diff options
Diffstat (limited to 'src/libcharon/plugins')
82 files changed, 2427 insertions, 0 deletions
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 018318a59..7f3cd1692 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c index 12cf0c941..b6836cb1f 100644 --- a/src/libcharon/plugins/addrblock/addrblock_validator.c +++ b/src/libcharon/plugins/addrblock/addrblock_validator.c @@ -1,6 +1,13 @@ /* +<<<<<<< HEAD + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * Copyright (C) 2009 Andreas Steffen + * Hochschule fuer Technik Rapperswil +======= * Copyright (C) 2010 Martin Willi, revosec AG * Copyright (C) 2009 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +>>>>>>> upstream/4.5.1 * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,8 +95,12 @@ static bool check_addrblock(x509_t *subject, x509_t *issuer) METHOD(cert_validator_t, validate, bool, private_addrblock_validator_t *this, certificate_t *subject, +<<<<<<< HEAD + certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *issuer, bool online, int pathlen, bool anchor, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509) diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in index 7d6eb2b9c..d9700f810 100644 --- a/src/libcharon/plugins/android/Makefile.in +++ b/src/libcharon/plugins/android/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/android/android_creds.c b/src/libcharon/plugins/android/android_creds.c index 601c91e7b..69941848c 100644 --- a/src/libcharon/plugins/android/android_creds.c +++ b/src/libcharon/plugins/android/android_creds.c @@ -235,7 +235,11 @@ METHOD(android_creds_t, set_username_password, void, DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); +<<<<<<< HEAD + this->pass = password ? strdup(password) : NULL; +======= this->pass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 487567f2a..c222d8a65 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -291,8 +291,13 @@ static job_requeue_t initiate(private_android_service_t *this) peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 8046fc052..9c4ad3a02 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 8851c1b79..521bf5595 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -459,7 +459,11 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) { dhcp_transaction_t *transaction = NULL; enumerator_t *enumerator; +<<<<<<< HEAD + host_t *offer, *server; +======= host_t *offer, *server = NULL; +>>>>>>> upstream/4.5.1 offer = host_create_from_chunk(AF_INET, chunk_from_thing(dhcp->your_address), 0); @@ -500,7 +504,11 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) chunk_create((char*)&option->data[pos], 4)); } } +<<<<<<< HEAD + if (option->type == DHCP_SERVER_ID && option->len == 4) +======= if (!server && option->type == DHCP_SERVER_ID && option->len == 4) +>>>>>>> upstream/4.5.1 { server = host_create_from_chunk(AF_INET, chunk_create(option->data, 4), DHCP_SERVER_PORT); @@ -515,11 +523,19 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) } DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); transaction->set_address(transaction, offer->clone(offer)); +<<<<<<< HEAD + transaction->set_server(transaction, server->clone(server)); +======= transaction->set_server(transaction, server); +>>>>>>> upstream/4.5.1 } this->mutex->unlock(this->mutex); this->condvar->broadcast(this->condvar); offer->destroy(offer); +<<<<<<< HEAD + server->destroy(server); +======= +>>>>>>> upstream/4.5.1 } /** diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 4a23f9010..adb0d8344 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index ad1ae1906..933bc8a5b 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 142a35e50..1592ea208 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 5c1e07ade..cc51086e6 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 4e01d96cc..e2c3b5c1f 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 495ccf441..669be68e8 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 99084e2c1..58a317769 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 90f203f61..4d219b861 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 3cd766a75..fb72884d4 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index a48fb652a..f7fc71bdf 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index f2af3ae0d..f26ec64df 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index 9a58a6055..b37d2714a 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 9ebb85be9..7334c6ce9 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index cf75585ef..db1f1c8c5 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index dd4ed5322..7d708b3b9 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -18,7 +18,11 @@ #include <tls_eap.h> #include <daemon.h> +<<<<<<< HEAD +#include <library.h> +======= #include <debug.h> +>>>>>>> upstream/4.5.1 typedef struct private_eap_tnc_t private_eap_tnc_t; @@ -114,8 +118,11 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, private_eap_tnc_t *this; size_t frag_size; int max_msg_count; +<<<<<<< HEAD +======= char* protocol; tnccs_type_t type; +>>>>>>> upstream/4.5.1 tnccs_t *tnccs; INIT(this, @@ -135,6 +142,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, "charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT); +<<<<<<< HEAD + tnccs = charon->tnccs->create_instance(charon->tnccs, TNCCS_1_1, is_server); +======= protocol = lib->settings->get_str(lib->settings, "charon.plugins.eap-tnc.protocol", "tnccs-1.1"); if (strcaseeq(protocol, "tnccs-2.0")) @@ -156,6 +166,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, return NULL; } tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server); +>>>>>>> upstream/4.5.1 this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size, max_msg_count); if (!this->tls_eap) { diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index ff67686b2..36121c7a7 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index 29b0a9303..c8e099ad5 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -196,7 +196,10 @@ METHOD(tls_application_t, process, status_t, in->destroy(in); return NEED_MORE; } +<<<<<<< HEAD +======= this->start_phase2 = FALSE; +>>>>>>> upstream/4.5.1 } type = this->method->get_type(this->method, &vendor); diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 21e8b78db..5f6354f32 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 2fcd7cc82..8be700808 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c index 15f7824f9..698f73e12 100644 --- a/src/libcharon/plugins/ha/ha_ctl.c +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -21,8 +21,13 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> +<<<<<<< HEAD +#include <pthread.h> + +======= #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define HA_FIFO IPSEC_PIDDIR "/charon.ha" @@ -60,6 +65,15 @@ struct private_ha_ctl_t { */ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) { +<<<<<<< HEAD + int fifo, old; + char buf[8]; + u_int segment; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old); + fifo = open(HA_FIFO, O_RDONLY); + pthread_setcancelstate(old, NULL); +======= int fifo; bool oldstate; char buf[8]; @@ -68,6 +82,7 @@ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) oldstate = thread_cancelability(TRUE); fifo = open(HA_FIFO, O_RDONLY); thread_cancelability(oldstate); +>>>>>>> upstream/4.5.1 if (fifo == -1) { DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 85dc0f4a4..1015c65d0 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -596,9 +596,15 @@ static void process_child_add(private_ha_dispatcher_t *this, if (initiator) { if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi, +<<<<<<< HEAD + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_i, integ_i, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) +======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_i, integ_i, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) +>>>>>>> upstream/4.5.1 { failed = TRUE; } @@ -606,9 +612,15 @@ static void process_child_add(private_ha_dispatcher_t *this, else { if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi, +<<<<<<< HEAD + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_r, integ_r, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) +======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_r, integ_r, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) +>>>>>>> upstream/4.5.1 { failed = TRUE; } diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index 7c7bef851..a83c1fd43 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -15,10 +15,18 @@ #include "ha_segments.h" +<<<<<<< HEAD +#include <pthread.h> + +#include <threading/mutex.h> +#include <threading/condvar.h> +#include <utils/linked_list.h> +======= #include <threading/mutex.h> #include <threading/condvar.h> #include <utils/linked_list.h> #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define DEFAULT_HEARTBEAT_DELAY 1000 @@ -254,6 +262,18 @@ METHOD(listener_t, alert_hook, bool, */ static job_requeue_t watchdog(private_ha_segments_t *this) { +<<<<<<< HEAD + int oldstate; + bool timeout; + + this->mutex->lock(this->mutex); + pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + timeout = this->condvar->timed_wait(this->condvar, this->mutex, + this->heartbeat_timeout); + pthread_setcancelstate(oldstate, NULL); + pthread_cleanup_pop(TRUE); +======= bool timeout, oldstate; this->mutex->lock(this->mutex); @@ -263,6 +283,7 @@ static job_requeue_t watchdog(private_ha_segments_t *this) this->heartbeat_timeout); thread_cancelability(oldstate); thread_cleanup_pop(TRUE); +>>>>>>> upstream/4.5.1 if (timeout) { DBG1(DBG_CFG, "no heartbeat received, taking all segments"); diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c index 086178442..29734bea3 100644 --- a/src/libcharon/plugins/ha/ha_socket.c +++ b/src/libcharon/plugins/ha/ha_socket.c @@ -20,10 +20,17 @@ #include <sys/socket.h> #include <errno.h> #include <unistd.h> +<<<<<<< HEAD +#include <pthread.h> + +#include <daemon.h> +#include <utils/host.h> +======= #include <daemon.h> #include <utils/host.h> #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> typedef struct private_ha_socket_t private_ha_socket_t; @@ -121,12 +128,21 @@ METHOD(ha_socket_t, pull, ha_message_t*, { ha_message_t *message; char buf[1024]; +<<<<<<< HEAD + int oldstate; + ssize_t len; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + len = recv(this->fd, buf, sizeof(buf), 0); + pthread_setcancelstate(oldstate, NULL); +======= bool oldstate; ssize_t len; oldstate = thread_cancelability(TRUE); len = recv(this->fd, buf, sizeof(buf), 0); thread_cancelability(oldstate); +>>>>>>> upstream/4.5.1 if (len <= 0) { switch (errno) diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 299053ec1..6021ece01 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -223,8 +223,13 @@ static void setup_tunnel(private_ha_tunnel_t *this, peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index fa1194fd0..0684599f8 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index c921ec3db..91bae2d05 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 71391d593..65fb5100e 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -224,8 +224,13 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index ef9d7f9ef..701fd59e4 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -52,7 +52,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 8fd65adfa..f93cdf154 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -28,8 +28,11 @@ #include <threading/condvar.h> #include <threading/mutex.h> +<<<<<<< HEAD +======= static const char *plugin_name = "load_tester"; +>>>>>>> upstream/4.5.1 typedef struct private_load_tester_plugin_t private_load_tester_plugin_t; /** @@ -191,7 +194,11 @@ plugin_t *load_tester_plugin_create() this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +<<<<<<< HEAD + lib->crypto->add_dh(lib->crypto, MODP_NULL, +======= lib->crypto->add_dh(lib->crypto, MODP_NULL, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)load_tester_diffie_hellman_create); this->delay = lib->settings->get_int(lib->settings, diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am index 0bf7fad5d..95a76fe90 100644 --- a/src/libcharon/plugins/maemo/Makefile.am +++ b/src/libcharon/plugins/maemo/Makefile.am @@ -19,9 +19,13 @@ libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service +<<<<<<< HEAD +EXTRA_DIST = $(dbusservice_DATA) +======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index 0ca1fa436..cfa6e6115 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -288,8 +297,12 @@ libstrongswan_maemo_la_SOURCES = \ libstrongswan_maemo_la_LDFLAGS = -module -avoid-version libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service +<<<<<<< HEAD +EXTRA_DIST = $(dbusservice_DATA) +======= EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) +>>>>>>> upstream/4.5.1 all: all-am .SUFFIXES: @@ -529,7 +542,10 @@ install-strip: mostlyclean-generic: clean-generic: +<<<<<<< HEAD +======= -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +>>>>>>> upstream/4.5.1 distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -628,9 +644,12 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES uninstall-pluginLTLIBRARIES +<<<<<<< HEAD +======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ +>>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 0e9fd8ccc..38ac6f8fc 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -115,11 +115,20 @@ METHOD(listener_t, ike_updown, bool, return TRUE; } +<<<<<<< HEAD +METHOD(listener_t, child_state_change, bool, + private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + child_sa_state_t state) +{ + /* this call back is only registered during initiation */ + if (this->ike_sa == ike_sa && state == CHILD_DESTROYING) +======= METHOD(listener_t, ike_state_change, bool, private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) { /* this call back is only registered during initiation */ if (this->ike_sa == ike_sa && state == IKE_DESTROYING) +>>>>>>> upstream/4.5.1 { change_status(this, VPN_STATUS_CONNECTION_FAILED); return FALSE; @@ -137,7 +146,11 @@ METHOD(listener_t, child_updown, bool, { /* disable hooks registered to catch initiation failures */ this->public.listener.ike_updown = NULL; +<<<<<<< HEAD + this->public.listener.child_state_change = NULL; +======= this->public.listener.ike_state_change = NULL; +>>>>>>> upstream/4.5.1 change_status(this, VPN_STATUS_CONNECTED); } else @@ -346,7 +359,11 @@ static gboolean initiate_connection(private_maemo_service_t *this, child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, +<<<<<<< HEAD + FALSE, 0, 0, NULL, NULL); +======= ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); @@ -370,7 +387,11 @@ static gboolean initiate_connection(private_maemo_service_t *this, this->ike_sa = ike_sa; this->status = VPN_STATUS_CONNECTING; this->public.listener.ike_updown = _ike_updown; +<<<<<<< HEAD + this->public.listener.child_state_change = _child_state_change; +======= this->public.listener.ike_state_change = _ike_state_change; +>>>>>>> upstream/4.5.1 charon->bus->add_listener(charon->bus, &this->public.listener); if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) @@ -463,7 +484,11 @@ maemo_service_t *maemo_service_create() .public = { .listener = { .ike_updown = _ike_updown, +<<<<<<< HEAD + .child_state_change = _child_state_change, +======= .ike_state_change = _ike_state_change, +>>>>>>> upstream/4.5.1 .child_updown = _child_updown, .ike_rekey = _ike_rekey, }, diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service b/src/libcharon/plugins/maemo/org.strongswan.charon.service new file mode 100644 index 000000000..7dd31ed60 --- /dev/null +++ b/src/libcharon/plugins/maemo/org.strongswan.charon.service @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.strongswan.charon +Exec=/usr/bin/run-standalone.sh /usr/libexec/ipsec/charon +User=root diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 372a436a6..5f965cb8a 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index b5672dba9..c2e8aad12 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -182,8 +182,13 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -261,8 +266,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->current->add_auth_cfg(this->current, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 4bb65bd09..d90ac0149 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in index 69af7bf83..9ad535ea8 100644 --- a/src/libcharon/plugins/nm/Makefile.in +++ b/src/libcharon/plugins/nm/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c index ea98c056d..869520c6c 100644 --- a/src/libcharon/plugins/nm/nm_creds.c +++ b/src/libcharon/plugins/nm/nm_creds.c @@ -400,7 +400,11 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); +<<<<<<< HEAD + this->pass = password ? strdup(password) : NULL; +======= this->pass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -411,7 +415,11 @@ static void set_key_password(private_nm_creds_t *this, char *password) { this->lock->write_lock(this->lock); free(this->keypass); +<<<<<<< HEAD + this->keypass = password ? strdup(password) : NULL; +======= this->keypass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -423,7 +431,11 @@ static void set_pin(private_nm_creds_t *this, chunk_t keyid, char *pin) this->lock->write_lock(this->lock); free(this->keypass); free(this->keyid.ptr); +<<<<<<< HEAD + this->keypass = pin ? strdup(pin) : NULL; +======= this->keypass = strdupnull(pin); +>>>>>>> upstream/4.5.1 this->keyid = chunk_clone(keyid); this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index 4300b57cf..e32fe65dd 100644 --- a/src/libcharon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -518,8 +518,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 3d2cef13c..bac03bd03 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index b82372e30..e9fc5ef07 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 7a49088b2..6059d98a1 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in index 744b12fcf..fe30169b5 100644 --- a/src/libcharon/plugins/socket_raw/Makefile.in +++ b/src/libcharon/plugins/socket_raw/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 4244d3b5e..2446e257d 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index dc016012c..0ca481bb9 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -1,6 +1,9 @@ /* * Copyright (C) 2006-2008 Martin Willi +<<<<<<< HEAD +======= * Copyright (C) 2010 Andreas Steffen +>>>>>>> upstream/4.5.1 * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -39,13 +42,21 @@ struct private_sql_config_t { }; /** +<<<<<<< HEAD + * forward declaration +======= * Forward declaration +>>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other); /** +<<<<<<< HEAD + * build a traffic selector from a SQL query +======= * Build a traffic selector from an SQL query +>>>>>>> upstream/4.5.1 */ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, enumerator_t *e, bool *local) @@ -120,6 +131,18 @@ static void add_traffic_selectors(private_sql_config_t *this, } /** +<<<<<<< HEAD + * build a Child configuration from a SQL query + */ +static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) +{ + int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; + char *name, *updown; + child_cfg_t *child_cfg; + + if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, + &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) +======= * Add ESP proposals to a child config */ static void add_esp_proposals(private_sql_config_t *this, @@ -168,14 +191,21 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid)) +>>>>>>> upstream/4.5.1 { lifetime_cfg_t lft = { .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, +<<<<<<< HEAD + dpd, close, ipcomp, 0, 0, NULL, NULL); + /* TODO: read proposal from db */ + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); +======= start, dpd, close, ipcomp, 0, reqid, NULL, NULL, 0); add_esp_proposals(this, child_cfg, id); +>>>>>>> upstream/4.5.1 add_traffic_selectors(this, child_cfg, id); return child_cfg; } @@ -191,6 +221,15 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) child_cfg_t *child_cfg; e = this->db->query(this->db, +<<<<<<< HEAD + "SELECT id, name, lifetime, rekeytime, jitter, " + "updown, hostaccess, mode, dpd_action, close_action, ipcomp " + "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " + "WHERE peer_cfg = ?", + DB_INT, id, + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, + DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); +======= "SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, " "mode, start_action, dpd_action, close_action, ipcomp, reqid " "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " @@ -198,6 +237,7 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); +>>>>>>> upstream/4.5.1 if (e) { while ((child_cfg = build_child_cfg(this, e))) @@ -209,6 +249,9 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) } /** +<<<<<<< HEAD + * build a ike configuration from a SQL query +======= * Add IKE proposals to an IKE config */ static void add_ike_proposals(private_sql_config_t *this, @@ -247,27 +290,44 @@ static void add_ike_proposals(private_sql_config_t *this, /** * Build an IKE config from an SQL query +>>>>>>> upstream/4.5.1 */ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, host_t *my_host, host_t *other_host) { +<<<<<<< HEAD + int certreq, force_encap; + char *local, *remote; + + while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) +======= int id, certreq, force_encap; char *local, *remote; while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote)) +>>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg; ike_cfg = ike_cfg_create(certreq, force_encap, local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); +<<<<<<< HEAD + /* TODO: read proposal from db */ + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); +======= add_ike_proposals(this, ike_cfg, id); +>>>>>>> upstream/4.5.1 return ike_cfg; } return NULL; } /** +<<<<<<< HEAD + * Query a IKE config by its id +======= * Query an IKE config by its id +>>>>>>> upstream/4.5.1 */ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { @@ -275,10 +335,17 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, +<<<<<<< HEAD + "SELECT certreq, force_encap, local, remote " + "FROM ike_configs WHERE id = ?", + DB_INT, id, + DB_INT, DB_INT, DB_TEXT, DB_TEXT); +======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); +>>>>>>> upstream/4.5.1 if (e) { ike_cfg = build_ike_cfg(this, e, NULL, NULL); @@ -321,7 +388,11 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } /** +<<<<<<< HEAD + * build a peer configuration from a SQL query +======= * Build a peer config from an SQL query +>>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other) @@ -400,8 +471,15 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, return NULL; } +<<<<<<< HEAD +/** + * implements backend_t.get_peer_cfg_by_name. + */ +static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) +======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_sql_config_t *this, char *name) +>>>>>>> upstream/4.5.1 { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; @@ -471,8 +549,16 @@ static void ike_enumerator_destroy(ike_enumerator_t *this) free(this); } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_ike_cfg_enumerator. + */ +static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, + host_t *me, host_t *other) +======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_sql_config_t *this, host_t *me, host_t *other) +>>>>>>> upstream/4.5.1 { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); @@ -484,9 +570,15 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, e->public.destroy = (void*)ike_enumerator_destroy; e->inner = this->db->query(this->db, +<<<<<<< HEAD + "SELECT certreq, force_encap, local, remote " + "FROM ike_configs", + DB_INT, DB_INT, DB_TEXT, DB_TEXT); +======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs", DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); +>>>>>>> upstream/4.5.1 if (!e->inner) { free(e); @@ -536,8 +628,17 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) free(this); } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_peer_cfg_enumerator. + */ +static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, + identification_t *me, + identification_t *other) +======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_sql_config_t *this, identification_t *me, identification_t *other) +>>>>>>> upstream/4.5.1 { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); @@ -574,8 +675,15 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +/** + * Implementation of sql_config_t.destroy. + */ +static void destroy(private_sql_config_t *this) +======= METHOD(sql_config_t, destroy, void, private_sql_config_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -585,6 +693,16 @@ METHOD(sql_config_t, destroy, void, */ sql_config_t *sql_config_create(database_t *db) { +<<<<<<< HEAD + private_sql_config_t *this = malloc_thing(private_sql_config_t); + + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; + this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; + this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; + this->public.destroy = (void(*)(sql_config_t*))destroy; + + this->db = db; +======= private_sql_config_t *this; INIT(this, @@ -598,6 +716,7 @@ sql_config_t *sql_config_create(database_t *db) }, .db = db ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 117eec921..a72450f27 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -38,7 +41,10 @@ struct private_sql_cred_t { database_t *db; }; +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over private keys */ @@ -51,8 +57,16 @@ typedef struct { private_key_t *current; } private_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.public.enumerate + */ +static bool private_enumerator_enumerate(private_enumerator_t *this, + private_key_t **key) +======= METHOD(enumerator_t, private_enumerator_enumerate, bool, private_enumerator_t *this, private_key_t **key) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -61,7 +75,11 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, +<<<<<<< HEAD + BUILD_BLOB_ASN1_DER, blob, +======= BUILD_BLOB_PEM, blob, +>>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -73,14 +91,36 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.public.destroy + */ +static void private_enumerator_destroy(private_enumerator_t *this) +======= METHOD(enumerator_t, private_enumerator_destroy, void, private_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_private_enumerator. + */ +static enumerator_t* create_private_enumerator(private_sql_cred_t *this, + key_type_t type, + identification_t *id) +{ + private_enumerator_t *e; + + e = malloc_thing(private_enumerator_t); + e->current = NULL; + e->public.enumerate = (void*)private_enumerator_enumerate; + e->public.destroy = (void*)private_enumerator_destroy; +======= METHOD(credential_set_t, create_private_enumerator, enumerator_t*, private_sql_cred_t *this, key_type_t type, identification_t *id) { @@ -92,6 +132,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, .destroy = _private_enumerator_destroy, }, ); +>>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -118,7 +159,10 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over certificates */ @@ -131,8 +175,16 @@ typedef struct { certificate_t *current; } cert_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of cert_enumerator_t.public.enumerate + */ +static bool cert_enumerator_enumerate(cert_enumerator_t *this, + certificate_t **cert) +======= METHOD(enumerator_t, cert_enumerator_enumerate, bool, cert_enumerator_t *this, certificate_t **cert) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -141,7 +193,11 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, +<<<<<<< HEAD + BUILD_BLOB_ASN1_DER, blob, +======= BUILD_BLOB_PEM, blob, +>>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -153,14 +209,36 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of cert_enumerator_t.public.destroy + */ +static void cert_enumerator_destroy(cert_enumerator_t *this) +======= METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_cert_enumerator. + */ +static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + cert_enumerator_t *e; + + e = malloc_thing(cert_enumerator_t); + e->current = NULL; + e->public.enumerate = (void*)cert_enumerator_enumerate; + e->public.destroy = (void*)cert_enumerator_destroy; +======= METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, private_sql_cred_t *this, certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) @@ -173,6 +251,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, .destroy = _cert_enumerator_destroy, }, ); +>>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -203,7 +282,10 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over shared keys */ @@ -220,9 +302,18 @@ typedef struct { shared_key_t *current; } shared_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of shared_enumerator_t.public.enumerate + */ +static bool shared_enumerator_enumerate(shared_enumerator_t *this, + shared_key_t **shared, + id_match_t *me, id_match_t *other) +======= METHOD(enumerator_t, shared_enumerator_enumerate, bool, shared_enumerator_t *this, shared_key_t **shared, id_match_t *me, id_match_t *other) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -249,14 +340,38 @@ METHOD(enumerator_t, shared_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of shared_enumerator_t.public.destroy + */ +static void shared_enumerator_destroy(shared_enumerator_t *this) +======= METHOD(enumerator_t, shared_enumerator_destroy, void, shared_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_shared_enumerator. + */ +static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, + shared_key_type_t type, + identification_t *me, identification_t *other) +{ + shared_enumerator_t *e; + + e = malloc_thing(shared_enumerator_t); + e->me = me; + e->other = other; + e->current = NULL; + e->public.enumerate = (void*)shared_enumerator_enumerate; + e->public.destroy = (void*)shared_enumerator_destroy; +======= METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, private_sql_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) @@ -271,6 +386,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, .me = me, .other = other, ); +>>>>>>> upstream/4.5.1 if (!me && !other) { e->inner = this->db->query(this->db, @@ -314,6 +430,12 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_sql_cred_t *this, certificate_t *cert) +======= /** * enumerator over CDPs @@ -419,21 +541,44 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, METHOD(credential_set_t, cache_cert, void, private_sql_cred_t *this, certificate_t *cert) +>>>>>>> upstream/4.5.1 { /* TODO: implement CRL caching to database */ } +<<<<<<< HEAD +/** + * Implementation of sql_cred_t.destroy. + */ +static void destroy(private_sql_cred_t *this) +{ + free(this); +} +======= METHOD(sql_cred_t, destroy, void, private_sql_cred_t *this) { free(this); } +>>>>>>> upstream/4.5.1 /** * Described in header. */ sql_cred_t *sql_cred_create(database_t *db) { +<<<<<<< HEAD + private_sql_cred_t *this = malloc_thing(private_sql_cred_t); + + this->public.set.create_private_enumerator = (void*)create_private_enumerator; + this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; + this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; + this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)cache_cert; + this->public.destroy = (void(*)(sql_cred_t*))destroy; + + this->db = db; +======= private_sql_cred_t *this; INIT(this, @@ -449,6 +594,7 @@ sql_cred_t *sql_cred_create(database_t *db) }, .db = db, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index ad1eb91b1..49b48c7f4 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -53,8 +53,15 @@ struct private_sql_plugin_t { sql_logger_t *logger; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_sql_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sql_plugin_t *this) +>>>>>>> upstream/4.5.1 { charon->backends->remove_backend(charon->backends, &this->config->backend); lib->credmgr->remove_set(lib->credmgr, &this->cred->set); @@ -81,6 +88,13 @@ plugin_t *sql_plugin_create() return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_sql_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->db = lib->db->create(lib->db, uri); +======= INIT(this, .public = { .plugin = { @@ -90,6 +104,7 @@ plugin_t *sql_plugin_create() .db = lib->db->create(lib->db, uri), ); +>>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "sql plugin failed to connect to database"); diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index e561224e9..29f680174 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -21,6 +21,11 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ +<<<<<<< HEAD + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c +======= stroke_list.h stroke_list.c +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index ccf3eeede..3649c8ee9 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -77,7 +77,11 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_stroke_la_LIBADD = am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \ stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \ +<<<<<<< HEAD + stroke_attribute.lo stroke_list.lo stroke_shared_key.lo +======= stroke_attribute.lo stroke_list.lo +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_OBJECTS = \ $(am_libstrongswan_stroke_la_OBJECTS) libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -223,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -292,7 +305,12 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ +<<<<<<< HEAD + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c +======= stroke_list.h stroke_list.c +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version all: all-am @@ -385,6 +403,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_plugin.Plo@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_shared_key.Plo@am__quote@ +======= +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_socket.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 69e13deb9..57126053b 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -113,7 +113,10 @@ static void ca_section_destroy(ca_section_t *this) this->crl->destroy_function(this->crl, free); this->ocsp->destroy_function(this->ocsp, free); this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy)); +<<<<<<< HEAD +======= this->cert->destroy(this->cert); +>>>>>>> upstream/4.5.1 free(this->certuribase); free(this->name); free(this); @@ -208,8 +211,16 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data return enumerator; } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_cdp_enumerator. + */ +static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, + certificate_type_t type, identification_t *id) +======= METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, private_stroke_ca_t *this, certificate_type_t type, identification_t *id) +>>>>>>> upstream/4.5.1 { cdp_data_t *data; @@ -233,9 +244,16 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, data, (void*)cdp_data_destroy); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.add. + */ +static void add(private_stroke_ca_t *this, stroke_msg_t *msg) +======= METHOD(stroke_ca_t, add, void, private_stroke_ca_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { certificate_t *cert; ca_section_t *ca; @@ -276,8 +294,15 @@ METHOD(stroke_ca_t, add, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.del. + */ +static void del(private_stroke_ca_t *this, stroke_msg_t *msg) +======= METHOD(stroke_ca_t, del, void, private_stroke_ca_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ca_section_t *ca = NULL; @@ -331,8 +356,15 @@ static void list_uris(linked_list_t *list, char *label, FILE *out) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.check_for_hash_and_url. + */ +static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cert) +======= METHOD(stroke_ca_t, check_for_hash_and_url, void, private_stroke_ca_t *this, certificate_t* cert) +>>>>>>> upstream/4.5.1 { ca_section_t *section; enumerator_t *enumerator; @@ -369,8 +401,15 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void, hasher->destroy(hasher); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.list. + */ +static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_ca_t, list, void, private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { bool first = TRUE; ca_section_t *section; @@ -417,8 +456,15 @@ METHOD(stroke_ca_t, list, void, this->lock->unlock(this->lock); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.destroy + */ +static void destroy(private_stroke_ca_t *this) +======= METHOD(stroke_ca_t, destroy, void, private_stroke_ca_t *this) +>>>>>>> upstream/4.5.1 { this->sections->destroy_function(this->sections, (void*)ca_section_destroy); this->lock->destroy(this->lock); @@ -430,6 +476,24 @@ METHOD(stroke_ca_t, destroy, void, */ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { +<<<<<<< HEAD + private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); + + this->public.set.create_private_enumerator = (void*)return_null; + this->public.set.create_cert_enumerator = (void*)return_null; + this->public.set.create_shared_enumerator = (void*)return_null; + this->public.set.create_cdp_enumerator = (void*)create_cdp_enumerator; + this->public.set.cache_cert = (void*)nop; + this->public.add = (void(*)(stroke_ca_t*, stroke_msg_t *msg))add; + this->public.del = (void(*)(stroke_ca_t*, stroke_msg_t *msg))del; + this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; + this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; + this->public.destroy = (void(*)(stroke_ca_t*))destroy; + + this->sections = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + this->cred = cred; +======= private_stroke_ca_t *this; INIT(this, @@ -451,6 +515,7 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .cred = cred, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index ea7d17592..11822a3bc 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -53,8 +53,17 @@ struct private_stroke_config_t { stroke_cred_t *cred; }; +<<<<<<< HEAD +/** + * Implementation of backend_t.create_peer_cfg_enumerator. + */ +static enumerator_t* create_peer_cfg_enumerator(private_stroke_config_t *this, + identification_t *me, + identification_t *other) +======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, identification_t *me, identification_t *other) +>>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_cleaner(this->list->create_enumerator(this->list), @@ -70,8 +79,16 @@ static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_ike_cfg_enumerator. + */ +static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this, + host_t *me, host_t *other) +======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, host_t *me, host_t *other) +>>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_filter(this->list->create_enumerator(this->list), @@ -79,8 +96,15 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, (void*)this->mutex->unlock); } +<<<<<<< HEAD +/** + * implements backend_t.get_peer_cfg_by_name. + */ +static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *name) +======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_stroke_config_t *this, char *name) +>>>>>>> upstream/4.5.1 { enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; @@ -429,6 +453,15 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator->destroy(enumerator); } +<<<<<<< HEAD + /* authentication metod (class, actually) */ + if (streq(auth, "pubkey") || + streq(auth, "rsasig") || streq(auth, "rsa") || + streq(auth, "ecdsasig") || streq(auth, "ecdsa")) + { + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + build_crl_policy(cfg, local, msg->add_conn.crl_policy); +======= /* certificatePolicies */ if (end->cert_policy) { @@ -461,6 +494,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, { cfg->add(cfg, AUTH_RULE_ECDSA_STRENGTH, (uintptr_t)strength); } +>>>>>>> upstream/4.5.1 } else if (streq(auth, "psk") || streq(auth, "secret")) { @@ -824,9 +858,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, +<<<<<<< HEAD + msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, + msg->add_conn.inactivity, msg->add_conn.reqid, + &mark_in, &mark_out); +======= msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp, msg->add_conn.inactivity, msg->add_conn.reqid, &mark_in, &mark_out, msg->add_conn.tfc); +>>>>>>> upstream/4.5.1 child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); @@ -837,8 +877,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, return child_cfg; } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.add. + */ +static void add(private_stroke_config_t *this, stroke_msg_t *msg) +======= METHOD(stroke_config_t, add, void, private_stroke_config_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg, *existing_ike; peer_cfg_t *peer_cfg, *existing; @@ -898,8 +945,15 @@ METHOD(stroke_config_t, add, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.del. + */ +static void del(private_stroke_config_t *this, stroke_msg_t *msg) +======= METHOD(stroke_config_t, del, void, private_stroke_config_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; peer_cfg_t *peer; @@ -950,8 +1004,15 @@ METHOD(stroke_config_t, del, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.destroy + */ +static void destroy(private_stroke_config_t *this) +======= METHOD(stroke_config_t, destroy, void, private_stroke_config_t *this) +>>>>>>> upstream/4.5.1 { this->list->destroy_offset(this->list, offsetof(peer_cfg_t, destroy)); this->mutex->destroy(this->mutex); @@ -963,6 +1024,21 @@ METHOD(stroke_config_t, destroy, void, */ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { +<<<<<<< HEAD + private_stroke_config_t *this = malloc_thing(private_stroke_config_t); + + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; + this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; + this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; + this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; + this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; + this->public.destroy = (void(*)(stroke_config_t*))destroy; + + this->list = linked_list_create(); + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); + this->ca = ca; + this->cred = cred; +======= private_stroke_config_t *this; INIT(this, @@ -981,6 +1057,7 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) .ca = ca, .cred = cred, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 3541ab8f9..03ba4c305 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -17,8 +17,11 @@ #include <daemon.h> #include <processing/jobs/delete_ike_sa_job.h> +<<<<<<< HEAD +======= #include <processing/jobs/rekey_ike_sa_job.h> #include <processing/jobs/rekey_child_sa_job.h> +>>>>>>> upstream/4.5.1 typedef struct private_stroke_control_t private_stroke_control_t; @@ -92,8 +95,15 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) return found; } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.initiate. + */ +static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, initiate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -137,6 +147,23 @@ METHOD(stroke_control_t, initiate, void, } /** +<<<<<<< HEAD + * Implementation of stroke_control_t.terminate. + */ +static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +{ + char *string, *pos = NULL, *name = NULL; + u_int32_t id = 0; + bool child, all = FALSE; + int len; + ike_sa_t *ike_sa; + enumerator_t *enumerator; + linked_list_t *ike_list, *child_list; + stroke_log_info_t info; + uintptr_t del; + + string = msg->terminate.name; +======= * Parse a terminate/rekey specifier */ static bool parse_specifier(char *string, u_int32_t *id, @@ -148,15 +175,37 @@ static bool parse_specifier(char *string, u_int32_t *id, *id = 0; *name = NULL; *all = FALSE; +>>>>>>> upstream/4.5.1 len = strlen(string); if (len < 1) { +<<<<<<< HEAD + DBG1(DBG_CFG, "error parsing string"); + return; +======= return FALSE; +>>>>>>> upstream/4.5.1 } switch (string[len-1]) { case '}': +<<<<<<< HEAD + child = TRUE; + pos = strchr(string, '{'); + break; + case ']': + child = FALSE; + pos = strchr(string, '['); + break; + default: + name = string; + child = FALSE; + break; + } + + if (name) +======= *child = TRUE; pos = strchr(string, '{'); break; @@ -171,18 +220,44 @@ static bool parse_specifier(char *string, u_int32_t *id, } if (*name) +>>>>>>> upstream/4.5.1 { /* is a single name */ } else if (pos == string + len - 2) { /* is name[] or name{} */ string[len-2] = '\0'; +<<<<<<< HEAD + name = string; +======= *name = string; +>>>>>>> upstream/4.5.1 } else { if (!pos) { +<<<<<<< HEAD + DBG1(DBG_CFG, "error parsing string"); + return; + } + if (*(pos + 1) == '*') + { /* is name[*] */ + all = TRUE; + *pos = '\0'; + name = string; + } + else + { /* is name[123] or name{23} */ + id = atoi(pos + 1); + if (id == 0) + { + DBG1(DBG_CFG, "error parsing string"); + return; + } + } + } +======= return FALSE; } if (*(pos + 1) == '*') @@ -220,6 +295,7 @@ METHOD(stroke_control_t, terminate, void, DBG1(DBG_CFG, "error parsing specifier string"); return; } +>>>>>>> upstream/4.5.1 info.out = out; info.level = msg->output_verbosity; @@ -306,6 +382,13 @@ METHOD(stroke_control_t, terminate, void, child_list->destroy(child_list); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.terminate_srcip. + */ +static void terminate_srcip(private_stroke_control_t *this, + stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, rekey, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { @@ -368,6 +451,7 @@ METHOD(stroke_control_t, rekey, void, METHOD(stroke_control_t, terminate_srcip, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ike_sa_t *ike_sa; @@ -432,8 +516,15 @@ METHOD(stroke_control_t, terminate_srcip, void, DESTROY_IF(end); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.purge_ike + */ +static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, purge_ike, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *iterator; @@ -470,8 +561,15 @@ METHOD(stroke_control_t, purge_ike, void, list->destroy(list); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.route. + */ +static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, route, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -509,8 +607,15 @@ METHOD(stroke_control_t, route, void, child_cfg->destroy(child_cfg); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.unroute. + */ +static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, unroute, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { child_sa_t *child_sa; enumerator_t *enumerator; @@ -532,8 +637,15 @@ METHOD(stroke_control_t, unroute, void, fprintf(out, "configuration '%s' not found\n", msg->unroute.name); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.destroy + */ +static void destroy(private_stroke_control_t *this) +======= METHOD(stroke_control_t, destroy, void, private_stroke_control_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -543,6 +655,17 @@ METHOD(stroke_control_t, destroy, void, */ stroke_control_t *stroke_control_create() { +<<<<<<< HEAD + private_stroke_control_t *this = malloc_thing(private_stroke_control_t); + + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; + this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; + this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; + this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike; + this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; + this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; + this->public.destroy = (void(*)(stroke_control_t*))destroy; +======= private_stroke_control_t *this; INIT(this, @@ -557,6 +680,7 @@ stroke_control_t *stroke_control_create() .destroy = _destroy, }, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h index 869aab3d3..e4d67023a 100644 --- a/src/libcharon/plugins/stroke/stroke_control.h +++ b/src/libcharon/plugins/stroke/stroke_control.h @@ -54,6 +54,8 @@ struct stroke_control_t { void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** +<<<<<<< HEAD +======= * Rekey a connection. * * @param msg stroke message @@ -61,6 +63,7 @@ struct stroke_control_t { void (*rekey)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** +>>>>>>> upstream/4.5.1 * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 83e5a9ad6..6d9440778 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -1,5 +1,9 @@ /* +<<<<<<< HEAD + * Copyright (C) 2008 Tobias Brunner +======= * Copyright (C) 2008-2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -25,6 +29,10 @@ #include <unistd.h> #include "stroke_cred.h" +<<<<<<< HEAD +#include "stroke_shared_key.h" +======= +>>>>>>> upstream/4.5.1 #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -63,9 +71,30 @@ struct private_stroke_cred_t { stroke_cred_t public; /** +<<<<<<< HEAD + * list of trusted peer/signer/CA certificates (certificate_t) + */ + linked_list_t *certs; + + /** + * list of shared secrets (private_shared_key_t) + */ + linked_list_t *shared; + + /** + * list of private keys (private_key_t) + */ + linked_list_t *private; + + /** + * read-write lock to lists + */ + rwlock_t *lock; +======= * credentials */ mem_cred_t *creds; +>>>>>>> upstream/4.5.1 /** * cache CRLs to disk? @@ -74,6 +103,240 @@ struct private_stroke_cred_t { }; /** +<<<<<<< HEAD + * data to pass to various filters + */ +typedef struct { + private_stroke_cred_t *this; + identification_t *id; + certificate_type_t cert; + key_type_t key; +} id_data_t; + +/** + * destroy id enumerator data and unlock list + */ +static void id_data_destroy(id_data_t *data) +{ + data->this->lock->unlock(data->this->lock); + free(data); +} + +/** + * filter function for private key enumerator + */ +static bool private_filter(id_data_t *data, + private_key_t **in, private_key_t **out) +{ + private_key_t *key; + + key = *in; + if (data->key == KEY_ANY || data->key == key->get_type(key)) + { + if (data->id == NULL) + { + *out = key; + return TRUE; + } + if (key->has_fingerprint(key, data->id->get_encoding(data->id))) + { + *out = key; + return TRUE; + } + } + return FALSE; +} + +/** + * Implements credential_set_t.create_private_enumerator + */ +static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, + key_type_t type, identification_t *id) +{ + id_data_t *data; + + data = malloc_thing(id_data_t); + data->this = this; + data->id = id; + data->key = type; + + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->private->create_enumerator(this->private), + (void*)private_filter, data, + (void*)id_data_destroy); +} + +/** + * filter function for certs enumerator + */ +static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **out) +{ + public_key_t *public; + certificate_t *cert = *in; + + if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) + { + return FALSE; + } + if (data->id == NULL || cert->has_subject(cert, data->id)) + { + *out = *in; + return TRUE; + } + + public = cert->get_public_key(cert); + if (public) + { + if (data->key == KEY_ANY || data->key != public->get_type(public)) + { + if (public->has_fingerprint(public, data->id->get_encoding(data->id))) + { + public->destroy(public); + *out = *in; + return TRUE; + } + } + public->destroy(public); + } + return FALSE; +} + +/** + * Implements credential_set_t.create_cert_enumerator + */ +static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + id_data_t *data; + + if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC)) + { + return NULL; + } + data = malloc_thing(id_data_t); + data->this = this; + data->id = id; + data->cert = cert; + data->key = key; + + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->certs->create_enumerator(this->certs), + (void*)certs_filter, data, + (void*)id_data_destroy); +} + +typedef struct { + private_stroke_cred_t *this; + identification_t *me; + identification_t *other; + shared_key_type_t type; +} shared_data_t; + +/** + * free shared key enumerator data and unlock list + */ +static void shared_data_destroy(shared_data_t *data) +{ + data->this->lock->unlock(data->this->lock); + free(data); +} + +/** + * filter function for certs enumerator + */ +static bool shared_filter(shared_data_t *data, + stroke_shared_key_t **in, shared_key_t **out, + void **unused1, id_match_t *me, + void **unused2, id_match_t *other) +{ + id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE; + stroke_shared_key_t *stroke = *in; + shared_key_t *shared = &stroke->shared; + + if (data->type != SHARED_ANY && shared->get_type(shared) != data->type) + { + return FALSE; + } + + if (data->me) + { + my_match = stroke->has_owner(stroke, data->me); + } + if (data->other) + { + other_match = stroke->has_owner(stroke, data->other); + } + if ((data->me || data->other) && (!my_match && !other_match)) + { + return FALSE; + } + *out = shared; + if (me) + { + *me = my_match; + } + if (other) + { + *other = other_match; + } + return TRUE; +} + +/** + * Implements credential_set_t.create_shared_enumerator + */ +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, + shared_key_type_t type, identification_t *me, + identification_t *other) +{ + shared_data_t *data = malloc_thing(shared_data_t); + + data->this = this; + data->me = me; + data->other = other; + data->type = type; + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->shared->create_enumerator(this->shared), + (void*)shared_filter, data, + (void*)shared_data_destroy); +} + +/** + * Add a certificate to chain + */ +static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) +{ + certificate_t *current; + enumerator_t *enumerator; + bool new = TRUE; + + this->lock->read_lock(this->lock); + enumerator = this->certs->create_enumerator(this->certs); + while (enumerator->enumerate(enumerator, (void**)¤t)) + { + if (current->equals(current, cert)) + { + /* cert already in queue */ + cert->destroy(cert); + cert = current; + new = FALSE; + break; + } + } + enumerator->destroy(enumerator); + + if (new) + { + this->certs->insert_last(this->certs, cert); + } + this->lock->unlock(this->lock); + return cert; +} + +/** +======= +>>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_ca. */ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) @@ -105,12 +368,92 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) cert->destroy(cert); return NULL; } +<<<<<<< HEAD + return (certificate_t*)add_cert(this, cert); +======= return this->creds->add_cert_ref(this->creds, TRUE, cert); +>>>>>>> upstream/4.5.1 } return NULL; } /** +<<<<<<< HEAD + * Add X.509 CRL to chain + */ +static bool add_crl(private_stroke_cred_t *this, crl_t* crl) +{ + certificate_t *current, *cert = &crl->certificate; + enumerator_t *enumerator; + bool new = TRUE, found = FALSE; + + this->lock->write_lock(this->lock); + enumerator = this->certs->create_enumerator(this->certs); + while (enumerator->enumerate(enumerator, (void**)¤t)) + { + if (current->get_type(current) == CERT_X509_CRL) + { + crl_t *crl_c = (crl_t*)current; + chunk_t authkey = crl->get_authKeyIdentifier(crl); + chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); + + /* if compare authorityKeyIdentifiers if available */ + if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) + { + found = TRUE; + } + else + { + identification_t *issuer = cert->get_issuer(cert); + identification_t *issuer_c = current->get_issuer(current); + + /* otherwise compare issuer distinguished names */ + if (issuer->equals(issuer, issuer_c)) + { + found = TRUE; + } + } + if (found) + { + new = crl_is_newer(crl, crl_c); + if (new) + { + this->certs->remove_at(this->certs, enumerator); + } + else + { + cert->destroy(cert); + } + break; + } + } + } + enumerator->destroy(enumerator); + + if (new) + { + this->certs->insert_last(this->certs, cert); + } + this->lock->unlock(this->lock); + return new; +} + +/** + * Add X.509 attribute certificate to chain + */ +static bool add_ac(private_stroke_cred_t *this, ac_t* ac) +{ + certificate_t *cert = &ac->certificate; + + this->lock->write_lock(this->lock); + this->certs->insert_last(this->certs, cert); + this->lock->unlock(this->lock); + return TRUE; +} + +/** +======= +>>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_peer. */ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) @@ -133,10 +476,17 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) BUILD_END); if (cert) { +<<<<<<< HEAD + cert = add_cert(this, cert); + DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", + cert->get_subject(cert), filename); + return cert->get_ref(cert); +======= cert = this->creds->add_cert_ref(this->creds, TRUE, cert); DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", cert->get_subject(cert), filename); return cert; +>>>>>>> upstream/4.5.1 } DBG1(DBG_CFG, " loading certificate from '%s' failed", filename); return NULL; @@ -191,8 +541,13 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } else { +<<<<<<< HEAD + DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); +======= DBG1(DBG_CFG, " loaded ca certificate \"%Y\" " "from '%s'", cert->get_subject(cert), file); +>>>>>>> upstream/4.5.1 } } else @@ -220,7 +575,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } if (cert) { +<<<<<<< HEAD + add_cert(this, cert); +======= this->creds->add_cert(this->creds, TRUE, cert); +>>>>>>> upstream/4.5.1 } break; case CERT_X509_CRL: @@ -230,7 +589,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { +<<<<<<< HEAD + add_crl(this, (crl_t*)cert); +======= this->creds->add_crl(this->creds, (crl_t*)cert); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded crl from '%s'", file); } else @@ -245,7 +608,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { +<<<<<<< HEAD + add_ac(this, (ac_t*)cert); +======= this->creds->add_cert(this->creds, FALSE, cert); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded attribute certificate from '%s'", file); } @@ -273,7 +640,11 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) crl_t *crl = (crl_t*)cert; cert->get_ref(cert); +<<<<<<< HEAD + if (add_crl(this, crl)) +======= if (this->creds->add_crl(this->creds, crl)) +>>>>>>> upstream/4.5.1 { char buf[BUF_LEN]; chunk_t chunk, hex; @@ -594,6 +965,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, } /* unlock: smartcard needs the pin and potentially calls public set */ +<<<<<<< HEAD + this->lock->unlock(this->lock); +======= +>>>>>>> upstream/4.5.1 switch (format) { case SC_FORMAT_SLOT_MODULE_KEYID: @@ -615,6 +990,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, BUILD_PKCS11_KEYID, chunk, BUILD_END); break; } +<<<<<<< HEAD + this->lock->write_lock(this->lock); +======= +>>>>>>> upstream/4.5.1 if (mem) { lib->credmgr->remove_local_set(lib->credmgr, &mem->set); @@ -629,7 +1008,11 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); +<<<<<<< HEAD + this->private->insert_last(this->private, key); +======= this->creds->add_key(this->creds, key); +>>>>>>> upstream/4.5.1 } return TRUE; } @@ -700,8 +1083,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set); +<<<<<<< HEAD + /* unlock, as the builder might ask for a secret */ + this->lock->unlock(this->lock); key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); + this->lock->write_lock(this->lock); +======= + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, + BUILD_FROM_FILE, path, BUILD_END); +>>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); @@ -717,8 +1108,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, mem->add_shared(mem, shared, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set); +<<<<<<< HEAD + /* unlock, as the builder might ask for a secret */ + this->lock->unlock(this->lock); + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, + BUILD_FROM_FILE, path, BUILD_END); + this->lock->write_lock(this->lock); +======= key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); +>>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); @@ -727,7 +1126,11 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, { DBG1(DBG_CFG, " loaded %N private key from '%s'", key_type_names, key->get_type(key), path); +<<<<<<< HEAD + this->private->insert_last(this->private, key); +======= this->creds->add_key(this->creds, key); +>>>>>>> upstream/4.5.1 } else { @@ -742,8 +1145,12 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, shared_key_type_t type, chunk_t ids) { +<<<<<<< HEAD + stroke_shared_key_t *shared_key; +======= shared_key_t *shared_key; linked_list_t *owners; +>>>>>>> upstream/4.5.1 chunk_t secret = chunk_empty; bool any = TRUE; @@ -753,12 +1160,20 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh); return FALSE; } +<<<<<<< HEAD + shared_key = stroke_shared_key_create(type, secret); +======= shared_key = shared_key_create(type, secret); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); +<<<<<<< HEAD + this->shared->insert_last(this->shared, shared_key); +======= owners = linked_list_create(); +>>>>>>> upstream/4.5.1 while (ids.len > 0) { chunk_t id; @@ -784,15 +1199,25 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, continue; } +<<<<<<< HEAD + shared_key->add_owner(shared_key, peer_id); +======= owners->insert_last(owners, peer_id); +>>>>>>> upstream/4.5.1 any = FALSE; } if (any) { +<<<<<<< HEAD + shared_key->add_owner(shared_key, + identification_create_from_encoding(ID_ANY, chunk_empty)); + } +======= owners->insert_last(owners, identification_create_from_encoding(ID_ANY, chunk_empty)); } this->creds->add_shared_list(this->creds, shared_key, owners); +>>>>>>> upstream/4.5.1 return TRUE; } @@ -804,6 +1229,11 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { int line_nr = 0, fd; chunk_t src, line; +<<<<<<< HEAD + private_key_t *private; + shared_key_t *shared; +======= +>>>>>>> upstream/4.5.1 struct stat sb; void *addr; @@ -832,8 +1262,25 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, src = chunk_create(addr, sb.st_size); if (level == 0) +<<<<<<< HEAD + { + this->lock->write_lock(this->lock); + + /* flush secrets on non-recursive invocation */ + while (this->shared->remove_last(this->shared, + (void**)&shared) == SUCCESS) + { + shared->destroy(shared); + } + while (this->private->remove_last(this->private, + (void**)&private) == SUCCESS) + { + private->destroy(private); + } +======= { /* flush secrets on non-recursive invocation */ this->creds->clear_secrets(this->creds); +>>>>>>> upstream/4.5.1 } while (fetchline(&src, &line)) @@ -894,6 +1341,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, if (glob(pattern, GLOB_ERR, NULL, &buf) != 0) { DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern); +<<<<<<< HEAD + globfree(&buf); +======= +>>>>>>> upstream/4.5.1 } else { @@ -961,6 +1412,13 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, break; } } +<<<<<<< HEAD + if (level == 0) + { + this->lock->unlock(this->lock); + } +======= +>>>>>>> upstream/4.5.1 munmap(addr, sb.st_size); close(fd); } @@ -1039,8 +1497,15 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt) */ static void destroy(private_stroke_cred_t *this) { +<<<<<<< HEAD + this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy)); + this->shared->destroy_offset(this->shared, offsetof(shared_key_t, destroy)); + this->private->destroy_offset(this->private, offsetof(private_key_t, destroy)); + this->lock->destroy(this->lock); +======= lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->creds->destroy(this->creds); +>>>>>>> upstream/4.5.1 free(this); } @@ -1051,9 +1516,15 @@ stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); +<<<<<<< HEAD + this->public.set.create_private_enumerator = (void*)create_private_enumerator; + this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; + this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; +======= this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; +>>>>>>> upstream/4.5.1 this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread; @@ -1062,8 +1533,15 @@ stroke_cred_t *stroke_cred_create() this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; +<<<<<<< HEAD + this->certs = linked_list_create(); + this->shared = linked_list_create(); + this->private = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); +======= this->creds = mem_cred_create(); lib->credmgr->add_set(lib->credmgr, &this->creds->set); +>>>>>>> upstream/4.5.1 load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 36311f092..9c71b2cd2 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -388,8 +388,15 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.status. + */ +static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) +======= METHOD(stroke_list_t, status, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; ike_cfg_t *ike_cfg; @@ -754,7 +761,11 @@ static void stroke_list_certs(linked_list_t *list, char *label, enumerator_t *enumerator; identification_t *altName; bool first_altName = TRUE; +<<<<<<< HEAD + int pathlen; +======= u_int pathlen; +>>>>>>> upstream/4.5.1 chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; @@ -834,10 +845,17 @@ static void stroke_list_certs(linked_list_t *list, char *label, } /* list optional pathLenConstraint */ +<<<<<<< HEAD + pathlen = x509->get_pathLenConstraint(x509); + if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) + { + fprintf(out, " pathlen: %d\n", pathlen); +======= pathlen = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen != X509_NO_CONSTRAINT) { fprintf(out, " pathlen: %u\n", pathlen); +>>>>>>> upstream/4.5.1 } /* list optional ipAddrBlocks */ @@ -977,10 +995,13 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) { fprintf(out, " serial: %#B\n", &chunk); } +<<<<<<< HEAD +======= if (crl->is_delta_crl(crl, &chunk)) { fprintf(out, " delta for: %#B\n", &chunk); } +>>>>>>> upstream/4.5.1 /* count the number of revoked certificates */ { @@ -1062,6 +1083,8 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) } /** +<<<<<<< HEAD +======= * Print the name of an algorithm plus the name of the plugin that registered it */ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, @@ -1081,6 +1104,7 @@ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, } /** +>>>>>>> upstream/4.5.1 * List of registered cryptographical algorithms */ static void list_algs(FILE *out) @@ -1091,6 +1115,51 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; +<<<<<<< HEAD + + fprintf(out, "\n"); + fprintf(out, "List of registered IKEv2 Algorithms:\n"); + fprintf(out, "\n encryption: "); + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption)) + { + fprintf(out, "%N ", encryption_algorithm_names, encryption); + } + enumerator->destroy(enumerator); + fprintf(out, "\n integrity: "); + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &integrity)) + { + fprintf(out, "%N ", integrity_algorithm_names, integrity); + } + enumerator->destroy(enumerator); + fprintf(out, "\n aead: "); + enumerator = lib->crypto->create_aead_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption)) + { + fprintf(out, "%N ", encryption_algorithm_names, encryption); + } + enumerator->destroy(enumerator); + fprintf(out, "\n hasher: "); + enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &hash)) + { + fprintf(out, "%N ", hash_algorithm_names, hash); + } + enumerator->destroy(enumerator); + fprintf(out, "\n prf: "); + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &prf)) + { + fprintf(out, "%N ", pseudo_random_function_names, prf); + } + enumerator->destroy(enumerator); + fprintf(out, "\n dh-group: "); + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &group)) + { + fprintf(out, "%N ", diffie_hellman_group_names, group); +======= rng_quality_t quality; const char *plugin_name; int len; @@ -1151,13 +1220,21 @@ static void list_algs(FILE *out) while (enumerator->enumerate(enumerator, &quality, &plugin_name)) { print_alg(out, &len, rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); fprintf(out, "\n"); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.list. + */ +static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_list_t, list, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { linked_list_t *cert_list = NULL; @@ -1260,8 +1337,15 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, } } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.leases + */ +static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_list_t, leases, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; u_int size, offline, online; @@ -1298,8 +1382,15 @@ METHOD(stroke_list_t, leases, void, DESTROY_IF(address); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.destroy + */ +static void destroy(private_stroke_list_t *this) +======= METHOD(stroke_list_t, destroy, void, private_stroke_list_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -1309,6 +1400,17 @@ METHOD(stroke_list_t, destroy, void, */ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { +<<<<<<< HEAD + private_stroke_list_t *this = malloc_thing(private_stroke_list_t); + + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; + this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; + this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; + this->public.destroy = (void(*)(stroke_list_t*))destroy; + + this->uptime = time_monotonic(NULL); + this->attribute = attribute; +======= private_stroke_list_t *this; INIT(this, @@ -1322,6 +1424,7 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) .uptime = time_monotonic(NULL), .attribute = attribute, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 2e83d0d28..81274b599 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -36,8 +36,15 @@ struct private_stroke_plugin_t { stroke_socket_t *socket; }; +<<<<<<< HEAD +/** + * Implementation of stroke_plugin_t.destroy + */ +static void destroy(private_stroke_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_stroke_plugin_t *this) +>>>>>>> upstream/4.5.1 { this->socket->destroy(this->socket); free(this); @@ -48,6 +55,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *stroke_plugin_create() { +<<<<<<< HEAD + private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->socket = stroke_socket_create(); +======= private_stroke_plugin_t *this; INIT(this, @@ -59,6 +73,7 @@ plugin_t *stroke_plugin_create() .socket = stroke_socket_create(), ); +>>>>>>> upstream/4.5.1 if (this->socket == NULL) { free(this); diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c new file mode 100644 index 000000000..4f716e83a --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "stroke_shared_key.h" + +#include <utils/linked_list.h> + +typedef struct private_stroke_shared_key_t private_stroke_shared_key_t; + +/** + * private data of shared_key + */ +struct private_stroke_shared_key_t { + + /** + * implements shared_key_t + */ + stroke_shared_key_t public; + + /** + * type of this key + */ + shared_key_type_t type; + + /** + * data of the key + */ + chunk_t key; + + /** + * list of key owners, as identification_t + */ + linked_list_t *owners; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Implementation of shared_key_t.get_type. + */ +static shared_key_type_t get_type(private_stroke_shared_key_t *this) +{ + return this->type; +} + +/** + * Implementation of shared_key_t.get_ref. + */ +static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of shared_key_t.get_key. + */ +static chunk_t get_key(private_stroke_shared_key_t *this) +{ + return this->key; +} + +/** + * Implementation of stroke_shared_key_t.has_owner. + */ +static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + enumerator_t *enumerator; + id_match_t match, best = ID_MATCH_NONE; + identification_t *current; + + enumerator = this->owners->create_enumerator(this->owners); + while (enumerator->enumerate(enumerator, ¤t)) + { + match = owner->matches(owner, current); + if (match > best) + { + best = match; + } + } + enumerator->destroy(enumerator); + return best; +} +/** + * Implementation of stroke_shared_key_t.add_owner. + */ +static void add_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + this->owners->insert_last(this->owners, owner); +} + +/** + * Implementation of stroke_shared_key_t.destroy + */ +static void destroy(private_stroke_shared_key_t *this) +{ + if (ref_put(&this->ref)) + { + this->owners->destroy_offset(this->owners, offsetof(identification_t, destroy)); + chunk_free(&this->key); + free(this); + } +} + +/** + * create a shared key + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key) +{ + private_stroke_shared_key_t *this = malloc_thing(private_stroke_shared_key_t); + + this->public.shared.get_type = (shared_key_type_t(*)(shared_key_t*))get_type; + this->public.shared.get_key = (chunk_t(*)(shared_key_t*))get_key; + this->public.shared.get_ref = (shared_key_t*(*)(shared_key_t*))get_ref; + this->public.shared.destroy = (void(*)(shared_key_t*))destroy; + this->public.add_owner = (void(*)(stroke_shared_key_t*, identification_t *owner))add_owner; + this->public.has_owner = (id_match_t(*)(stroke_shared_key_t*, identification_t *owner))has_owner; + + this->owners = linked_list_create(); + this->type = type; + this->key = key; + this->ref = 1; + + return &this->public; +} diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h new file mode 100644 index 000000000..05ad55083 --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stroke_shared_key stroke_shared_key + * @{ @ingroup stroke + */ + +#ifndef STROKE_SHARED_KEY_H_ +#define STROKE_SHARED_KEY_H_ + +#include <utils/identification.h> +#include <credentials/keys/shared_key.h> + +typedef struct stroke_shared_key_t stroke_shared_key_t; + +/** + * Shared key implementation for keys read from ipsec.secrets + */ +struct stroke_shared_key_t { + + /** + * Implements the shared_key_t interface. + */ + shared_key_t shared; + + /** + * Add an owner to the key. + * + * @param owner owner to add + */ + void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); + + /** + * Check if a key has a specific owner. + * + * @param owner owner to check + * @return best match found + */ + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); +}; + +/** + * Create a stroke_shared_key instance. + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key); + +#endif /** STROKE_SHARED_KEY_H_ @}*/ diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 18e77905d..e9ed86d09 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -151,7 +151,10 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca); pop_string(msg, &end->ca2); pop_string(msg, &end->groups); +<<<<<<< HEAD +======= pop_string(msg, &end->cert_policy); +>>>>>>> upstream/4.5.1 pop_string(msg, &end->updown); DBG2(DBG_CFG, " %s=%s", label, end->address); @@ -247,6 +250,8 @@ static void stroke_terminate_srcip(private_stroke_socket_t *this, } /** +<<<<<<< HEAD +======= * rekey a connection by name/id */ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -258,6 +263,7 @@ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE } /** +>>>>>>> upstream/4.5.1 * route a policy (install SPD entries) */ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -360,6 +366,8 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } +<<<<<<< HEAD +======= if (msg->purge.flags & PURGE_CRLS) { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL); @@ -368,6 +376,7 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509); } +>>>>>>> upstream/4.5.1 if (msg->purge.flags & PURGE_IKE) { this->control->purge_ike(this->control, msg, out); @@ -530,9 +539,12 @@ static job_requeue_t process(stroke_job_context_t *ctx) case STR_TERMINATE_SRCIP: stroke_terminate_srcip(this, msg, out); break; +<<<<<<< HEAD +======= case STR_REKEY: stroke_rekey(this, msg, out); break; +>>>>>>> upstream/4.5.1 case STR_STATUS: stroke_status(this, msg, out, FALSE); break; diff --git a/src/libcharon/plugins/tnc_imc/Makefile.am b/src/libcharon/plugins/tnc_imc/Makefile.am index 2c551813e..604536953 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.am +++ b/src/libcharon/plugins/tnc_imc/Makefile.am @@ -1,9 +1,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnc_imc_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la else @@ -11,8 +20,12 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imc.la endif libstrongswan_tnc_imc_la_SOURCES = \ +<<<<<<< HEAD + tnc_imc_plugin.h tnc_imc_plugin.c +======= tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in index dc44408ff..61fe74a15 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.in +++ b/src/libcharon/plugins/tnc_imc/Makefile.in @@ -74,9 +74,14 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnc_imc_la_DEPENDENCIES = +am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo +======= libstrongswan_tnc_imc_la_LIBADD = am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo tnc_imc.lo \ tnc_imc_manager.lo tnc_imc_bind_function.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_OBJECTS = \ $(am_libstrongswan_tnc_imc_la_OBJECTS) libstrongswan_tnc_imc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -222,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -274,6 +288,16 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnc_imc_la_LIBADD = -ltnc +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imc.la +libstrongswan_tnc_imc_la_SOURCES = \ + tnc_imc_plugin.h tnc_imc_plugin.c +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -282,6 +306,7 @@ AM_CFLAGS = -rdynamic libstrongswan_tnc_imc_la_SOURCES = \ tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version all: all-am @@ -367,9 +392,12 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_manager.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_plugin.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c index 89888040a..f7d6c00d7 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c @@ -14,6 +14,12 @@ */ #include "tnc_imc_plugin.h" +<<<<<<< HEAD + +#include <libtnctncc.h> + +#include <daemon.h> +======= #include "tnc_imc_manager.h" #include "tnc_imc.h" @@ -140,11 +146,16 @@ static bool load_imcs(char *filename) close(fd); return TRUE; } +>>>>>>> upstream/4.5.1 METHOD(plugin_t, destroy, void, tnc_imc_plugin_t *this) { +<<<<<<< HEAD + libtnc_tncc_Terminate(); +======= charon->imcs->destroy(charon->imcs); +>>>>>>> upstream/4.5.1 free(this); } @@ -153,7 +164,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *tnc_imc_plugin_create() { +<<<<<<< HEAD + char *tnc_config, *pref_lang; +======= char *tnc_config; +>>>>>>> upstream/4.5.1 tnc_imc_plugin_t *this; INIT(this, @@ -162,6 +177,20 @@ plugin_t *tnc_imc_plugin_create() }, ); +<<<<<<< HEAD + pref_lang = lib->settings->get_str(lib->settings, + "charon.plugins.tnc-imc.preferred_language", "en"); + tnc_config = lib->settings->get_str(lib->settings, + "charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config"); + + if (libtnc_tncc_Initialize(tnc_config) != TNC_RESULT_SUCCESS) + { + free(this); + DBG1(DBG_TNC, "TNC IMC initialization failed"); + return NULL; + } + +======= /* Create IMC manager */ charon->imcs = tnc_imc_manager_create(); @@ -175,6 +204,7 @@ plugin_t *tnc_imc_plugin_create() free(this); return NULL; } +>>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnc_imv/Makefile.am b/src/libcharon/plugins/tnc_imv/Makefile.am index 3ba283bb7..13e8076cd 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.am +++ b/src/libcharon/plugins/tnc_imv/Makefile.am @@ -1,9 +1,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnc_imv_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la else @@ -11,9 +20,13 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imv.la endif libstrongswan_tnc_imv_la_SOURCES = \ +<<<<<<< HEAD + tnc_imv_plugin.h tnc_imv_plugin.c +======= tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imv/Makefile.in b/src/libcharon/plugins/tnc_imv/Makefile.in index 0324d2eb9..10190313b 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.in +++ b/src/libcharon/plugins/tnc_imv/Makefile.in @@ -74,10 +74,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnc_imv_la_DEPENDENCIES = +am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo +======= libstrongswan_tnc_imv_la_LIBADD = am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo tnc_imv.lo \ tnc_imv_manager.lo tnc_imv_bind_function.lo \ tnc_imv_recommendations.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_OBJECTS = \ $(am_libstrongswan_tnc_imv_la_OBJECTS) libstrongswan_tnc_imv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -223,7 +228,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +273,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -275,6 +289,16 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnc_imv_la_LIBADD = -ltnc +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imv.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imv.la +libstrongswan_tnc_imv_la_SOURCES = \ + tnc_imv_plugin.h tnc_imv_plugin.c +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -284,6 +308,7 @@ libstrongswan_tnc_imv_la_SOURCES = \ tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version all: all-am @@ -369,11 +394,15 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_recommendations.Plo@am__quote@ +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c index f238f01ea..24fde3797 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c @@ -14,6 +14,12 @@ */ #include "tnc_imv_plugin.h" +<<<<<<< HEAD + +#include <libtnctncs.h> + +#include <daemon.h> +======= #include "tnc_imv_manager.h" #include "tnc_imv.h" @@ -140,11 +146,16 @@ static bool load_imvs(char *filename) close(fd); return TRUE; } +>>>>>>> upstream/4.5.1 METHOD(plugin_t, destroy, void, tnc_imv_plugin_t *this) { +<<<<<<< HEAD + libtnc_tncs_Terminate(); +======= charon->imvs->destroy(charon->imvs); +>>>>>>> upstream/4.5.1 free(this); } @@ -164,6 +175,15 @@ plugin_t *tnc_imv_plugin_create() tnc_config = lib->settings->get_str(lib->settings, "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config"); +<<<<<<< HEAD + if (libtnc_tncs_Initialize(tnc_config) != TNC_RESULT_SUCCESS) + { + free(this); + DBG1(DBG_TNC, "TNC IMV initialization failed"); + return NULL; + } + +======= /* Create IMV manager */ charon->imvs = tnc_imv_manager_create(); @@ -176,6 +196,7 @@ plugin_t *tnc_imv_plugin_create() free(this); return NULL; } +>>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnccs_11/Makefile.am b/src/libcharon/plugins/tnccs_11/Makefile.am index 1042c3514..1a034e25b 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.am +++ b/src/libcharon/plugins/tnccs_11/Makefile.am @@ -1,15 +1,31 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnccs_11_la_LIBADD = -ltnc +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-11.la else plugin_LTLIBRARIES = libstrongswan-tnccs-11.la +<<<<<<< HEAD +libstrongswan_tnccs_11_la_LIBADD += $(top_builddir)/src/libtls/libtls.la +endif + +libstrongswan_tnccs_11_la_SOURCES = \ + tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c +======= endif libstrongswan_tnccs_11_la_SOURCES = \ @@ -22,6 +38,7 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnccs_11/Makefile.in b/src/libcharon/plugins/tnccs_11/Makefile.in index 5ab7ccbca..a39745773 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.in +++ b/src/libcharon/plugins/tnccs_11/Makefile.in @@ -34,6 +34,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +<<<<<<< HEAD +@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la +======= +>>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_11 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -74,12 +78,17 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__append_1) +am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo +======= am__DEPENDENCIES_1 = libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo \ tnccs_batch.lo tnccs_msg.lo imc_imv_msg.lo tnccs_error_msg.lo \ tnccs_preferred_language_msg.lo tnccs_reason_strings_msg.lo \ tnccs_recommendation_msg.lo tnccs_tncs_contact_info_msg.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_OBJECTS = \ $(am_libstrongswan_tnccs_11_la_OBJECTS) libstrongswan_tnccs_11_la_LINK = $(LIBTOOL) --tag=CC \ @@ -226,7 +235,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +280,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -278,6 +296,17 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnccs_11_la_LIBADD = -ltnc $(am__append_1) +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-11.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-11.la +libstrongswan_tnccs_11_la_SOURCES = \ + tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic @@ -294,6 +323,7 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version all: all-am @@ -379,6 +409,10 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_imv_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ @@ -389,6 +423,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_reason_strings_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_tncs_contact_info_msg.Plo@am__quote@ +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -411,6 +446,8 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +<<<<<<< HEAD +======= tnccs_batch.lo: batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs_batch.lo -MD -MP -MF $(DEPDIR)/tnccs_batch.Tpo -c -o tnccs_batch.lo `test -f 'batch/tnccs_batch.c' || echo '$(srcdir)/'`batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs_batch.Tpo $(DEPDIR)/tnccs_batch.Plo @@ -467,6 +504,7 @@ tnccs_tncs_contact_info_msg.lo: messages/tnccs_tncs_contact_info_msg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_tncs_contact_info_msg.lo `test -f 'messages/tnccs_tncs_contact_info_msg.c' || echo '$(srcdir)/'`messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index 2104bf401..012a3ce6e 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -14,6 +14,83 @@ */ #include "tnccs_11.h" +<<<<<<< HEAD + +#include <libtnctncc.h> +#include <libtnctncs.h> + +#include <daemon.h> +#include <debug.h> + +#define TNC_SEND_BUFFER_SIZE 32 + +static chunk_t tnc_send_buffer[TNC_SEND_BUFFER_SIZE]; + +/** + * Buffers TNCCS batch to be sent (TODO make the buffer scalable) + */ +static TNC_Result buffer_batch(u_int32_t id, const char *data, size_t len) +{ + if (id >= TNC_SEND_BUFFER_SIZE) + { + DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be stored in " + "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); + return TNC_RESULT_FATAL; + } + if (tnc_send_buffer[id].ptr) + { + DBG1(DBG_TNC, "send buffer slot for Connection ID %u is already " + "occupied", id); + return TNC_RESULT_FATAL; + } + tnc_send_buffer[id] = chunk_alloc(len); + memcpy(tnc_send_buffer[id].ptr, data, len); + + return TNC_RESULT_SUCCESS; +} + +/** + * Retrieves TNCCS batch to be sent + */ +static bool retrieve_batch(u_int32_t id, chunk_t *batch) +{ + if (id >= TNC_SEND_BUFFER_SIZE) + { + DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be retrieved from " + "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); + return FALSE; + } + + *batch = tnc_send_buffer[id]; + return TRUE; +} + +/** + * Frees TNCCS batch that was sent + */ +static void free_batch(u_int32_t id) +{ + if (id < TNC_SEND_BUFFER_SIZE) + { + chunk_free(&tnc_send_buffer[id]); + } +} + +/** + * Define callback functions called by the libtnc library + */ +TNC_Result TNC_TNCC_SendBatch(libtnc_tncc_connection* conn, + const char* messageBuffer, size_t messageLength) +{ + return buffer_batch(conn->connectionID, messageBuffer, messageLength); +} + +TNC_Result TNC_TNCS_SendBatch(libtnc_tncs_connection* conn, + const char* messageBuffer, size_t messageLength) +{ + return buffer_batch(conn->connectionID, messageBuffer, messageLength); +} +======= #include "batch/tnccs_batch.h" #include "messages/tnccs_msg.h" #include "messages/imc_imv_msg.h" @@ -28,6 +105,7 @@ #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> +>>>>>>> upstream/4.5.1 typedef struct private_tnccs_11_t private_tnccs_11_t; @@ -47,6 +125,118 @@ struct private_tnccs_11_t { bool is_server; /** +<<<<<<< HEAD + * TNCC Connection to IMCs + */ + libtnc_tncc_connection* tncc_connection; + + /** + * TNCS Connection to IMVs + */ + libtnc_tncs_connection* tncs_connection; +}; + +METHOD(tls_t, process, status_t, + private_tnccs_11_t *this, void *buf, size_t buflen) +{ + u_int32_t conn_id; + + if (this->is_server && !this->tncs_connection) + { + this->tncs_connection = libtnc_tncs_CreateConnection(NULL); + if (!this->tncs_connection) + { + DBG1(DBG_TNC, "TNCS CreateConnection failed"); + return FAILED; + } + DBG1(DBG_TNC, "assigned TNCS Connection ID %u", + this->tncs_connection->connectionID); + if (libtnc_tncs_BeginSession(this->tncs_connection) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCS BeginSession failed"); + return FAILED; + } + } + conn_id = this->is_server ? this->tncs_connection->connectionID + : this->tncc_connection->connectionID; + + DBG1(DBG_TNC, "received TNCCS Batch (%u bytes) for Connection ID %u", + buflen, conn_id); + DBG3(DBG_TNC, "%.*s", buflen, buf); + + if (this->is_server) + { + if (libtnc_tncs_ReceiveBatch(this->tncs_connection, buf, buflen) != + TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCS ReceiveBatch failed"); + return FAILED; + } + } + else + { + if (libtnc_tncc_ReceiveBatch(this->tncc_connection, buf, buflen) != + TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCC ReceiveBatch failed"); + return FAILED; + } + } + return NEED_MORE; +} + +METHOD(tls_t, build, status_t, + private_tnccs_11_t *this, void *buf, size_t *buflen, size_t *msglen) +{ + chunk_t batch; + u_int32_t conn_id; + size_t len; + + if (!this->is_server && !this->tncc_connection) + { + this->tncc_connection = libtnc_tncc_CreateConnection(NULL); + if (!this->tncc_connection) + { + DBG1(DBG_TNC, "TNCC CreateConnection failed"); + return FAILED; + } + DBG1(DBG_TNC, "assigned TNCC Connection ID %u", + this->tncc_connection->connectionID); + if (libtnc_tncc_BeginSession(this->tncc_connection) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCC BeginSession failed"); + return FAILED; + } + } + conn_id = this->is_server ? this->tncs_connection->connectionID + : this->tncc_connection->connectionID; + + if (!retrieve_batch(conn_id, &batch)) + { + return FAILED; + } + len = *buflen; + len = min(len, batch.len); + *buflen = len; + if (msglen) + { + *msglen = batch.len; + } + + if (batch.len) + { + DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u", + batch.len, conn_id); + DBG3(DBG_TNC, "%.*s", batch.len, batch.ptr); + memcpy(buf, batch.ptr, len); + free_batch(conn_id); + return ALREADY_DONE; + } + else + { + return INVALID_STATE; + } +======= * Connection ID assigned to this TNCCS connection */ TNC_ConnectionID connection_id; @@ -413,6 +603,7 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; +>>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -432,6 +623,41 @@ METHOD(tls_t, is_complete, bool, { TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; +<<<<<<< HEAD + char *group; + identification_t *id; + ike_sa_t *ike_sa; + auth_cfg_t *auth; + + if (libtnc_tncs_HaveRecommendation(this->tncs_connection, &rec, &eval) == + TNC_RESULT_SUCCESS) + { + switch (rec) + { + case TNC_IMV_ACTION_RECOMMENDATION_ALLOW: + DBG1(DBG_TNC, "TNC recommendation is allow"); + group = "allow"; + break; + case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE: + DBG1(DBG_TNC, "TNC recommendation is isolate"); + group = "isolate"; + break; + case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS: + case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION: + default: + DBG1(DBG_TNC, "TNC recommendation is none"); + return FALSE; + } + ike_sa = charon->bus->get_sa(charon->bus); + if (ike_sa) + { + auth = ike_sa->get_auth_cfg(ike_sa, FALSE); + id = identification_create_from_string(group); + auth->add(auth, AUTH_RULE_GROUP, id); + DBG1(DBG_TNC, "added group membership '%s' based on TNC recommendation", group); + } + return TRUE; +======= if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval)) { @@ -440,6 +666,7 @@ METHOD(tls_t, is_complete, bool, TNC_IMV_Evaluation_Result_names, eval); return charon->imvs->enforce_recommendation(charon->imvs, rec); +>>>>>>> upstream/4.5.1 } else { @@ -458,6 +685,21 @@ METHOD(tls_t, destroy, void, { if (this->is_server) { +<<<<<<< HEAD + if (this->tncs_connection) + { + libtnc_tncs_DeleteConnection(this->tncs_connection); + } + } + else + { + if (this->tncc_connection) + { + libtnc_tncc_DeleteConnection(this->tncc_connection); + } + libtnc_tncc_Terminate(); + } +======= charon->imvs->notify_connection_change(charon->imvs, this->connection_id, TNC_CONNECTION_STATE_DELETE); } @@ -469,6 +711,7 @@ METHOD(tls_t, destroy, void, charon->tnccs->remove_connection(charon->tnccs, this->connection_id); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); +>>>>>>> upstream/4.5.1 free(this); } @@ -490,7 +733,10 @@ tls_t *tnccs_11_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, +<<<<<<< HEAD +======= .mutex = mutex_create(MUTEX_TYPE_DEFAULT), +>>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_20/Makefile.am b/src/libcharon/plugins/tnccs_20/Makefile.am index d72fd3e34..14f02a682 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.am +++ b/src/libcharon/plugins/tnccs_20/Makefile.am @@ -1,13 +1,33 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnccs_20_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la else plugin_LTLIBRARIES = libstrongswan-tnccs-20.la +<<<<<<< HEAD +libstrongswan_tnccs_20_la_LIBADD += $(top_builddir)/src/libtls/libtls.la +endif + +libstrongswan_tnccs_20_la_SOURCES = \ + tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c + +libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version + +======= libstrongswan_tnccs_20_la_LIBADD = $(top_builddir)/src/libtls/libtls.la endif @@ -26,3 +46,4 @@ libstrongswan_tnccs_20_la_SOURCES = \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in index 9853be338..bb0c419f4 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.in +++ b/src/libcharon/plugins/tnccs_20/Makefile.in @@ -34,6 +34,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +<<<<<<< HEAD +@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la +======= +>>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_20 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -74,6 +78,10 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnccs_20_la_DEPENDENCIES = $(am__append_1) +am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo +======= @MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_DEPENDENCIES = \ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ @@ -82,6 +90,7 @@ am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ pb_access_recommendation_msg.lo pb_error_msg.lo \ pb_language_preference_msg.lo pb_reason_string_msg.lo \ pb_remediation_parameters_msg.lo pb_tnc_state_machine.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_OBJECTS = \ $(am_libstrongswan_tnccs_20_la_OBJECTS) libstrongswan_tnccs_20_la_LINK = $(LIBTOOL) --tag=CC \ @@ -228,7 +237,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,8 +282,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -280,6 +298,17 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnccs_20_la_LIBADD = -ltnc $(am__append_1) +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la +libstrongswan_tnccs_20_la_SOURCES = \ + tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @@ -299,6 +328,7 @@ libstrongswan_tnccs_20_la_SOURCES = \ messages/pb_reason_string_msg.h messages/pb_reason_string_msg.c \ messages/pb_remediation_parameters_msg.h messages/pb_remediation_parameters_msg.c \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version all: all-am @@ -384,6 +414,8 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_access_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_assessment_result_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_error_msg.Plo@am__quote@ @@ -395,6 +427,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_batch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_state_machine.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20_plugin.Plo@am__quote@ @@ -419,6 +452,8 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +<<<<<<< HEAD +======= pb_tnc_batch.lo: batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pb_tnc_batch.lo -MD -MP -MF $(DEPDIR)/pb_tnc_batch.Tpo -c -o pb_tnc_batch.lo `test -f 'batch/pb_tnc_batch.c' || echo '$(srcdir)/'`batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pb_tnc_batch.Tpo $(DEPDIR)/pb_tnc_batch.Plo @@ -496,6 +531,7 @@ pb_tnc_state_machine.lo: state_machine/pb_tnc_state_machine.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pb_tnc_state_machine.lo `test -f 'state_machine/pb_tnc_state_machine.c' || echo '$(srcdir)/'`state_machine/pb_tnc_state_machine.c +>>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index d53fd8eb7..28cfa2cbc 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Sansar Choinyanbuu +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -15,6 +18,12 @@ */ #include "tnccs_20.h" +<<<<<<< HEAD + +#include <debug.h> + +static chunk_t tncc_output; +======= #include "batch/pb_tnc_batch.h" #include "messages/pb_tnc_msg.h" #include "messages/pb_pa_msg.h" @@ -32,6 +41,7 @@ #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> +>>>>>>> upstream/4.5.1 typedef struct private_tnccs_20_t private_tnccs_20_t; @@ -49,6 +59,20 @@ struct private_tnccs_20_t { * TNCC if TRUE, TNCS if FALSE */ bool is_server; +<<<<<<< HEAD +}; + +METHOD(tls_t, process, status_t, + private_tnccs_20_t *this, void *buf, size_t buflen) +{ + return NEED_MORE; +} + +METHOD(tls_t, build, status_t, + private_tnccs_20_t *this, void *buf, size_t *buflen, size_t *msglen) +{ + return ALREADY_DONE; +======= /** * PB-TNC State Machine @@ -584,6 +608,7 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; +>>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -601,6 +626,9 @@ METHOD(tls_t, get_purpose, tls_purpose_t, METHOD(tls_t, is_complete, bool, private_tnccs_20_t *this) { +<<<<<<< HEAD + return FALSE; +======= TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; @@ -616,6 +644,7 @@ METHOD(tls_t, is_complete, bool, { return FALSE; } +>>>>>>> upstream/4.5.1 } METHOD(tls_t, get_eap_msk, chunk_t, @@ -627,6 +656,8 @@ METHOD(tls_t, get_eap_msk, chunk_t, METHOD(tls_t, destroy, void, private_tnccs_20_t *this) { +<<<<<<< HEAD +======= if (this->is_server) { charon->imvs->notify_connection_change(charon->imvs, @@ -641,6 +672,7 @@ METHOD(tls_t, destroy, void, this->state_machine->destroy(this->state_machine); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); +>>>>>>> upstream/4.5.1 free(this); } @@ -662,8 +694,11 @@ tls_t *tnccs_20_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, +<<<<<<< HEAD +======= .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), +>>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index f7162d800..ca2522e46 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 4e43388ec..9032d8353 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -196,8 +196,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 5fa749e56..c2f8f43fb 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 5dd2dc843..4b7622e17 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ |