summaryrefslogtreecommitdiff
path: root/src/charon
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon')
-rw-r--r--src/charon/config/attributes/attribute_manager.c16
-rw-r--r--src/charon/config/proposal.c64
-rw-r--r--src/charon/config/proposal.h7
-rw-r--r--src/charon/config/traffic_selector.c59
-rw-r--r--src/charon/config/traffic_selector.h7
-rw-r--r--src/charon/credentials/credential_manager.c18
-rw-r--r--src/charon/daemon.c10
-rw-r--r--src/charon/plugins/eap_mschapv2/eap_mschapv2.c4
-rw-r--r--src/charon/plugins/nm/nm_service.c80
-rw-r--r--src/charon/plugins/sql/pool.c4
-rw-r--r--src/charon/plugins/sql/sql_attribute.c2
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.c1
-rw-r--r--src/charon/plugins/stroke/stroke_cred.c7
-rw-r--r--src/charon/plugins/stroke/stroke_list.c42
-rw-r--r--src/charon/sa/ike_sa.c11
15 files changed, 168 insertions, 164 deletions
diff --git a/src/charon/config/attributes/attribute_manager.c b/src/charon/config/attributes/attribute_manager.c
index b919c4261..a069c954a 100644
--- a/src/charon/config/attributes/attribute_manager.c
+++ b/src/charon/config/attributes/attribute_manager.c
@@ -17,6 +17,7 @@
#include "attribute_manager.h"
+#include <daemon.h>
#include <utils/linked_list.h>
#include <utils/mutex.h>
@@ -53,7 +54,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
enumerator_t *enumerator;
attribute_provider_t *current;
host_t *host = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->providers->create_enumerator(this->providers);
while (enumerator->enumerate(enumerator, &current))
@@ -67,6 +68,10 @@ static host_t* acquire_address(private_attribute_manager_t *this,
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
+ if (!host)
+ {
+ DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool);
+ }
return host;
}
@@ -78,18 +83,25 @@ static void release_address(private_attribute_manager_t *this,
{
enumerator_t *enumerator;
attribute_provider_t *current;
-
+ bool found = FALSE;
+
this->lock->read_lock(this->lock);
enumerator = this->providers->create_enumerator(this->providers);
while (enumerator->enumerate(enumerator, &current))
{
if (current->release_address(current, pool, address, id))
{
+ found = TRUE;
break;
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
+
+ if (!found)
+ {
+ DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
+ }
}
/**
diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c
index 8fcbdc960..92ef34b75 100644
--- a/src/charon/config/proposal.c
+++ b/src/charon/config/proposal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2009 Tobias Brunner
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: proposal.c 4685 2008-11-22 16:14:55Z martin $
+ * $Id: proposal.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <string.h>
@@ -803,10 +803,10 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
}
/**
- * print all algorithms of a kind to stream
+ * print all algorithms of a kind to buffer
*/
-static int print_alg(private_proposal_t *this, FILE *stream, u_int kind,
- void *names, bool *first)
+static int print_alg(private_proposal_t *this, char **dst, int *len,
+ u_int kind, void *names, bool *first)
{
enumerator_t *enumerator;
size_t written = 0;
@@ -817,16 +817,16 @@ static int print_alg(private_proposal_t *this, FILE *stream, u_int kind,
{
if (*first)
{
- written += fprintf(stream, "%N", names, alg);
+ written += print_in_hook(*dst, *len, "%N", names, alg);
*first = FALSE;
}
else
{
- written += fprintf(stream, "/%N", names, alg);
+ written += print_in_hook(*dst, *len, "/%N", names, alg);
}
if (size)
{
- written += fprintf(stream, "-%d", size);
+ written += print_in_hook(*dst, *len, "-%d", size);
}
}
enumerator->destroy(enumerator);
@@ -834,10 +834,10 @@ static int print_alg(private_proposal_t *this, FILE *stream, u_int kind,
}
/**
- * output handler in printf()
+ * Described in header.
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
+ const void *const *args)
{
private_proposal_t *this = *((private_proposal_t**)(args[0]));
linked_list_t *list = *((linked_list_t**)(args[0]));
@@ -847,65 +847,43 @@ static int print(FILE *stream, const struct printf_info *info,
if (this == NULL)
{
- return fprintf(stream, "(null)");
+ return print_in_hook(dst, len, "(null)");
}
- if (info->alt)
+ if (spec->hash)
{
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &this))
{ /* call recursivly */
if (first)
{
- written += fprintf(stream, "%P", this);
+ written += print_in_hook(dst, len, "%P", this);
first = FALSE;
}
else
{
- written += fprintf(stream, ", %P", this);
+ written += print_in_hook(dst, len, ", %P", this);
}
}
enumerator->destroy(enumerator);
return written;
}
- written = fprintf(stream, "%N:", protocol_id_names, this->protocol);
- written += print_alg(this, stream, ENCRYPTION_ALGORITHM,
+ written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol);
+ written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, &first);
- written += print_alg(this, stream, INTEGRITY_ALGORITHM,
+ written += print_alg(this, &dst, &len, INTEGRITY_ALGORITHM,
integrity_algorithm_names, &first);
- written += print_alg(this, stream, PSEUDO_RANDOM_FUNCTION,
+ written += print_alg(this, &dst, &len, PSEUDO_RANDOM_FUNCTION,
pseudo_random_function_names, &first);
- written += print_alg(this, stream, DIFFIE_HELLMAN_GROUP,
+ written += print_alg(this, &dst, &len, DIFFIE_HELLMAN_GROUP,
diffie_hellman_group_names, &first);
- written += print_alg(this, stream, EXTENDED_SEQUENCE_NUMBERS,
+ written += print_alg(this, &dst, &len, EXTENDED_SEQUENCE_NUMBERS,
extended_sequence_numbers_names, &first);
return written;
}
/**
- * arginfo handler for printf() proposal
- */
-static int arginfo(const struct printf_info *info, size_t n, int *argtypes)
-{
- if (n > 0)
- {
- argtypes[0] = PA_POINTER;
- }
- return 1;
-}
-
-/**
- * return printf hook functions for a proposal
- */
-printf_hook_functions_t proposal_get_printf_hooks()
-{
- printf_hook_functions_t hooks = {print, arginfo};
-
- return hooks;
-}
-
-/**
* Implements proposal_t.destroy.
*/
static void destroy(private_proposal_t *this)
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
index fb7dc9dfa..ea01120f9 100644
--- a/src/charon/config/proposal.h
+++ b/src/charon/config/proposal.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: proposal.h 4062 2008-06-12 11:42:19Z martin $
+ * $Id: proposal.h 4936 2009-03-12 18:07:32Z tobias $
*/
/**
@@ -233,13 +233,14 @@ proposal_t *proposal_create_default(protocol_id_t protocol);
proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
/**
- * Get printf hooks for a proposal.
+ * printf hook function for proposal_t.
*
* Arguments are:
* proposal_t *proposal
* With the #-specifier, arguments are:
* linked_list_t *list containing proposal_t*
*/
-printf_hook_functions_t proposal_get_printf_hooks();
+int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
+ const void *const *args);
#endif /* PROPOSAL_H_ @} */
diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index 7442fc7ef..b3bab900d 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2007-2009 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -14,14 +14,13 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: traffic_selector.c 4860 2009-02-11 13:09:52Z martin $
+ * $Id: traffic_selector.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <arpa/inet.h>
#include <string.h>
#include <netdb.h>
#include <stdio.h>
-#include <printf.h>
#include "traffic_selector.h"
@@ -157,10 +156,10 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
/**
- * output handler in printf()
+ * Described in header.
*/
-static int print(FILE *stream, const struct printf_info *info,
- const void *const *args)
+int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
+ const void *const *args)
{
private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0]));
linked_list_t *list = *((linked_list_t**)(args[0]));
@@ -175,16 +174,16 @@ static int print(FILE *stream, const struct printf_info *info,
if (this == NULL)
{
- return fprintf(stream, "(null)");
+ return print_in_hook(dst, len, "(null)");
}
- if (info->alt)
+ if (spec->hash)
{
iterator = list->create_iterator(list, TRUE);
while (iterator->iterate(iterator, (void**)&this))
{
/* call recursivly */
- written += fprintf(stream, "%R ", this);
+ written += print_in_hook(dst, len, "%R ", this);
}
iterator->destroy(iterator);
return written;
@@ -196,7 +195,7 @@ static int print(FILE *stream, const struct printf_info *info,
memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
{
- written += fprintf(stream, "dynamic");
+ written += print_in_hook(dst, len, "dynamic");
}
else
{
@@ -209,7 +208,7 @@ static int print(FILE *stream, const struct printf_info *info,
inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str));
}
mask = calc_netbits(this);
- written += fprintf(stream, "%s/%d", addr_str, mask);
+ written += print_in_hook(dst, len, "%s/%d", addr_str, mask);
}
/* check if we have protocol and/or port selectors */
@@ -221,7 +220,7 @@ static int print(FILE *stream, const struct printf_info *info,
return written;
}
- written += fprintf(stream, "[");
+ written += print_in_hook(dst, len, "[");
/* build protocol string */
if (has_proto)
@@ -230,18 +229,18 @@ static int print(FILE *stream, const struct printf_info *info,
if (proto)
{
- written += fprintf(stream, "%s", proto->p_name);
+ written += print_in_hook(dst, len, "%s", proto->p_name);
serv_proto = proto->p_name;
}
else
{
- written += fprintf(stream, "%d", this->protocol);
+ written += print_in_hook(dst, len, "%d", this->protocol);
}
}
if (has_proto && has_ports)
{
- written += fprintf(stream, "/");
+ written += print_in_hook(dst, len, "/");
}
/* build port string */
@@ -253,47 +252,25 @@ static int print(FILE *stream, const struct printf_info *info,
if (serv)
{
- written += fprintf(stream, "%s", serv->s_name);
+ written += print_in_hook(dst, len, "%s", serv->s_name);
}
else
{
- written += fprintf(stream, "%d", this->from_port);
+ written += print_in_hook(dst, len, "%d", this->from_port);
}
}
else
{
- written += fprintf(stream, "%d-%d", this->from_port, this->to_port);
+ written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port);
}
}
- written += fprintf(stream, "]");
+ written += print_in_hook(dst, len, "]");
return written;
}
/**
- * arginfo handler for printf() traffic selector
- */
-static int arginfo(const struct printf_info *info, size_t n, int *argtypes)
-{
- if (n > 0)
- {
- argtypes[0] = PA_POINTER;
- }
- return 1;
-}
-
-/**
- * return printf hook functions for a chunk
- */
-printf_hook_functions_t traffic_selector_get_printf_hooks()
-{
- printf_hook_functions_t hooks = {print, arginfo};
-
- return hooks;
-}
-
-/**
* implements traffic_selector_t.get_subset
*/
static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other)
diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h
index 69c04c605..fcec4e50b 100644
--- a/src/charon/config/traffic_selector.h
+++ b/src/charon/config/traffic_selector.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: traffic_selector.h 4860 2009-02-11 13:09:52Z martin $
+ * $Id: traffic_selector.h 4936 2009-03-12 18:07:32Z tobias $
*/
/**
@@ -291,13 +291,14 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
u_int16_t from_port, u_int16_t to_port);
/**
- * Get printf hooks for a traffic selector.
+ * printf hook function for traffic_selector_t.
*
* Arguments are:
* traffic_selector_t *ts
* With the #-specifier, arguments are:
* linked_list_t *list containing traffic_selector_t*
*/
-printf_hook_functions_t traffic_selector_get_printf_hooks();
+int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
+ const void *const *args);
#endif /* TRAFFIC_SELECTOR_H_ @} */
diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c
index 309115280..2841086b2 100644
--- a/src/charon/credentials/credential_manager.c
+++ b/src/charon/credentials/credential_manager.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: credential_manager.c 4591 2008-11-05 16:12:54Z martin $
+ * $Id: credential_manager.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <pthread.h>
@@ -572,7 +572,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
case VALIDATION_REVOKED:
/* subject has been revoked by a valid OCSP response */
DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
- &revocation, crl_reason_names, reason);
+ &revocation, TRUE, crl_reason_names, reason);
revoked = TRUE;
break;
case VALIDATION_GOOD:
@@ -593,7 +593,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
best = cand;
if (best->get_validity(best, NULL, NULL, &valid_until))
{
- DBG1(DBG_CFG, " ocsp response is valid: until %#T",
+ DBG1(DBG_CFG, " ocsp response is valid: until %T",
&valid_until, FALSE);
*valid = VALIDATION_GOOD;
if (cache)
@@ -603,7 +603,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
}
else
{
- DBG1(DBG_CFG, " ocsp response is stale: since %#T",
+ DBG1(DBG_CFG, " ocsp response is stale: since %T",
&valid_until, FALSE);
*valid = VALIDATION_STALE;
}
@@ -791,7 +791,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
if (chunk_equals(serial, subject->get_serial(subject)))
{
DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
- &revocation, crl_reason_names, reason);
+ &revocation, TRUE, crl_reason_names, reason);
*valid = VALIDATION_REVOKED;
enumerator->destroy(enumerator);
DESTROY_IF(best);
@@ -807,7 +807,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
best = cand;
if (best->get_validity(best, NULL, NULL, &valid_until))
{
- DBG1(DBG_CFG, " crl is valid: until %#T", &valid_until, FALSE);
+ DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE);
*valid = VALIDATION_GOOD;
if (cache)
{ /* we cache non-stale crls only, as a stale crls are refetched */
@@ -816,7 +816,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
}
else
{
- DBG1(DBG_CFG, " crl is stale: since %#T", &valid_until, FALSE);
+ DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE);
*valid = VALIDATION_STALE;
}
}
@@ -938,13 +938,13 @@ static bool check_certificate(private_credential_manager_t *this,
if (!subject->get_validity(subject, NULL, &not_before, &not_after))
{
DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)",
- &not_before, &not_after);
+ &not_before, TRUE, &not_after, TRUE);
return FALSE;
}
if (!issuer->get_validity(issuer, NULL, &not_before, &not_after))
{
DBG1(DBG_CFG, "issuer certificate invalid (valid from %T to %T)",
- &not_before, &not_after);
+ &not_before, TRUE, &not_after, TRUE);
return FALSE;
}
if (issuer->get_type(issuer) == CERT_X509 &&
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 78cbeec83..6dcb39a89 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2009 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -644,9 +644,13 @@ int main(int argc, char *argv[])
/* initialize library */
library_init(STRONGSWAN_CONF);
lib->printf_hook->add_handler(lib->printf_hook, 'R',
- traffic_selector_get_printf_hooks());
+ traffic_selector_printf_hook,
+ PRINTF_HOOK_ARGTYPE_POINTER,
+ PRINTF_HOOK_ARGTYPE_END);
lib->printf_hook->add_handler(lib->printf_hook, 'P',
- proposal_get_printf_hooks());
+ proposal_printf_hook,
+ PRINTF_HOOK_ARGTYPE_POINTER,
+ PRINTF_HOOK_ARGTYPE_END);
private_charon = daemon_create();
charon = (daemon_t*)private_charon;
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
index 47dac47d4..07ca48e6f 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_mschapv2.c 4888 2009-02-19 14:32:13Z tobias $
+ * $Id: eap_mschapv2.c 4896 2009-02-24 13:39:50Z martin $
*/
#include "eap_mschapv2.h"
@@ -643,7 +643,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
rng->destroy(rng);
shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, this->server, this->peer);
+ SHARED_EAP, this->peer, this->server);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for hosts '%D' - '%D'",
diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c
index 1f2b6f723..72744b784 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/charon/plugins/nm/nm_service.c
@@ -83,8 +83,8 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
*/
static void signal_failure(NMVPNPlugin *plugin)
{
- /* TODO: NM does not handle this failure!?
- nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */
+ /* TODO: NM does not handle this failure!? */
+ nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
@@ -144,7 +144,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
nm_creds_t *creds;
NMSettingVPN *settings;
identification_t *user = NULL, *gateway;
- char *address, *str;
+ const char *address, *str;
bool virtual, encap, ipcomp;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
@@ -164,20 +164,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
DBG4(DBG_CFG, "received NetworkManager connection: %s",
nm_setting_to_string(NM_SETTING(settings)));
- address = g_hash_table_lookup(settings->data, "address");
+ address = nm_setting_vpn_get_data_item(settings, "address");
if (!address || !*address)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Gateway address missing.");
return FALSE;
}
- str = g_hash_table_lookup(settings->data, "virtual");
+ str = nm_setting_vpn_get_data_item(settings, "virtual");
virtual = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "encap");
+ str = nm_setting_vpn_get_data_item(settings, "encap");
encap = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "ipcomp");
+ str = nm_setting_vpn_get_data_item(settings, "ipcomp");
ipcomp = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "method");
+ str = nm_setting_vpn_get_data_item(settings, "method");
if (str)
{
if (streq(str, "psk"))
@@ -202,7 +202,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
creds->clear(creds);
/* gateway cert */
- str = g_hash_table_lookup(settings->data, "certificate");
+ str = nm_setting_vpn_get_data_item(settings, "certificate");
if (str)
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
@@ -220,20 +220,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
if (auth_class == AUTH_CLASS_EAP)
{
/* username/password authentication ... */
- str = g_hash_table_lookup(settings->data, "user");
+ str = nm_setting_vpn_get_data_item(settings, "user");
if (str)
{
user = identification_create_from_encoding(ID_KEY_ID,
chunk_create(str, strlen(str)));
- str = g_hash_table_lookup(settings->secrets, "password");
- creds->set_username_password(creds, user, str);
+ str = nm_setting_vpn_get_secret(settings, "password");
+ creds->set_username_password(creds, user, (char*)str);
}
}
if (auth_class == AUTH_CLASS_PUBKEY)
{
/* ... or certificate/private key authenitcation */
- str = g_hash_table_lookup(settings->data, "usercert");
+ str = nm_setting_vpn_get_data_item(settings, "usercert");
if (str)
{
public_key_t *public;
@@ -241,10 +241,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, str, BUILD_END);
-
+ if (!cert)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading peer certificate failed.");
+ return FALSE;
+ }
/* try agent */
- str = g_hash_table_lookup(settings->secrets, "agent");
- if (agent && str && cert)
+ str = nm_setting_vpn_get_secret(settings, "agent");
+ if (agent && str)
{
public = cert->get_public_key(cert);
if (public)
@@ -256,25 +262,38 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
BUILD_END);
public->destroy(public);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Connecting to SSH agent failed.");
+ }
}
/* ... or key file */
- str = g_hash_table_lookup(settings->data, "userkey");
- if (!agent && str && cert)
+ str = nm_setting_vpn_get_data_item(settings, "userkey");
+ if (!agent && str)
{
chunk_t secret, chunk;
bool pgp = FALSE;
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings,
+ "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(str, &secret, &chunk, &pgp))
+ if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp))
{
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
free(chunk.ptr);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading private key failed.");
+ }
}
if (private)
{
@@ -285,8 +304,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
DESTROY_IF(cert);
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
- "Loading user certificate/private key failed.");
return FALSE;
}
}
@@ -302,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Set up configurations
*/
- ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address);
+ ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg,
user, gateway->clone(gateway),
@@ -367,40 +384,40 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
char **setting_name, GError **error)
{
NMSettingVPN *settings;
- char *method, *path;
+ const char *method, *path;
chunk_t secret = chunk_empty, key;
bool pgp = FALSE;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
NM_TYPE_SETTING_VPN));
- method = g_hash_table_lookup(settings->data, "method");
+ method = nm_setting_vpn_get_data_item(settings, "method");
if (method)
{
if (streq(method, "eap"))
{
- if (g_hash_table_lookup(settings->secrets, "password"))
+ if (nm_setting_vpn_get_secret(settings, "password"))
{
return FALSE;
}
}
else if (streq(method, "agent"))
{
- if (g_hash_table_lookup(settings->secrets, "agent"))
+ if (nm_setting_vpn_get_secret(settings, "agent"))
{
return FALSE;
}
}
else if (streq(method, "key"))
{
- path = g_hash_table_lookup(settings->data, "userkey");
+ path = nm_setting_vpn_get_data_item(settings, "userkey");
if (path)
{
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(path, &secret, &key, &pgp))
+ if (pem_asn1_load_file((char*)path, &secret, &key, &pgp))
{
free(key.ptr);
return FALSE;
@@ -434,6 +451,9 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
}
}
enumerator->destroy(enumerator);
+
+ g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL,
+ "Connection not found.");
return FALSE;
}
diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c
index 8f5dc54dd..9761e88e9 100644
--- a/src/charon/plugins/sql/pool.c
+++ b/src/charon/plugins/sql/pool.c
@@ -554,10 +554,10 @@ static void leases(char *filter, bool utc)
printf("%-7s ", "expired");
}
- printf(" %#T ", &acquired, utc);
+ printf(" %T ", &acquired, utc);
if (released)
{
- printf("%#T ", &released, utc);
+ printf("%T ", &released, utc);
}
else
{
diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c
index cd6f7c0cd..826aa8318 100644
--- a/src/charon/plugins/sql/sql_attribute.c
+++ b/src/charon/plugins/sql/sql_attribute.c
@@ -89,7 +89,7 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout)
e->destroy(e);
return pool;
}
- DBG1(DBG_CFG, "ip pool '%s' not found");
+ DESTROY_IF(e);
return 0;
}
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
index 7591a1e27..f850b5320 100644
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ b/src/charon/plugins/stroke/stroke_attribute.c
@@ -307,6 +307,7 @@ static bool release_address(private_stroke_attribute_t *this,
{
DBG1(DBG_CFG, "lease %H of %D went offline", address, id);
pool->offline->put(pool->offline, id, (void*)offset);
+ found = TRUE;
}
}
}
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 07e0ca768..434aec22b 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -804,7 +804,7 @@ static void load_secrets(private_stroke_cred_t *this)
}
else if (match("PIN", &token))
{
- chunk_t sc = chunk_empty;
+ chunk_t sc = chunk_empty, secret = chunk_empty;
char smartcard[32], keyid[22], pin[32];
private_key_t *key;
u_int slot;
@@ -847,13 +847,13 @@ static void load_secrets(private_stroke_cred_t *this)
DBG1(DBG_CFG, "line %d: expected PIN", line_nr);
goto error;
}
- ugh = extract_secret(&chunk, &line);
+ ugh = extract_secret(&secret, &line);
if (ugh != NULL)
{
DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh);
goto error;
}
- snprintf(pin, sizeof(pin), "%.*s", chunk.len, chunk.ptr);
+ snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
pin[sizeof(pin) - 1] = '\0';
/* we assume an RSA key */
@@ -867,6 +867,7 @@ static void load_secrets(private_stroke_cred_t *this)
this->private->insert_last(this->private, key);
}
memset(pin, 0, sizeof(pin));
+ chunk_clear(&secret);
}
else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
(match("EAP", &token) && (type = SHARED_EAP)) ||
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c
index 8042875c9..94b3def3a 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/charon/plugins/stroke/stroke_list.c
@@ -88,7 +88,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
time_t established;
established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED);
- fprintf(out, " %#V ago", &now, &established);
+ fprintf(out, " %V ago", &now, &established);
}
fprintf(out, ", %H[%D]...%H[%D]\n",
@@ -116,11 +116,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all)
if (rekey)
{
- fprintf(out, ", rekeying in %#V", &rekey, &now);
+ fprintf(out, ", rekeying in %V", &rekey, &now);
}
if (reauth)
{
- fprintf(out, ", %N reauthentication in %#V", auth_class_names,
+ fprintf(out, ", %N reauthentication in %V", auth_class_names,
get_auth_class(ike_sa->get_peer_cfg(ike_sa)),
&reauth, &now);
}
@@ -212,7 +212,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
rekey = child_sa->get_lifetime(child_sa, FALSE);
if (rekey)
{
- fprintf(out, "in %#V", &now, &rekey);
+ fprintf(out, "in %V", &now, &rekey);
}
else
{
@@ -265,12 +265,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo
char *plugin, *pool;
host_t *host;
u_int32_t dpd;
- time_t uptime = time(NULL) - this->uptime;
+ time_t now = time(NULL);
bool first = TRUE;
u_int size, online, offline;
fprintf(out, "Performance:\n");
- fprintf(out, " uptime: %V, since %#T\n", &uptime, &this->uptime, FALSE);
+ fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE);
fprintf(out, " worker threads: %d idle of %d,",
charon->processor->get_idle_threads(charon->processor),
charon->processor->get_total_threads(charon->processor));
@@ -290,6 +290,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo
enumerator = this->attribute->create_pool_enumerator(this->attribute);
while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
{
+ if (name && !streq(name, pool))
+ {
+ continue;
+ }
if (first)
{
first = FALSE;
@@ -655,26 +659,26 @@ static void stroke_list_certs(linked_list_t *list, char *label,
/* list validity */
cert->get_validity(cert, &now, &notBefore, &notAfter);
- fprintf(out, " validity: not before %#T, ", &notBefore, utc);
+ fprintf(out, " validity: not before %T, ", &notBefore, utc);
if (now < notBefore)
{
- fprintf(out, "not valid yet (valid in %#V)\n", &now, &notBefore);
+ fprintf(out, "not valid yet (valid in %V)\n", &now, &notBefore);
}
else
{
fprintf(out, "ok\n");
}
- fprintf(out, " not after %#T, ", &notAfter, utc);
+ fprintf(out, " not after %T, ", &notAfter, utc);
if (now > notAfter)
{
- fprintf(out, "expired (%#V ago)\n", &now, &notAfter);
+ fprintf(out, "expired (%V ago)\n", &now, &notAfter);
}
else
{
fprintf(out, "ok");
if (now > notAfter - CERT_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &notAfter);
+ fprintf(out, " (expires in %V)", &now, &notAfter);
}
fprintf(out, " \n");
}
@@ -755,18 +759,18 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
/* list validity */
cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %#T\n", &thisUpdate, utc);
- fprintf(out, " next %#T, ", &nextUpdate, utc);
+ fprintf(out, " updates: this %T\n", &thisUpdate, utc);
+ fprintf(out, " next %T, ", &nextUpdate, utc);
if (now > nextUpdate)
{
- fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
}
else
{
fprintf(out, "ok");
if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &nextUpdate);
+ fprintf(out, " (expires in %V)", &now, &nextUpdate);
}
fprintf(out, " \n");
}
@@ -828,18 +832,18 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
/* list validity */
cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
- fprintf(out, " updates: this %#T\n", &thisUpdate, utc);
- fprintf(out, " next %#T, ", &nextUpdate, utc);
+ fprintf(out, " updates: this %T\n", &thisUpdate, utc);
+ fprintf(out, " next %T, ", &nextUpdate, utc);
if (now > nextUpdate)
{
- fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate);
+ fprintf(out, "expired (%V ago)\n", &now, &nextUpdate);
}
else
{
fprintf(out, "ok");
if (now > nextUpdate - CRL_WARNING_INTERVAL * 60 * 60 * 24)
{
- fprintf(out, " (expires in %#V)", &now, &nextUpdate);
+ fprintf(out, " (expires in %V)", &now, &nextUpdate);
}
fprintf(out, " \n");
}
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 82dd479ca..6acbc6eef 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -15,12 +15,11 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_sa.c 4808 2008-12-16 15:48:36Z martin $
+ * $Id: ike_sa.c 4945 2009-03-16 14:23:36Z martin $
*/
#include <sys/time.h>
#include <string.h>
-#include <printf.h>
#include <sys/stat.h>
#include <errno.h>
#include <time.h>
@@ -1103,6 +1102,12 @@ static void resolve_hosts(private_ike_sa_t *this)
{
host->set_port(host, IKEV2_UDP_PORT);
}
+ else
+ { /* fallback to address family specific %any(6), if configured */
+ host = host_create_from_dns(
+ this->ike_cfg->get_my_addr(this->ike_cfg),
+ 0, IKEV2_UDP_PORT);
+ }
}
}
if (host)
@@ -1743,7 +1748,7 @@ static status_t reauth(private_ike_sa_t *this)
{
time_t now = time(NULL);
- DBG1(DBG_IKE, "IKE_SA will timeout in %#V",
+ DBG1(DBG_IKE, "IKE_SA will timeout in %V",
&now, &this->stats[STAT_DELETE]);
return FAILED;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 05:48:30 +0000