100644 --- a/src/libstrongswan/database/database_factory.h +++ b/src/libstrongswan/database/database_factory.h @@ -70,4 +70,4 @@ struct database_factory_t { */ database_factory_t *database_factory_create(); -#endif /* DATABASE_FACTORY_H_ @}*/ +#endif /** DATABASE_FACTORY_H_ @}*/ diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h index b120cc601..3b98f6837 100644 --- a/src/libstrongswan/debug.h +++ b/src/libstrongswan/debug.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: debug.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: debug.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -60,4 +60,4 @@ extern void (*dbg) (int level, char *fmt, ...); /** default logging function, prints to stderr */ void dbg_default(int level, char *fmt, ...); -#endif /* DEBUG_H_ @} */ +#endif /** DEBUG_H_ @}*/ diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h index 4a594a4a9..877b3e6de 100644 --- a/src/libstrongswan/enum.h +++ b/src/libstrongswan/enum.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: enum.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: enum.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -117,4 +117,4 @@ struct enum_name_t { int enum_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* ENUM_H_ @}*/ +#endif /** ENUM_H_ @}*/ diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h index 4fc37e35e..9a7cc315e 100644 --- a/src/libstrongswan/fetcher/fetcher.h +++ b/src/libstrongswan/fetcher/fetcher.h @@ -102,4 +102,4 @@ struct fetcher_t { void (*destroy)(fetcher_t *this); }; -#endif /* FETCHER_H_ @}*/ +#endif /** FETCHER_H_ @}*/ diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index e94d44494..183964d6c 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -71,4 +71,4 @@ struct fetcher_manager_t { */ fetcher_manager_t *fetcher_manager_create(); -#endif /* FETCHER_MANAGER_H_ @}*/ +#endif /** FETCHER_MANAGER_H_ @}*/ diff --git a/src/libstrongswan/fips/fips.h b/src/libstrongswan/fips/fips.h index a4ff440ba..9b777be5f 100644 --- a/src/libstrongswan/fips/fips.h +++ b/src/libstrongswan/fips/fips.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: fips.h 3877 2008-04-26 09:40:22Z andreas $ + * $Id: fips.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -43,4 +43,4 @@ bool fips_compute_hmac_signature(const char *key, char *signature); */ bool fips_verify_hmac_signature(const char *key, const char *signature); -#endif /*FIPS_H_ @} */ +#endif /** FIPS_H_ @}*/ diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 1445b28cd..a6d27551e 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: library.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: library.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -132,4 +132,4 @@ void library_deinit(); */ extern library_t *lib; -#endif /* LIBRARY_H_ @}*/ +#endif /** LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h index e42a6bc5b..19ea6b4b7 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.h +++ b/src/libstrongswan/plugins/aes/aes_crypter.h @@ -47,4 +47,4 @@ struct aes_crypter_t { aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size); -#endif /* AES_CRYPTER_H_ @}*/ +#endif /** AES_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h index 4cf0bc15e..a6ff620ed 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.h +++ b/src/libstrongswan/plugins/aes/aes_plugin.h @@ -44,4 +44,4 @@ struct aes_plugin_t { */ plugin_t *plugin_create(); -#endif /* AES_PLUGIN_H_ @}*/ +#endif /** AES_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h index d12dd44ac..33a5dcb53 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.h +++ b/src/libstrongswan/plugins/agent/agent_plugin.h @@ -44,4 +44,4 @@ struct agent_plugin_t { */ plugin_t *plugin_create(); -#endif /* AGENT_PLUGIN_H_ @}*/ +#endif /** AGENT_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h index 4d678dd08..929e88a50 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.h +++ b/src/libstrongswan/plugins/agent/agent_private_key.h @@ -44,5 +44,5 @@ struct agent_private_key_t { */ builder_t *agent_private_key_builder(key_type_t type); -#endif /*AGENT_PRIVATE_KEY_H_ @}*/ +#endif /** AGENT_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h index 3028eac1b..043beb834 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.h +++ b/src/libstrongswan/plugins/curl/curl_fetcher.h @@ -44,4 +44,4 @@ struct curl_fetcher_t { */ curl_fetcher_t *curl_fetcher_create(); -#endif /* CURL_FETCHER_H_ @}*/ +#endif /** CURL_FETCHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h index 73166a25b..1b748446b 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.h +++ b/src/libstrongswan/plugins/curl/curl_plugin.h @@ -44,4 +44,4 @@ struct curl_plugin_t { */ plugin_t *plugin_create(); -#endif /* CURL_PLUGIN_H_ @}*/ +#endif /** CURL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h index d40d9cf2f..623b292fc 100644 --- a/src/libstrongswan/plugins/des/des_crypter.h +++ b/src/libstrongswan/plugins/des/des_crypter.h @@ -46,4 +46,4 @@ struct des_crypter_t { des_crypter_t *des_crypter_create(encryption_algorithm_t algo); -#endif /* DES_CRYPTER_H_ @}*/ +#endif /** DES_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h index 8cabd082b..17df220bc 100644 --- a/src/libstrongswan/plugins/des/des_plugin.h +++ b/src/libstrongswan/plugins/des/des_plugin.h @@ -44,4 +44,4 @@ struct des_plugin_t { */ plugin_t *plugin_create(); -#endif /* DES_PLUGIN_H_ @}*/ +#endif /** DES_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h index 3fead6b9b..b2940be72 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h @@ -56,4 +56,4 @@ struct fips_prf_t { */ fips_prf_t *fips_prf_create(pseudo_random_function_t algo); -#endif /* FIPS_PRF_H_ @}*/ +#endif /** FIPS_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h index 6816eb66f..8d65254ba 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h @@ -44,4 +44,4 @@ struct fips_prf_plugin_t { */ plugin_t *plugin_create(); -#endif /* FIPS_PRF_PLUGIN_H_ @}*/ +#endif /** FIPS_PRF_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index e2d4d6851..774c31cc2 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -45,5 +45,5 @@ struct gmp_diffie_hellman_t { */ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group); -#endif /*GMP_DIFFIE_HELLMAN_H_ @}*/ +#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h index a853064b7..d707d78ea 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.h +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h @@ -44,4 +44,4 @@ struct gmp_plugin_t { */ plugin_t *plugin_create(); -#endif /* GMP_PLUGIN_H_ @}*/ +#endif /** GMP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index 6f59b2ad2..d47e2583d 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -44,5 +44,5 @@ struct gmp_rsa_private_key_t { */ builder_t *gmp_rsa_private_key_builder(key_type_t type); -#endif /*GMP_RSA_PRIVATE_KEY_H_ @}*/ +#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index 2e502b7e6..46c8c3fd8 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: gmp_rsa_public_key.h 3721 2008-04-01 14:51:31Z martin $ + * $Id: gmp_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -47,4 +47,4 @@ struct gmp_rsa_public_key_t { */ builder_t *gmp_rsa_public_key_builder(key_type_t type); -#endif /*GMP_RSA_PUBLIC_KEY_H_ @}*/ +#endif /** GMP_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h index 5f266e133..a204d3b17 100644 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ b/src/libstrongswan/plugins/hmac/hmac.h @@ -90,4 +90,4 @@ struct hmac_t { */ hmac_t *hmac_create(hash_algorithm_t hash_algorithm); -#endif /*HMAC_H_ @}*/ +#endif /** HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index a0afc2a85..7a09b7a4e 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: hmac_plugin.c 4309 2008-08-28 11:07:57Z martin $ + * $Id: hmac_plugin.c 4997 2009-03-24 10:24:58Z martin $ */ #include "hmac_plugin.h" @@ -74,6 +74,8 @@ plugin_t *plugin_create() (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, + (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h index 55ba0b5f4..5c3afa7d6 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.h +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h @@ -44,4 +44,4 @@ struct hmac_plugin_t { */ plugin_t *plugin_create(); -#endif /* HMAC_PLUGIN_H_ @}*/ +#endif /** HMAC_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h index 46d05f03a..aa75272e1 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.h +++ b/src/libstrongswan/plugins/hmac/hmac_prf.h @@ -48,4 +48,4 @@ struct hmac_prf_t { */ hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo); -#endif /*PRF_HMAC_SHA1_H_ @}*/ +#endif /** PRF_HMAC_SHA1_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c index cdfc819f1..89cae1716 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.c +++ b/src/libstrongswan/plugins/hmac/hmac_signer.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: hmac_signer.c 3488 2008-02-21 15:10:02Z martin $ + * $Id: hmac_signer.c 4997 2009-03-24 10:24:58Z martin $ */ #include <string.h> @@ -159,6 +159,10 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) hash = HASH_MD5; trunc = 12; break; + case AUTH_HMAC_MD5_128: + hash = HASH_MD5; + trunc = 16; + break; case AUTH_HMAC_SHA2_256_128: hash = HASH_SHA256; trunc = 16; diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h index 969f482e7..197e28fa7 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.h +++ b/src/libstrongswan/plugins/hmac/hmac_signer.h @@ -52,4 +52,4 @@ struct hmac_signer_t { */ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo); -#endif /*HMAC_SIGNER_H_ @}*/ +#endif /** HMAC_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.h b/src/libstrongswan/plugins/ldap/ldap_fetcher.h index bde60c799..30a141bae 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.h +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.h @@ -39,4 +39,4 @@ struct ldap_fetcher_t { */ ldap_fetcher_t *ldap_fetcher_create(); -#endif /* LDAP_FETCHER_H_ @}*/ +#endif /** LDAP_FETCHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h index 7b2bb3232..de4ff3422 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.h +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h @@ -44,4 +44,4 @@ struct ldap_plugin_t { */ plugin_t *plugin_create(); -#endif /* LDAP_PLUGIN_H_ @}*/ +#endif /** LDAP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h index 75956fde6..b0b8c65d2 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.h +++ b/src/libstrongswan/plugins/md4/md4_hasher.h @@ -45,4 +45,4 @@ struct md4_hasher_t { */ md4_hasher_t *md4_hasher_create(hash_algorithm_t algo); -#endif /*MD4_HASHER_H_@}*/ +#endif /** MD4_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h index 965bff261..b13002d7b 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.h +++ b/src/libstrongswan/plugins/md4/md4_plugin.h @@ -44,4 +44,4 @@ struct md4_plugin_t { */ plugin_t *plugin_create(); -#endif /* MD4_PLUGIN_H_ @}*/ +#endif /** MD4_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h index d4a0417ab..0064c177b 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.h +++ b/src/libstrongswan/plugins/md5/md5_hasher.h @@ -45,4 +45,4 @@ struct md5_hasher_t { */ md5_hasher_t *md5_hasher_create(hash_algorithm_t algo); -#endif /*MD5_HASHER_H_@}*/ +#endif /** MD5_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h index e8e8dd535..057689ad3 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.h +++ b/src/libstrongswan/plugins/md5/md5_plugin.h @@ -44,4 +44,4 @@ struct md5_plugin_t { */ plugin_t *plugin_create(); -#endif /* MD5_PLUGIN_H_ @}*/ +#endif /** MD5_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h index d04aa79fa..98ddcad36 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.h +++ b/src/libstrongswan/plugins/mysql/mysql_database.h @@ -39,7 +39,7 @@ struct mysql_database_t { /** * Create a mysql_database instance. * - * @param uri connection URI, mysql://user:pass@host:port/database + * @param uri connection URI, mysql://user:pass@example.com:port/database */ mysql_database_t *mysql_database_create(char *uri); @@ -55,4 +55,4 @@ bool mysql_database_init(); */ void mysql_database_deinit(); -#endif /* MYSQL_DATABASE_H_ @}*/ +#endif /** MYSQL_DATABASE_H_ @}*/ diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h index dbcabaafe..fa53c2b7a 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.h +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h @@ -44,4 +44,4 @@ struct mysql_plugin_t { */ plugin_t *plugin_create(); -#endif /* MYSQL_PLUGIN_H_ @}*/ +#endif /** MYSQL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h index f80d0dec6..4510fb7ee 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.h +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_crypter.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_crypter.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -48,4 +48,4 @@ struct openssl_crypter_t { openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, size_t key_size); -#endif /* OPENSSL_CRYPTER_H_ @}*/ +#endif /** OPENSSL_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h index c72b4aab0..c67ce8970 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_diffie_hellman.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,5 +46,5 @@ struct openssl_diffie_hellman_t { */ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group); -#endif /*OPENSSL_DIFFIE_HELLMAN_H_ @}*/ +#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h index e89f1cbd7..6b135b36b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_ec_diffie_hellman.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_ec_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,5 +46,5 @@ struct openssl_ec_diffie_hellman_t { */ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group); -#endif /*OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/ +#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index 629fc9574..29588ce18 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_ec_private_key.h 4051 2008-06-10 09:08:27Z tobias $ + * $Id: openssl_ec_private_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct openssl_ec_private_key_t { */ builder_t *openssl_ec_private_key_builder(key_type_t type); -#endif /*OPENSSL_EC_PRIVATE_KEY_H_ @}*/ +#endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h index 92684402c..83552d590 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_ec_public_key.h 4051 2008-06-10 09:08:27Z tobias $ + * $Id: openssl_ec_public_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct openssl_ec_public_key_t { */ builder_t *openssl_ec_public_key_builder(key_type_t type); -#endif /*OPENSSL_EC_PUBLIC_KEY_H_ @}*/ +#endif /** OPENSSL_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h index f776e9fd4..52699f7ff 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.h +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_hasher.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_hasher.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -42,9 +42,8 @@ struct openssl_hasher_t { * Constructor to create openssl_hasher_t. * * @param algo algorithm - * @param key_size key size in bytes * @return openssl_hasher_t, NULL if not supported */ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo); -#endif /* OPENSSL_HASHER_H_ @}*/ +#endif /** OPENSSL_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h index 40f741dfa..a6d2a060e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.h +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_plugin.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_plugin.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct openssl_plugin_t { */ plugin_t *plugin_create(); -#endif /* OPENSSL_PLUGIN_H_ @}*/ +#endif /** OPENSSL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 81d81b2db..05d83416c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_rsa_private_key.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_rsa_private_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct openssl_rsa_private_key_t { */ builder_t *openssl_rsa_private_key_builder(key_type_t type); -#endif /*OPENSSL_RSA_PRIVATE_KEY_H_ @}*/ +#endif /** OPENSSL_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h index 570fb69cb..c97ba1b92 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_rsa_public_key.h 4000 2008-05-22 12:13:10Z tobias $ + * $Id: openssl_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct openssl_rsa_public_key_t { */ builder_t *openssl_rsa_public_key_builder(key_type_t type); -#endif /*OPENSSL_RSA_PUBLIC_KEY_H_ @}*/ +#endif /** OPENSSL_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 2dbd5054e..e780e2a25 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_util.h 4051 2008-06-10 09:08:27Z tobias $ + * $Id: openssl_util.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -67,4 +67,4 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); */ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b); -#endif /*OPENSSL_UTIL_H_ @}*/ +#endif /** OPENSSL_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h index e8b01633d..d8ac9c2a0 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h @@ -47,4 +47,4 @@ struct padlock_aes_crypter_t { padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, size_t key_size); -#endif /* PADLOCK_AES_CRYPTER_H_ @}*/ +#endif /** PADLOCK_AES_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h index 7e013a5f7..76f4d1135 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.h +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h @@ -44,4 +44,4 @@ struct padlock_plugin_t { */ plugin_t *plugin_create(); -#endif /* PADLOCK_PLUGIN_H_ @}*/ +#endif /** PADLOCK_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h index a76ecd296..505f4649c 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.h +++ b/src/libstrongswan/plugins/padlock/padlock_rng.h @@ -17,7 +17,7 @@ /** * @defgroup padlock_rng padlock_rng - * @{ @ingroup padlock + * @{ @ingroup padlock_p */ #ifndef PADLOCK_RNG_H_ @@ -46,4 +46,4 @@ struct padlock_rng_t { */ padlock_rng_t *padlock_rng_create(rng_quality_t quality); -#endif /* PADLOCK_RNG_ @}*/ +#endif /** PADLOCK_RNG_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h index 6855b827f..afa1e046d 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h @@ -16,7 +16,7 @@ /** * @defgroup sha1_hasher sha1_hasher - * @{ @ingroup sha1_p + * @{ @ingroup padlock_p */ #ifndef PADLOCK_SHA1_HASHER_H_ @@ -45,4 +45,4 @@ struct padlock_sha1_hasher_t { */ padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo); -#endif /*SHA1_HASHER_H_ @}*/ +#endif /** SHA1_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index cf0b728a3..6ca71540c 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -46,4 +46,4 @@ struct plugin_t { */ typedef plugin_t *(*plugin_constructor_t)(void); -#endif /* PLUGIN_H_ @}*/ +#endif /** PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index bd24e7558..6230f9d68 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -64,4 +64,4 @@ struct plugin_loader_t { */ plugin_loader_t *plugin_loader_create(); -#endif /* PLUGIN_LOADER_H_ @}*/ +#endif /** PLUGIN_LOADER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h index 71ffe5099..b04824fee 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h @@ -48,4 +48,4 @@ struct pubkey_cert_t { */ builder_t *pubkey_cert_builder(certificate_type_t type); -#endif /* PUBKEY_CERT_H_ @}*/ +#endif /** PUBKEY_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h index 64d0995fc..a3fd2f155 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h @@ -44,4 +44,4 @@ struct pubkey_plugin_t { */ plugin_t *plugin_create(); -#endif /* PUBKEY_PLUGIN_H_ @}*/ +#endif /** PUBKEY_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h index 914ad74e9..0545feeee 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: pubkey_public_key.h 3961 2008-05-15 12:33:00Z tobias $ + * $Id: pubkey_public_key.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -33,4 +33,4 @@ */ builder_t *pubkey_public_key_builder(key_type_t type); -#endif /*PUBKEY_RSA_PUBLIC_KEY_H_ @}*/ +#endif /** PUBKEY_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index 9e8b99387..8145c7875 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -44,4 +44,4 @@ struct random_plugin_t { */ plugin_t *plugin_create(); -#endif /* RANDOM_PLUGIN_H_ @}*/ +#endif /** RANDOM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h index 7f82353d8..3426d694e 100644 --- a/src/libstrongswan/plugins/random/random_rng.h +++ b/src/libstrongswan/plugins/random/random_rng.h @@ -17,7 +17,7 @@ /** * @defgroup random_rng random_rng - * @{ @ingroup utils + * @{ @ingroup random_p */ #ifndef RANDOM_RNG_H_ @@ -46,4 +46,4 @@ struct random_rng_t { */ random_rng_t *random_rng_create(rng_quality_t quality); -#endif /*RANDOM_RNG_H_ @} */ +#endif /** RANDOM_RNG_H_ @} */ diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h index 7dcb0b8b3..b9bfe1c86 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.h +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h @@ -45,4 +45,4 @@ struct sha1_hasher_t { */ sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo); -#endif /*SHA1_HASHER_H_ @}*/ +#endif /** SHA1_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h index 82ab04c86..36b12b91e 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.h +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h @@ -44,4 +44,4 @@ struct sha1_plugin_t { */ plugin_t *plugin_create(); -#endif /* SHA1_PLUGIN_H_ @}*/ +#endif /** SHA1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h index a0f56b681..b6cd2f9d0 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.h +++ b/src/libstrongswan/plugins/sha1/sha1_prf.h @@ -44,4 +44,4 @@ struct sha1_prf_t { */ sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo); -#endif /*SHA1_PRF_H_ @}*/ +#endif /** SHA1_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h index 6d732495a..11f4fac26 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.h +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h @@ -47,4 +47,4 @@ struct sha2_hasher_t { */ sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm); -#endif /* SHA2_HASHER_H_ @}*/ +#endif /** SHA2_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h index 859597758..b80f7560e 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.h +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h @@ -44,4 +44,4 @@ struct sha2_plugin_t { */ plugin_t *plugin_create(); -#endif /* SHA2_PLUGIN_H_ @}*/ +#endif /** SHA2_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.h b/src/libstrongswan/plugins/sqlite/sqlite_database.h index 795785627..75f89a7ed 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.h +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.h @@ -43,4 +43,4 @@ struct sqlite_database_t { */ sqlite_database_t *sqlite_database_create(char *uri); -#endif /* SQLITE_DATABASE_H_ @}*/ +#endif /** SQLITE_DATABASE_H_ @}*/ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h index 07bf9618f..82735a311 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h @@ -44,4 +44,4 @@ struct sqlite_plugin_t { */ plugin_t *plugin_create(); -#endif /* SQLITE_PLUGIN_H_ @}*/ +#endif /** SQLITE_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h index e3e4add61..983c67d14 100644 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.h +++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h @@ -77,5 +77,5 @@ chunk_t ietfAttr_list_encode(linked_list_t *list); */ void ietfAttr_list_destroy(linked_list_t *list); -#endif /* IETF_ATTR_LIST_H_ @}*/ +#endif /** IETF_ATTR_LIST_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h index 2fd165e45..5df9c5f8a 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.h +++ b/src/libstrongswan/plugins/x509/x509_ac.h @@ -56,4 +56,4 @@ struct x509_ac_t { */ builder_t *x509_ac_builder(certificate_type_t type); -#endif /* X509_AC_H_ @}*/ +#endif /** X509_AC_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h index 701cc3d63..8dbd8050a 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.h +++ b/src/libstrongswan/plugins/x509/x509_cert.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509_cert.h 3650 2008-03-22 08:15:18Z andreas $ + * $Id: x509_cert.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -46,4 +46,4 @@ struct x509_cert_t { */ builder_t *x509_cert_builder(certificate_type_t type); -#endif /* X509_CERT_H_ @}*/ +#endif /** X509_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h index 0d9e5cca4..daa8e4846 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.h +++ b/src/libstrongswan/plugins/x509/x509_crl.h @@ -45,4 +45,4 @@ struct x509_crl_t { */ builder_t *x509_crl_builder(certificate_type_t type); -#endif /* X509_CRL_H_ @}*/ +#endif /** X509_CRL_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h index 0a4016f65..ffaa3c634 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h @@ -51,4 +51,4 @@ struct x509_ocsp_request_t { */ builder_t *x509_ocsp_request_builder(certificate_type_t type); -#endif /* X509_OCSP_REQUEST_H_ @}*/ +#endif /** X509_OCSP_REQUEST_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h index 8b4c8328d..06a9fd3c7 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h @@ -44,4 +44,4 @@ struct x509_ocsp_response_t { */ builder_t *x509_ocsp_response_builder(certificate_type_t type); -#endif /* X509_OCSP_RESPONSE_H_ @}*/ +#endif /** X509_OCSP_RESPONSE_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h index 9743a2367..fe8c0b31f 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.h +++ b/src/libstrongswan/plugins/x509/x509_plugin.h @@ -44,4 +44,4 @@ struct x509_plugin_t { */ plugin_t *plugin_create(); -#endif /* X509_PLUGIN_H_ @}*/ +#endif /** X509_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h index 81812442e..a334c675b 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.h +++ b/src/libstrongswan/plugins/xcbc/xcbc.h @@ -75,4 +75,4 @@ struct xcbc_t { */ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size); -#endif /*xcbc_H_ @}*/ +#endif /** XCBC_H_ @}*/ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h index 728d84690..803d847aa 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h @@ -44,4 +44,4 @@ struct xcbc_plugin_t { */ plugin_t *plugin_create(); -#endif /* XCBC_PLUGIN_H_ @}*/ +#endif /** XCBC_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h index e8692ae23..bbf5b972a 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h @@ -47,4 +47,4 @@ struct xcbc_prf_t { */ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo); -#endif /*PRF_XCBC_SHA1_H_ @}*/ +#endif /** PRF_XCBC_SHA1_H_ @}*/ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h index c7eff7e17..dc0087392 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h @@ -18,8 +18,8 @@ * @{ @ingroup xcbc_p */ -#ifndef xcbc_SIGNER_H_ -#define xcbc_SIGNER_H_ +#ifndef XCBC_SIGNER_H_ +#define XCBC_SIGNER_H_ typedef struct xcbc_signer_t xcbc_signer_t; @@ -44,4 +44,4 @@ struct xcbc_signer_t { */ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo); -#endif /*xcbc_SIGNER_H_ @}*/ +#endif /** XCBC_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h index d2edbdd22..a82c1583c 100644 --- a/src/libstrongswan/printf_hook.h +++ b/src/libstrongswan/printf_hook.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: printf_hook.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: printf_hook.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -150,4 +150,4 @@ struct printf_hook_t { */ printf_hook_t *printf_hook_create(); -#endif /* PRINTF_HOOK_H_ @}*/ +#endif /** PRINTF_HOOK_H_ @}*/ diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 0f41878c5..c487f7775 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -116,4 +116,4 @@ struct settings_t { */ settings_t *settings_create(char *file); -#endif /* SETTINGS_H_ @}*/ +#endif /** SETTINGS_H_ @}*/ diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index 01d01576e..b740e7473 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: utils.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: utils.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -311,4 +311,4 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, int mem_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* UTILS_H_ @}*/ +#endif /** UTILS_H_ @}*/ diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 72effd01e..061d9f356 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -59,5 +59,4 @@ struct backtrace_t { */ backtrace_t *backtrace_create(int skip); -#endif /* BACKTRACE_H_ @}*/ - +#endif /** BACKTRACE_H_ @}*/ diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h index d82f650db..98f300609 100644 --- a/src/libstrongswan/utils/enumerator.h +++ b/src/libstrongswan/utils/enumerator.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: enumerator.h 4142 2008-07-02 08:09:07Z martin $ + * $Id: enumerator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -122,7 +122,7 @@ enumerator_t* enumerator_create_token(char *string, char *sep, char *trim); * @return the nested enumerator */ enumerator_t *enumerator_create_nested(enumerator_t *outer, - enumerator_t *(inner_constructor)(void *outer, void *data), + enumerator_t *(*inner_constructor)(void *outer, void *data), void *data, void (*destroy_data)(void *data)); /** @@ -157,4 +157,4 @@ enumerator_t *enumerator_create_filter(enumerator_t *unfiltered, enumerator_t *enumerator_create_cleaner(enumerator_t *wrapped, void (*cleanup)(void *data), void *data); -#endif /* ENUMERATOR_H_ @} */ +#endif /** ENUMERATOR_H_ @}*/ diff --git a/src/libstrongswan/utils/hashtable.h b/src/libstrongswan/utils/hashtable.h index 3d3005e73..28804caf8 100644 --- a/src/libstrongswan/utils/hashtable.h +++ b/src/libstrongswan/utils/hashtable.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: hashtable.h 4762 2008-12-05 10:01:52Z martin $ + * $Id: hashtable.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -113,4 +113,4 @@ struct hashtable_t { hashtable_t *hashtable_create(hashtable_hash_t hash, hashtable_equals_t equals, u_int capacity); -#endif /* HASHTABLE_H_ @} */ +#endif /** HASHTABLE_H_ @}*/ diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index 5f00872b8..0a2541d96 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -207,4 +207,4 @@ host_t *host_create_any(int family); int host_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* HOST_H_ @}*/ +#endif /** HOST_H_ @}*/ diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index ff97f3610..bce6b1cc2 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: identification.c 4936 2009-03-12 18:07:32Z tobias $ + * $Id: identification.c 5036 2009-03-26 13:25:46Z martin $ */ #define _GNU_SOURCE @@ -716,6 +716,37 @@ static id_type_t get_type(private_identification_t *this) } /** + * Implementation of identification_t.contains_wildcards fro ID_DER_ASN1_DN. + */ +static bool contains_wildcards_dn(private_identification_t *this) +{ + chunk_t rdn, attribute; + chunk_t oid, value; + asn1_t type; + bool next; + + if (!init_rdn(this->encoded, &rdn, &attribute, &next)) + { + return FALSE; + } + /* fetch next RDN */ + while (next) + { + /* parse next RDN and check for errors */ + if (!get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next)) + { + return FALSE; + } + /* check if RDN is a wildcard */ + if (value.len == 1 && *value.ptr == '*') + { + return TRUE; + } + } + return FALSE; +} + +/** * Implementation of identification_t.contains_wildcards. */ static bool contains_wildcards(private_identification_t *this) @@ -728,10 +759,9 @@ static bool contains_wildcards(private_identification_t *this) case ID_RFC822_ADDR: return memchr(this->encoded.ptr, '*', this->encoded.len) != NULL; case ID_DER_ASN1_DN: - /* TODO */ + return contains_wildcards_dn(this); default: return FALSE; - } } diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 070984490..2284b7b46 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: identification.h 4936 2009-03-12 18:07:32Z tobias $ + * $Id: identification.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -197,8 +197,8 @@ struct identification_t { * Check if an ID matches a wildcard ID. * * An identification_t may contain wildcards, such as - * *@strongswan.org. This call checks if a given ID - * (e.g. tester@strongswan.org) belongs to a such wildcard + * *.strongswan.org. This call checks if a given ID + * (e.g. tester.strongswan.org) belongs to a such wildcard * ID. Returns > 0 if * - IDs are identical * - other is of type ID_ANY @@ -243,7 +243,7 @@ struct identification_t { * The input string may be e.g. one of the following: * - ID_IPV4_ADDR: 192.168.0.1 * - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345 - * - ID_FQDN: @www.strongswan.org (@indicates FQDN) + * - ID_FQDN: www.strongswan.org (optionally with a prepended @) * - ID_RFC822_ADDR: alice@wonderland.org * - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob * @@ -283,4 +283,4 @@ identification_t * identification_create_from_encoding(id_type_t type, chunk_t e int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); -#endif /* IDENTIFICATION_H_ @} */ +#endif /** IDENTIFICATION_H_ @}*/ diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h index 28ee74cd6..02eb1b9c0 100644 --- a/src/libstrongswan/utils/iterator.h +++ b/src/libstrongswan/utils/iterator.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: iterator.h 4577 2008-11-05 08:37:09Z martin $ + * $Id: iterator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -113,4 +113,4 @@ struct iterator_t { void (*destroy) (iterator_t *this); }; -#endif /*ITERATOR_H_ @} */ +#endif /** ITERATOR_H_ @}*/ diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h index 3773fb8e5..cd30dcd5f 100644 --- a/src/libstrongswan/utils/leak_detective.h +++ b/src/libstrongswan/utils/leak_detective.h @@ -44,5 +44,5 @@ struct leak_detective_t { */ leak_detective_t *leak_detective_create(); -#endif /* LEAK_DETECTIVE_H_ @}*/ +#endif /** LEAK_DETECTIVE_H_ @}*/ diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h index c47f65718..6ae970e1e 100644 --- a/src/libstrongswan/utils/lexparser.h +++ b/src/libstrongswan/utils/lexparser.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: lexparser.h 4877 2009-02-18 09:45:54Z martin $ + * $Id: lexparser.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -47,7 +47,7 @@ bool extract_token(chunk_t *token, const char termination, chunk_t *src); bool extract_token_str(chunk_t *token, const char *termination, chunk_t *src); /** - * Fetches a new text line terminated by \n or \r\n + * Fetches a new text line terminated by \\n or \\r\\n */ bool fetchline(chunk_t *src, chunk_t *line); @@ -66,4 +66,4 @@ err_t extract_name_value(chunk_t *name, chunk_t *value, chunk_t *line); */ err_t extract_parameter_value(chunk_t *name, chunk_t *value, chunk_t *line); -#endif /* LEXPARSER_H_ @} */ +#endif /** LEXPARSER_H_ @}*/ diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h index ba47e7dfb..aa603fefa 100644 --- a/src/libstrongswan/utils/linked_list.h +++ b/src/libstrongswan/utils/linked_list.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: linked_list.h 4576 2008-11-05 08:32:38Z martin $ + * $Id: linked_list.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -272,4 +272,4 @@ struct linked_list_t { */ linked_list_t *linked_list_create(void); -#endif /*LINKED_LIST_H_ @} */ +#endif /** LINKED_LIST_H_ @}*/ diff --git a/src/libstrongswan/utils/mutex.h b/src/libstrongswan/utils/mutex.h index 4cdd96a99..46c939fb8 100644 --- a/src/libstrongswan/utils/mutex.h +++ b/src/libstrongswan/utils/mutex.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: mutex.h 4697 2008-11-25 19:30:02Z tobias $ + * $Id: mutex.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -185,4 +185,4 @@ condvar_t *condvar_create(condvar_type_t type); */ rwlock_t *rwlock_create(rwlock_type_t type); -#endif /* MUTEX_H_ @}*/ +#endif /** MUTEX_H_ @}*/ diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h index 424b9dc61..9372971ca 100644 --- a/src/libstrongswan/utils/optionsfrom.h +++ b/src/libstrongswan/utils/optionsfrom.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: optionsfrom.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: optionsfrom.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -56,4 +56,4 @@ struct options_t { */ options_t *options_create(void); -#endif /*OPTIONSFROM_H_ @} */ +#endif /** OPTIONSFROM_H_ @}*/ diff --git a/src/manager/controller/auth_controller.h b/src/manager/controller/auth_controller.h index b17e5745d..e2cd48cc4 100644 --- a/src/manager/controller/auth_controller.h +++ b/src/manager/controller/auth_controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: auth_controller.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: auth_controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -44,4 +44,4 @@ struct auth_controller_t { */ controller_t *auth_controller_create(context_t *context, void *param); -#endif /* AUTH_CONTROLLER_H_ @} */ +#endif /** AUTH_CONTROLLER_H_ @}*/ diff --git a/src/manager/controller/config_controller.h b/src/manager/controller/config_controller.h index cde4efd1a..88d37424f 100644 --- a/src/manager/controller/config_controller.h +++ b/src/manager/controller/config_controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: config_controller.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: config_controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -44,4 +44,4 @@ struct config_controller_t { */ controller_t *config_controller_create(context_t *context, void *param); -#endif /* CONFIG_CONTROLLER_H_ @} */ +#endif /** CONFIG_CONTROLLER_H_ @}*/ diff --git a/src/manager/controller/control_controller.h b/src/manager/controller/control_controller.h index 1f2fbcb31..8992e5b48 100644 --- a/src/manager/controller/control_controller.h +++ b/src/manager/controller/control_controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: control_controller.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: control_controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -44,4 +44,4 @@ struct control_controller_t { */ controller_t *control_controller_create(context_t *context, void *param); -#endif /* CONTROL_CONTROLLER_H_ */ +#endif /** CONTROL_CONTROLLER_H_ @}*/ diff --git a/src/manager/controller/gateway_controller.h b/src/manager/controller/gateway_controller.h index cf314ce54..864c7a4bd 100644 --- a/src/manager/controller/gateway_controller.h +++ b/src/manager/controller/gateway_controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: gateway_controller.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: gateway_controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -44,4 +44,4 @@ struct gateway_controller_t { */ controller_t *gateway_controller_create(context_t *context, void *param); -#endif /* GATEWAY_CONTROLLER_H_ @} */ +#endif /** GATEWAY_CONTROLLER_H_ @}*/ diff --git a/src/manager/controller/ikesa_controller.h b/src/manager/controller/ikesa_controller.h index 1ff9d1749..240e8db4f 100644 --- a/src/manager/controller/ikesa_controller.h +++ b/src/manager/controller/ikesa_controller.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: ikesa_controller.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: ikesa_controller.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -44,4 +44,4 @@ struct ikesa_controller_t { */ controller_t *ikesa_controller_create(context_t *context, void *param); -#endif /* IKESA_CONTROLLER_H_ @} */ +#endif /** IKESA_CONTROLLER_H_ @}*/ diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 17df9763a..4ba301a0f 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: gateway.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: gateway.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -74,9 +74,9 @@ struct gateway_t { enumerator_t* (*initiate)(gateway_t *this, bool ike, char *name); /** - * Destroy a gateway instance. - */ - void (*destroy)(gateway_t *this); + * Destroy a gateway instance. + */ + void (*destroy)(gateway_t *this); }; /** @@ -84,7 +84,7 @@ struct gateway_t { * * @param name name of the gateway * @param host gateway connection endpoint - * @param + * @return gateway connection */ gateway_t *gateway_create_tcp(char *name, host_t *host); @@ -92,8 +92,8 @@ gateway_t *gateway_create_tcp(char *name, host_t *host); * Create a gateway instance using a UNIX socket. * * @param name name of the gateway - * @param + * @return gateway connection */ gateway_t *gateway_create_unix(char *name); -#endif /* GATEWAY_H_ @} */ +#endif /** GATEWAY_H_ @}*/ diff --git a/src/manager/manager.h b/src/manager/manager.h index 669e413ac..ecd29550b 100644 --- a/src/manager/manager.h +++ b/src/manager/manager.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: manager.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: manager.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -95,4 +95,4 @@ struct manager_t { */ manager_t *manager_create(storage_t *storage); -#endif /* MANAGER_H_ @} */ +#endif /** MANAGER_H_ @}*/ diff --git a/src/manager/storage.h b/src/manager/storage.h index f732eca72..6c5bea650 100644 --- a/src/manager/storage.h +++ b/src/manager/storage.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: storage.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: storage.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -66,4 +66,4 @@ struct storage_t { */ storage_t *storage_create(char *uri); -#endif /* STORAGE_H_ @} */ +#endif /** STORAGE_H_ @}*/ diff --git a/src/manager/xml.h b/src/manager/xml.h index 73964307d..febe5c25d 100644 --- a/src/manager/xml.h +++ b/src/manager/xml.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: xml.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: xml.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -60,4 +60,4 @@ struct xml_t { */ xml_t *xml_create(char *xml); -#endif /* XML_H_ @} */ +#endif /** XML_H_ @}*/ diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c index bd27f6a78..529f597fb 100644 --- a/src/pluto/asn1.c +++ b/src/pluto/asn1.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $ + * RCSID $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $ */ #include <stdlib.h> @@ -348,6 +348,8 @@ is_printablestring(chunk_t str) return TRUE; } +#define TIME_MAX 0x7fffffff + /* * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time */ @@ -355,7 +357,7 @@ time_t asn1totime(const chunk_t *utctime, asn1_t type) { struct tm t; - time_t tz_offset; + time_t tc, tz_offset; u_char *eot = NULL; if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) @@ -381,6 +383,7 @@ asn1totime(const chunk_t *utctime, asn1_t type) return 0; /* error in time format */ } + /* parse ASN.1 time string */ { const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": "%4d%2d%2d%2d%2d"; @@ -419,9 +422,11 @@ asn1totime(const chunk_t *utctime, asn1_t type) /* set daylight saving time to off */ t.tm_isdst = 0; - /* compensate timezone */ + /* convert to time_t */ + tc = mktime(&t); - return mktime(&t) - timezone - tz_offset; + /* if no conversion overflow occurred, compensate timezone */ + return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset); } /* diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 52b59be31..9721ac583 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $ + * RCSID $Id: ipsec_doi.c 5052 2009-03-30 03:47:14Z andreas $ */ #include <stdio.h> @@ -5446,9 +5446,9 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p time_t tm = now(); u_int32_t seqno; - if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)) + if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state)) { - loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA"); + loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA"); return STF_IGNORE; } if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2) @@ -5516,10 +5516,10 @@ dpd_inR(struct state *st, struct isakmp_notification *const n, pb_stream *pbs) { u_int32_t seqno; - if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)) + if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state)) { loglog(RC_LOG_SERIOUS - , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA"); + , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA"); return STF_FAIL; } diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index cf2136b44..f957bf39b 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $ + * RCSID $Id: vendor.c 5052 2009-03-30 03:47:14Z andreas $ */ #include <stdlib.h> @@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.13") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.14") + DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13") DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12") DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11") DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10") @@ -241,6 +242,7 @@ static struct vid_struct _vid_tab[] = { DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1") DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0") + DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.9") DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8") DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7") DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index f049af1ef..2c8c24b34 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $ + * RCSID $Id: vendor.h 5052 2009-03-30 03:47:14Z andreas $ */ #ifndef _VENDOR_H_ @@ -94,6 +94,7 @@ enum known_vendorid { VID_STRONGSWAN_2_8_6 = 72, VID_STRONGSWAN_2_8_7 = 73, VID_STRONGSWAN_2_8_8 = 74, + VID_STRONGSWAN_2_8_9 = 75, VID_STRONGSWAN_4_0_0 = 80, VID_STRONGSWAN_4_0_1 = 81, @@ -129,6 +130,7 @@ enum known_vendorid { VID_STRONGSWAN_4_2_10 =110, VID_STRONGSWAN_4_2_11 =111, VID_STRONGSWAN_4_2_12 =112, + VID_STRONGSWAN_4_2_13 =113, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =151, diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 78320b4c7..8a9ba54c9 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -15,6 +15,14 @@ MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR=$(top_srcdir)/src/pluto SCEPCLIENTDIR=$(top_srcdir)/src/scepclient +if USE_PLUTO + AM_CFLAGS += -DSTART_PLUTO +endif + +if USE_CHARON + AM_CFLAGS += -DSTART_CHARON +endif + lex.yy.c: parser.l parser.y parser.h y.tab.c $(LEX) --nounput $< diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 1301b931d..54fd28604 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -33,6 +33,8 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = starter$(EXEEXT) +@USE_PLUTO_TRUE@am__append_1 = -DSTART_PLUTO +@USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON subdir = src/starter DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -219,7 +221,9 @@ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -I$(top_srcdir)/src/whack -I$(top_srcdir)/src/stroke -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ + -DDEBUG $(am__append_1) $(am__append_2) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 diff --git a/src/starter/confread.c b/src/starter/confread.c index d0d1f4ed8..855d07b51 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c 4882 2009-02-18 19:57:15Z tobias $ + * RCSID $Id: confread.c 5002 2009-03-24 15:02:12Z martin $ */ #include <stddef.h> @@ -61,8 +61,13 @@ static void default_values(starter_config_t *cfg) cfg->setup.hidetos = TRUE; cfg->setup.uniqueids = TRUE; cfg->setup.interfaces = new_list("%defaultroute"); + +#ifdef START_CHARON cfg->setup.charonstart = TRUE; +#endif +#ifdef START_PLUTO cfg->setup.plutostart = TRUE; +#endif cfg->conn_default.seen = LEMPTY; cfg->conn_default.startup = STARTUP_NO; @@ -625,6 +630,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { conn->eap_type = 26; } + else if (streq(kw->value, "radius")) + { /* pseudo-type */ + conn->eap_type = 253; + } else { conn->eap_type = atoi(kw->value); diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 8028bbe54..dd3f5f018 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: invokecharon.c 4833 2009-01-13 06:50:55Z andreas $ + * RCSID $Id: invokecharon.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -216,7 +216,7 @@ starter_start_charon (starter_config_t *cfg, bool no_fork) { kill(pid, SIGKILL); } - usleep(20000); + usleep(20000); /* sleep for 20 ms */ } } else diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index e18d6e38d..edc587124 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: invokepluto.c 4632 2008-11-11 18:37:19Z martin $ + * RCSID $Id: invokepluto.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -62,33 +62,49 @@ starter_pluto_sigchild(pid_t pid) int starter_stop_pluto (void) { - pid_t pid; int i; + pid_t pid = _pluto_pid; - pid = _pluto_pid; if (pid) { _stop_requested = 1; + if (starter_whack_shutdown() == 0) { - for (i = 0; i < 20; i++) + for (i = 0; i < 400; i++) { - usleep(20000); + usleep(20000); /* sleep for 20 ms */ if (_pluto_pid == 0) + { + plog("pluto stopped after %d ms", 20*(i+1)); return 0; + } } } /* be more and more aggressive */ for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) { + if (i < 10) + { kill(pid, SIGTERM); + } + if (i == 10) + { + kill(pid, SIGKILL); + plog("starter_stop_pluto(): pluto does not respond, sending KILL"); + } else + { kill(pid, SIGKILL); - usleep(20000); + } + usleep(100000); /* sleep for 100 ms */ } if (_pluto_pid == 0) + { + plog("pluto stopped after %d ms", 8000 + 100*i); return 0; + } plog("starter_stop_pluto(): can't stop pluto !!!"); return -1; } @@ -248,17 +264,17 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) default: /* father */ _pluto_pid = pid; - for (i = 0; i < 50 && _pluto_pid; i++) + for (i = 0; i < 500 && _pluto_pid; i++) { - /* wait for pluto */ + /* wait for pluto for a maximum of 500 x 20 ms = 10 s */ usleep(20000); if (stat(PLUTO_CTL_FILE, &stb) == 0) { - DBG(DBG_CONTROL, - DBG_log("pluto (%d) started", _pluto_pid) - ) + plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1)); if (cfg->setup.postpluto) + { ignore_result(system(cfg->setup.postpluto)); + } return 0; } } @@ -269,10 +285,14 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) { if (i < 10) + { kill(pid, SIGTERM); + } else + { kill(pid, SIGKILL); - usleep(20000); + } + usleep(20000); /* sleep for 20 ms */ } } else diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index 9ad03eb60..565f15c66 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -1,5 +1,5 @@ .TH IPSEC.CONF 5 "27 Jun 2007" -.\" RCSID $Id: ipsec.conf.5 4890 2009-02-19 22:12:04Z andreas $ +.\" RCSID $Id: ipsec.conf.5 5002 2009-03-24 15:02:12Z martin $ .SH NAME ipsec.conf \- IPsec configuration and connections .SH DESCRIPTION @@ -369,6 +369,10 @@ in the form (e.g. .B eap=7-12345 ) can be used to specify vendor specific EAP types. + +To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin, +set +.B eap=radius .TP .B eap_identity defines the identity the client uses to reply to a EAP Identity request. @@ -936,9 +940,11 @@ and whether to start the IKEv2 Charon daemon or not. Accepted values are .B yes -(the default) or .BR no . +The default is +.B yes +if starter was compiled with IKEv2 support. .TP .B dumpdir in what directory should things started by \fBipsec starter\fR @@ -951,9 +957,11 @@ This feature is currently not yet supported by \fBipsec starter\fR. whether to start the IKEv1 Pluto daemon or not. Accepted values are .B yes -(the default) or .BR no . +The default is +.B yes +if starter was compiled with IKEv1 support. .TP .B strictcrlpolicy defines if a fresh CRL must be available in order for the peer authentication based diff --git a/testing/INSTALL b/testing/INSTALL index 27a2ddc64..cdf51ab35 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,7 +53,7 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.6.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.8.tar.bz2 * The Linux kernel 2.6.28 does not require any patches for the uml guest kernel to successfully start up. @@ -68,7 +68,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.2.13.tar.bz2 + http://download.strongswan.org/strongswan-4.2.14.tar.bz2 3. Creating the environment @@ -143,5 +143,5 @@ README document. ----------------------------------------------------------------------------- -This file is RCSID $Id: INSTALL 4893 2009-02-21 17:53:10Z andreas $ +This file is RCSID $Id: INSTALL 4990 2009-03-22 14:37:03Z andreas $ diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index 199ecf10e..78e91bdd6 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -36,3 +36,8 @@ cd /etc/openssl/ecdsa openssl ca -gencrl -crldays 15 -config /etc/openssl/ecdsa/openssl.cnf -out crl.pem openssl crl -in crl.pem -outform der -out strongswan_ec.crl cp strongswan_ec.crl /var/www/localhost/htdocs/ +cd /etc/openssl/monster +openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem +openssl crl -in crl.pem -outform der -out strongswan-monster.crl +cp strongswan-monster.crl /var/www/localhost/htdocs/ + diff --git a/testing/hosts/winnetou/etc/openssl/monster/crlnumber b/testing/hosts/winnetou/etc/openssl/monster/crlnumber new file mode 100644 index 000000000..eeee65ec4 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/crlnumber @@ -0,0 +1 @@ +05 diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt b/testing/hosts/winnetou/etc/openssl/monster/index.txt new file mode 100644 index 000000000..cd9407ee9 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt @@ -0,0 +1,2 @@ +V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org +V 390321140716Z 02 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=moon.strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr new file mode 100644 index 000000000..3a7e39e6e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old new file mode 100644 index 000000000..fbbcb81d3 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old @@ -0,0 +1 @@ +V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem new file mode 100644 index 000000000..2ce2ce3c9 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR +yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp +dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw +BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO +FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW +kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5 +mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l +cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest +2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C +uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+ +t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh +fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q +xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0 +cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru +S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw +NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z +dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc +CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V +oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN +OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz +cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5 +mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji +kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk +idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY +n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb +G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na +FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe +q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG +zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni +8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9 ++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0 +V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f +OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN +jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR +SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu +lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb +8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It +bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem new file mode 100644 index 000000000..e83798c07 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b +vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip +scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+ +BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y +0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa +L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2 +2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh +FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu +sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ +vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR +dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP +/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O +BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE +Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry +b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L +ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag +NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl +ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf +WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK +lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o +HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs +pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX +Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA +zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY +xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda +WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD +O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv +W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t +YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu +yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ +ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI +IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O +0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1 +ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5 +ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq +4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l +HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL +WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH +I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf new file mode 100644 index 000000000..e5a716f28 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf @@ -0,0 +1,184 @@ +# openssl.cnf - OpenSSL configuration file for the ZHW PKI +# Mario Strasser <mario.strasser@zhwin.ch> +# +# $Id: openssl.cnf,v 1.2 2005/08/15 21:25:22 as Exp $ +# + +# This definitions were set by the ca_init script DO NOT change +# them manualy. +CAHOME = /etc/openssl/monster +RANDFILE = $CAHOME/.rand + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +[ new_oids ] +SmartcardLogin = 1.3.6.1.4.1.311.20.2 +ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 + +#################################################################### + +[ ca ] +default_ca = root_ca # The default ca section + +#################################################################### + +[ root_ca ] + +dir = $CAHOME +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/strongswanCert-monster.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +crlnumber = $dir/crlnumber # The current CRL serial number +private_key = $dir/strongswanKey-monster.pem # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = host_ext # The extentions to add to the cert + +crl_extensions = crl_ext # The extentions to add to the CRL + +default_days = 10950 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha512 # which md to use. +preserve = no # keep passed DN ordering +email_in_dn = no # allow/forbid EMail in DN + +policy = policy_match # specifying how similar the request must look + +#################################################################### + +# the 'match' policy +[ policy_match ] +countryName = match +stateOrProvinceName = optional +localityName = optional +organizationName = match +organizationalUnitName = optional +userId = optional +serialNumber = optional +commonName = supplied +emailAddress = optional + +# the 'anything' policy +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = ca_ext # The extentions to add to the self signed cert +# req_extensions = v3_req # The extensions to add to a certificate request + + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +#################################################################### + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CH +countryName_min = 2 +countryName_max = 2 + +#stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = ZH + +#localityName = Locality Name (eg, city) +#localityName_default = Winterthur + +organizationName = Organization Name (eg, company) +organizationName_default = Linux strongSwan + +0.organizationalUnitName = Organizational Unit Name (eg, section) +#0.organizationalUnitName_default = Research + +#1.organizationalUnitName = Type (eg, Staff) +#1.organizationalUnitName_default = Staff + +#userId = UID + +commonName = Common Name (eg, YOUR name) +commonName_default = $ENV::COMMON_NAME +commonName_max = 64 + +#0.emailAddress = Email Address (eg, foo@bar.com) +#0.emailAddress_min = 0 +#0.emailAddress_max = 40 + +#1.emailAddress = Second Email Address (eg, foo@bar.com) +#1.emailAddress_min = 0 +#1.emailAddress_max = 40 + +#################################################################### + +[ req_attributes ] + +#################################################################### + +[ host_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = DNS:$ENV::COMMON_NAME +#extendedKeyUsage = OCSPSigning +crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl + +#################################################################### + +[ user_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = email:$ENV::COMMON_NAME +#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 +crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl + +#################################################################### + +[ ca_ext ] + +basicConstraints = critical, CA:TRUE +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always + +#################################################################### + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +#issuerAltName = issuer:copy +authorityKeyIdentifier = keyid:always, issuer:always + +# eof diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial b/testing/hosts/winnetou/etc/openssl/monster/serial new file mode 100644 index 000000000..75016ea36 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/serial @@ -0,0 +1 @@ +03 diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial.old b/testing/hosts/winnetou/etc/openssl/monster/serial.old new file mode 100644 index 000000000..9e22bcb8e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/serial.old @@ -0,0 +1 @@ +02 diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem new file mode 100644 index 000000000..03b57243b --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv +bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw +NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w +HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4 +4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd +2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr +ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY +dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk +sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d +kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33 +YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh +qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ +HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro +UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe +xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O +Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f +/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC +Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V +Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/ +9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V +9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9 +ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT +XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh +e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL +99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A +YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV +c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD +ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f +hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57 +71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr +/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO +lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj +8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2 +RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA +Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm +xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s +PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld +6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd +c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/ +MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T +vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg +RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL +uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv +inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs +CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR +8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8 +9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea +cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H +d/Fp6btmZH31IEyJrRNVOpCwZPI= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem new file mode 100644 index 000000000..8d24aaecc --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem @@ -0,0 +1,99 @@ +-----BEGIN RSA PRIVATE KEY----- +MIISKAIBAAKCBAEAy9wsvH2JQ/y6nOr151mpMsMrwe66LlewiHcWTBh8/+szuOLG +WnqlsuBZqesz7iyPEbcbCMq2QCc6p0wzUW+hYaLHZbk8v0C9jfjNlNHynkYwHdiC +JxTmm6kkoXgfDaed8StvKGd8Xu+b26UkYqhiLZqmR4qBT6TVfoEb9jQtjUlKq7Wv +WkaN+ZtmckLmr+PqDmGpWsgKWVq+OMPKkCUSC7xaOo3O8eWxPi4BTUX3tefzGHcq +2m2rSC5DrnD+tVRO0Kn7S4+OucNRht5M8reD7F+RSpEpIbN8DJ0Ciycr8VCJZLAu +5vzcwAUQBAHywDgySfYp3VAlY3CwwvNWr0D6Bzkg+9+oZGKVkZ5a4L7teKvuXZAU +b8gkLvkqAT49KDLRBHWj5O2gRo1w7ypHiQGWBHDj/IfaClEI8GFEIUOzadH992AW +kEgr/+pH5ftutF1zFkK0HeIg2Ne8eR/MAOpp3E0NNSRyCcuaYsV7dPXT5lmgIamV +mg25Ei7JTtOc2ouOUKUxUNkLcN3esOQWN7tm0RAex58hX2RfJ+N6b7CJzb+aUBy1 +Rzef0z/2FcG2Y+FF14AI5C/+LegxhC5OtlZK8QdXUA6KYphUZmhnLQBlm6PK6FFa +Rg150hwp/Uj5hKnnrStXyR3AnkLJFRWpCAd6nUSTPq7FnDhQOHONA+risryx3sWW +6mjo6S9q/b37szLW1DFIp2TQalX+3QpMWNNoHYtR6UweadVQUkW13WgtWaMODkZ9 +hJHev5a+RuOUvJY6+xHhpwFChTqMlPBenWJr4MAU4DcELBmvjG1pLmmsbiKtH/3t +ydz2JHUPu7TVz7KqA13DrXNGT5QUcA8fSbPqofOnuRyofOQ8wY45fe4Ir/9zwhJO +opoB4cdELLpVlHxs5bPrHd0l3/GswRbeiYe5VCUGnzR/vny2b68hmGtoIxJ+FQsK +/D02li5uU8IB5ciUx/GZJO8hFWb8yX7OlAvLRGmIrZgG/HvXGE87QNHuID3mP/VE +8m9FwJ6Jd+vAxiouU+S9cdTVR5D3Oc1V3BlL1BaRHeKuGiVo/cVMrJLdd35fFfQT +inNQSWVHQpMUUrdcBeLZXBbPRFWzqGDk9viiYmlgefZHvjux1MZ4xczXzxSzvSLY +DR4WoV64V9tnv/wfUIc0OTtvVIV6V9MutuAyv3v24/enOr3uTagyHGXTslXbk14h +Mn1KT9GY78EW0uNgNVWLN+BCwbeZ7VIUb4Ir1wGwZwtfab/1hbqzM2sbnkII4Xv0 +1F9RVl4fM6uaj7wEsZLqXaORjq3I5+mvM05kT0ulfI1S0JlBzLArMhXFVBArC/fc +HrdZ5RQJaC+fWego49y5Mi6XiBv6OCLRhHcOWwIDAQABAoIEAH/5PqgxElt4qtlY +8neCJKI2PSDoMT5oU+zG/VtVwBqT1wtIaQZhmeVZy0/M0/O/SyzuymzRfGl3du2Q ++2Iy9pcpLY1hJI5XIOef+cZjqa/MFeaWhNXt2/p5ywIGO1BCGfdMseImXL/oIOpY +mCfK1p8URy//9b8+lbttZ1U+Wh4olVSHoIXGZtf7wusVrmVaaRMQIdVYYI7JVUKj +PmUQsGxnmCjL3s6hx4tmK/ELbD5oVoXUQTWPxQdx65D1ZCAGxddd7d/4Rbu9rk9A +/AMeSxW2xKmPyMdcOhJc+jzKoV5ClY18wGTG9fkg9HXflzktzfv6KTvCVUZAduZb +Bd7MpmikZ11WgQpLjOM2CoytrrujCub3TK0Dcht+1Oyk2pWCmQ34n6NVvNitb+jj +nLaYJUmyaJyd17XEOx1TogZTzqwuZATH8EIw3FYyB2KLXWqig13FD/b2fnJBtBJB +cLpebYgbYqAqueAGTWuV1zOMIrKnLswS/lQQK08LydnPI9dZ5kQf/35mUjVPQr2+ +4WepIBk7yma8MaIFi2qp9bFpnIhpsIB8FRyZAZ8Gtv/fdBTtVP+8Y1iD/EdrTLJS +s5zpPPBkEF60UhEk2U7UWXi5mA+FWhpO/6GcUg4hGgbjqaerVUGzRM9++u0etcaj +q1HcCA/z/Y9K/chc3ZciirKb4CYdCZ/84QjurI13yubhKmODHBS8hsn7fPLroymQ +UkbREZwLYHii4LdesnWYuDn85WCM3uroiKtgCTTKMMTBbuZhg6Z89xy+Hr1gn/6l +VJ4W2ZfKgzKMAlcz91bqHZ2EsdMmvl78iFye/WjQe38hj4Ccgub+wGOIsdo4tWKD +phL5kGbUI2PNhcERva710o4K8KwMyfhZ5iRbE51TiCv1xlfaYh+kwSKHh49j14TF +P7Xp42DRAR4RYW4vs2krXQdoTwBMzC0DyWz0tSMU13XQsuut7A/rvhF8oUswBKCt +UfZ0LpDJd67jMKQ+8ccvax4Zcapv0Ifz7xOfQVQGEyKtpt32d3qgBbvDpq9BHGst +ux0cHi75g3aKpxZYSPsqRea0sKNdj84e1xUPc8JQGT5i4KrGof405OqnkOi4sl5z +WLD+9Y8hUzXE3UJ3DMMeQqddmAOS1LuSG/XOsAoM78ukBKv2yfYOcOZNCCJh24GE +KzHwLG5/AemObThqO2ztqttmcDlrKhg0VGngAXctxluCWPRHXwKrwtaWMsqadCQJ +Na3DigjXmuFteBX8Z5Jbw7pJtiINa9w3izoGQdM3vi99DDm22YjxpLBpB36eMoq4 +Mv0pgP0okjjZWmDZ0lTiGFHpzSTSZ5MzXKS/brUYX1WoUA83qwU9NbZ3vuniMuLZ +ksk9lJECggIBAOdVcKtE/7DHHj43W37T6oNxLN/L4nHIR6bQL02UPWuQpe9Ch4vi +ETDQiKGOw6fcz3+GCeCMQSPQJ9SZZOUKhpu0vkKRWSIg8JSXYu0ViaHo1SSUb5Gr +vDVcE2nmZI0ptf7DcP0NUPAKxCTM4ForSIgjPdyTXMYCBYcDe053y5Svebx1q9Vo +OzKtu0Bn7YALvRY82w3KKhRlR3TGOFPnLiKE7/K0EyrFV1OIRskLbtUVoeMQgaqH +P/UhDHz84JjeoE0xtwgdDUMejYADr/h7fjtixvqnEXZALlaTg+sO/aQ/e2Jlt43a +w+lJRBeujWQg59M9BTs7naLILB2o3gQJmmbs0uE1l7iZkEU4LsUPf727rfStZhqq +lQr/3XX1lFnYPAuY3fgLqnV8eohJVakgMmi7mj/ZjpjoUKk2W3Us1N/ro2bgFfuI +IntWYctiGK3XOQ8WicjDySe3lJa+vfKrCBBAugH3pcmj1p+I7fhRDtc8ogeI5GkU +urQQ9PJS0ArRw4soYo3khnf7vB7Ioos846sfPlgy4OHbyiu81l04v7+e6svoWKPb +TYyKW+qQpiKMb2O/5wqtvYTGlPM2MAUvYgVI7WalGjcbKtQ2q/uRjZzzFLyPo+7e +/6fqwuPXerAAVCZYJKGt2RGnmhxVm3eRkOXF+MXPejlh2T80iKP0diqpAoICAQDh +mM3Ppvsb61tQUE5bN3iQqr2AO3PKb3Nz8C90R243Qkz+OFwc75kziQL3IbcmOxJY +Wq3T+KQIkX1aDNwU/ip3Qf3wpqbtxlpzJpgYQpAEzFdEKzP36rMYdxekskeesVIu +s8v/PxYwJztfaHxeTuxsEDB7uxg6h9IkypY2w/vdpruKR6XOQSxKyxekLkRK2JTW +lzsVUt0VQHhIt65D7I8sN6RJaOhQpSnCVblZo/HrEN4pfkSffk3AUyd+AS2xjRa8 +Yp9FB/TRabC7kgWTIrBmXSWalR8K1B4y1DGXz9x/KUT85Id2k+kDC5y00FVtqsaQ +m6D2UkR0XLnvdCAj2Iky8HjSYuvvyoi/BaHJfLnw/S/j542yQxh55Z4bneH5wYgJ +KBU8KGTtuxP0RC1AmalkCWViWadItTP7mPtq5YbvyCoWNJEvQx7JbLVyYkCcFOY8 ++aNfkdhEMCQvLAkmwMqHwrVdSVHOic+kS/amVWtRjQwZJ7AIVlcIfLkTI/vZN+oV +58jqBruIDjW8zN62QYa/D4os8B7vyv60p/v4LufCThgtFiB4MevlD2LNjR/0q/nF +zsuFRKV4pfP8gtLEzkcfj827nGzOGT/1B2SoB+YJxNR3rfLloCvMNKvKtf60idRY +jAH5ArX56HH9XOcKeKalu0fvKAE8+sbxBNTaK3B3YwKCAgBSlziAjUPUc2Kix9TM +tRAXGYLx67LO+LhMICujQPekvaHgiBoooO+ORAVj2LqV5cnXN52zI5/mD10JFDLn +axif4qnCzm3KN4RtKJdTGctnmN7wDma+1Vd+nX744h6oH2owqMpgLi7lZJKeqN64 +kpd0s1BUve/zaalbiKyvWSm/zd5ioIhWyr3H3CrsVa5/drFtjRCQHctkOLyIPnTB +z9myzU91kUD+ljIVSqQrBv/s56pCjRQeM+drtv7kaMwvB9yncsZsCSNBAVl3iNl8 +l2p7/UoZFyiu1T81/bitZU69I0UD3ljoNmCXm2bKJbGpO+5IhpKlkSU4hsrpU+7f +9iW/9XFcomumpnzRmbto852hua3jmzzG7HwFz0/b22+5m+/kHBGzi0ayZ1y/557D +oREeP0xU23GDuf2CTDve28CsqU5PXlW61eGpsy97E2zIM/zVHDDZEr1whqRwJW1f +hBx+4P0H0sjH8syfbJ25eAcaZTVcB021DoeR3jP1iAdqtXVg62w0SJCRqbiCLROL +LpQB9kel6ZRMTtIhR2wpICelXDFr12o+Jf/L22Hxnu8Rip4COPNd5qWxD80CACio +0T/nrx/C89MmNXbXCSXhzReIH2kZ4RagI9GWu8QU4EuXJqbkgbeiWZUULohg8Vdu +GvRmdIXa6bYzYnHTlQfrsU228QKCAgBlZVibzGFw2wffwTh2pyf5XcRurkoM4qrx +oTKzAKf5DkOsv4gnOUmScDJ1ASJgfIxySc93Rnnzn/DHWKBSjypnD7IjR8QfeteM +ifwyazhv76gJa6Gf/E0i4eQukjK+kNRvSUCXKLPAUOHOsBe2C6MXru8bravmIsXA +441AcDX0GcyRCkLrwT83HrExidoICfBbwv07SFM2ChQGGwioXtq69QdSN2SzWoi6 +X+0+7QD+tkYkQCx3wz0PBFDrwXvYIaHmai1LyZevx+E3bRo0V5MRbyxHnl6lb1Fj +ZxwjL7nbLaFkSRLZqQFB7SYx3rGG6Qr2U/y0uaUq58JqbbdEZT7FNnAXn36L+Gwd +71oYRYcNWb78oEZ/qMiHgTzfDMdUijeqZemlcEJs13jQgRQVxPrti4uV+NXHSCpl +Gw1lrmRHwZ+o+1eF9pUP01x6XM7NWFdjcJCNk++wNjMNQK2cTWq6OjlqBFpQioBZ +SAtEF4B01wBpDf2Awc28ctJ8V+AKcac00UjsZrpDHJ/qi+pN4IW/uixQplxBSuvQ +JvCJTAu+uXsESL2vSEDOY2v1F0kVn3ZUAe5Xp9L3tx9Cj0pMSqqM9QVzHYuJ1q94 +YipLm8E5As68O+LAco086y+LnOEuJATdB5Cbayx/dopFZkwx2KiONO7P/xsPXWet +TI6ewId8IQKCAgEA1tzZKsVfohvP9CYa67EdkJ24HWEzmiv+8Y1/UZZXi4PTpBNt +EdgE3cc5K67aSzTV3yuLFCQ4xCrnMYo5ZdOEQAqkApW23M/fOkPQA1oPcmNVLSVb +DrXtjTk30ILr3jWG7ekLiQ2RrtGVzHTZd9mQL8uOL2+cDbkwR+gG38GR0V9TKXOP +HtnuSezc0B72SMs+TaTwZXmt8d603ImLAwCUj06PZlknySP+SFUn/P20cDyZCeHu +lKqONhsR5zJSXg8twJvEHuBK7ZtgoGmuQYIGSREiXZPl000+DQ4Tu6OF2CiUYl0C +2zCyuoBFJbEcTdvoQMcf1TZZ7uazCy9HkvK+KL/y+VVkHmYrrNvWZ2e7/dsca/Sp +ma1+ABfb2GaIWp97SNVNhmSAeEHkJVfKY7Aqlh5blGorXQSd4pxkjBWo+gY9ZNgJ +S3weoP2GSGTY+gUf1wCOhUS/738ee+af+4iGonIsdKV8IFOlnLH5rC+MFF0eBNBb +SuzYn8rl8eoZFIay/kivyx5IBU3d02If4a7vs4rMnPVX3Y0TFSa33Q8T9ykew8vQ +UJH9ZJs7lRPNB+x7GimfvLajR8jZB/ezYVpJ+gT5fkEgggBtJKpuDtPYUxFb6fld +T+9VoObYb60kv3hAomX9DmPAAHdJL0cPI+A97k4LLwj2gk3hMivjXWexJmw= +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt index 05e38f050..26e68d4f3 100644 --- a/testing/hosts/winnetou/etc/openssl/research/index.txt +++ b/testing/hosts/winnetou/etc/openssl/research/index.txt @@ -1,4 +1,4 @@ V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org -V 120418092554Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem index 894bf7dbd..f586a9414 100644 --- a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem +++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIID+DCCAuCgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDQyMDA5MjU1NFoXDTEyMDQxODA5MjU1 -NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP -BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOByjCBxzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUi6jZ -/eq7FoNJDiWP3Mlw9iaZzyIwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPd -VCChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2Fu -MRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQ8wHwYDVR0RBBgwFoEUY2Fy -b2xAc3Ryb25nc3dhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBADHYFhLgIo3jrKcw -bmfkqHLrwI0sHgyJJrEf1hl3cdc16VdKVW+V3qMwumdlMobK20yTRtW90x1ErULS -RClHlQ5UtDubtQTwjcc6Uc8tOcBdAAH1SQk2xLikxQq19UGFpRRA0VxDXzF5yXnJ -oM9mJZvgscQZeZPqMEXd3yQclK3Ouap70zE1J8kcyT/yrdkTM3nMbiq8aPytr3Al -njoW+ToTsDqcTZYWeF3A3tfSZ5+AhlValx1btbcNPZVjjhBx46knOrOFeQLE5f5C -3XYxVaWPX7hcjfQz/e3T4Rnb8nVQqoCnycUPfYxG/4z7pp/GplS/MEuMNNGDhSsI -nTjnJgY= +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MDMyNDIwMzc0N1oXDTE0MDMyMzIwMzc0 +N1owYTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGDAW +BgNVBAsTD1Jlc2VhcmNoIG5vIENEUDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPqE4le5QodSA+ +NXnQ1IFI0XWcBDDwQDNcQ6qMScSCaboPFCLrlC9E70J2eGeX2v/UDTQpEOxQ4fGX +Efk0/MdJjnWGAO95jEInNJ+DuexfrP5REiryKDfryA0d6xiQb/a2M7UuDgxPgyZf +VyvU7SHebue4317v5NyGJeRnkN3/onNpdjpWu9Le9DqenBQ2SITgo7NsVsNsqhnT +1jg2jfxJ8OXzi7/6JvuxxweCoDxr+KeKIViFAqNlyufeyIvowdjHTlJRvN/9Wl+/ +jPiHmFcIyIc1o8EUHzM9AEIWtB2DeHL62e7LVJbjMXsLAkTggc3BkGE2cWFOBY0f +J4R+AKWDAgMBAAGjgcowgccwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O +BBYEFIuo2f3quxaDSQ4lj9zJcPYmmc8iMG0GA1UdIwRmMGSAFOd18KDyrSDNzWAj +zMfIDynz3VQgoUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry +b25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEPMB8GA1UdEQQY +MBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBiOKAx +ePEwlga++nOpkfBg6ESag5/VWfnAp1zRpXHXnRak10OTtCPDjmJiDUzlKBwolwJN +I6T3S7eg+M04E3r5IHn3i+HtQcENkq02YUPiUXS5cvLtzKMPIm8pYCj7/5pXxAek +nHGRdBZkQiGDz49H9rPKxLdJDTLCXpj4l9uOFgsbiQ3k5SyWq5oMhtZsf4VKqAd+ +77Mbn9pnjjy53wLuzjaMVX+K5KKotPNeSHH/pWh9RqNROmf6F2B0nZhW5Aryxa9/ +24GRkZEPZ+cqhtwgVjq5aImzdSrARJQ1tu6lZqNB5b9klYSAi+al0FrvUFoG58Qt +eWeiFXLvAtXTGoax -----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt index 87af9dd15..3e39e973b 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/index.txt +++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt @@ -1,4 +1,4 @@ V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org -V 120418093600Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org +V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem index c19c7333a..cae8184f6 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem +++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIELTCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA3MDQyMDA5MzYwMFoXDTEyMDQxODA5MzYwMFowVjEL -MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT -BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4IBCDCC -AQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFILLnutR01FvK1SR -EZgaOaO9d8izMG0GA1UdIwRmMGSAFF+bE0b5IHLIANWItadMLpfqC5MooUmkRzBF -MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UE -AxMSc3Ryb25nU3dhbiBSb290IENBggENMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25n -c3dhbi5vcmcwPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vb2Nz -cDIuc3Ryb25nc3dhbi5vcmc6ODg4MjANBgkqhkiG9w0BAQUFAAOCAQEAhhebUzkR -5bllLrfSb0H+Uns0Fw/hfyrvJPjKOcb/otwPZOeGftGYQgihGu3X0Wi6IPX3/I6v -tAnjYTyMXO68Cm2Zw3ZjjjSupQ3LOtyUhKPehk1EXNI5S1WnpYvEjocaBeT5DBaH -fjMHL4L32dUcyzU49zbrkFEY7ffka44s3SUf4tEaw5QlBfAnwoij2A/rucokWNeQ -6KVE9wfYJri6P7ztVTWFsAD6MXRCjzYrS6lOo02w32k2Rpp5SdAWuiwnXLY1BPi9 -U031sS6eh2aRM+u1UKuCGQtUDCMOI6yDv5U2aWQuxYS2uTW05PlWwKAg2atFt7uZ -P35gzzpJWopPqw== +BAMTCFNhbGVzIENBMB4XDTA5MDMyNDIxMTA1M1oXDTE0MDMyMzIxMTA1M1owXTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsT +DFNhbGVzIG5vIENEUDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqgEdIrRiLkrf0UfCB4xUyx/5cs +Ka5h1MNBks2cKP6uABOL+jnlkRtyVFIOOCuNMgcK+873LC87UU32zapbe6Ph46aN +5M9ADMA6PtVeNkJIetVSVtT9DUL5II4kJ/hJUjINbt7omAiDAIWDGKNmTCsR18Ua +o1O/QFbiTT96fMFKX8EXiJgMt/5+vOWG0s1nGz6gn40R/2K52EvBmu5v0M3TX67c +YQFgBqMNfvnk0jLy10pEHro1OjgiTTj1DQd55ydSKGa0JvMDT/GOQeR87zkshRLz +bhxXOt4Ej2kkYbs9ILm7jKa9XfUYI58vCYLHwhGzpLZSsJ2xXkgfAAIFTI8CAwEA +AaOCAQgwggEEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57r +UdNRbytUkRGYGjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guT +KKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x +GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZl +QHN0cm9uZ3N3YW4ub3JnMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0 +cDovL29jc3AyLnN0cm9uZ3N3YW4ub3JnOjg4ODIwDQYJKoZIhvcNAQEFBQADggEB +ADn1ow4aGxckB4HsJQf1Z6LFpiCOExqhqcK/+fsFcl/WM3F0F+1TbEWzwFzDj3Yu +5gH6DQ/c0Fp+WYCKAbZXdYoKHJDSZY0BsoD7Nglc1r+l1wFRv1UGF5DoYZPryHGA +FkusMTUQMvWRRmN9PsURQ77DsmAtryKi5aDQ/rAiPIJK67bQ0HmvPAynO8IF2Fd9 +GpqFSc0gZni9NQszVUH33nuLlZP1hFC5MDeqhcqgmUL/GZbs7DZYThF4INBryfOg +xFE73CpyNQHHmfT23TLsrFD5IXCp3z3oMtCtTphwUnCJrEzZ1H7mJ+xSJoJ3MOqd +mNs1ygehz0a99cPoX1j/iwo= -----END CERTIFICATE----- diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index fad5b23d8..4eeebe54f 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlrootfs 4889 2009-02-19 22:02:28Z andreas $ +# RCSID $Id: build-umlrootfs 5006 2009-03-25 07:26:53Z andreas $ DIR=`dirname $0` @@ -167,6 +167,11 @@ then echo -n " --enable-eap-identity" >> $INSTALLSHELL fi +if [ "$USE_EAP_RADIUS" = "yes" ] +then + echo -n " --enable-eap-radius" >> $INSTALLSHELL +fi + if [ "$USE_SQL" = "yes" ] then echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL diff --git a/testing/testing.conf b/testing/testing.conf index 28b043905..548f5b530 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -14,26 +14,26 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: testing.conf 4893 2009-02-21 17:53:10Z andreas $ +# RCSID $Id: testing.conf 5051 2009-03-28 15:08:47Z andreas $ # Root directory of testing UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.28.6.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.29.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` # Kernel configuration file -KERNELCONFIG=$UMLTESTDIR/.config-2.6.28 +KERNELCONFIG=$UMLTESTDIR/.config-2.6.29 # Bzipped uml patch for kernel #UMLPATCH=$UMLTESTDIR/uml-2.6.26.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.2.13.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.2.14.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" @@ -43,6 +43,7 @@ USE_EAP_SIM="yes" USE_EAP_MD5="yes" USE_EAP_MSCHAPV2="yes" USE_EAP_IDENTITY="yes" +USE_EAP_RADIUS="yes" USE_SQL="yes" USE_MEDIATION="yes" USE_OPENSSL="yes" @@ -51,7 +52,7 @@ USE_INTEGRITY_TEST="yes" USE_LEAK_DETECTIVE="yes" # Gentoo linux root filesystem -ROOTFS=$UMLTESTDIR/gentoo-fs-20080407.tar.bz2 +ROOTFS=$UMLTESTDIR/gentoo-fs-20090325.tar.bz2 # Size of the finished root filesystem in MB ROOTFSSIZE=600 diff --git a/testing/tests/ikev1/after-2038-certs/description.txt b/testing/tests/ikev1/after-2038-certs/description.txt new file mode 100644 index 000000000..fb622dc15 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/description.txt @@ -0,0 +1,13 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +The authentication is based on <b>X.509 certificates</b> that are valid until +the year 2039 and are issued by a certification authority with a root ca +certificate valid until the year 2059. On 32-bit platforms, dates after +Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type. +Thus if a time wrap-around occurs during ASN.1 to time_t conversions, +dates contained in the certificates are set to the maximum value, +i.e. to Jan 19 03:14:07 UTC 2038. + +Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b> +behind the gateway <b>moon</b>. diff --git a/testing/tests/ikev1/after-2038-certs/evaltest.dat b/testing/tests/ikev1/after-2038-certs/evaltest.dat new file mode 100644 index 000000000..790811a61 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/evaltest.dat @@ -0,0 +1,6 @@ +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..392a4b51e --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..03b57243b --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv +bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw +NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w +HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4 +4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd +2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr +ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY +dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk +sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d +kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33 +YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh +qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ +HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro +UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe +xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O +Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f +/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC +Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V +Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/ +9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V +9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9 +ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT +XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh +e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL +99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A +YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV +c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD +ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f +hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57 +71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr +/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO +lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj +8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2 +RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA +Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm +xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s +PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld +6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd +c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/ +MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T +vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg +RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL +uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv +inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs +CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR +8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8 +9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea +cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H +d/Fp6btmZH31IEyJrRNVOpCwZPI= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..2ce2ce3c9 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR +yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp +dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw +BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO +FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW +kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5 +mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l +cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest +2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C +uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+ +t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh +fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q +xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0 +cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru +S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw +NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z +dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc +CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V +oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN +OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz +cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5 +mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji +kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk +idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY +n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb +G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na +FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe +q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG +zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni +8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9 ++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0 +V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f +OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN +jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR +SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu +lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb +8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It +bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..f0836ec33 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU +/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH +BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1 +robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f +uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg +6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5 +91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB +FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc +UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke +v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT +zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA +AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT +XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI +0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz +jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU +8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH +UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3 +SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf +ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf +D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp +yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn +lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB +7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb +Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc +o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns +K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O +/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp +AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5 +pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/ +0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP +fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB +G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5 +E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui +aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg +0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe +VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc +Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX +NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8 +uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c +BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q +HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G +LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK +R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We +ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X +j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/ +5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ +mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO +nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU +tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..40eb84b8a --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..e56090f48 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=%any + auto=add diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..03b57243b --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv +bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw +NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w +HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4 +4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd +2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr +ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY +dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk +sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d +kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33 +YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh +qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ +HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro +UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe +xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O +Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f +/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC +Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V +Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/ +9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V +9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9 +ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT +XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh +e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL +99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A +YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV +c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD +ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f +hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57 +71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr +/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO +lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj +8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2 +RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA +Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm +xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s +PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld +6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd +c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/ +MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T +vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg +RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL +uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv +inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs +CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR +8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8 +9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea +cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H +d/Fp6btmZH31IEyJrRNVOpCwZPI= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..e83798c07 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b +vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip +scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+ +BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y +0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa +L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2 +2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh +FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu +sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ +vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR +dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP +/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O +BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE +Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry +b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L +ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag +NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl +ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf +WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK +lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o +HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs +pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX +Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA +zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY +xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda +WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD +O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv +W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t +YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu +yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ +ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI +IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O +0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1 +ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5 +ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq +4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l +HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL +WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH +I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..6d39ac084 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv +OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC +bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq +qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU +EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA +YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5 +cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0 +vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K +AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04 +Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo +PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA +AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v +hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+ +hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI +yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D +yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz +PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+ +x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k +rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO +vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ +HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF +/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD +8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1 +wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk +EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2 +wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO +7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno +CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk +n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv +D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d +GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq ++1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7 +Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG +DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk +i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS +IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L +SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx +P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC +doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG +inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa +MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G +zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r +Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu +jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G +ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi +50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5 +kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD +xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y +fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..40eb84b8a --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/rw-eap-aka-identity/posttest.dat b/testing/tests/ikev1/after-2038-certs/posttest.dat index 94a400606..94a400606 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/posttest.dat +++ b/testing/tests/ikev1/after-2038-certs/posttest.dat diff --git a/testing/tests/ikev1/after-2038-certs/pretest.dat b/testing/tests/ikev1/after-2038-certs/pretest.dat new file mode 100644 index 000000000..4921d5097 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev1/after-2038-certs/test.conf b/testing/tests/ikev1/after-2038-certs/test.conf new file mode 100644 index 000000000..9cd583b16 --- /dev/null +++ b/testing/tests/ikev1/after-2038-certs/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/after-2038-certs/description.txt b/testing/tests/ikev2/after-2038-certs/description.txt new file mode 100644 index 000000000..fb622dc15 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/description.txt @@ -0,0 +1,13 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +The authentication is based on <b>X.509 certificates</b> that are valid until +the year 2039 and are issued by a certification authority with a root ca +certificate valid until the year 2059. On 32-bit platforms, dates after +Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type. +Thus if a time wrap-around occurs during ASN.1 to time_t conversions, +dates contained in the certificates are set to the maximum value, +i.e. to Jan 19 03:14:07 UTC 2038. + +Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b> +behind the gateway <b>moon</b>. diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat new file mode 100644 index 000000000..1bb9c105f --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat @@ -0,0 +1,6 @@ +moon::ipsec statusall::rw.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..bcdb8641b --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..03b57243b --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv +bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw +NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w +HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4 +4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd +2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr +ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY +dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk +sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d +kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33 +YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh +qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ +HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro +UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe +xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O +Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f +/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC +Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V +Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/ +9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V +9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9 +ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT +XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh +e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL +99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A +YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV +c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD +ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f +hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57 +71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr +/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO +lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj +8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2 +RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA +Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm +xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s +PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld +6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd +c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/ +MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T +vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg +RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL +uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv +inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs +CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR +8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8 +9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea +cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H +d/Fp6btmZH31IEyJrRNVOpCwZPI= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..2ce2ce3c9 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR +yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp +dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw +BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO +FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW +kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5 +mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l +cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest +2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C +uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+ +t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh +fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q +xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0 +cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru +S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw +NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z +dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc +CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V +oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN +OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz +cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5 +mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji +kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk +idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY +n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb +G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na +FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe +q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG +zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni +8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9 ++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0 +V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f +OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN +jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR +SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu +lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb +8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It +bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..f0836ec33 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU +/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH +BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1 +robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f +uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg +6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5 +91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB +FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc +UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke +v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT +zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA +AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT +XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI +0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz +jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU +8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH +UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3 +SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf +ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf +D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp +yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn +lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB +7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb +Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc +o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns +K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O +/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp +AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5 +pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/ +0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP +fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB +G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5 +E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui +aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg +0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe +VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc +Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX +NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8 +uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c +BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q +HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G +LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK +R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We +ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X +j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/ +5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ +mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO +nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU +tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..40eb84b8a --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..274521386 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=%any + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..03b57243b --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv +bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw +NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w +HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA +A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4 +4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd +2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr +ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY +dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk +sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d +kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33 +YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh +qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ +HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro +UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe +xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O +Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f +/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC +Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V +Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/ +9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V +9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9 +ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT +XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh +e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL +99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T +AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A +YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV +c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD +ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f +hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57 +71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr +/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO +lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj +8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2 +RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA +Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm +xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s +PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld +6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd +c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/ +MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T +vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg +RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL +uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv +inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs +CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR +8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8 +9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea +cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H +d/Fp6btmZH31IEyJrRNVOpCwZPI= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..e83798c07 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN +b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v +bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b +vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip +scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+ +BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y +0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa +L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2 +2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh +FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu +sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ +vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR +dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP +/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O +BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE +Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry +b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L +ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag +NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl +ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf +WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK +lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o +HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs +pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX +Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA +zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY +xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda +WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD +O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv +W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t +YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu +yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ +ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI +IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O +0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1 +ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5 +ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq +4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l +HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL +WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH +I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..6d39ac084 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv +OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC +bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq +qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU +EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA +YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5 +cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0 +vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K +AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04 +Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo +PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA +AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v +hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+ +hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI +yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D +yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz +PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+ +x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k +rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO +vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ +HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF +/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD +8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1 +wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk +EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2 +wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO +7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno +CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk +n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv +D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d +GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq ++1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7 +Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG +DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk +i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS +IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L +SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx +P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC +doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG +inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa +MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G +zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r +Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu +jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G +ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi +50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5 +kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD +xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y +fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..40eb84b8a --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat b/testing/tests/ikev2/after-2038-certs/posttest.dat index 94a400606..94a400606 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat +++ b/testing/tests/ikev2/after-2038-certs/posttest.dat diff --git a/testing/tests/ikev2/after-2038-certs/pretest.dat b/testing/tests/ikev2/after-2038-certs/pretest.dat new file mode 100644 index 000000000..4921d5097 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/after-2038-certs/test.conf b/testing/tests/ikev2/after-2038-certs/test.conf new file mode 100644 index 000000000..9cd583b16 --- /dev/null +++ b/testing/tests/ikev2/after-2038-certs/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem index 894bf7dbd..f586a9414 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIID+DCCAuCgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDQyMDA5MjU1NFoXDTEyMDQxODA5MjU1 -NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP -BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOByjCBxzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUi6jZ -/eq7FoNJDiWP3Mlw9iaZzyIwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPd -VCChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2Fu -MRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQ8wHwYDVR0RBBgwFoEUY2Fy -b2xAc3Ryb25nc3dhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBADHYFhLgIo3jrKcw -bmfkqHLrwI0sHgyJJrEf1hl3cdc16VdKVW+V3qMwumdlMobK20yTRtW90x1ErULS -RClHlQ5UtDubtQTwjcc6Uc8tOcBdAAH1SQk2xLikxQq19UGFpRRA0VxDXzF5yXnJ -oM9mJZvgscQZeZPqMEXd3yQclK3Ouap70zE1J8kcyT/yrdkTM3nMbiq8aPytr3Al -njoW+ToTsDqcTZYWeF3A3tfSZ5+AhlValx1btbcNPZVjjhBx46knOrOFeQLE5f5C -3XYxVaWPX7hcjfQz/e3T4Rnb8nVQqoCnycUPfYxG/4z7pp/GplS/MEuMNNGDhSsI -nTjnJgY= +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MDMyNDIwMzc0N1oXDTE0MDMyMzIwMzc0 +N1owYTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGDAW +BgNVBAsTD1Jlc2VhcmNoIG5vIENEUDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPqE4le5QodSA+ +NXnQ1IFI0XWcBDDwQDNcQ6qMScSCaboPFCLrlC9E70J2eGeX2v/UDTQpEOxQ4fGX +Efk0/MdJjnWGAO95jEInNJ+DuexfrP5REiryKDfryA0d6xiQb/a2M7UuDgxPgyZf +VyvU7SHebue4317v5NyGJeRnkN3/onNpdjpWu9Le9DqenBQ2SITgo7NsVsNsqhnT +1jg2jfxJ8OXzi7/6JvuxxweCoDxr+KeKIViFAqNlyufeyIvowdjHTlJRvN/9Wl+/ +jPiHmFcIyIc1o8EUHzM9AEIWtB2DeHL62e7LVJbjMXsLAkTggc3BkGE2cWFOBY0f +J4R+AKWDAgMBAAGjgcowgccwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O +BBYEFIuo2f3quxaDSQ4lj9zJcPYmmc8iMG0GA1UdIwRmMGSAFOd18KDyrSDNzWAj +zMfIDynz3VQgoUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry +b25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEPMB8GA1UdEQQY +MBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBiOKAx +ePEwlga++nOpkfBg6ESag5/VWfnAp1zRpXHXnRak10OTtCPDjmJiDUzlKBwolwJN +I6T3S7eg+M04E3r5IHn3i+HtQcENkq02YUPiUXS5cvLtzKMPIm8pYCj7/5pXxAek +nHGRdBZkQiGDz49H9rPKxLdJDTLCXpj4l9uOFgsbiQ3k5SyWq5oMhtZsf4VKqAd+ +77Mbn9pnjjy53wLuzjaMVX+K5KKotPNeSHH/pWh9RqNROmf6F2B0nZhW5Aryxa9/ +24GRkZEPZ+cqhtwgVjq5aImzdSrARJQ1tu6lZqNB5b9klYSAi+al0FrvUFoG58Qt +eWeiFXLvAtXTGoax -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem index c19c7333a..cae8184f6 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIELTCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA3MDQyMDA5MzYwMFoXDTEyMDQxODA5MzYwMFowVjEL -MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT -BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4IBCDCC -AQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFILLnutR01FvK1SR -EZgaOaO9d8izMG0GA1UdIwRmMGSAFF+bE0b5IHLIANWItadMLpfqC5MooUmkRzBF -MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UE -AxMSc3Ryb25nU3dhbiBSb290IENBggENMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25n -c3dhbi5vcmcwPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vb2Nz -cDIuc3Ryb25nc3dhbi5vcmc6ODg4MjANBgkqhkiG9w0BAQUFAAOCAQEAhhebUzkR -5bllLrfSb0H+Uns0Fw/hfyrvJPjKOcb/otwPZOeGftGYQgihGu3X0Wi6IPX3/I6v -tAnjYTyMXO68Cm2Zw3ZjjjSupQ3LOtyUhKPehk1EXNI5S1WnpYvEjocaBeT5DBaH -fjMHL4L32dUcyzU49zbrkFEY7ffka44s3SUf4tEaw5QlBfAnwoij2A/rucokWNeQ -6KVE9wfYJri6P7ztVTWFsAD6MXRCjzYrS6lOo02w32k2Rpp5SdAWuiwnXLY1BPi9 -U031sS6eh2aRM+u1UKuCGQtUDCMOI6yDv5U2aWQuxYS2uTW05PlWwKAg2atFt7uZ -P35gzzpJWopPqw== +BAMTCFNhbGVzIENBMB4XDTA5MDMyNDIxMTA1M1oXDTE0MDMyMzIxMTA1M1owXTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsT +DFNhbGVzIG5vIENEUDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqgEdIrRiLkrf0UfCB4xUyx/5cs +Ka5h1MNBks2cKP6uABOL+jnlkRtyVFIOOCuNMgcK+873LC87UU32zapbe6Ph46aN +5M9ADMA6PtVeNkJIetVSVtT9DUL5II4kJ/hJUjINbt7omAiDAIWDGKNmTCsR18Ua +o1O/QFbiTT96fMFKX8EXiJgMt/5+vOWG0s1nGz6gn40R/2K52EvBmu5v0M3TX67c +YQFgBqMNfvnk0jLy10pEHro1OjgiTTj1DQd55ydSKGa0JvMDT/GOQeR87zkshRLz +bhxXOt4Ej2kkYbs9ILm7jKa9XfUYI58vCYLHwhGzpLZSsJ2xXkgfAAIFTI8CAwEA +AaOCAQgwggEEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57r +UdNRbytUkRGYGjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guT +KKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x +GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZl +QHN0cm9uZ3N3YW4ub3JnMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0 +cDovL29jc3AyLnN0cm9uZ3N3YW4ub3JnOjg4ODIwDQYJKoZIhvcNAQEFBQADggEB +ADn1ow4aGxckB4HsJQf1Z6LFpiCOExqhqcK/+fsFcl/WM3F0F+1TbEWzwFzDj3Yu +5gH6DQ/c0Fp+WYCKAbZXdYoKHJDSZY0BsoD7Nglc1r+l1wFRv1UGF5DoYZPryHGA +FkusMTUQMvWRRmN9PsURQ77DsmAtryKi5aDQ/rAiPIJK67bQ0HmvPAynO8IF2Fd9 +GpqFSc0gZni9NQszVUH33nuLlZP1hFC5MDeqhcqgmUL/GZbs7DZYThF4INBryfOg +xFE73CpyNQHHmfT23TLsrFD5IXCp3z3oMtCtTphwUnCJrEzZ1H7mJ+xSJoJ3MOqd +mNs1ygehz0a99cPoX1j/iwo= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/rw-eap-aka-identity/description.txt b/testing/tests/ikev2/rw-eap-aka-id-rsa/description.txt index e7d2c784a..6d886024b 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/description.txt +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/description.txt @@ -1,8 +1,9 @@ +at the outset the gateway authenticates itself to the client by sending an +IKEv2 <b>RSA signature</b> accompanied by a certificate. The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. <b>carol</b> uses the <i>Extensible Authentication Protocol</i> in association with the <i>Authentication and Key Agreement</i> protocol (<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM. In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior <b>carol</b> -uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> -to authenticate itself against <b>carol</b>. +uses the EAP identity <b>carol</b>. diff --git a/testing/tests/ikev2/rw-eap-aka-identity/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat index 5d0b469bf..d5cbbdbf7 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat @@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::using EAP identity.*carol::YES moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf index 8cffbe3b3..8cffbe3b3 100755 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.secrets index 44ba3fa25..44ba3fa25 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf index 831d9e663..831d9e663 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf index 350fc48b6..b239e7718 100755 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn rw-eapaka +conn rw-eap authby=rsasig eap=aka eap_identity=%identity diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.secrets index 3868b62f4..3868b62f4 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.secrets diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf index 831d9e663..831d9e663 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-aka-identity/pretest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat index ed5498bfe..ed5498bfe 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/pretest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat diff --git a/testing/tests/ikev2/rw-eap-aka-identity/test.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/test.conf index 2bd21499b..2bd21499b 100644 --- a/testing/tests/ikev2/rw-eap-aka-identity/test.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/test.conf diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt b/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt new file mode 100644 index 000000000..a1512ca9e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt @@ -0,0 +1,10 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the client by sending +an IKEv2 <b>RSA signature</b> accompanied by a certificate. +<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> +in association with an <i>MD5</i> challenge and response protocol +(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>. +In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior +<b>carol</b> uses the EAP identity <b>carol</b>. +The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b> +and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>. diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat new file mode 100644 index 000000000..6c73054d7 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat @@ -0,0 +1,12 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +moon::cat /var/log/daemon.log::using EAP identity .*carol"::YES +carol::cat /var/log/daemon.log::EAP server requested EAP_MD5 authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + + diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..623f42904 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = md5 + md5 { + } +} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..783587b55 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm LOCAL { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..1143a0473 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,120 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..9c3702cb7 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,61 @@ +authorize { + preprocess + chap + mschap + suffix + eap { + ok = return + } + unix + files + expiration + logintime + pap +} + +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..247b918e3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users @@ -0,0 +1 @@ +carol Cleartext-Password := "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..8cffbe3b3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftid=carol@strongswan.org + leftfirewall=yes + eap_identity=carol + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..23d79cf2e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..b856adc9e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 eapidentity updown +} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..08b920afd --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + authby=rsasig + eap=radius + eap_identity=%identity + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..10414b29a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown + plugins { + eap_radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat new file mode 100644 index 000000000..920d6a20d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +carol::ipsec stop +alice::/etc/init.d/radiusd stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat new file mode 100644 index 000000000..3508e9d8c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +alice::cat /etc/raddb/clients.conf +alice::cat /etc/raddb/eap.conf +alice::cat /etc/raddb/proxy.conf +alice::cat /etc/raddb/users +alice::/etc/init.d/radiusd start +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/test.conf index 2bd21499b..2bd21499b 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/test.conf diff --git a/testing/tests/ikev2/rw-eap-md5-radius/description.txt b/testing/tests/ikev2/rw-eap-md5-radius/description.txt new file mode 100644 index 000000000..12bdc9fdd --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/description.txt @@ -0,0 +1,8 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the client by sending +an IKEv2 <b>RSA signature</b> accompanied by a certificate. +<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> +in association with an <i>MD5</i> challenge and response protocol +(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>. +The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b> +and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>. diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat new file mode 100644 index 000000000..444362a86 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat @@ -0,0 +1,11 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::EAP server requested EAP_MD5 authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + + diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..623f42904 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = md5 + md5 { + } +} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..23cba8d11 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm strongswan.org { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..1143a0473 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,120 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..9c3702cb7 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,61 @@ +authorize { + preprocess + chap + mschap + suffix + eap { + ok = return + } + unix + files + expiration + logintime + pap +} + +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..247b918e3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users @@ -0,0 +1 @@ +carol Cleartext-Password := "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..2af93a313 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..74942afda --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..a53e44f50 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 updown +} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..825994278 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + authby=rsasig + eap=radius + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..cae56a7f6 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown + plugins { + eap_radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat new file mode 100644 index 000000000..920d6a20d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +carol::ipsec stop +alice::/etc/init.d/radiusd stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat new file mode 100644 index 000000000..3508e9d8c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +alice::cat /etc/raddb/clients.conf +alice::cat /etc/raddb/eap.conf +alice::cat /etc/raddb/proxy.conf +alice::cat /etc/raddb/users +alice::/etc/init.d/radiusd start +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-radius/test.conf b/testing/tests/ikev2/rw-eap-md5-radius/test.conf new file mode 100644 index 000000000..2bd21499b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-md5-radius/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice carol moon" + +# Corresponding block diagram +# +DIAGRAM="a-m-c.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat index 5de841c03..fadcdc635 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets index e03e89a0f..74942afda 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -carol@strongswan.org : EAP "Ar3etTnp01qlpOgb" +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf index 78bc23b4c..7777e914b 100755 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn rw-eapaka +conn rw-eap authby=rsasig eap=md5 left=PH_IP_MOON diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets index aa3838385..c991683b8 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets @@ -2,4 +2,4 @@ : RSA moonKey.pem -carol@strongswan.org : EAP "Ar3etTnp01qlpOgb" +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt index df7041a97..df7041a97 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat index d8708d122..d8708d122 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf index ec09a3375..ec09a3375 100755 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.secrets index 44ba3fa25..44ba3fa25 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf index 26ccc84ce..26ccc84ce 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf index 57a89966a..57a89966a 100755 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.secrets index 3868b62f4..3868b62f4 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.secrets diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf index 26ccc84ce..26ccc84ce 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat index ed5498bfe..ed5498bfe 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf new file mode 100644 index 000000000..2bd21499b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice carol moon" + +# Corresponding block diagram +# +DIAGRAM="a-m-c.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt new file mode 100644 index 000000000..887d3f467 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt @@ -0,0 +1,13 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the client by sending +an IKEv2 <b>RSA signature</b> accompanied by a certificate. +<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> +in association with a <i>GSM Subscriber Identity Module</i> +(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>. +In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> +are used instead of a physical SIM card on the client <b>carol</b> and +the gateway forwards all EAP messages to the RADIUS server <b>alice</b> +which also uses static triplets. In addition to her IKEv2 identity +<b>carol@strongswan.org</b>, roadwarrior <b>carol</b> uses the EAP +identity <b>232420100000015</b>. + diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat new file mode 100644 index 000000000..4e7cbcc4c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat @@ -0,0 +1,12 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +moon::cat /var/log/daemon.log::using EAP identity .*232420100000015::YES +carol::cat /var/log/daemon.log::EAP server requested EAP_SIM authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + + diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..a2020424e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..783587b55 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm LOCAL { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..d77b818fe --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,123 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf + sim_files { + simtriplets = "/etc/raddb/triplets.dat" + } +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..dfceb037d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,62 @@ +authorize { + preprocess + chap + mschap + sim_files + suffix + eap { + ok = return + } + unix + files + expiration + logintime + pap +} + +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat new file mode 100644 index 000000000..2a750029f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat @@ -0,0 +1,3 @@ +232420100000015,30000000000000000000000000000000,30112233,305566778899AABB +232420100000015,31000000000000000000000000000000,31112233,315566778899AABB +232420100000015,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..404589348 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftid=carol@strongswan.org + leftfirewall=yes + eap_identity=232420100000015 + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..2a750029f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +232420100000015,30000000000000000000000000000000,30112233,305566778899AABB +232420100000015,31000000000000000000000000000000,31112233,315566778899AABB +232420100000015,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..cc451fc8d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file eapidentity updown +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..08b920afd --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + authby=rsasig + eap=radius + eap_identity=%identity + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..10414b29a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown + plugins { + eap_radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat new file mode 100644 index 000000000..920d6a20d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +carol::ipsec stop +alice::/etc/init.d/radiusd stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat new file mode 100644 index 000000000..0a9f41856 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +alice::cat /etc/raddb/clients.conf +alice::cat /etc/raddb/eap.conf +alice::cat /etc/raddb/proxy.conf +alice::cat /etc/raddb/triplets.dat +alice::/etc/init.d/radiusd start +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf new file mode 100644 index 000000000..2bd21499b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice carol moon" + +# Corresponding block diagram +# +DIAGRAM="a-m-c.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/rw-eap-sim-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-radius/description.txt new file mode 100644 index 000000000..6c3c71987 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/description.txt @@ -0,0 +1,14 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the client by sending +an IKEv2 <b>RSA signature</b> accompanied by a certificate. +<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> +in association with a <i>GSM Subscriber Identity Module</i> +(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>. +In this scenario, triplets from the file <b>/etc/ipsec.d/triplets.dat</b> +are used instead of a physical SIM card on the client <b>carol</b>. +The gateway forwards all EAP messages to the RADIUS server <b>alice</b> +which also uses a static triplets file. +<p> +The roadwarrior <b>dave</b> sends wrong EAP-SIM triplets. As a consequence +the radius server <b>alice</b> returns an <b>Access-Reject</b> message +and the gateway <b>moon</b> sends back an <b>EAP_FAILURE</b>. diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat new file mode 100644 index 000000000..cd4b43cca --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -0,0 +1,15 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::EAP server requested EAP_SIM authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::cat /var/log/daemon.log::received Access-Reject from RADIUS server::YES +moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP failed::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO +dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave::ipsec statusall::home.*ESTABLISHED::NO +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..a2020424e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..23cba8d11 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm strongswan.org { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..d77b818fe --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,123 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf + sim_files { + simtriplets = "/etc/raddb/triplets.dat" + } +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..dfceb037d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,62 @@ +authorize { + preprocess + chap + mschap + sim_files + suffix + eap { + ok = return + } + unix + files + expiration + logintime + pap +} + +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat new file mode 100644 index 000000000..fd0eb19b9 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat @@ -0,0 +1,7 @@ +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB +dave@strongswan.org,33000000000000000000000000000000,33112233,335566778899AABB +dave@strongswan.org,34000000000000000000000000000000,34112233,345566778899AABB +dave@strongswan.org,35000000000000000000000000000000,35112233,355566778899AABB + diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..4f0d40b3e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..83906807f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..e2388268c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..511eb6172 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..a02a42c0d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +dave@strongswan.org,33000000000000000000000000000000,33112244,335566778899AABB +dave@strongswan.org,34000000000000000000000000000000,34112244,345566778899AABB +dave@strongswan.org,35000000000000000000000000000000,35112244,355566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..e2388268c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..825994278 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + authby=rsasig + eap=radius + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..cae56a7f6 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown + plugins { + eap_radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat new file mode 100644 index 000000000..dbe56013a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat @@ -0,0 +1,7 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +alice::/etc/init.d/radiusd stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat new file mode 100644 index 000000000..b3fd4cbf1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat @@ -0,0 +1,15 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +alice::cat /etc/raddb/clients.conf +alice::cat /etc/raddb/eap.conf +alice::cat /etc/raddb/proxy.conf +alice::cat /etc/raddb/triplets.dat +alice::/etc/init.d/radiusd start +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-radius/test.conf new file mode 100644 index 000000000..70416826e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" |