diff options
Diffstat (limited to 'src/libcharon/plugins/stroke')
| -rw-r--r-- | src/libcharon/plugins/stroke/Makefile.in | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_ca.c | 23 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 22 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_control.c | 5 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.c | 10 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_list.c | 59 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 11 |
7 files changed, 96 insertions, 36 deletions
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 8815ba741..e094200ca 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 49146f18b..9a3ae0ab9 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -306,7 +306,8 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) return; } ca_section_destroy(ca); - /* TODO: flush cached certs */ + + lib->credmgr->flush_cache(lib->credmgr, CERT_ANY); } /** @@ -356,12 +357,16 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer { if (section->certuribase && cert->issued_by(cert, section->cert)) { - chunk_t hash, encoded = cert->get_encoding(cert); - hasher->allocate_hash(hasher, encoded, &hash); - section->hashes->insert_last(section->hashes, - identification_create_from_encoding(ID_KEY_ID, hash)); - chunk_free(&hash); - chunk_free(&encoded); + chunk_t hash, encoded; + + if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded)) + { + hasher->allocate_hash(hasher, encoded, &hash); + section->hashes->insert_last(section->hashes, + identification_create_from_encoding(ID_KEY_ID, hash)); + chunk_free(&hash); + chunk_free(&encoded); + } break; } } @@ -400,11 +405,11 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) /* list authkey and keyid */ if (public) { - if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) + if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) { fprintf(out, " authkey: %#B\n", &chunk); } - if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &chunk)) + if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk)) { fprintf(out, " keyid: %#B\n", &chunk); } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index bbc1e7a31..617069432 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -399,8 +399,8 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, if (ca) { identity = identification_create_from_string(ca); - certificate = charon->credentials->get_cert(charon->credentials, - CERT_X509, KEY_ANY, identity, TRUE); + certificate = lib->credmgr->get_cert(lib->credmgr, CERT_X509, + KEY_ANY, identity, TRUE); identity->destroy(identity); if (certificate) { @@ -413,7 +413,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } } - /* AC groups */ + /* groups */ if (end->groups) { enumerator_t *enumerator; @@ -422,9 +422,8 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator = enumerator_create_token(end->groups, ",", " "); while (enumerator->enumerate(enumerator, &group)) { - identity = identification_create_from_encoding(ID_IETF_ATTR_STRING, - chunk_create(group, strlen(group))); - cfg->add(cfg, AUTH_RULE_AC_GROUP, identity); + cfg->add(cfg, AUTH_RULE_GROUP, + identification_create_from_string(group)); } enumerator->destroy(enumerator); } @@ -769,6 +768,14 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 } }; + mark_t mark_in = { + .value = msg->add_conn.mark_in.value, + .mask = msg->add_conn.mark_in.mask + }; + mark_t mark_out = { + .value = msg->add_conn.mark_out.value, + .mask = msg->add_conn.mark_out.mask + }; switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ @@ -787,7 +794,8 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, - msg->add_conn.inactivity); + msg->add_conn.inactivity, msg->add_conn.reqid, + &mark_in, &mark_out); child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index a03aef697..f64421551 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -186,6 +186,11 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } else { + if (!pos) + { + DBG1(DBG_CFG, "error parsing string"); + return; + } if (*(pos + 1) == '*') { /* is name[*] */ all = TRUE; diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index e0a5210a9..2816b9bb2 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -378,7 +378,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) } if (found) { - new = cert->is_newer(cert, current); + new = crl_is_newer(crl, crl_c); if (new) { this->certs->remove_at(this->certs, enumerator); @@ -587,9 +587,11 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); free(hex.ptr); - chunk = cert->get_encoding(cert); - chunk_write(chunk, buf, "crl", 022, TRUE); - free(chunk.ptr); + if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk)) + { + chunk_write(chunk, buf, "crl", 022, TRUE); + free(chunk.ptr); + } } } } diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index c2a98da33..a6de35466 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -17,6 +17,10 @@ #include <time.h> +#ifdef HAVE_MALLINFO +#include <malloc.h> +#endif /* HAVE_MALLINFO */ + #include <daemon.h> #include <utils/linked_list.h> #include <credentials/certificates/x509.h> @@ -55,6 +59,33 @@ struct private_stroke_list_t { }; /** + * Log tasks of a specific queue to out + */ +static void log_task_q(FILE *out, ike_sa_t *ike_sa, task_queue_t q, char *name) +{ + enumerator_t *enumerator; + bool has = FALSE; + task_t *task; + + enumerator = ike_sa->create_task_enumerator(ike_sa, q); + while (enumerator->enumerate(enumerator, &task)) + { + if (!has) + { + fprintf(out, "%12s[%d]: Tasks %s: ", ike_sa->get_name(ike_sa), + ike_sa->get_unique_id(ike_sa), name); + has = TRUE; + } + fprintf(out, "%N ", task_type_names, task->get_type(task)); + } + enumerator->destroy(enumerator); + if (has) + { + fprintf(out, "\n"); + } +} + +/** * log an IKE_SA to out */ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) @@ -140,6 +171,10 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), buf+4); } + + log_task_q(out, ike_sa, TASK_QUEUE_QUEUED, "queued"); + log_task_q(out, ike_sa, TASK_QUEUE_ACTIVE, "active"); + log_task_q(out, ike_sa, TASK_QUEUE_PASSIVE, "passive"); } } @@ -342,7 +377,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) rules = auth->create_enumerator(auth); while (rules->enumerate(rules, &rule, &id)) { - if (rule == AUTH_RULE_AC_GROUP) + if (rule == AUTH_RULE_GROUP) { fprintf(out, "%12s: group: %Y\n", name, id); } @@ -373,12 +408,19 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo u_int32_t dpd; time_t since, now; u_int size, online, offline; - now = time_monotonic(NULL); since = time(NULL) - (now - this->uptime); fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); +#ifdef HAVE_MALLINFO + { + struct mallinfo mi = mallinfo(); + + fprintf(out, " malloc: sbrk %d, mmap %d, used %d, free %d\n", + mi.arena, mi.hblkhd, mi.uordblks, mi.fordblks); + } +#endif /* HAVE_MALLINFO */ fprintf(out, " worker threads: %d idle of %d,", charon->processor->get_idle_threads(charon->processor), charon->processor->get_total_threads(charon->processor)); @@ -534,9 +576,8 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo static linked_list_t* create_unique_cert_list(certificate_type_t type) { linked_list_t *list = linked_list_create(); - enumerator_t *enumerator = charon->credentials->create_cert_enumerator( - charon->credentials, type, KEY_ANY, - NULL, FALSE); + enumerator_t *enumerator = lib->credmgr->create_cert_enumerator( + lib->credmgr, type, KEY_ANY, NULL, FALSE); certificate_t *cert; while (enumerator->enumerate(enumerator, (void**)&cert)) @@ -585,11 +626,11 @@ static void list_public_key(public_key_t *public, FILE *out) identification_t *id; auth_cfg_t *auth; - if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) + if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyid)) { id = identification_create_from_encoding(ID_KEY_ID, keyid); auth = auth_cfg_create(); - private = charon->credentials->get_private(charon->credentials, + private = lib->credmgr->get_private(lib->credmgr, public->get_type(public), id, auth); auth->destroy(auth); id->destroy(id); @@ -599,11 +640,11 @@ static void list_public_key(public_key_t *public, FILE *out) key_type_names, public->get_type(public), public->get_keysize(public) * 8, private ? ", has private key" : ""); - if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid)) { fprintf(out, " keyid: %#B\n", &keyid); } - if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) + if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyid)) { fprintf(out, " subjkey: %#B\n", &keyid); } diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 56c18da38..18afa5af4 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -344,8 +344,7 @@ static void stroke_purge(private_stroke_socket_t *this, { if (msg->purge.flags & PURGE_OCSP) { - charon->credentials->flush_cache(charon->credentials, - CERT_X509_OCSP_RESPONSE); + lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } if (msg->purge.flags & PURGE_IKE) { @@ -622,8 +621,8 @@ static bool open_socket(private_stroke_socket_t *this) static void destroy(private_stroke_socket_t *this) { this->job->cancel(this->job); - charon->credentials->remove_set(charon->credentials, &this->ca->set); - charon->credentials->remove_set(charon->credentials, &this->cred->set); + lib->credmgr->remove_set(lib->credmgr, &this->ca->set); + lib->credmgr->remove_set(lib->credmgr, &this->cred->set); charon->backends->remove_backend(charon->backends, &this->config->backend); hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->cred->destroy(this->cred); @@ -657,8 +656,8 @@ stroke_socket_t *stroke_socket_create() this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - charon->credentials->add_set(charon->credentials, &this->ca->set); - charon->credentials->add_set(charon->credentials, &this->cred->set); + lib->credmgr->add_set(lib->credmgr, &this->ca->set); + lib->credmgr->add_set(lib->credmgr, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider); |