summaryrefslogtreecommitdiff
path: root/src/openac
diff options
context:
space:
mode:
Diffstat (limited to 'src/openac')
-rw-r--r--src/openac/Makefile.am98
-rw-r--r--src/openac/Makefile.in242
-rw-r--r--src/openac/build.c125
-rw-r--r--src/openac/build.h24
-rw-r--r--src/openac/loglite.c295
-rw-r--r--src/openac/openac.829
-rwxr-xr-xsrc/openac/openac.c381
7 files changed, 366 insertions, 828 deletions
diff --git a/src/openac/Makefile.am b/src/openac/Makefile.am
index c1e2a593a..4b88d8b2d 100644
--- a/src/openac/Makefile.am
+++ b/src/openac/Makefile.am
@@ -1,98 +1,8 @@
ipsec_PROGRAMS = openac
-openac_SOURCES = openac.c build.c build.h loglite.c
-
-INCLUDES = \
--I$(top_srcdir)/src/libfreeswan \
--I$(top_srcdir)/src/pluto \
--I$(top_srcdir)/src/libcrypto \
--I$(top_srcdir)/src/whack
-
-AM_CFLAGS = -DDEBUG -DNO_PLUTO -DIPSEC_CONFDIR=\"${confdir}\"
-openac_LDADD = ac.o asn1.o ca.o certs.o constants.o crl.o defs.o mp_defs.o fetch.o id.o keys.o lex.o \
- md2.o md5.o ocsp.o oid.o pem.o pgp.o pkcs1.o rnd.o sha1.o smartcard.o x509.o \
- $(top_srcdir)/src/libfreeswan/libfreeswan.a $(top_srcdir)/src/libcrypto/libcrypto.a \
- -lgmp
-
-# This compile option activates dynamic URL fetching using libcurl
-if USE_LIBCURL
- openac_LDADD += -lcurl
-endif
-
-# This compile option activates smartcard support
-if USE_SMARTCARD
- openac_LDADD += -ldl
-endif
-
+openac_SOURCES = openac.c build.c build.h
dist_man_MANS = openac.8
-PLUTODIR=$(top_srcdir)/src/pluto
-
-ac.o : $(PLUTODIR)/ac.c $(PLUTODIR)/ac.h
- $(COMPILE) -c -o $@ $<
-
-asn1.o : $(PLUTODIR)/asn1.c $(PLUTODIR)/asn1.h
- $(COMPILE) -c -o $@ $<
-
-ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h
- $(COMPILE) -c -o $@ $<
-
-certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h
- $(COMPILE) -c -o $@ $<
-
-constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
- $(COMPILE) -c -o $@ $<
-
-crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h
- $(COMPILE) -c -o $@ $<
-
-defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
- $(COMPILE) -c -o $@ $<
-
-mp_defs.o : $(PLUTODIR)/mp_defs.c $(PLUTODIR)/mp_defs.h
- $(COMPILE) -c -o $@ $<
-
-fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h
- $(COMPILE) -c -o $@ $<
-
-id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h
- $(COMPILE) -c -o $@ $<
-
-keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h
- $(COMPILE) -c -o $@ $<
-
-lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
- $(COMPILE) -c -o $@ $<
-
-md2.o : $(PLUTODIR)/md2.c $(PLUTODIR)/md2.h
- $(COMPILE) -c -o $@ $<
-
-md5.o : $(PLUTODIR)/md5.c $(PLUTODIR)/md5.h
- $(COMPILE) -c -o $@ $<
-
-ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
- $(COMPILE) -c -o $@ $<
-
-oid.o : $(PLUTODIR)/oid.c $(PLUTODIR)/oid.h
- $(COMPILE) -c -o $@ $<
-
-pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
- $(COMPILE) -c -o $@ $<
-
-pgp.o : $(PLUTODIR)/pgp.c $(PLUTODIR)/pgp.h
- $(COMPILE) -c -o $@ $<
-
-pkcs1.o : $(PLUTODIR)/pkcs1.c $(PLUTODIR)/pkcs1.h
- $(COMPILE) -c -o $@ $<
-
-rnd.o : $(PLUTODIR)/rnd.c $(PLUTODIR)/rnd.h
- $(COMPILE) -c -o $@ $<
-
-sha1.o : $(PLUTODIR)/sha1.c $(PLUTODIR)/sha1.h
- $(COMPILE) -c -o $@ $<
-
-smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h
- $(COMPILE) -c -o $@ $<
-
-x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h
- $(COMPILE) -c -o $@ $<
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -DIPSEC_CONFDIR=\"${confdir}\"
+openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index fb295075a..d0f7817dc 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -14,15 +14,11 @@
@SET_MAKE@
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
@@ -37,12 +33,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = openac$(EXEEXT)
-
-# This compile option activates dynamic URL fetching using libcurl
-@USE_LIBCURL_TRUE@am__append_1 = -lcurl
-
-# This compile option activates smartcard support
-@USE_SMARTCARD_TRUE@am__append_2 = -ldl
subdir = src/openac
DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
@@ -55,26 +45,22 @@ CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"
ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(ipsec_PROGRAMS)
-am_openac_OBJECTS = openac.$(OBJEXT) build.$(OBJEXT) loglite.$(OBJEXT)
+am_openac_OBJECTS = openac.$(OBJEXT) build.$(OBJEXT)
openac_OBJECTS = $(am_openac_OBJECTS)
-am__DEPENDENCIES_1 =
-openac_DEPENDENCIES = ac.o asn1.o ca.o certs.o constants.o crl.o \
- defs.o mp_defs.o fetch.o id.o keys.o lex.o md2.o md5.o ocsp.o \
- oid.o pem.o pgp.o pkcs1.o rnd.o sha1.o smartcard.o x509.o \
- $(top_srcdir)/src/libfreeswan/libfreeswan.a \
- $(top_srcdir)/src/libcrypto/libcrypto.a $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(srcdir)
+openac_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
SOURCES = $(openac_SOURCES)
DIST_SOURCES = $(openac_SOURCES)
man8dir = $(mandir)/man8
@@ -84,16 +70,12 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
-AMDEP_FALSE = @AMDEP_FALSE@
-AMDEP_TRUE = @AMDEP_TRUE@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
-BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@
-BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -116,10 +98,13 @@ F77 = @F77@
FFLAGS = @FFLAGS@
GPERF = @GPERF@
GREP = @GREP@
+INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
@@ -131,6 +116,7 @@ LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -146,34 +132,16 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
-USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@
-USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@
-USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
-USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
-USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
-USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
-USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
-USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
-USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
-USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
-USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
-USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
-USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
-USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
-USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
-USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@
-USE_VENDORID_FALSE = @USE_VENDORID_FALSE@
-USE_VENDORID_TRUE = @USE_VENDORID_TRUE@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
-am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
-am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
-am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
-am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@@ -186,6 +154,7 @@ build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
+builddir = @builddir@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
@@ -223,26 +192,18 @@ program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-openac_SOURCES = openac.c build.c build.h loglite.c
-INCLUDES = \
--I$(top_srcdir)/src/libfreeswan \
--I$(top_srcdir)/src/pluto \
--I$(top_srcdir)/src/libcrypto \
--I$(top_srcdir)/src/whack
-
-AM_CFLAGS = -DDEBUG -DNO_PLUTO -DIPSEC_CONFDIR=\"${confdir}\"
-openac_LDADD = ac.o asn1.o ca.o certs.o constants.o crl.o defs.o \
- mp_defs.o fetch.o id.o keys.o lex.o md2.o md5.o ocsp.o oid.o \
- pem.o pgp.o pkcs1.o rnd.o sha1.o smartcard.o x509.o \
- $(top_srcdir)/src/libfreeswan/libfreeswan.a \
- $(top_srcdir)/src/libcrypto/libcrypto.a -lgmp $(am__append_1) \
- $(am__append_2)
+openac_SOURCES = openac.c build.c build.h
dist_man_MANS = openac.8
-PLUTODIR = $(top_srcdir)/src/pluto
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -DIPSEC_CONFDIR=\"${confdir}\"
+openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp
all: all-am
.SUFFIXES:
@@ -278,7 +239,7 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(ipsecdir)" || $(mkdir_p) "$(DESTDIR)$(ipsecdir)"
+ test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
@list='$(ipsec_PROGRAMS)'; for p in $$list; do \
p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
if test -f $$p \
@@ -306,7 +267,7 @@ clean-ipsecPROGRAMS:
done
openac$(EXEEXT): $(openac_OBJECTS) $(openac_DEPENDENCIES)
@rm -f openac$(EXEEXT)
- $(LINK) $(openac_LDFLAGS) $(openac_OBJECTS) $(openac_LDADD) $(LIBS)
+ $(LINK) $(openac_OBJECTS) $(openac_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -315,26 +276,25 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/build.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/loglite.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openac.Po@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
@@ -344,13 +304,9 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-
-distclean-libtool:
- -rm -f libtool
-uninstall-info-am:
install-man8: $(man8_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
@@ -443,22 +399,21 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
- list='$(DISTFILES)'; for file in $$list; do \
- case $$file in \
- $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
- $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
- esac; \
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test "$$dir" != "$$file" && test "$$dir" != "."; then \
- dir="/$$dir"; \
- $(mkdir_p) "$(distdir)$$dir"; \
- else \
- dir=''; \
- fi; \
if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
@@ -474,7 +429,7 @@ check: check-am
all-am: Makefile $(PROGRAMS) $(MANS)
installdirs:
for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \
- test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
@@ -509,7 +464,7 @@ distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
- distclean-libtool distclean-tags
+ distclean-tags
dvi: dvi-am
@@ -523,12 +478,20 @@ info-am:
install-data-am: install-ipsecPROGRAMS install-man
+install-dvi: install-dvi-am
+
install-exec-am:
+install-html: install-html-am
+
install-info: install-info-am
install-man: install-man8
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -549,92 +512,27 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-info-am uninstall-ipsecPROGRAMS uninstall-man
+uninstall-am: uninstall-ipsecPROGRAMS uninstall-man
uninstall-man: uninstall-man8
+.MAKE: install-am install-strip
+
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
clean-ipsecPROGRAMS clean-libtool ctags distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-exec \
- install-exec-am install-info install-info-am \
- install-ipsecPROGRAMS install-man install-man8 install-strip \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-info-am \
- uninstall-ipsecPROGRAMS uninstall-man uninstall-man8
-
-
-ac.o : $(PLUTODIR)/ac.c $(PLUTODIR)/ac.h
- $(COMPILE) -c -o $@ $<
-
-asn1.o : $(PLUTODIR)/asn1.c $(PLUTODIR)/asn1.h
- $(COMPILE) -c -o $@ $<
-
-ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h
- $(COMPILE) -c -o $@ $<
-
-certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h
- $(COMPILE) -c -o $@ $<
-
-constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
- $(COMPILE) -c -o $@ $<
-
-crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h
- $(COMPILE) -c -o $@ $<
-
-defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
- $(COMPILE) -c -o $@ $<
-
-mp_defs.o : $(PLUTODIR)/mp_defs.c $(PLUTODIR)/mp_defs.h
- $(COMPILE) -c -o $@ $<
-
-fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h
- $(COMPILE) -c -o $@ $<
-
-id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h
- $(COMPILE) -c -o $@ $<
-
-keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h
- $(COMPILE) -c -o $@ $<
-
-lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
- $(COMPILE) -c -o $@ $<
-
-md2.o : $(PLUTODIR)/md2.c $(PLUTODIR)/md2.h
- $(COMPILE) -c -o $@ $<
-
-md5.o : $(PLUTODIR)/md5.c $(PLUTODIR)/md5.h
- $(COMPILE) -c -o $@ $<
-
-ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
- $(COMPILE) -c -o $@ $<
-
-oid.o : $(PLUTODIR)/oid.c $(PLUTODIR)/oid.h
- $(COMPILE) -c -o $@ $<
-
-pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
- $(COMPILE) -c -o $@ $<
-
-pgp.o : $(PLUTODIR)/pgp.c $(PLUTODIR)/pgp.h
- $(COMPILE) -c -o $@ $<
-
-pkcs1.o : $(PLUTODIR)/pkcs1.c $(PLUTODIR)/pkcs1.h
- $(COMPILE) -c -o $@ $<
-
-rnd.o : $(PLUTODIR)/rnd.c $(PLUTODIR)/rnd.h
- $(COMPILE) -c -o $@ $<
-
-sha1.o : $(PLUTODIR)/sha1.c $(PLUTODIR)/sha1.h
- $(COMPILE) -c -o $@ $<
-
-smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h
- $(COMPILE) -c -o $@ $<
+ tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
+ uninstall-man uninstall-man8
-x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h
- $(COMPILE) -c -o $@ $<
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/openac/build.c b/src/openac/build.c
index 0c6a2be3b..d03e73048 100644
--- a/src/openac/build.c
+++ b/src/openac/build.c
@@ -1,7 +1,7 @@
/* Build a X.509 attribute certificate
* Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
- * Copyright (C) 2004 Andreas Steffen
- * Zuercher Hochschule Winterthur, Switzerland
+ * Copyright (C) 2004,2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,20 +13,17 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: build.c,v 1.14 2005/09/06 11:47:57 as Exp $
+ * RCSID $Id: build.c 3270 2007-10-08 20:09:57Z andreas $
*/
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/oid.h"
-#include "../pluto/asn1.h"
-#include "../pluto/x509.h"
-#include "../pluto/log.h"
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <crypto/ietf_attr_list.h>
+#include <utils/identification.h>
#include "build.h"
@@ -35,15 +32,15 @@ static u_char ASN1_group_oid_str[] = {
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
};
-static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str);
+static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str);
static u_char ASN1_authorityKeyIdentifier_oid_str[] = {
0x06, 0x03,
0x55, 0x1d, 0x23
};
-static const chunk_t ASN1_authorityKeyIdentifier_oid
- = strchunk(ASN1_authorityKeyIdentifier_oid_str);
+static const chunk_t ASN1_authorityKeyIdentifier_oid =
+ chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str);
static u_char ASN1_noRevAvail_ext_str[] = {
0x30, 0x09,
@@ -53,7 +50,7 @@ static u_char ASN1_noRevAvail_ext_str[] = {
0x05, 0x00
};
-static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
+static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str);
/**
* build directoryName
@@ -61,7 +58,7 @@ static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
static chunk_t build_directoryName(asn1_t tag, chunk_t name)
{
return asn1_wrap(tag, "m",
- asn1_simple_object(ASN1_CONTEXT_C_4, name));
+ asn1_simple_object(ASN1_CONTEXT_C_4, name));
}
/**
@@ -69,12 +66,15 @@ static chunk_t build_directoryName(asn1_t tag, chunk_t name)
*/
static chunk_t build_holder(void)
{
+ identification_t *issuer = usercert->get_issuer(usercert);
+ identification_t *subject = usercert->get_subject(usercert);
+
return asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_CONTEXT_C_0, "mm",
- build_directoryName(ASN1_SEQUENCE, user->issuer),
- asn1_simple_object(ASN1_INTEGER, user->serialNumber)
- ),
- build_directoryName(ASN1_CONTEXT_C_1, user->subject));
+ asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ build_directoryName(ASN1_SEQUENCE, issuer->get_encoding(issuer)),
+ asn1_simple_object(ASN1_INTEGER, usercert->get_serialNumber(usercert))
+ ),
+ build_directoryName(ASN1_CONTEXT_C_1, subject->get_encoding(subject)));
}
/**
@@ -82,8 +82,10 @@ static chunk_t build_holder(void)
*/
static chunk_t build_v2_form(void)
{
+ identification_t *subject = signercert->get_subject(signercert);
+
return asn1_wrap(ASN1_CONTEXT_C_0, "m",
- build_directoryName(ASN1_SEQUENCE, signer->subject));
+ build_directoryName(ASN1_SEQUENCE, subject->get_encoding(subject)));
}
/**
@@ -96,50 +98,6 @@ static chunk_t build_attr_cert_validity(void)
timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
}
-/**
- * build attributes
- */
-static chunk_t build_ietfAttributes(ietfAttrList_t *list)
-{
- chunk_t ietfAttributes;
- ietfAttrList_t *item = list;
- size_t size = 0;
- u_char *pos;
-
- /* precalculate the total size of all values */
- while (item != NULL)
- {
- size_t len = item->attr->value.len;
-
- size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
- item = item->next;
- }
- pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
-
- while (list != NULL)
- {
- ietfAttr_t *attr = list->attr;
- asn1_t type = ASN1_NULL;
-
- switch (attr->kind)
- {
- case IETF_ATTRIBUTE_OCTETS:
- type = ASN1_OCTET_STRING;
- break;
- case IETF_ATTRIBUTE_STRING:
- type = ASN1_UTF8STRING;
- break;
- case IETF_ATTRIBUTE_OID:
- type = ASN1_OID;
- break;
- }
- mv_chunk(&pos, asn1_simple_object(type, attr->value));
-
- list = list->next;
- }
-
- return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
-}
/**
* build attribute type
@@ -157,25 +115,26 @@ static chunk_t build_attribute_type(const chunk_t type, chunk_t content)
static chunk_t build_attributes(void)
{
return asn1_wrap(ASN1_SEQUENCE, "m",
- build_attribute_type(ASN1_group_oid,
- build_ietfAttributes(groups)));
+ build_attribute_type(ASN1_group_oid, ietfAttr_list_encode(groups)));
}
/**
* build authorityKeyIdentifier
*/
-static chunk_t build_authorityKeyID(x509cert_t *signer)
+static chunk_t build_authorityKeyID(x509_t *signer)
{
- chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
- ? empty_chunk
- : asn1_simple_object(ASN1_CONTEXT_S_0,
- signer->subjectKeyID);
+ identification_t *issuer = signer->get_issuer(signer);
+ chunk_t subjectKeyID = signer->get_subjectKeyID(signer);
+
+ chunk_t keyIdentifier = (subjectKeyID.ptr == NULL)
+ ? chunk_empty
+ : asn1_simple_object(ASN1_CONTEXT_S_0, subjectKeyID);
chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1,
- signer->issuer);
+ issuer->get_encoding(issuer));
chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2,
- signer->serialNumber);
+ signer->get_serialNumber(signer));
return asn1_wrap(ASN1_SEQUENCE, "cm",
ASN1_authorityKeyIdentifier_oid,
@@ -195,7 +154,7 @@ static chunk_t build_authorityKeyID(x509cert_t *signer)
static chunk_t build_extensions(void)
{
return asn1_wrap(ASN1_SEQUENCE, "mc",
- build_authorityKeyID(signer),
+ build_authorityKeyID(signercert),
ASN1_noRevAvail_ext);
}
@@ -215,14 +174,24 @@ static chunk_t build_attr_cert_info(void)
build_extensions());
}
+
/**
* build an X.509 attribute certificate
*/
chunk_t build_attr_cert(void)
{
+ u_char *pos;
+ chunk_t rawSignature, signatureValue;
chunk_t attributeCertificateInfo = build_attr_cert_info();
- chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo,
- OID_SHA1, signerkey, TRUE);
+
+ /* build the signature */
+ signerkey->build_emsa_pkcs1_signature(signerkey, HASH_SHA1,
+ attributeCertificateInfo, &rawSignature);
+ pos = build_asn1_object(&signatureValue, ASN1_BIT_STRING,
+ 1 + rawSignature.len);
+ *pos++ = 0x00;
+ memcpy(pos, rawSignature.ptr, rawSignature.len);
+ free(rawSignature.ptr);
return asn1_wrap(ASN1_SEQUENCE, "mcm",
attributeCertificateInfo,
diff --git a/src/openac/build.h b/src/openac/build.h
index deeddda04..c873c4479 100644
--- a/src/openac/build.h
+++ b/src/openac/build.h
@@ -1,7 +1,7 @@
/* Build a X.509 attribute certificate
* Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
- * Copyright (C) 2004 Andreas Steffen
- * Zuercher Hochschule Winterthur, Switzerland
+ * Copyright (C) 2004,2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: build.h,v 1.4 2004/11/03 14:28:52 as Exp $
+ * RCSID $Id: build.h 3270 2007-10-08 20:09:57Z andreas $
*/
#ifndef _BUILD_H
@@ -21,22 +21,20 @@
#include <time.h>
-#include "../pluto/x509.h"
-#include "../pluto/keys.h"
-#include "../pluto/ac.h"
+#include <library.h>
+#include <crypto/x509.h>
+#include <crypto/rsa/rsa_private_key.h>
+#include <utils/linked_list.h>
/*
* global variables accessible by both main() and build.c
*/
-extern x509cert_t *user;
-extern x509cert_t *signer;
-
-extern ietfAttrList_t *groups;
-extern struct RSA_private_key *signerkey;
-
+extern x509_t *usercert;
+extern x509_t *signercert;
+extern rsa_private_key_t *signerkey;
+extern linked_list_t *groups;
extern time_t notBefore;
extern time_t notAfter;
-
extern chunk_t serial;
/*
diff --git a/src/openac/loglite.c b/src/openac/loglite.c
deleted file mode 100644
index 4219eb707..000000000
--- a/src/openac/loglite.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/* error logging functions
- * Copyright (C) 1997 Angelos D. Keromytis.
- * Copyright (C) 1998-2001 D. Hugh Redelmeier.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: loglite.c,v 1.2 2005/07/11 18:38:16 as Exp $
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <signal.h> /* used only if MSG_NOSIGNAL not defined */
-#include <libgen.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <freeswan.h>
-
-#include <constants.h>
-#include <defs.h>
-#include <log.h>
-#include <whack.h>
-
-bool
- log_to_stderr = FALSE, /* should log go to stderr? */
- log_to_syslog = TRUE; /* should log go to syslog? */
-
-void
-init_log(const char *program)
-{
- if (log_to_stderr)
- setbuf(stderr, NULL);
- if (log_to_syslog)
- openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
-}
-
-void
-close_log(void)
-{
- if (log_to_syslog)
- closelog();
-}
-
-void
-plog(const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "%s\n", m);
- if (log_to_syslog)
- syslog(LOG_WARNING, "%s", m);
-}
-
-void
-loglog(int mess_no, const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "%s\n", m);
- if (log_to_syslog)
- syslog(LOG_WARNING, "%s", m);
-}
-
-void
-log_errno_routine(int e, const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
- if (log_to_syslog)
- syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e));
-}
-
-void
-exit_log(const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "FATAL ERROR: %s\n", m);
- if (log_to_syslog)
- syslog(LOG_ERR, "FATAL ERROR: %s", m);
- exit(1);
-}
-
-void
-exit_log_errno_routine(int e, const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "FATAL ERROR: %s. Errno %d: %s\n", m, e, strerror(e));
- if (log_to_syslog)
- syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e));
- exit(1);
-}
-
-void
-whack_log(int mess_no, const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- fprintf(stderr, "%s\n", m);
-}
-
-/* Build up a diagnostic in a static buffer.
- * Although this would be a generally useful function, it is very
- * hard to come up with a discipline that prevents different uses
- * from interfering. It is intended that by limiting it to building
- * diagnostics, we will avoid this problem.
- * Juggling is performed to allow an argument to be a previous
- * result: the new string may safely depend on the old one. This
- * restriction is not checked in any way: violators will produce
- * confusing results (without crashing!).
- */
-char diag_space[sizeof(diag_space)];
-
-err_t
-builddiag(const char *fmt, ...)
-{
- static char diag_space[LOG_WIDTH]; /* longer messages will be truncated */
- char t[sizeof(diag_space)]; /* build result here first */
- va_list args;
-
- va_start(args, fmt);
- t[0] = '\0'; /* in case nothing terminates string */
- vsnprintf(t, sizeof(t), fmt, args);
- va_end(args);
- strcpy(diag_space, t);
- return diag_space;
-}
-
-/* Debugging message support */
-
-#ifdef DEBUG
-
-void
-switch_fail(int n, const char *file_str, unsigned long line_no)
-{
- char buf[30];
-
- snprintf(buf, sizeof(buf), "case %d unexpected", n);
- passert_fail(buf, file_str, line_no);
-}
-
-void
-passert_fail(const char *pred_str, const char *file_str, unsigned long line_no)
-{
- /* we will get a possibly unplanned prefix. Hope it works */
- loglog(RC_LOG_SERIOUS, "ASSERTION FAILED at %s:%lu: %s", file_str, line_no, pred_str);
- abort(); /* exiting correctly doesn't always work */
-}
-
-lset_t
- base_debugging = DBG_NONE, /* default to reporting nothing */
- cur_debugging = DBG_NONE;
-
-void
-pexpect_log(const char *pred_str, const char *file_str, unsigned long line_no)
-{
- /* we will get a possibly unplanned prefix. Hope it works */
- loglog(RC_LOG_SERIOUS, "EXPECTATION FAILED at %s:%lu: %s", file_str, line_no, pred_str);
-}
-
-/* log a debugging message (prefixed by "| ") */
-
-void
-DBG_log(const char *message, ...)
-{
- va_list args;
- char m[LOG_WIDTH]; /* longer messages will be truncated */
-
- va_start(args, message);
- vsnprintf(m, sizeof(m), message, args);
- va_end(args);
-
- if (log_to_stderr)
- fprintf(stderr, "| %s\n", m);
- if (log_to_syslog)
- syslog(LOG_DEBUG, "| %s", m);
-}
-
-/* dump raw bytes in hex to stderr (for lack of any better destination) */
-
-void
-DBG_dump(const char *label, const void *p, size_t len)
-{
-# define DUMP_LABEL_WIDTH 20 /* arbitrary modest boundary */
-# define DUMP_WIDTH (4 * (1 + 4 * 3) + 1)
- char buf[DUMP_LABEL_WIDTH + DUMP_WIDTH];
- char *bp;
- const unsigned char *cp = p;
-
- bp = buf;
-
- if (label != NULL && label[0] != '\0')
- {
- /* Handle the label. Care must be taken to avoid buffer overrun. */
- size_t llen = strlen(label);
-
- if (llen + 1 > sizeof(buf))
- {
- DBG_log("%s", label);
- }
- else
- {
- strcpy(buf, label);
- if (buf[llen-1] == '\n')
- {
- buf[llen-1] = '\0'; /* get rid of newline */
- DBG_log("%s", buf);
- }
- else if (llen < DUMP_LABEL_WIDTH)
- {
- bp = buf + llen;
- }
- else
- {
- DBG_log("%s", buf);
- }
- }
- }
-
- do {
- int i, j;
-
- for (i = 0; len!=0 && i!=4; i++)
- {
- *bp++ = ' ';
- for (j = 0; len!=0 && j!=4; len--, j++)
- {
- static const char hexdig[] = "0123456789abcdef";
-
- *bp++ = ' ';
- *bp++ = hexdig[(*cp >> 4) & 0xF];
- *bp++ = hexdig[*cp & 0xF];
- cp++;
- }
- }
- *bp = '\0';
- DBG_log("%s", buf);
- bp = buf;
- } while (len != 0);
-# undef DUMP_LABEL_WIDTH
-# undef DUMP_WIDTH
-}
-
-#endif /* DEBUG */
diff --git a/src/openac/openac.8 b/src/openac/openac.8
index 8e609a1b1..ed1b8ed6c 100644
--- a/src/openac/openac.8
+++ b/src/openac/openac.8
@@ -1,4 +1,4 @@
-.TH IPSEC_OPENAC 8 "29 September 2005"
+.TH IPSEC_OPENAC 8 "22 September 2007"
.SH NAME
ipsec openac \- Generation of X.509 attribute certificates
.SH SYNOPSIS
@@ -11,18 +11,13 @@ ipsec openac \- Generation of X.509 attribute certificates
] [
.B \-\-optionsfrom
\fIfilename\fP
-] [
-.B \-\-quiet
]
.br
\ \ \ [
-.B \-\-debug\(hyall
-] [
-.B \-\-debug\(hyparsing
-] [
-.B \-\-debug\(hyraw
+.B \-\-quiet
] [
-.B \-\-debug\(hyprivate
+.B \-\-debug
+\fIlevel\fP
]
.br
\ \ \ [
@@ -135,19 +130,9 @@ debugging output are prefixed with ``|\ '' to distinguish them from error messag
When \fBopenac\fP is invoked, it may be given arguments to specify
which classes to output. The current options are:
.TP
-\fB\-\-debug-raw\fP
-show the raw bytes of the parsed user and authorization authority certificates
-as well as of the generated X.509 attribute certificate.
-.TP
-\fB\-\-debug-parsing\fP
-show the parsed structure of user and authorization authority certificats
-as well as of the generated X.509 attribute certificate.
-.TP
-\fB\-\-debug-all\fP
-all of the above.
-.TP
-\fB\-\-debug-private\fP
-enables debugging output of the authorization authority's private key.
+\fB\-\-debug\fP\ \fIlevel\fP
+sets the debug level to 0 (none), 1 (normal), 2 (more), 3 (raw), and 4 (private),
+the default level being 1.
.SH EXIT STATUS
.LP
The execution of \fBopenac\fP terminates with one of the following two exit codes:
diff --git a/src/openac/openac.c b/src/openac/openac.c
index e3f92fbd2..075f0039a 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -1,7 +1,14 @@
-/* Generation of X.509 attribute certificates
+/**
+ * @file openac.c
+ *
+ * @brief Generation of X.509 attribute certificates.
+ *
+ */
+
+/*
* Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
- * Copyright (C) 2004 Andreas Steffen
- * Zuercher Hochschule Winterthur, Switzerland
+ * Copyright (C) 2004,2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,66 +20,52 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: openac.c,v 1.18 2006/01/04 21:12:33 as Exp $
+ * RCSID $Id: openac.c 3305 2007-10-17 02:55:17Z andreas $
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <syslog.h>
#include <unistd.h>
#include <getopt.h>
#include <ctype.h>
#include <time.h>
#include <gmp.h>
-#include <freeswan.h>
+#include <debug.h>
+#include <asn1/asn1.h>
+#include <asn1/ttodata.h>
+#include <crypto/ac.h>
+#include <crypto/ietf_attr_list.h>
+#include <utils/optionsfrom.h>
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/mp_defs.h"
-#include "../pluto/log.h"
-#include "../pluto/asn1.h"
-#include "../pluto/certs.h"
-#include "../pluto/x509.h"
-#include "../pluto/crl.h"
-#include "../pluto/keys.h"
-#include "../pluto/ac.h"
+#ifdef INTEGRITY_TEST
+#include <fips/fips.h>
+#include <fips_signature.h>
+#endif /* INTEGRITY_TEST */
#include "build.h"
#define OPENAC_PATH IPSEC_CONFDIR "/openac"
#define OPENAC_SERIAL IPSEC_CONFDIR "/openac/serial"
-const char openac_version[] = "openac 0.3";
-
-/* by default the CRL policy is lenient */
-bool strict_crl_policy = FALSE;
-
-/* by default pluto does not check crls dynamically */
-long crl_check_interval = 0;
-
-/* by default pluto logs out after every smartcard use */
-bool pkcs11_keep_state = FALSE;
-
-static void
-usage(const char *mess)
+/**
+ * @brief prints the usage of the program to the stderr
+ */
+static void usage(const char *message)
{
- if (mess != NULL && *mess != '\0')
+ if (message != NULL && *message != '\0')
{
- fprintf(stderr, "%s\n", mess);
+ fprintf(stderr, "%s\n", message);
}
fprintf(stderr, "Usage: openac"
" [--help]"
" [--version]"
" [--optionsfrom <filename>]"
" [--quiet]"
-#ifdef DEBUG
" \\\n\t"
- " [--debug-all]"
- " [--debug-parsing]"
- " [--debug-raw]"
- " [--debug-private]"
-#endif
+ " [--debug <level 0..4>]"
" \\\n\t"
" [--days <days>]"
" [--hours <hours>]"
@@ -89,7 +82,27 @@ usage(const char *mess)
" --out <filename>"
"\n"
);
- exit(mess == NULL? 0 : 1);
+}
+
+
+/**
+ * convert a chunk into a multi-precision integer
+ */
+static void chunk_to_mpz(chunk_t chunk, mpz_t number)
+{
+ mpz_import(number, chunk.len, 1, 1, 1, 0, chunk.ptr);
+}
+
+/**
+ * convert a multi-precision integer into a chunk
+ */
+static chunk_t mpz_to_chunk(mpz_t number)
+{
+ chunk_t chunk;
+
+ chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE;
+ chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number);
+ return chunk;
}
/**
@@ -97,35 +110,35 @@ usage(const char *mess)
*/
static chunk_t read_serial(void)
{
- MP_INT number;
+ mpz_t number;
- char buf[BUF_LEN];
- char bytes[BUF_LEN];
+ char buf[BUF_LEN], buf1[BUF_LEN];
+ chunk_t last_serial = { buf1, BUF_LEN};
+ chunk_t serial;
FILE *fd = fopen(OPENAC_SERIAL, "r");
- /* serial number defaults to 0 */
- size_t len = 1;
- bytes[0] = 0x00;
+ /* last serial number defaults to 0 */
+ *last_serial.ptr = 0x00;
+ last_serial.len = 1;
if (fd)
{
if (fscanf(fd, "%s", buf))
{
- err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
+ err_t ugh = ttodata(buf, 0, 16, last_serial.ptr, BUF_LEN, &last_serial.len);
if (ugh != NULL)
{
- plog(" error reading serial number from %s: %s"
- , OPENAC_SERIAL, ugh);
+ DBG1(" error reading serial number from %s: %s",
+ OPENAC_SERIAL, ugh);
}
}
fclose(fd);
}
else
{
- plog(" file '%s' does not exist yet - serial number set to 01"
- , OPENAC_SERIAL);
+ DBG1(" file '%s' does not exist yet - serial number set to 01", OPENAC_SERIAL);
}
/**
@@ -133,10 +146,11 @@ static chunk_t read_serial(void)
* and incrementing it by one
* and representing it as a two's complement octet string
*/
- n_to_mpz(&number, bytes, len);
- mpz_add_ui(&number, &number, 0x01);
- serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
- mpz_clear(&number);
+ mpz_init(number);
+ chunk_to_mpz(last_serial, number);
+ mpz_add_ui(number, number, 0x01);
+ serial = mpz_to_chunk(number);
+ mpz_clear(number);
return serial;
}
@@ -146,65 +160,91 @@ static chunk_t read_serial(void)
*/
static void write_serial(chunk_t serial)
{
- char buf[BUF_LEN];
-
FILE *fd = fopen(OPENAC_SERIAL, "w");
if (fd)
{
- datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
- plog(" serial number is %s", buf);
- fprintf(fd, "%s\n", buf);
+ DBG1(" serial number is %#B", &serial);
+ fprintf(fd, "%#B\n", &serial);
fclose(fd);
}
else
{
- plog(" could not open file '%s' for writing", OPENAC_SERIAL);
+ DBG1(" could not open file '%s' for writing", OPENAC_SERIAL);
}
}
/**
* global variables accessible by both main() and build.c
*/
-x509cert_t *user = NULL;
-x509cert_t *signer = NULL;
+x509_t *usercert = NULL;
+x509_t *signercert = NULL;
-ietfAttrList_t *groups = NULL;
-struct RSA_private_key *signerkey = NULL;
+linked_list_t *groups = NULL;
+rsa_private_key_t *signerkey = NULL;
-time_t notBefore = 0;
-time_t notAfter = 0;
+time_t notBefore = UNDEFINED_TIME;
+time_t notAfter = UNDEFINED_TIME;
chunk_t serial;
+static int debug_level = 1;
+static bool stderr_quiet = FALSE;
+
+/**
+ * openac dbg function
+ */
+static void openac_dbg(int level, char *fmt, ...)
+{
+ int priority = LOG_INFO;
+ va_list args;
+
+ if (level <= debug_level)
+ {
+ va_start(args, fmt);
+ if (!stderr_quiet)
+ {
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ }
+ vsyslog(priority, fmt, args);
+ va_end(args);
+ }
+}
+
+/**
+ * @brief openac main program
+ *
+ * @param argc number of arguments
+ * @param argv pointer to the argument values
+ */
int main(int argc, char **argv)
{
char *keyfile = NULL;
char *certfile = NULL;
char *usercertfile = NULL;
char *outfile = NULL;
+ char buf[BUF_LEN];
- cert_t signercert = empty_cert;
- cert_t usercert = empty_cert;
-
- chunk_t attr_cert = empty_chunk;
- x509acert_t *ac = NULL;
+ chunk_t passphrase = { buf, 0 };
+ chunk_t attr_cert = chunk_empty;
+ x509ac_t *ac = NULL;
const time_t default_validity = 24*3600; /* 24 hours */
time_t validity = 0;
+ int status = 1;
+
+ /* enable openac debugging hook */
+ dbg = openac_dbg;
- prompt_pass_t pass;
-
- pass.secret[0] = '\0';
- pass.prompt = TRUE;
- pass.fd = STDIN_FILENO;
+ passphrase.ptr[0] = '\0';
+ groups = linked_list_create();
- log_to_stderr = TRUE;
+ openlog("openac", 0, LOG_AUTHPRIV);
/* handle arguments */
for (;;)
{
-# define DBG_OFFSET 256
static const struct option long_opts[] = {
/* name, has_arg, flag, val */
{ "help", no_argument, NULL, 'h' },
@@ -212,7 +252,7 @@ int main(int argc, char **argv)
{ "optionsfrom", required_argument, NULL, '+' },
{ "quiet", no_argument, NULL, 'q' },
{ "cert", required_argument, NULL, 'c' },
- { "key", required_argument, NULL, 'k' },
+ { "key", required_argument, NULL, 'k' },
{ "password", required_argument, NULL, 'p' },
{ "usercert", required_argument, NULL, 'u' },
{ "groups", required_argument, NULL, 'g' },
@@ -221,16 +261,11 @@ int main(int argc, char **argv)
{ "startdate", required_argument, NULL, 'S' },
{ "enddate", required_argument, NULL, 'E' },
{ "out", required_argument, NULL, 'o' },
-#ifdef DEBUG
- { "debug-all", no_argument, NULL, 'A' },
- { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
- { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
- { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
-#endif
+ { "debug", required_argument, NULL, 'd' },
{ 0,0,0,0 }
};
- int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
+ int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:d:", long_opts, NULL);
/* Note: "breaking" from case terminates loop */
switch (c)
@@ -243,33 +278,38 @@ int main(int argc, char **argv)
case ':': /* diagnostic already printed by getopt_long */
case '?': /* diagnostic already printed by getopt_long */
- usage(NULL);
- break; /* not actually reached */
-
case 'h': /* --help */
usage(NULL);
- break; /* not actually reached */
+ status = 1;
+ goto end;
case 'v': /* --version */
- printf("%s\n", openac_version);
- exit(0);
- break; /* not actually reached */
+ printf("openac (strongSwan %s)\n", VERSION);
+ status = 0;
+ goto end;
case '+': /* --optionsfrom <filename> */
{
char path[BUF_LEN];
if (*optarg == '/') /* absolute pathname */
+ {
strncpy(path, optarg, BUF_LEN);
+ }
else /* relative pathname */
+ {
snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
- optionsfrom(path, &argc, &argv, optind, stderr);
- /* does not return on error */
+ }
+ if (!optionsfrom(path, &argc, &argv, optind))
+ {
+ status = 1;
+ goto end;
+ }
}
continue;
case 'q': /* --quiet */
- log_to_stderr = TRUE;
+ stderr_quiet = TRUE;
continue;
case 'c': /* --cert */
@@ -281,8 +321,13 @@ int main(int argc, char **argv)
continue;
case 'p': /* --key */
- pass.prompt = FALSE;
- strncpy(pass.secret, optarg, sizeof(pass.secret));
+ if (strlen(optarg) > BUF_LEN)
+ {
+ usage("passphrase too long");
+ goto end;
+ }
+ strncpy(passphrase.ptr, optarg, BUF_LEN);
+ passphrase.len = min(strlen(optarg), BUF_LEN);
continue;
case 'u': /* --usercert */
@@ -290,151 +335,179 @@ int main(int argc, char **argv)
continue;
case 'g': /* --groups */
- decode_groups(optarg, &groups);
+ ietfAttr_list_create_from_string(optarg, groups);
continue;
case 'D': /* --days */
if (optarg == NULL || !isdigit(optarg[0]))
+ {
usage("missing number of days");
+ goto end;
+ }
+ else
{
char *endptr;
long days = strtol(optarg, &endptr, 0);
if (*endptr != '\0' || endptr == optarg || days <= 0)
+ {
usage("<days> must be a positive number");
+ goto end;
+ }
validity += 24*3600*days;
}
continue;
case 'H': /* --hours */
if (optarg == NULL || !isdigit(optarg[0]))
+ {
usage("missing number of hours");
+ goto end;
+ }
+ else
{
char *endptr;
long hours = strtol(optarg, &endptr, 0);
if (*endptr != '\0' || endptr == optarg || hours <= 0)
+ {
usage("<hours> must be a positive number");
+ goto end;
+ }
validity += 3600*hours;
}
continue;
case 'S': /* --startdate */
if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ {
usage("date format must be YYYYMMDDHHMMSSZ");
+ goto end;
+ }
+ else
{
chunk_t date = { optarg, 15 };
+
notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
}
continue;
case 'E': /* --enddate */
if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
+ {
usage("date format must be YYYYMMDDHHMMSSZ");
+ goto end;
+ }
+ else
{
chunk_t date = { optarg, 15 };
notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
}
continue;
- case 'o': /* --outt */
+ case 'o': /* --out */
outfile = optarg;
continue;
-#ifdef DEBUG
- case 'A': /* --debug-all */
- base_debugging = DBG_ALL;
+ case 'd': /* --debug */
+ debug_level = atoi(optarg);
continue;
-#endif
+
default:
-#ifdef DEBUG
- if (c >= DBG_OFFSET)
- {
- base_debugging |= c - DBG_OFFSET;
- continue;
- }
-#undef DBG_OFFSET
-#endif
- bad_case(c);
+ usage("");
+ status = 0;
+ goto end;
}
+ /* break from loop */
break;
}
- init_log("openac");
- cur_debugging = base_debugging;
-
if (optind != argc)
+ {
usage("unexpected argument");
+ goto end;
+ }
+
+ DBG1("starting openac (strongSwan Version %s)", VERSION);
+
+#ifdef INTEGRITY_TEST
+ DBG1("integrity test of libstrongswan code");
+ if (fips_verify_hmac_signature(hmac_key, hmac_signature))
+ {
+ DBG1(" integrity test passed");
+ }
+ else
+ {
+ DBG1(" integrity test failed");
+ status = 3;
+ goto end;
+ }
+#endif /* INTEGRITY_TEST */
/* load the signer's RSA private key */
if (keyfile != NULL)
{
- err_t ugh = NULL;
+ signerkey = rsa_private_key_create_from_file(keyfile, &passphrase);
- signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
- ugh = load_rsa_private_key(keyfile, &pass, signerkey);
-
- if (ugh != NULL)
+ if (signerkey == NULL)
{
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- plog("%s", ugh);
- exit(1);
+ goto end;
}
}
/* load the signer's X.509 certificate */
if (certfile != NULL)
{
- if (!load_cert(certfile, "signer cert", &signercert))
- exit(1);
- signer = signercert.u.x509;
+ signercert = x509_create_from_file(certfile, "signer cert");
+
+ if (signercert == NULL)
+ {
+ goto end;
+ }
}
/* load the users's X.509 certificate */
if (usercertfile != NULL)
{
- if (!load_cert(usercertfile, "user cert", &usercert))
- exit(1);
- user = usercert.u.x509;
+ usercert = x509_create_from_file(usercertfile, "user cert");
+
+ if (usercert == NULL)
+ {
+ goto end;
+ }
}
/* compute validity interval */
validity = (validity)? validity : default_validity;
- notBefore = (notBefore) ? notBefore : time(NULL);
- notAfter = (notAfter) ? notAfter : notBefore + validity;
+ notBefore = (notBefore == UNDEFINED_TIME) ? time(NULL) : notBefore;
+ notAfter = (notAfter == UNDEFINED_TIME) ? time(NULL) + validity : notAfter;
/* build and parse attribute certificate */
- if (user != NULL && signer != NULL && signerkey != NULL)
+ if (usercert != NULL && signercert != NULL && signerkey != NULL)
{
/* read the serial number and increment it by one */
serial = read_serial();
attr_cert = build_attr_cert();
- ac = alloc_thing(x509acert_t, "x509acert");
- *ac = empty_ac;
- parse_ac(attr_cert, ac);
+ ac = x509ac_create_from_chunk(attr_cert);
/* write the attribute certificate to file */
- if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
- write_serial(serial);
+ if (chunk_write(attr_cert, outfile, "attribute cert", 0022, TRUE))
+ {
+ write_serial(serial);
+ status = 0;
+ }
}
- /* delete all dynamic objects */
- if (signerkey != NULL)
- {
- free_RSA_private_content(signerkey);
- pfree(signerkey);
- }
- free_x509cert(signercert.u.x509);
- free_x509cert(usercert.u.x509);
- free_ietfAttrList(groups);
- free_acert(ac);
- pfree(serial.ptr);
-
-#ifdef LEAK_DETECTIVE
- report_leaks();
-#endif /* LEAK_DETECTIVE */
- close_log();
- exit(0);
+end:
+ /* delete all dynamically allocated objects */
+ DESTROY_IF(signerkey);
+ DESTROY_IF(signercert);
+ DESTROY_IF(usercert);
+ DESTROY_IF(ac);
+ ietfAttr_list_destroy(groups);
+ free(serial.ptr);
+ closelog();
+ dbg = dbg_default;
+ exit(status);
}