diff options
Diffstat (limited to 'src/libstrongswan/utils')
| -rw-r--r-- | src/libstrongswan/utils/backtrace.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/utils/enumerator.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/utils/enumerator.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/utils/hashtable.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/hashtable.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/host.c | 51 | ||||
| -rw-r--r-- | src/libstrongswan/utils/identification.c | 396 | ||||
| -rw-r--r-- | src/libstrongswan/utils/identification.h | 89 | ||||
| -rw-r--r-- | src/libstrongswan/utils/iterator.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/leak_detective.c | 7 | ||||
| -rw-r--r-- | src/libstrongswan/utils/lexparser.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/lexparser.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/linked_list.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/linked_list.h | 3 | ||||
| -rw-r--r-- | src/libstrongswan/utils/mutex.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/utils/mutex.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/optionsfrom.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils/optionsfrom.h | 2 |
18 files changed, 351 insertions, 235 deletions
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 3caafdc38..f110521af 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ #define _GNU_SOURCE @@ -25,6 +23,8 @@ # include <execinfo.h> #endif /* HAVE_BACKTRACE */ +#include <string.h> + #include "backtrace.h" typedef struct private_backtrace_t private_backtrace_t; diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c index e7653a9b2..24bafe66a 100644 --- a/src/libstrongswan/utils/enumerator.c +++ b/src/libstrongswan/utils/enumerator.c @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: enumerator.c 4744 2008-12-03 10:03:59Z tobias $ */ #include "enumerator.h" @@ -21,9 +19,11 @@ #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> +#include <limits.h> #include <stdio.h> #include <dirent.h> #include <errno.h> +#include <string.h> #include <debug.h> diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h index 98f300609..4367d0836 100644 --- a/src/libstrongswan/utils/enumerator.h +++ b/src/libstrongswan/utils/enumerator.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: enumerator.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -25,7 +23,7 @@ typedef struct enumerator_t enumerator_t; -#include <library.h> +#include <utils.h> /** * Enumerate is simpler, but more flexible than iterator. diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 27a7a66c1..6d33d023b 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: hashtable.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <utils/linked_list.h> diff --git a/src/libstrongswan/utils/hashtable.h b/src/libstrongswan/utils/hashtable.h index 28804caf8..cbe51f557 100644 --- a/src/libstrongswan/utils/hashtable.h +++ b/src/libstrongswan/utils/hashtable.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: hashtable.h 5003 2009-03-24 17:43:01Z martin $ */ /** diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index a40c42c49..484de5e54 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -14,8 +14,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: host.c 4977 2009-03-19 09:16:03Z martin $ */ #define _GNU_SOURCE @@ -34,7 +32,7 @@ typedef struct private_host_t private_host_t; /** * Private Data of a host object. */ -struct private_host_t { +struct private_host_t { /** * Public data */ @@ -81,7 +79,7 @@ static socklen_t *get_sockaddr_len(private_host_t *this) */ static bool is_anyaddr(private_host_t *this) { - switch (this->address.sa_family) + switch (this->address.sa_family) { case AF_INET: { @@ -100,7 +98,7 @@ static bool is_anyaddr(private_host_t *this) default: { return FALSE; - } + } } } @@ -171,7 +169,7 @@ static chunk_t get_address(private_host_t *this) { chunk_t address = chunk_empty; - switch (this->address.sa_family) + switch (this->address.sa_family) { case AF_INET: { @@ -206,7 +204,7 @@ static int get_family(private_host_t *this) */ static u_int16_t get_port(private_host_t *this) { - switch (this->address.sa_family) + switch (this->address.sa_family) { case AF_INET: { @@ -342,7 +340,7 @@ static void destroy(private_host_t *this) } /** - * Creates an empty host_t object + * Creates an empty host_t object */ static private_host_t *host_create_empty(void) { @@ -438,9 +436,12 @@ host_t *host_create_from_string(char *string, u_int16_t port) host_t *host_create_from_dns(char *string, int af, u_int16_t port) { private_host_t *this; - struct hostent host, *ptr; + struct hostent *ptr; + int ret = 0, err; +#ifdef HAVE_GETHOSTBYNAME_R + struct hostent host; char buf[512]; - int err, ret; +#endif if (streq(string, "%any")) { @@ -455,37 +456,49 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) /* gethostbyname does not like IPv6 addresses - fallback */ return host_create_from_string(string, port); } - + +#ifdef HAVE_GETHOSTBYNAME_R if (af) - { + { ret = gethostbyname2_r(string, af, &host, buf, sizeof(buf), &ptr, &err); } else { ret = gethostbyname_r(string, &host, buf, sizeof(buf), &ptr, &err); } - if (ret != 0) +#else + /* Some systems (e.g. Mac OS X) do not support gethostbyname_r */ + if (af) + { + ptr = gethostbyname2(string, af); + } + else { - DBG1("resolving '%s' failed: %s", string, hstrerror(err)); - return NULL; + ptr = gethostbyname(string); } if (ptr == NULL) { - DBG1("resolving '%s' failed", string); + err = h_errno; + } +#endif + if (ret != 0 || ptr == NULL) + { + DBG1("resolving '%s' failed: %s", string, hstrerror(err)); + return NULL; } this = host_create_empty(); - this->address.sa_family = host.h_addrtype; + this->address.sa_family = ptr->h_addrtype; switch (this->address.sa_family) { case AF_INET: memcpy(&this->address4.sin_addr.s_addr, - host.h_addr_list[0], host.h_length); + ptr->h_addr_list[0], ptr->h_length); this->address4.sin_port = htons(port); this->socklen = sizeof(struct sockaddr_in); break; case AF_INET6: memcpy(&this->address6.sin6_addr.s6_addr, - host.h_addr_list[0], host.h_length); + ptr->h_addr_list[0], ptr->h_length); this->address6.sin6_port = htons(port); this->socklen = sizeof(struct sockaddr_in6); break; diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index bce6b1cc2..1c04c97ef 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: identification.c 5036 2009-03-26 13:25:46Z martin $ */ #define _GNU_SOURCE @@ -59,110 +57,42 @@ ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_CERT_DER_SHA1, ID_KEY_ID, ENUM_END(id_type_names, ID_CERT_DER_SHA1); /** - * X.501 acronyms for well known object identifiers (OIDs) - */ -static u_char oid_ND[] = { - 0x02, 0x82, 0x06, 0x01, 0x0A, 0x07, 0x14 -}; -static u_char oid_UID[] = { - 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01 -}; -static u_char oid_DC[] = { - 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19 -}; -static u_char oid_CN[] = { - 0x55, 0x04, 0x03 -}; -static u_char oid_S[] = { - 0x55, 0x04, 0x04 -}; -static u_char oid_SN[] = { - 0x55, 0x04, 0x05 -}; -static u_char oid_C[] = { - 0x55, 0x04, 0x06 -}; -static u_char oid_L[] = { - 0x55, 0x04, 0x07 -}; -static u_char oid_ST[] = { - 0x55, 0x04, 0x08 -}; -static u_char oid_O[] = { - 0x55, 0x04, 0x0A -}; -static u_char oid_OU[] = { - 0x55, 0x04, 0x0B -}; -static u_char oid_T[] = { - 0x55, 0x04, 0x0C -}; -static u_char oid_D[] = { - 0x55, 0x04, 0x0D -}; -static u_char oid_N[] = { - 0x55, 0x04, 0x29 -}; -static u_char oid_G[] = { - 0x55, 0x04, 0x2A -}; -static u_char oid_I[] = { - 0x55, 0x04, 0x2B -}; -static u_char oid_ID[] = { - 0x55, 0x04, 0x2D -}; -static u_char oid_EN[] = { - 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x03, 0x01, 0x03 -}; -static u_char oid_E[] = { - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01 -}; -static u_char oid_UN[] = { - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x02 -}; -static u_char oid_TCGID[] = { - 0x2B, 0x06, 0x01, 0x04, 0x01, 0x89, 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B -}; - -/** * coding of X.501 distinguished name */ typedef struct { const u_char *name; - chunk_t oid; + int oid; u_char type; } x501rdn_t; static const x501rdn_t x501rdns[] = { - {"ND", {oid_ND, 7}, ASN1_PRINTABLESTRING}, - {"UID", {oid_UID, 10}, ASN1_PRINTABLESTRING}, - {"DC", {oid_DC, 10}, ASN1_PRINTABLESTRING}, - {"CN", {oid_CN, 3}, ASN1_PRINTABLESTRING}, - {"S", {oid_S, 3}, ASN1_PRINTABLESTRING}, - {"SN", {oid_SN, 3}, ASN1_PRINTABLESTRING}, - {"serialNumber", {oid_SN, 3}, ASN1_PRINTABLESTRING}, - {"C", {oid_C, 3}, ASN1_PRINTABLESTRING}, - {"L", {oid_L, 3}, ASN1_PRINTABLESTRING}, - {"ST", {oid_ST, 3}, ASN1_PRINTABLESTRING}, - {"O", {oid_O, 3}, ASN1_PRINTABLESTRING}, - {"OU", {oid_OU, 3}, ASN1_PRINTABLESTRING}, - {"T", {oid_T, 3}, ASN1_PRINTABLESTRING}, - {"D", {oid_D, 3}, ASN1_PRINTABLESTRING}, - {"N", {oid_N, 3}, ASN1_PRINTABLESTRING}, - {"G", {oid_G, 3}, ASN1_PRINTABLESTRING}, - {"I", {oid_I, 3}, ASN1_PRINTABLESTRING}, - {"ID", {oid_ID, 3}, ASN1_PRINTABLESTRING}, - {"EN", {oid_EN, 10}, ASN1_PRINTABLESTRING}, - {"employeeNumber", {oid_EN, 10}, ASN1_PRINTABLESTRING}, - {"E", {oid_E, 9}, ASN1_IA5STRING}, - {"Email", {oid_E, 9}, ASN1_IA5STRING}, - {"emailAddress", {oid_E, 9}, ASN1_IA5STRING}, - {"UN", {oid_UN, 9}, ASN1_IA5STRING}, - {"unstructuredName",{oid_UN, 9}, ASN1_IA5STRING}, - {"TCGID", {oid_TCGID, 12}, ASN1_PRINTABLESTRING} + {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING}, + {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING}, + {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING}, + {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING}, + {"S", OID_SURNAME, ASN1_PRINTABLESTRING}, + {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"C", OID_COUNTRY, ASN1_PRINTABLESTRING}, + {"L", OID_LOCALITY, ASN1_PRINTABLESTRING}, + {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING}, + {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING}, + {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING}, + {"T", OID_TITLE, ASN1_PRINTABLESTRING}, + {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING}, + {"N", OID_NAME, ASN1_PRINTABLESTRING}, + {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, + {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, + {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, + {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"unstructuredName",OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING} }; -#define X501_RDN_ROOF 26 /** * maximum number of RDNs in atodn() @@ -208,34 +138,22 @@ static void update_chunk(chunk_t *ch, int n) * Remove any malicious characters from a chunk. We are very restrictive, but * whe use these strings only to present it to the user. */ -static chunk_t sanitize_chunk(chunk_t chunk) +static bool sanitize_chunk(chunk_t chunk, chunk_t *clone) { char *pos; - chunk_t clone = chunk_clone(chunk); + bool all_printable = TRUE; + + *clone = chunk_clone(chunk); - for (pos = clone.ptr; pos < (char*)(clone.ptr + clone.len); pos++) + for (pos = clone->ptr; pos < (char*)(clone->ptr + clone->len); pos++) { - switch (*pos) + if (!isprint(*pos)) { - case '\0': - case ' ': - case '*': - case '-': - case '.': - case '/': - case '0' ... '9': - case ':': - case '=': - case '@': - case 'A' ... 'Z': - case '_': - case 'a' ... 'z': - break; - default: - *pos = '?'; + *pos = '?'; + all_printable = FALSE; } } - return clone; + return all_printable; } /** @@ -272,14 +190,15 @@ static bool init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next) /** * Fetches the next RDN in a DN */ -static bool get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, chunk_t *value, asn1_t *type, bool *next) +static bool get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, + chunk_t *value, asn1_t *type, bool *next) { chunk_t body; - + /* initialize return values */ *oid = chunk_empty; *value = chunk_empty; - + /* if all attributes have been parsed, get next rdn */ if (attribute->len <= 0) { @@ -371,19 +290,19 @@ static bool dntoa(chunk_t dn, chunk_t *str) int oid_code; bool next; bool first = TRUE; - + if (!init_rdn(dn, &rdn, &attribute, &next)) { return FALSE; } - + while (next) { if (!get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next)) { return FALSE; } - + if (first) { /* first OID/value pair */ first = FALSE; @@ -392,7 +311,7 @@ static bool dntoa(chunk_t dn, chunk_t *str) { /* separate OID/value pair by a comma */ update_chunk(str, snprintf(str->ptr,str->len,", ")); } - + /* print OID */ oid_code = asn1_known_oid(oid); if (oid_code == OID_UNKNOWN) @@ -404,7 +323,7 @@ static bool dntoa(chunk_t dn, chunk_t *str) update_chunk(str, snprintf(str->ptr,str->len,"%s", oid_names[oid_code].name)); } /* print value */ - proper = sanitize_chunk(value); + sanitize_chunk(value, &proper); update_chunk(str, snprintf(str->ptr,str->len,"=%.*s", (int)proper.len, proper.ptr)); chunk_free(&proper); } @@ -421,7 +340,7 @@ static bool same_dn(chunk_t a, chunk_t b) chunk_t oid_a, oid_b, value_a, value_b; asn1_t type_a, type_b; bool next_a, next_b; - + /* same lengths for the DNs */ if (a.len != b.len) { @@ -438,7 +357,7 @@ static bool same_dn(chunk_t a, chunk_t b) { return FALSE; } - + /* fetch next RDN pair */ while (next_a && next_b) { @@ -448,19 +367,19 @@ static bool same_dn(chunk_t a, chunk_t b) { return FALSE; } - + /* OIDs must agree */ if (oid_a.len != oid_b.len || !memeq(oid_a.ptr, oid_b.ptr, oid_b.len)) { return FALSE; } - + /* same lengths for values */ if (value_a.len != value_b.len) { return FALSE; } - + /* printableStrings and email RDNs require uppercase comparison */ if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING || (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL))) @@ -499,17 +418,17 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards) chunk_t oid_a, oid_b, value_a, value_b; asn1_t type_a, type_b; bool next_a, next_b; - + /* initialize wildcard counter */ *wildcards = 0; - + /* initialize DN parsing */ if (!init_rdn(a, &rdn_a, &attribute_a, &next_a) || !init_rdn(b, &rdn_b, &attribute_b, &next_b)) { return FALSE; } - + /* fetch next RDN pair */ while (next_a && next_b) { @@ -524,7 +443,7 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards) { return FALSE; } - + /* does rdn_b contain a wildcard? */ if (value_b.len == 1 && *value_b.ptr == '*') { @@ -536,7 +455,7 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards) { return FALSE; } - + /* printableStrings and email RDNs require uppercase comparison */ if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING || (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL))) @@ -609,15 +528,18 @@ static status_t atodn(char *src, chunk_t *dn) } else { - for (i = 0; i < X501_RDN_ROOF; i++) + bool found = FALSE; + + for (i = 0; i < countof(x501rdns); i++) { - if (strlen(x501rdns[i].name) == oid.len - && strncasecmp(x501rdns[i].name, oid.ptr, oid.len) == 0) + if (strlen(x501rdns[i].name) == oid.len && + strncasecmp(x501rdns[i].name, oid.ptr, oid.len) == 0) { - break; /* found a valid OID */ + found = TRUE; + break; } } - if (i == X501_RDN_ROOF) + if (!found) { status = NOT_SUPPORTED; state = UNKNOWN_OID; @@ -655,14 +577,24 @@ static status_t atodn(char *src, chunk_t *dn) if (rdn_count < RDN_MAX) { - rdns[rdn_count] = - asn1_wrap(ASN1_SET, "m", - asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_wrap(ASN1_OID, "c", x501rdns[i].oid), - asn1_wrap(rdn_type, "c", name) - ) - ); - dn_len += rdns[rdn_count++].len; + chunk_t rdn_oid; + + rdn_oid = asn1_build_known_oid(x501rdns[i].oid); + if (rdn_oid.len) + { + rdns[rdn_count] = + asn1_wrap(ASN1_SET, "m", + asn1_wrap(ASN1_SEQUENCE, "mm", + rdn_oid, + asn1_wrap(rdn_type, "c", name) + ) + ); + dn_len += rdns[rdn_count++].len; + } + else + { + status = INVALID_ARG; + } } else { @@ -677,12 +609,12 @@ static status_t atodn(char *src, chunk_t *dn) break; } } while (*src++ != '\0'); - + /* build the distinguished name sequence */ - { + { int i; u_char *pos = asn1_build_object(dn, ASN1_SEQUENCE, dn_len); - + for (i = 0; i < rdn_count; i++) { memcpy(pos, rdns[i].ptr, rdns[i].len); @@ -690,7 +622,7 @@ static status_t atodn(char *src, chunk_t *dn) free(rdns[i].ptr); } } - + if (status != SUCCESS) { free(dn->ptr); @@ -945,9 +877,8 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, case ID_FQDN: case ID_RFC822_ADDR: case ID_DER_ASN1_GN_URI: - case ID_EAP: case ID_IETF_ATTR_STRING: - proper = sanitize_chunk(this->encoded); + sanitize_chunk(this->encoded, &proper); snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr); chunk_free(&proper); break; @@ -961,6 +892,16 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, snprintf(buf, sizeof(buf), "(ASN.1 general Name"); break; case ID_KEY_ID: + if (sanitize_chunk(this->encoded, &proper)) + { /* fully printable, use ascii version */ + snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr); + } + else + { /* not printable, hex dump */ + snprintf(buf, sizeof(buf), "%#B", &this->encoded); + } + chunk_free(&proper); + break; case ID_PUBKEY_INFO_SHA1: case ID_PUBKEY_SHA1: case ID_CERT_DER_SHA1: @@ -978,6 +919,124 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, } /** + * Enumerator over RDNs + */ +typedef struct { + /* implements enumerator interface */ + enumerator_t public; + /* current RDN */ + chunk_t rdn; + /* current attribute */ + chunk_t attr; + /** have another RDN? */ + bool next; +} rdn_enumerator_t; + +/** + * Implementation of rdn_enumerator_t.enumerate + */ +static bool rdn_enumerate(rdn_enumerator_t *this, + id_part_t *type, chunk_t *data) +{ + chunk_t oid, value; + asn1_t asn1_type; + + while (this->next) + { + if (!get_next_rdn(&this->rdn, &this->attr, &oid, + &value, &asn1_type, &this->next)) + { + return FALSE; + } + switch (asn1_known_oid(oid)) + { + case OID_COMMON_NAME: + *type = ID_PART_RDN_CN; + break; + case OID_SURNAME: + *type = ID_PART_RDN_S; + break; + case OID_SERIAL_NUMBER: + *type = ID_PART_RDN_SN; + break; + case OID_COUNTRY: + *type = ID_PART_RDN_C; + break; + case OID_LOCALITY: + *type = ID_PART_RDN_L; + break; + case OID_STATE_OR_PROVINCE: + *type = ID_PART_RDN_ST; + break; + case OID_ORGANIZATION: + *type = ID_PART_RDN_O; + break; + case OID_ORGANIZATION_UNIT: + *type = ID_PART_RDN_OU; + break; + case OID_TITLE: + *type = ID_PART_RDN_T; + break; + case OID_DESCRIPTION: + *type = ID_PART_RDN_D; + break; + case OID_NAME: + *type = ID_PART_RDN_N; + break; + case OID_GIVEN_NAME: + *type = ID_PART_RDN_G; + break; + case OID_INITIALS: + *type = ID_PART_RDN_I; + break; + case OID_UNIQUE_IDENTIFIER: + *type = ID_PART_RDN_ID; + break; + case OID_EMAIL_ADDRESS: + *type = ID_PART_RDN_E; + break; + case OID_EMPLOYEE_NUMBER: + *type = ID_PART_RDN_EN; + break; + default: + continue; + } + *data = value; + return TRUE; + } + return FALSE; +} + +/** + * Implementation of identification_t.create_part_enumerator + */ +static enumerator_t* create_part_enumerator(private_identification_t *this) +{ + switch (this->type) + { + case ID_DER_ASN1_DN: + { + rdn_enumerator_t *e = malloc_thing(rdn_enumerator_t); + + e->public.enumerate = (void*)rdn_enumerate; + e->public.destroy = (void*)free; + if (init_rdn(this->encoded, &e->rdn, &e->attr, &e->next)) + { + return &e->public; + } + free(e); + /* FALL */ + } + case ID_RFC822_ADDR: + /* TODO */ + case ID_FQDN: + /* TODO */ + default: + return enumerator_create_empty(); + } +} + +/** * Implementation of identification_t.clone. */ static identification_t *clone_(private_identification_t *this) @@ -1014,6 +1073,7 @@ static private_identification_t *identification_create(void) this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding; this->public.get_type = (id_type_t (*) (identification_t*))get_type; this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards; + this->public.create_part_enumerator = (enumerator_t*(*)(identification_t*))create_part_enumerator; this->public.clone = (identification_t* (*) (identification_t*))clone_; this->public.destroy = (void (*) (identification_t*))destroy; /* we use these as defaults, the may be overloaded for special ID types */ @@ -1043,8 +1103,9 @@ identification_t *identification_create_from_string(char *string) */ if (atodn(string, &this->encoded) != SUCCESS) { - free(this); - return NULL; + this->type = ID_KEY_ID; + this->encoded = chunk_clone(chunk_create(string, strlen(string))); + return &this->public; } this->type = ID_DER_ASN1_DN; this->public.equals = (bool (*) (identification_t*,identification_t*))equals_dn; @@ -1084,11 +1145,11 @@ identification_t *identification_create_from_string(char *string) (identification_t*,identification_t*))matches_string; this->public.equals = (bool (*) (identification_t*,identification_t*))equals_strcasecmp; - return &(this->public); + return &this->public; } this->encoded = chunk_clone(chunk); this->type = ID_IPV4_ADDR; - return &(this->public); + return &this->public; } else { @@ -1098,12 +1159,14 @@ identification_t *identification_create_from_string(char *string) if (inet_pton(AF_INET6, string, &address) <= 0) { - free(this); - return NULL; + this->type = ID_KEY_ID; + this->encoded = chunk_clone(chunk_create(string, + strlen(string))); + return &this->public; } this->encoded = chunk_clone(chunk); this->type = ID_IPV6_ADDR; - return &(this->public); + return &this->public; } } } @@ -1117,7 +1180,7 @@ identification_t *identification_create_from_string(char *string) this->type = ID_KEY_ID; this->encoded = chunk_from_hex( chunk_create(string, strlen(string)), NULL); - return &(this->public); + return &this->public; } else { @@ -1128,7 +1191,7 @@ identification_t *identification_create_from_string(char *string) (identification_t*,identification_t*))matches_string; this->public.equals = (bool (*) (identification_t*,identification_t*))equals_strcasecmp; - return &(this->public); + return &this->public; } } else @@ -1140,7 +1203,7 @@ identification_t *identification_create_from_string(char *string) (identification_t*,identification_t*))matches_string; this->public.equals = (bool (*) (identification_t*,identification_t*))equals_strcasecmp; - return &(this->public); + return &this->public; } } } @@ -1180,7 +1243,6 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en case ID_PUBKEY_INFO_SHA1: case ID_PUBKEY_SHA1: case ID_CERT_DER_SHA1: - case ID_EAP: case ID_IETF_ATTR_STRING: default: break; diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 2284b7b46..dc0aec18e 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: identification.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -29,6 +27,7 @@ typedef enum id_type_t id_type_t; typedef struct identification_t identification_t; typedef enum id_match_t id_match_t; +typedef enum id_part_t id_part_t; #include <library.h> @@ -80,7 +79,8 @@ enum id_type_t { * An example of an ID_RFC822_ADDR is "jsmith@example.com". * The string MUST NOT contain any terminators. */ - ID_RFC822_ADDR = 3, + ID_USER_FQDN = 3, /* IKEv1 only */ + ID_RFC822_ADDR = 3, /* IKEv2 only */ /** * ID data is an IPv4 subnet (IKEv1 only) @@ -143,16 +143,16 @@ enum id_type_t { * SHA1 hash of the binary DER encoding of a certificate */ ID_CERT_DER_SHA1 = 204, - + /** - * Generic EAP identity + * IETF Attribute Syntax String (RFC 3281) */ - ID_EAP = 205, + ID_IETF_ATTR_STRING = 205, /** - * IETF Attribute Syntax String (RFC 3281) + * Private ID used by the pluto daemon for opportunistic encryption */ - ID_IETF_ATTR_STRING = 206, + ID_MYID = 206, }; /** @@ -161,6 +161,56 @@ enum id_type_t { extern enum_name_t *id_type_names; /** + * Type of an ID sub part. + */ +enum id_part_t { + /** Username part of an RFC822_ADDR */ + ID_PART_USERNAME, + /** Domain part of an RFC822_ADDR */ + ID_PART_DOMAIN, + + /** Top-Level domain of a FQDN */ + ID_PART_TLD, + /** Second-Level domain of a FQDN */ + ID_PART_SLD, + /** Another Level domain of a FQDN */ + ID_PART_ALD, + + /** Country RDN of a DN */ + ID_PART_RDN_C, + /** CommonName RDN of a DN */ + ID_PART_RDN_CN, + /** Description RDN of a DN */ + ID_PART_RDN_D, + /** Email RDN of a DN */ + ID_PART_RDN_E, + /** EmployeeNumber RDN of a DN */ + ID_PART_RDN_EN, + /** GivenName RDN of a DN */ + ID_PART_RDN_G, + /** Initials RDN of a DN */ + ID_PART_RDN_I, + /** UniqueIdentifier RDN of a DN */ + ID_PART_RDN_ID, + /** Locality RDN of a DN */ + ID_PART_RDN_L, + /** Name RDN of a DN */ + ID_PART_RDN_N, + /** Organization RDN of a DN */ + ID_PART_RDN_O, + /** OrganizationUnit RDN of a DN */ + ID_PART_RDN_OU, + /** Surname RDN of a DN */ + ID_PART_RDN_S, + /** SerialNumber RDN of a DN */ + ID_PART_RDN_SN, + /** StateOrProvince RDN of a DN */ + ID_PART_RDN_ST, + /** Title RDN of a DN */ + ID_PART_RDN_T, +}; + +/** * Generic identification, such as used in ID payload. * * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison @@ -225,6 +275,19 @@ struct identification_t { bool (*contains_wildcards) (identification_t *this); /** + * Create an enumerator over subparts of an identity. + * + * Some identities are built from several parts, e.g. an E-Mail consists + * of a username and a domain part, or a DistinguishedName contains several + * RDNs. + * For identity without subtypes (support), an empty enumerator is + * returned. + * + * @return an enumerator over (id_part_t type, chunk_t data) + */ + enumerator_t* (*create_part_enumerator)(identification_t *this); + + /** * Clone a identification_t instance. * * @return clone of this @@ -257,16 +320,16 @@ struct identification_t { * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, * unstructuredName, TCGID. * + * This constructor never returns NULL. If it does not find a suitable + * conversion function, it will copy the string to an ID_KEY_ID. + * * @param string input string, which will be converted - * @return created identification_t, NULL if not supported. + * @return identification_t */ identification_t * identification_create_from_string(char *string); /** * Creates an identification_t object from an encoded chunk. - * - * In contrast to identification_create_from_string(), this constructor never - * returns NULL, even when the conversion to a string representation fails. * * @param type type of this id, such as ID_IPV4_ADDR * @param encoded encoded bytes, such as from identification_t.get_encoding diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h index 02eb1b9c0..1dbf01539 100644 --- a/src/libstrongswan/utils/iterator.h +++ b/src/libstrongswan/utils/iterator.h @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: iterator.h 5003 2009-03-24 17:43:01Z martin $ */ /** diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 0e0866fec..2cac3b458 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: leak_detective.c 4936 2009-03-12 18:07:32Z tobias $ */ #define _GNU_SOURCE @@ -202,6 +200,11 @@ char *whitelist[] = { "DH_new_method", "ENGINE_load_builtin_engines", "OPENSSL_config", + /* libgcrypt */ + "gcry_control", + "gcry_check_version", + "gcry_randomize", + "gcry_create_nonce", }; /** diff --git a/src/libstrongswan/utils/lexparser.c b/src/libstrongswan/utils/lexparser.c index 5725df1ea..2472f6751 100644 --- a/src/libstrongswan/utils/lexparser.c +++ b/src/libstrongswan/utils/lexparser.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: lexparser.c 4877 2009-02-18 09:45:54Z martin $ */ #include "lexparser.h" diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h index 6ae970e1e..7e2edb278 100644 --- a/src/libstrongswan/utils/lexparser.h +++ b/src/libstrongswan/utils/lexparser.h @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: lexparser.h 5003 2009-03-24 17:43:01Z martin $ */ /** diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index bfe30b0df..a45468cca 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: linked_list.c 4936 2009-03-12 18:07:32Z tobias $ */ #include <stdlib.h> diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h index aa603fefa..8b2de9083 100644 --- a/src/libstrongswan/utils/linked_list.h +++ b/src/libstrongswan/utils/linked_list.h @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: linked_list.h 5003 2009-03-24 17:43:01Z martin $ */ /** @@ -27,7 +25,6 @@ typedef struct linked_list_t linked_list_t; -#include <library.h> #include <utils/iterator.h> #include <utils/enumerator.h> diff --git a/src/libstrongswan/utils/mutex.c b/src/libstrongswan/utils/mutex.c index ba4b72b0c..8b3a25201 100644 --- a/src/libstrongswan/utils/mutex.c +++ b/src/libstrongswan/utils/mutex.c @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: mutex.c 4803 2008-12-15 09:13:43Z martin $ */ #define _GNU_SOURCE @@ -315,7 +313,7 @@ mutex_t *mutex_create(mutex_type_t type) /** * Implementation of condvar_t.wait. */ -static void wait(private_condvar_t *this, private_mutex_t *mutex) +static void _wait(private_condvar_t *this, private_mutex_t *mutex) { if (mutex->recursive) { @@ -389,7 +387,7 @@ static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex, /** * Implementation of condvar_t.signal. */ -static void signal(private_condvar_t *this) +static void _signal(private_condvar_t *this) { pthread_cond_signal(&this->condvar); } @@ -423,10 +421,10 @@ condvar_t *condvar_create(condvar_type_t type) { private_condvar_t *this = malloc_thing(private_condvar_t); - this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))wait; + this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))_wait; this->public.timed_wait = (bool(*)(condvar_t*, mutex_t *mutex, u_int timeout))timed_wait; this->public.timed_wait_abs = (bool(*)(condvar_t*, mutex_t *mutex, timeval_t time))timed_wait_abs; - this->public.signal = (void(*)(condvar_t*))signal; + this->public.signal = (void(*)(condvar_t*))_signal; this->public.broadcast = (void(*)(condvar_t*))broadcast; this->public.destroy = (void(*)(condvar_t*))condvar_destroy; diff --git a/src/libstrongswan/utils/mutex.h b/src/libstrongswan/utils/mutex.h index 46c939fb8..c5c667992 100644 --- a/src/libstrongswan/utils/mutex.h +++ b/src/libstrongswan/utils/mutex.h @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: mutex.h 5003 2009-03-24 17:43:01Z martin $ */ /** diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index 18427e197..bf47e6b98 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * $Id: optionsfrom.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stdio.h> diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h index 9372971ca..05269f4f5 100644 --- a/src/libstrongswan/utils/optionsfrom.h +++ b/src/libstrongswan/utils/optionsfrom.h @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: optionsfrom.h 5003 2009-03-24 17:43:01Z martin $ */ /** |