diff options
Diffstat (limited to 'src/libstrongswan/credentials')
| -rw-r--r-- | src/libstrongswan/credentials/auth_cfg.c | 104 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/auth_cfg.h | 6 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/builder.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/builder.h | 10 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/cert_validator.h | 9 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/crl.h | 3 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 33 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/cred_encoding.c | 7 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/credential_manager.c | 70 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/auth_cfg_wrapper.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.c | 78 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.h | 19 |
13 files changed, 9 insertions, 345 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 9c7df81a6..23a3f62d9 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,19 +131,13 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -155,11 +149,8 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 break; } } @@ -185,11 +176,8 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -200,18 +188,12 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -263,11 +245,8 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -279,18 +258,12 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 default: return NULL; } @@ -313,11 +286,8 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -328,18 +298,12 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -410,40 +374,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { -<<<<<<< HEAD - cert_validation_t validated, required; - - required = (uintptr_t)value; - validated = (uintptr_t)get(this, t1); - switch (required) - { - case VALIDATION_FAILED: - /* no constraint */ - break; - case VALIDATION_SKIPPED: - if (validated == VALIDATION_SKIPPED) - { - break; - } - /* FALL */ - case VALIDATION_GOOD: - if (validated == VALIDATION_GOOD) - { - break; - } - /* FALL */ - default: - success = FALSE; - if (log_error) - { - DBG1(DBG_CFG, "constraint check failed: %N is %N, " - "but requires at least %N", auth_rule_names, - t1, cert_validation_names, validated, - cert_validation_names, required); - } - break; - } -======= uintptr_t validated; e2 = create_enumerator(this); @@ -483,7 +413,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } } e2->destroy(e2); ->>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -567,8 +496,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: { @@ -634,15 +561,11 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -689,10 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -704,11 +624,8 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -723,10 +640,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -779,11 +693,8 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -797,10 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -831,10 +739,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -917,19 +822,13 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -941,11 +840,8 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 659a7c9ef..489ce1134 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -90,15 +90,12 @@ enum auth_rule_t { * The group membership constraint is fulfilled if the subject is member of * one group defined in the constraints. */ AUTH_RULE_GROUP, -<<<<<<< HEAD -======= /** required RSA public key strength, u_int in bits */ AUTH_RULE_RSA_STRENGTH, /** required ECDSA public key strength, u_int in bits */ AUTH_RULE_ECDSA_STRENGTH, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, ->>>>>>> upstream/4.5.1 /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, @@ -108,11 +105,8 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, -<<<<<<< HEAD -======= /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, ->>>>>>> upstream/4.5.1 }; /** diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index 4d3a78eab..f9a277a2c 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -43,10 +43,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", -<<<<<<< HEAD - "BUILD_X509_FLAG", - "BUILD_REVOKED_ENUMERATOR", -======= "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -57,7 +53,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_BASE_CRL", ->>>>>>> upstream/4.5.1 "BUILD_CHALLENGE_PWD", "BUILD_PKCS11_MODULE", "BUILD_PKCS11_SLOT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index fc93a6007..325b668cd 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -87,18 +87,12 @@ enum builder_part_t { BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, -<<<<<<< HEAD - /** CRL distribution point URIs, linked_list_t* containing char* */ -======= /** CRL distribution point URIs, x509_cdp_t* */ ->>>>>>> upstream/4.5.1 BUILD_CRL_DISTRIBUTION_POINTS, /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, -<<<<<<< HEAD -======= /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -113,16 +107,12 @@ enum builder_part_t { BUILD_POLICY_INHIBIT_MAPPING, /** inhibitAnyPolicy constraint, int */ BUILD_POLICY_INHIBIT_ANY, ->>>>>>> upstream/4.5.1 /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ BUILD_REVOKED_ENUMERATOR, -<<<<<<< HEAD -======= /** Base CRL serial for a delta CRL, chunk_t, */ BUILD_BASE_CRL, ->>>>>>> upstream/4.5.1 /** PKCS#10 challenge password */ BUILD_CHALLENGE_PWD, /** friendly name of a PKCS#11 module, null terminated char* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index f329281d3..733d9d612 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -40,14 +40,6 @@ struct cert_validator_t { * @param subject subject certificate to check * @param issuer issuer of subject * @param online wheter to do online revocation checking -<<<<<<< HEAD - * @param pathlen the current length of the path up to the root CA - * @param auth container for resulting authentication info - */ - bool (*validate)(cert_validator_t *this, certificate_t *subject, - certificate_t *issuer, bool online, int pathlen, - auth_cfg_t *auth); -======= * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info @@ -55,7 +47,6 @@ struct cert_validator_t { bool (*validate)(cert_validator_t *this, certificate_t *subject, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth); ->>>>>>> upstream/4.5.1 }; #endif /** CERT_VALIDATOR_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 11ad7f2f3..2f3497474 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -72,8 +72,6 @@ struct crl_t { chunk_t (*get_authKeyIdentifier)(crl_t *this); /** -<<<<<<< HEAD -======= * Is this CRL a delta CRL? * * @param base_crl gets to baseCrlNumber, if this is a delta CRL @@ -89,7 +87,6 @@ struct crl_t { enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over all revoked certificates. * * The enumerator takes 3 pointer arguments: diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 3ab26c8c5..fec02dbad 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,12 +24,6 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> -<<<<<<< HEAD -#define X509_NO_PATH_LEN_CONSTRAINT -1 - -typedef struct x509_t x509_t; -typedef enum x509_flag_t x509_flag_t; -======= /* constraints are currently restricted to the range 0..127 */ #define X509_NO_CONSTRAINT 255 @@ -39,7 +33,6 @@ typedef struct x509_policy_mapping_t x509_policy_mapping_t; typedef struct x509_cdp_t x509_cdp_t; typedef enum x509_flag_t x509_flag_t; typedef enum x509_constraint_t x509_constraint_t; ->>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -61,14 +54,6 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), -<<<<<<< HEAD -}; - -/** - * enum names for x509 flags - */ -extern enum_name_t *x509_flag_names; -======= /** cert has CRL sign key usage */ X509_CRL_SIGN = (1<<7), }; @@ -118,7 +103,6 @@ struct x509_cdp_t { /** CRL issuer */ identification_t *issuer; }; ->>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -162,20 +146,12 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** -<<<<<<< HEAD - * Get an optional path length constraint. - * - * @return pathLenConstraint, -1 if no constraint exists - */ - int (*get_pathLenConstraint)(x509_t *this); -======= * Get a numerical X.509 constraint. * * @param type type of constraint to get * @return constraint, X509_NO_CONSTRAINT if none found */ u_int (*get_constraint)(x509_t *this, x509_constraint_t type); ->>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -185,15 +161,9 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** -<<<<<<< HEAD - * Create an enumerator over all CRL URIs. - * - * @return enumerator over URIs as char* -======= * Create an enumerator over all CRL URIs and CRL Issuers. * * @return enumerator over x509_cdp_t ->>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -210,8 +180,6 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); -<<<<<<< HEAD -======= /** * Create an enumerator over name constraints. @@ -236,7 +204,6 @@ struct x509_t { enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); ->>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index edd76205b..ac3266f4c 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -180,8 +180,13 @@ static bool encode(private_cred_encoding_t *this, cred_encoding_type_t type, chunk = malloc_thing(chunk_t); *chunk = *encoding; this->lock->write_lock(this->lock); - this->cache[type]->put(this->cache[type], cache, chunk); + chunk = this->cache[type]->put(this->cache[type], cache, chunk); this->lock->unlock(this->lock); + if (chunk) + { + free(chunk->ptr); + free(chunk); + } } return success; } diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 3e54368ff..27b97eab3 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,13 +452,8 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, -<<<<<<< HEAD - certificate_t *subject, certificate_t *issuer, - bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -476,36 +471,12 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } -<<<<<<< HEAD - if (issuer->get_type(issuer) == CERT_X509 && - subject->get_type(subject) == CERT_X509) - { - int pathlen_constraint; - x509_t *x509; - - /* check path length constraint */ - x509 = (x509_t*)issuer; - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && - pathlen > pathlen_constraint) - { - DBG1(DBG_CFG, "path length of %d violates constraint of %d", - pathlen, pathlen_constraint); - return FALSE; - } - } -======= ->>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, -<<<<<<< HEAD - online, pathlen, auth)) -======= online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -563,8 +534,6 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -596,7 +565,6 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** ->>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -608,13 +576,9 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); -<<<<<<< HEAD - current = subject->get_ref(subject); -======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); ->>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -659,25 +623,17 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } -<<<<<<< HEAD - if (!check_certificate(this, current, issuer, online, pathlen, - current == subject ? auth : NULL)) -======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } -<<<<<<< HEAD -======= if (issuer) { get_key_strength(issuer, auth); } ->>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -701,8 +657,6 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -711,7 +665,6 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** ->>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -731,11 +684,8 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; -<<<<<<< HEAD -======= /** list of failed candidates */ linked_list_t *failed; ->>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -763,13 +713,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { -<<<<<<< HEAD - this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, - this->pretrusted->get_ref(this->pretrusted)); - DBG1(DBG_CFG, " using trusted certificate \"%Y\"", - this->pretrusted->get_subject(this->pretrusted)); - *cert = this->pretrusted; -======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -778,7 +721,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } ->>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -796,15 +738,12 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } -<<<<<<< HEAD -======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -817,10 +756,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } -<<<<<<< HEAD -======= this->failed->insert_last(this->failed, current->get_ref(current)); ->>>>>>> upstream/4.5.1 } return FALSE; } @@ -831,10 +767,7 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); -<<<<<<< HEAD -======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); ->>>>>>> upstream/4.5.1 free(this); } @@ -853,10 +786,7 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, -<<<<<<< HEAD -======= .failed = linked_list_create(), ->>>>>>> upstream/4.5.1 ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index de5b85bae..fecc9910e 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -189,11 +189,11 @@ static char* get_string(private_ietf_attributes_t *this) if (oid == OID_UNKNOWN) { - written = snprintf(pos, len, "0x#B", &attr->value); + written = snprintf(pos, len, "0x%#B", &attr->value); } else { - written = snprintf(pos, len, "%s", oid_names[oid]); + written = snprintf(pos, len, "%s", oid_names[oid].name); } break; } @@ -331,7 +331,7 @@ static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t * /* look for at least one common attribute */ while (TRUE) { - bool cmp = attr_a->compare(attr_a, attr_b); + int cmp = attr_a->compare(attr_a, attr_b); if (cmp == 0) { diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 046ccfd12..225fabe31 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,12 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && -<<<<<<< HEAD - rule != AUTH_HELPER_IM_CERT) -======= rule != AUTH_HELPER_IM_CERT && rule != AUTH_HELPER_REVOCATION_CERT) ->>>>>>> upstream/4.5.1 { /* handle only HELPER certificates */ continue; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 5a2385b72..e023e8443 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperwsil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -59,14 +56,11 @@ struct private_mem_cred_t { * List of shared keys, as shared_entry_t */ linked_list_t *shared; -<<<<<<< HEAD -======= /** * List of CDPs, as cdp_t */ linked_list_t *cdps; ->>>>>>> upstream/4.5.1 }; /** @@ -157,23 +151,6 @@ static bool certificate_equals(certificate_t *item, certificate_t *cert) return item->equals(item, cert); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_cert, void, - private_mem_cred_t *this, bool trusted, certificate_t *cert) -{ - this->lock->write_lock(this->lock); - if (this->untrusted->find_last(this->untrusted, - (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS) - { - if (trusted) - { - this->trusted->insert_last(this->trusted, cert->get_ref(cert)); - } - this->untrusted->insert_last(this->untrusted, cert->get_ref(cert)); - } - cert->destroy(cert); - this->lock->unlock(this->lock); -======= /** * Add a certificate the the cache. Returns a reference to "cert" or a * previously cached certificate that equals "cert". @@ -272,7 +249,6 @@ METHOD(mem_cred_t, add_crl, bool, } this->lock->unlock(this->lock); return new; ->>>>>>> upstream/4.5.1 } /** @@ -332,11 +308,7 @@ METHOD(mem_cred_t, add_key, void, private_mem_cred_t *this, private_key_t *key) { this->lock->write_lock(this->lock); -<<<<<<< HEAD - this->keys->insert_last(this->keys, key); -======= this->keys->insert_first(this->keys, key); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -460,20 +432,6 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_shared, void, - private_mem_cred_t *this, shared_key_t *shared, ...) -{ - shared_entry_t *entry; - identification_t *id; - va_list args; - - INIT(entry, - .shared = shared, - .owners = linked_list_create(), - ); - -======= METHOD(mem_cred_t, add_shared_list, void, private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) { @@ -496,27 +454,18 @@ METHOD(mem_cred_t, add_shared, void, linked_list_t *owners = linked_list_create(); va_list args; ->>>>>>> upstream/4.5.1 va_start(args, shared); do { id = va_arg(args, identification_t*); if (id) { -<<<<<<< HEAD - entry->owners->insert_last(entry->owners, id); -======= owners->insert_first(owners, id); ->>>>>>> upstream/4.5.1 } } while (id); va_end(args); -<<<<<<< HEAD - this->lock->write_lock(this->lock); - this->shared->insert_last(this->shared, entry); -======= add_shared_list(this, shared, owners); } @@ -614,7 +563,6 @@ METHOD(mem_cred_t, clear_secrets, void, this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -626,15 +574,6 @@ METHOD(mem_cred_t, clear_, void, offsetof(certificate_t, destroy)); this->untrusted->destroy_offset(this->untrusted, offsetof(certificate_t, destroy)); -<<<<<<< HEAD - this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); - this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); - this->trusted = linked_list_create(); - this->untrusted = linked_list_create(); - this->keys = linked_list_create(); - this->shared = linked_list_create(); - this->lock->unlock(this->lock); -======= this->cdps->destroy_function(this->cdps, (void*)cdp_destroy); this->trusted = linked_list_create(); this->untrusted = linked_list_create(); @@ -642,7 +581,6 @@ METHOD(mem_cred_t, clear_, void, this->lock->unlock(this->lock); clear_secrets(this); ->>>>>>> upstream/4.5.1 } METHOD(mem_cred_t, destroy, void, @@ -653,10 +591,7 @@ METHOD(mem_cred_t, destroy, void, this->untrusted->destroy(this->untrusted); this->keys->destroy(this->keys); this->shared->destroy(this->shared); -<<<<<<< HEAD -======= this->cdps->destroy(this->cdps); ->>>>>>> upstream/4.5.1 this->lock->destroy(this->lock); free(this); } @@ -674,15 +609,6 @@ mem_cred_t *mem_cred_create() .create_shared_enumerator = _create_shared_enumerator, .create_private_enumerator = _create_private_enumerator, .create_cert_enumerator = _create_cert_enumerator, -<<<<<<< HEAD - .create_cdp_enumerator = (void*)return_null, - .cache_cert = (void*)nop, - }, - .add_cert = _add_cert, - .add_key = _add_key, - .add_shared = _add_shared, - .clear = _clear_, -======= .create_cdp_enumerator = _create_cdp_enumerator, .cache_cert = (void*)nop, }, @@ -695,17 +621,13 @@ mem_cred_t *mem_cred_create() .add_cdp = _add_cdp, .clear = _clear_, .clear_secrets = _clear_secrets, ->>>>>>> upstream/4.5.1 .destroy = _destroy, }, .trusted = linked_list_create(), .untrusted = linked_list_create(), .keys = linked_list_create(), .shared = linked_list_create(), -<<<<<<< HEAD -======= .cdps = linked_list_create(), ->>>>>>> upstream/4.5.1 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 274e07566..eb46b065b 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperswil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -29,11 +26,8 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> -<<<<<<< HEAD -======= #include <credentials/certificates/crl.h> #include <utils/linked_list.h> ->>>>>>> upstream/4.5.1 /** * Generic in-memory credential set. @@ -54,8 +48,6 @@ struct mem_cred_t { void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert); /** -<<<<<<< HEAD -======= * Add a certificate to the credential set, returning a reference to it or * to a cached duplicate. * @@ -76,7 +68,6 @@ struct mem_cred_t { bool (*add_crl)(mem_cred_t *this, crl_t *crl); /** ->>>>>>> upstream/4.5.1 * Add a private key to the credential set. * * @param key key, reference gets owned by set @@ -87,17 +78,11 @@ struct mem_cred_t { * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set -<<<<<<< HEAD - * @param ... NULL terminated list of owners identification_t* -======= * @param ... NULL terminated list of owners (identification_t*) ->>>>>>> upstream/4.5.1 */ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...); /** -<<<<<<< HEAD -======= * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -116,21 +101,17 @@ struct mem_cred_t { identification_t *id, char *uri); /** ->>>>>>> upstream/4.5.1 * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); /** -<<<<<<< HEAD -======= * Clear the secrets (private and shared keys, not the certificates) from * the credential set. */ void (*clear_secrets)(mem_cred_t *this); /** ->>>>>>> upstream/4.5.1 * Destroy a mem_cred_t. */ void (*destroy)(mem_cred_t *this); |