diff options
Diffstat (limited to 'src/charon/plugins/stroke')
| -rw-r--r-- | src/charon/plugins/stroke/Makefile.am | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/Makefile.in | 7 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_ca.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 96 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 37 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_socket.c | 1 |
8 files changed, 109 insertions, 40 deletions
diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am index fb58ba62b..79a63f2c2 100644 --- a/src/charon/plugins/stroke/Makefile.am +++ b/src/charon/plugins/stroke/Makefile.am @@ -18,5 +18,5 @@ libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \ stroke_list.h stroke_list.c \ stroke_shared_key.h stroke_shared_key.c -libstrongswan_stroke_la_LDFLAGS = -module +libstrongswan_stroke_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/stroke/Makefile.in b/src/charon/plugins/stroke/Makefile.in index f246286a0..19822ebc8 100644 --- a/src/charon/plugins/stroke/Makefile.in +++ b/src/charon/plugins/stroke/Makefile.in @@ -76,12 +76,14 @@ ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -146,6 +148,7 @@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ @@ -186,7 +189,9 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ @@ -237,7 +242,7 @@ libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \ stroke_list.h stroke_list.c \ stroke_shared_key.h stroke_shared_key.c -libstrongswan_stroke_la_LDFLAGS = -module +libstrongswan_stroke_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index a7925ce3e..d3211fd67 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -539,7 +539,7 @@ stroke_attribute_t *stroke_attribute_create() this->public.destroy = (void(*)(stroke_attribute_t*))destroy; this->pools = linked_list_create(); - this->mutex = mutex_create(MUTEX_RECURSIVE); + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c index fab06e6c5..c354d8cb8 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/charon/plugins/stroke/stroke_ca.c @@ -447,7 +447,7 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) this->public.destroy = (void(*)(stroke_ca_t*))destroy; this->sections = linked_list_create(); - this->lock = rwlock_create(RWLOCK_DEFAULT); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->cred = cred; return &this->public; diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 028e71e71..0b6a4ac31 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -924,7 +924,7 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) this->public.destroy = (void(*)(stroke_config_t*))destroy; this->list = linked_list_create(); - this->mutex = mutex_create(MUTEX_RECURSIVE); + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->ca = ca; this->cred = cred; diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index dc73299b8..31bcfe9f4 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -16,6 +16,8 @@ #include <sys/stat.h> #include <limits.h> +#include <glob.h> +#include <libgen.h> #include "stroke_cred.h" #include "stroke_shared_key.h" @@ -41,6 +43,8 @@ #define CRL_DIR IPSEC_D_DIR "/crls" #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets" +#define MAX_SECRETS_RECURSION 10 + typedef struct private_stroke_cred_t private_stroke_cred_t; /** @@ -691,7 +695,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) /** * reload ipsec.secrets */ -static void load_secrets(private_stroke_cred_t *this) +static void load_secrets(private_stroke_cred_t *this, char *file, int level) { size_t bytes; int line_nr = 0; @@ -700,9 +704,9 @@ static void load_secrets(private_stroke_cred_t *this) private_key_t *private; shared_key_t *shared; - DBG1(DBG_CFG, "loading secrets from '%s'", SECRETS_FILE); + DBG1(DBG_CFG, "loading secrets from '%s'", file); - fd = fopen(SECRETS_FILE, "r"); + fd = fopen(file, "r"); if (fd == NULL) { DBG1(DBG_CFG, "opening secrets file '%s' failed"); @@ -719,15 +723,19 @@ static void load_secrets(private_stroke_cred_t *this) src = chunk; this->lock->write_lock(this->lock); - while (this->shared->remove_last(this->shared, - (void**)&shared) == SUCCESS) - { - shared->destroy(shared); - } - while (this->private->remove_last(this->private, - (void**)&private) == SUCCESS) + if (level == 0) { - private->destroy(private); + /* flush secrets on non-recursive invocation */ + while (this->shared->remove_last(this->shared, + (void**)&shared) == SUCCESS) + { + shared->destroy(shared); + } + while (this->private->remove_last(this->private, + (void**)&private) == SUCCESS) + { + private->destroy(private); + } } while (fetchline(&src, &line)) @@ -741,6 +749,66 @@ static void load_secrets(private_stroke_cred_t *this) { continue; } + if (line.len > strlen("include ") && + strneq(line.ptr, "include ", strlen("include "))) + { + glob_t buf; + char **expanded, *dir, pattern[PATH_MAX]; + u_char *pos; + + if (level > MAX_SECRETS_RECURSION) + { + DBG1(DBG_CFG, "maximum level of %d includes reached, ignored", + MAX_SECRETS_RECURSION); + continue; + } + /* terminate filename by space */ + line = chunk_skip(line, strlen("include ")); + pos = memchr(line.ptr, ' ', line.len); + if (pos) + { + line.len = pos - line.ptr; + } + if (line.len && line.ptr[0] == '/') + { + if (line.len + 1 > sizeof(pattern)) + { + DBG1(DBG_CFG, "include pattern too long, ignored"); + continue; + } + snprintf(pattern, sizeof(pattern), "%.*s", line.len, line.ptr); + } + else + { /* use directory of current file if relative */ + dir = strdup(file); + dir = dirname(dir); + + if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) + { + DBG1(DBG_CFG, "include pattern too long, ignored"); + free(dir); + continue; + } + snprintf(pattern, sizeof(pattern), "%s/%.*s", + dir, line.len, line.ptr); + free(dir); + } + if (glob(pattern, GLOB_ERR, NULL, &buf) != 0) + { + DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern); + globfree(&buf); + } + else + { + for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) + { + load_secrets(this, *expanded, level + 1); + } + } + globfree(&buf); + continue; + } + if (line.len > 2 && strneq(": ", line.ptr, 2)) { /* no ids, skip the ':' */ @@ -989,7 +1057,7 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg) if (msg->reread.flags & REREAD_SECRETS) { DBG1(DBG_CFG, "rereading secrets"); - load_secrets(this); + load_secrets(this, SECRETS_FILE, 0); } if (msg->reread.flags & REREAD_CACERTS) { @@ -1057,10 +1125,10 @@ stroke_cred_t *stroke_cred_create() this->certs = linked_list_create(); this->shared = linked_list_create(); this->private = linked_list_create(); - this->lock = rwlock_create(RWLOCK_DEFAULT); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); load_certs(this); - load_secrets(this); + load_secrets(this, SECRETS_FILE, 0); this->cachecrl = FALSE; diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 564a511a1..6f421bd30 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -146,8 +146,8 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) */ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { - u_int32_t rekey, now = time(NULL); - u_int32_t use_in, use_out; + time_t use_in, use_out, rekey, now = time(NULL); + u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); @@ -205,6 +205,20 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } } + + child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); + fprintf(out, ", %llu bytes_i", bytes_in); + if (use_in) + { + fprintf(out, " (%ds ago)", now - use_in); + } + + child_sa->get_usestats(child_sa, FALSE, &use_out, &bytes_out); + fprintf(out, ", %llu bytes_o", bytes_out); + if (use_out) + { + fprintf(out, " (%ds ago)", now - use_out); + } fprintf(out, ", rekeying "); rekey = child_sa->get_lifetime(child_sa, FALSE); @@ -224,25 +238,6 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, "disabled"); } - fprintf(out, ", last use: "); - use_in = child_sa->get_usetime(child_sa, TRUE); - if (use_in) - { - fprintf(out, "%ds_i ", now - use_in); - } - else - { - fprintf(out, "no_i "); - } - use_out = child_sa->get_usetime(child_sa, FALSE); - if (use_out) - { - fprintf(out, "%ds_o ", now - use_out); - } - else - { - fprintf(out, "no_o "); - } } } diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index f61171e22..9b6a8a3a7 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -27,6 +27,7 @@ #include <processing/jobs/callback_job.h> #include <daemon.h> +#include <utils/mutex.h> /* for Mac OS X compatible accept */ #include "stroke_config.h" #include "stroke_control.h" |