diff options
Diffstat (limited to 'src')
393 files changed, 16519 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index cd75de5e9..c631adff2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,6 +16,10 @@ if USE_TLS SUBDIRS += libtls endif +<<<<<<< HEAD +if USE_FILE_CONFIG + SUBDIRS += libfreeswan starter ipsec _copyright +======= if USE_LIBCHARON SUBDIRS += libcharon endif @@ -26,6 +30,7 @@ endif if USE_IPSEC_SCRIPT SUBDIRS += ipsec _copyright +>>>>>>> upstream/4.5.1 endif if USE_PLUTO @@ -33,7 +38,11 @@ if USE_PLUTO endif if USE_CHARON +<<<<<<< HEAD + SUBDIRS += libcharon charon +======= SUBDIRS += charon +>>>>>>> upstream/4.5.1 endif if USE_STROKE @@ -48,10 +57,13 @@ if USE_TOOLS SUBDIRS += libfreeswan openac scepclient pki endif +<<<<<<< HEAD +======= if USE_CONFTEST SUBDIRS += conftest endif +>>>>>>> upstream/4.5.1 if USE_DUMM SUBDIRS += dumm endif @@ -76,4 +88,8 @@ EXTRA_DIST = strongswan.conf install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" +<<<<<<< HEAD + test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true +======= test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true +>>>>>>> upstream/4.5.1 diff --git a/src/Makefile.in b/src/Makefile.in index 63d29b694..efa3a0913 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -37,6 +37,19 @@ host_triplet = @host@ @USE_LIBHYDRA_TRUE@am__append_2 = libhydra @USE_SIMAKA_TRUE@am__append_3 = libsimaka @USE_TLS_TRUE@am__append_4 = libtls +<<<<<<< HEAD +@USE_FILE_CONFIG_TRUE@am__append_5 = libfreeswan starter ipsec _copyright +@USE_PLUTO_TRUE@am__append_6 = pluto whack +@USE_CHARON_TRUE@am__append_7 = libcharon charon +@USE_STROKE_TRUE@am__append_8 = stroke +@USE_UPDOWN_TRUE@am__append_9 = _updown _updown_espmark +@USE_TOOLS_TRUE@am__append_10 = libfreeswan openac scepclient pki +@USE_DUMM_TRUE@am__append_11 = dumm +@USE_FAST_TRUE@am__append_12 = libfast +@USE_MANAGER_TRUE@am__append_13 = manager +@USE_MEDSRV_TRUE@am__append_14 = medsrv +@USE_INTEGRITY_TEST_TRUE@am__append_15 = checksum +======= @USE_LIBCHARON_TRUE@am__append_5 = libcharon @USE_FILE_CONFIG_TRUE@am__append_6 = libfreeswan starter @USE_IPSEC_SCRIPT_TRUE@am__append_7 = ipsec _copyright @@ -51,6 +64,7 @@ host_triplet = @host@ @USE_MANAGER_TRUE@am__append_16 = manager @USE_MEDSRV_TRUE@am__append_17 = medsrv @USE_INTEGRITY_TEST_TRUE@am__append_18 = checksum +>>>>>>> upstream/4.5.1 subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -85,9 +99,15 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libhydra libsimaka libtls \ +<<<<<<< HEAD + libfreeswan starter ipsec _copyright pluto whack libcharon \ + charon stroke _updown _updown_espmark openac scepclient pki \ + dumm libfast manager medsrv checksum +======= libcharon libfreeswan starter ipsec _copyright pluto whack \ charon stroke _updown _updown_espmark openac scepclient pki \ conftest dumm libfast manager medsrv checksum +>>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -233,7 +253,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -272,8 +298,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -288,8 +317,12 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_7) $(am__append_8) $(am__append_9) \ $(am__append_10) $(am__append_11) $(am__append_12) \ +<<<<<<< HEAD + $(am__append_13) $(am__append_14) $(am__append_15) +======= $(am__append_13) $(am__append_14) $(am__append_15) \ $(am__append_16) $(am__append_17) $(am__append_18) +>>>>>>> upstream/4.5.1 EXTRA_DIST = strongswan.conf all: all-recursive @@ -640,7 +673,11 @@ uninstall-am: install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" +<<<<<<< HEAD + test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true +======= test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true +>>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_copyright/Makefile.am b/src/_copyright/Makefile.am index 405e08b3d..edffcfc25 100644 --- a/src/_copyright/Makefile.am +++ b/src/_copyright/Makefile.am @@ -1,5 +1,9 @@ ipsec_PROGRAMS = _copyright _copyright_SOURCES = _copyright.c +<<<<<<< HEAD +dist_man8_MANS = _copyright.8 +======= +>>>>>>> upstream/4.5.1 INCLUDES = \ -I$(top_srcdir)/src/libfreeswan \ diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 8d4ef733e..321eeadea 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -36,7 +36,12 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = _copyright$(EXEEXT) subdir = src/_copyright +<<<<<<< HEAD +DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +======= DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +>>>>>>> upstream/4.5.1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -52,7 +57,11 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +<<<<<<< HEAD +am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" +======= am__installdirs = "$(DESTDIR)$(ipsecdir)" +>>>>>>> upstream/4.5.1 PROGRAMS = $(ipsec_PROGRAMS) am__copyright_OBJECTS = _copyright.$(OBJEXT) _copyright_OBJECTS = $(am__copyright_OBJECTS) @@ -74,6 +83,33 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(_copyright_SOURCES) DIST_SOURCES = $(_copyright_SOURCES) +<<<<<<< HEAD +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man8_MANS) +======= +>>>>>>> upstream/4.5.1 ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -196,7 +232,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -235,8 +277,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -248,6 +293,10 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ _copyright_SOURCES = _copyright.c +<<<<<<< HEAD +dist_man8_MANS = _copyright.8 +======= +>>>>>>> upstream/4.5.1 INCLUDES = \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/libstrongswan @@ -368,6 +417,43 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +<<<<<<< HEAD +install-man8: $(dist_man8_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +======= +>>>>>>> upstream/4.5.1 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -422,6 +508,22 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) +<<<<<<< HEAD + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi +======= +>>>>>>> upstream/4.5.1 @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -453,9 +555,15 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am +<<<<<<< HEAD +all-am: Makefile $(PROGRAMS) $(MANS) +installdirs: + for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \ +======= all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(ipsecdir)"; do \ +>>>>>>> upstream/4.5.1 test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -506,7 +614,11 @@ info: info-am info-am: +<<<<<<< HEAD +install-data-am: install-ipsecPROGRAMS install-man +======= install-data-am: install-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 install-dvi: install-dvi-am @@ -522,7 +634,11 @@ install-info: install-info-am install-info-am: +<<<<<<< HEAD +install-man: install-man8 +======= install-man: +>>>>>>> upstream/4.5.1 install-pdf: install-pdf-am @@ -552,7 +668,13 @@ ps: ps-am ps-am: +<<<<<<< HEAD +uninstall-am: uninstall-ipsecPROGRAMS uninstall-man + +uninstall-man: uninstall-man8 +======= uninstall-am: uninstall-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 .MAKE: install-am install-strip @@ -563,12 +685,22 @@ uninstall-am: uninstall-ipsecPROGRAMS install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am \ +<<<<<<< HEAD + install-ipsecPROGRAMS install-man install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-man uninstall-man8 +======= install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/_copyright/_copyright.8 b/src/_copyright/_copyright.8 new file mode 100644 index 000000000..99386254b --- /dev/null +++ b/src/_copyright/_copyright.8 @@ -0,0 +1,29 @@ +.TH _COPYRIGHT 8 "25 Apr 2002" +.SH NAME +ipsec _copyright \- prints FreeSWAN copyright +.SH DESCRIPTION +.I _copyright +outputs the FreeSWAN copyright, and version numbers for "ipsec --copyright" +.SH "SEE ALSO" +ipsec(8) +.SH HISTORY +Man page written for the Linux FreeS/WAN project +<http://www.freeswan.org/> +by Michael Richardson. Program written by Henry Spencer. +.\" +.\" $Log: _copyright.8,v $ +.\" Revision 1.1 2004/03/15 20:35:27 as +.\" added files from freeswan-2.04-x509-1.5.3 +.\" +.\" Revision 1.2 2002/04/29 22:39:31 mcr +.\" added basic man page for all internal commands. +.\" +.\" Revision 1.1 2002/04/26 01:21:43 mcr +.\" while tracking down a missing (not installed) /etc/ipsec.conf, +.\" MCR has decided that it is not okay for each program subdir to have +.\" some subset (determined with -f) of possible files. +.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. +.\" Optional PROGRAM.5 files have been added to the makefiles. +.\" +.\" +.\" diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index fa33bb570..f6f6d5f48 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -200,7 +200,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -239,8 +245,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index a428db4e2..55c5ce2c1 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -200,7 +200,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -239,8 +245,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index f502b0f25..7192e9e96 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -199,7 +199,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -238,8 +244,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/charon/charon.c b/src/charon/charon.c index d1fff5bd9..9e2d02b83 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -26,8 +26,11 @@ #include <pthread.h> #include <sys/stat.h> #include <sys/types.h> +<<<<<<< HEAD +======= #include <syslog.h> #include <errno.h> +>>>>>>> upstream/4.5.1 #include <unistd.h> #include <getopt.h> #include <pwd.h> @@ -44,9 +47,12 @@ #include <private/android_filesystem_config.h> #endif +<<<<<<< HEAD +======= #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ #define LOG_AUTHPRIV LOG_AUTH #endif +>>>>>>> upstream/4.5.1 /** * PID file, in which charon stores its process id @@ -273,6 +279,8 @@ static void unlink_pidfile() unlink(PID_FILE); } +<<<<<<< HEAD +======= /** * Initialize logging */ @@ -401,6 +409,7 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); } } +>>>>>>> upstream/4.5.1 /** * print command line usage and exit @@ -528,10 +537,15 @@ int main(int argc, char *argv[]) goto deinit; } +<<<<<<< HEAD + /* initialize daemon */ + if (!charon->initialize(charon, use_syslog, levels)) +======= initialize_loggers(!use_syslog, levels); /* initialize daemon */ if (!charon->initialize(charon)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_DMN, "initialization failed - aborting charon"); goto deinit; diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 65aa91422..0e68ed938 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -237,7 +237,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -276,8 +282,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 79961b916..9b19f605e 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/include/Makefile.in b/src/include/Makefile.in index b9b758193..b02da80c0 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -172,7 +172,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -211,8 +217,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index 930fdd2de..92d9258df 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -283,7 +283,10 @@ enum xfrm_attr_type_t { XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ XFRMA_MARK, /* struct xfrm_mark */ +<<<<<<< HEAD +======= XFRMA_TFCPAD, /* __u32 */ +>>>>>>> upstream/4.5.1 __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 0b4870e94..bf74828be 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -200,7 +200,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -239,8 +245,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/ipsec/ipsec.8 b/src/ipsec/ipsec.8 index 6f4117be7..d0bd9ce70 100644 --- a/src/ipsec/ipsec.8 +++ b/src/ipsec/ipsec.8 @@ -1,4 +1,8 @@ +<<<<<<< HEAD +.TH IPSEC 8 "2010-05-30" "4.5.0rc1" "strongSwan" +======= .TH IPSEC 8 "2010-05-30" "4.5.1" "strongSwan" +>>>>>>> upstream/4.5.1 .SH NAME ipsec \- invoke IPsec utilities .SH SYNOPSIS diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in index 2ea0ef798..0f619d087 100755 --- a/src/ipsec/ipsec.in +++ b/src/ipsec/ipsec.in @@ -65,7 +65,11 @@ case "$1" in echo " rereadsecrets|rereadgroups" echo " rereadcacerts|rereadaacerts|rereadocspcerts" echo " rereadacerts|rereadcrls|rereadall" +<<<<<<< HEAD + echo " purgeocsp|purgeike" +======= echo " purgeocsp|purgecrls|purgecerts|purgeike" +>>>>>>> upstream/4.5.1 echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" echo " openac" echo " pluto" @@ -191,11 +195,19 @@ rereadall|purgeocsp) fi exit "$rc" ;; +<<<<<<< HEAD +purgeike) + rc=7 + if [ -e $IPSEC_CHARON_PID ] + then + $IPSEC_STROKE purgeike +======= purgeike|purgecrls|purgecerts) rc=7 if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$1" +>>>>>>> upstream/4.5.1 rc="$?" fi exit "$rc" diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 1e78c9d79..e90fa1d0e 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -53,7 +53,10 @@ processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ +<<<<<<< HEAD +======= processing/jobs/start_action_job.c processing/jobs/start_action_job.h \ +>>>>>>> upstream/4.5.1 processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ @@ -88,12 +91,17 @@ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ sa/tasks/task.c sa/tasks/task.h \ +<<<<<<< HEAD +tnccs/tnccs.c tnccs/tnccs.h \ +tnccs/tnccs_manager.h tnccs/tnccs_manager.c +======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h \ tnc/imv/imv.h tnc/imv/imv_manager.h \ tnc/imv/imv_recommendations.c tnc/imv/imv_recommendations.h \ tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \ tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h +>>>>>>> upstream/4.5.1 daemon.lo : $(top_builddir)/config.status @@ -322,14 +330,22 @@ endif if USE_TNC_IMC SUBDIRS += plugins/tnc_imc if MONOLITHIC +<<<<<<< HEAD + libcharon_la_LIBADD += plugins/tnc_imc/libstrongswan-tnc_imc.la +======= libcharon_la_LIBADD += plugins/tnc_imc/libstrongswan-tnc-imc.la +>>>>>>> upstream/4.5.1 endif endif if USE_TNC_IMV SUBDIRS += plugins/tnc_imv if MONOLITHIC +<<<<<<< HEAD + libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc_imv.la +======= libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la +>>>>>>> upstream/4.5.1 endif endif @@ -347,6 +363,8 @@ if MONOLITHIC endif endif +<<<<<<< HEAD +======= if USE_TNCCS_DYNAMIC SUBDIRS += plugins/tnccs_dynamic if MONOLITHIC @@ -354,6 +372,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_MEDSRV SUBDIRS += plugins/medsrv if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 6ec4c6ca5..ab3f3b670 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -96,13 +96,43 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_51 = plugins/eap_tnc/libstrongswan-eap-tnc.la @MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_52 = $(top_builddir)/src/libtls/libtls.la @USE_TNC_IMC_TRUE@am__append_53 = plugins/tnc_imc +<<<<<<< HEAD +@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_54 = plugins/tnc_imc/libstrongswan-tnc_imc.la +@USE_TNC_IMV_TRUE@am__append_55 = plugins/tnc_imv +@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_56 = plugins/tnc_imv/libstrongswan-tnc_imv.la +======= @MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_54 = plugins/tnc_imc/libstrongswan-tnc-imc.la @USE_TNC_IMV_TRUE@am__append_55 = plugins/tnc_imv @MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_56 = plugins/tnc_imv/libstrongswan-tnc-imv.la +>>>>>>> upstream/4.5.1 @USE_TNCCS_11_TRUE@am__append_57 = plugins/tnccs_11 @MONOLITHIC_TRUE@@USE_TNCCS_11_TRUE@am__append_58 = plugins/tnccs_11/libstrongswan-tnccs-11.la @USE_TNCCS_20_TRUE@am__append_59 = plugins/tnccs_20 @MONOLITHIC_TRUE@@USE_TNCCS_20_TRUE@am__append_60 = plugins/tnccs_20/libstrongswan-tnccs-20.la +<<<<<<< HEAD +@USE_MEDSRV_TRUE@am__append_61 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_62 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_63 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_64 = plugins/medcli/libstrongswan-medcli.la +@USE_NM_TRUE@am__append_65 = plugins/nm +@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_66 = plugins/nm/libstrongswan-nm.la +@USE_DHCP_TRUE@am__append_67 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_68 = plugins/dhcp/libstrongswan-dhcp.la +@USE_ANDROID_TRUE@am__append_69 = plugins/android +@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_70 = plugins/android/libstrongswan-android.la +@USE_MAEMO_TRUE@am__append_71 = plugins/maemo +@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_72 = plugins/maemo/libstrongswan-maemo.la +@USE_HA_TRUE@am__append_73 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_74 = plugins/ha/libstrongswan-ha.la +@USE_LED_TRUE@am__append_75 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_76 = plugins/led/libstrongswan-led.la +@USE_UCI_TRUE@am__append_77 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_78 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_79 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_80 = plugins/uci/libstrongswan-addrblock.la +@USE_UNIT_TESTS_TRUE@am__append_81 = plugins/unit_tester +@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_82 = plugins/unit_tester/libstrongswan-unit-tester.la +======= @USE_TNCCS_DYNAMIC_TRUE@am__append_61 = plugins/tnccs_dynamic @MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_62 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la @USE_MEDSRV_TRUE@am__append_63 = plugins/medsrv @@ -127,6 +157,7 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_82 = plugins/uci/libstrongswan-addrblock.la @USE_UNIT_TESTS_TRUE@am__append_83 = plugins/unit_tester @MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_84 = plugins/unit_tester/libstrongswan-unit-tester.la +>>>>>>> upstream/4.5.1 subdir = src/libcharon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -183,8 +214,12 @@ libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) \ +<<<<<<< HEAD + $(am__append_78) $(am__append_80) $(am__append_82) +======= $(am__append_78) $(am__append_80) $(am__append_82) \ $(am__append_84) +>>>>>>> upstream/4.5.1 am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ bus/listeners/listener.h bus/listeners/file_logger.c \ bus/listeners/file_logger.h bus/listeners/sys_logger.c \ @@ -254,9 +289,14 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c \ processing/jobs/send_keepalive_job.h \ +<<<<<<< HEAD + processing/jobs/roam_job.c processing/jobs/roam_job.h \ + processing/jobs/update_sa_job.c \ +======= processing/jobs/start_action_job.c \ processing/jobs/start_action_job.h processing/jobs/roam_job.c \ processing/jobs/roam_job.h processing/jobs/update_sa_job.c \ +>>>>>>> upstream/4.5.1 processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h \ @@ -292,12 +332,17 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ +<<<<<<< HEAD + tnccs/tnccs.c tnccs/tnccs.h tnccs/tnccs_manager.h \ + tnccs/tnccs_manager.c encoding/payloads/endpoint_notify.c \ +======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h tnc/imv/imv.h \ tnc/imv/imv_manager.h tnc/imv/imv_recommendations.c \ tnc/imv/imv_recommendations.h tnc/tnccs/tnccs.c \ tnc/tnccs/tnccs.h tnc/tnccs/tnccs_manager.c \ tnc/tnccs/tnccs_manager.h encoding/payloads/endpoint_notify.c \ +>>>>>>> upstream/4.5.1 encoding/payloads/endpoint_notify.h \ processing/jobs/initiate_mediation_job.c \ processing/jobs/initiate_mediation_job.h \ @@ -323,6 +368,18 @@ am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \ acquire_job.lo delete_child_sa_job.lo delete_ike_sa_job.lo \ migrate_job.lo process_message_job.lo rekey_child_sa_job.lo \ rekey_ike_sa_job.lo retransmit_job.lo send_dpd_job.lo \ +<<<<<<< HEAD + send_keepalive_job.lo roam_job.lo update_sa_job.lo \ + inactivity_job.lo authenticator.lo eap_authenticator.lo \ + eap_method.lo eap_manager.lo sim_manager.lo \ + psk_authenticator.lo pubkey_authenticator.lo child_sa.lo \ + ike_sa.lo ike_sa_id.lo ike_sa_manager.lo task_manager.lo \ + keymat.lo trap_manager.lo child_create.lo child_delete.lo \ + child_rekey.lo ike_auth.lo ike_cert_pre.lo ike_cert_post.lo \ + ike_config.lo ike_delete.lo ike_dpd.lo ike_init.lo ike_natd.lo \ + ike_mobike.lo ike_rekey.lo ike_reauth.lo ike_auth_lifetime.lo \ + ike_vendor.lo task.lo tnccs.lo tnccs_manager.lo \ +======= send_keepalive_job.lo start_action_job.lo roam_job.lo \ update_sa_job.lo inactivity_job.lo authenticator.lo \ eap_authenticator.lo eap_method.lo eap_manager.lo \ @@ -334,6 +391,7 @@ am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \ ike_init.lo ike_natd.lo ike_mobike.lo ike_rekey.lo \ ike_reauth.lo ike_auth_lifetime.lo ike_vendor.lo task.lo \ tncifimv.lo imv_recommendations.lo tnccs.lo tnccs_manager.lo \ +>>>>>>> upstream/4.5.1 $(am__objects_1) libcharon_la_OBJECTS = $(am_libcharon_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ @@ -375,9 +433,15 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/eap_mschapv2 plugins/eap_radius plugins/eap_tls \ plugins/eap_ttls plugins/eap_tnc plugins/tnc_imc \ plugins/tnc_imv plugins/tnccs_11 plugins/tnccs_20 \ +<<<<<<< HEAD + plugins/medsrv plugins/medcli plugins/nm plugins/dhcp \ + plugins/android plugins/maemo plugins/ha plugins/led \ + plugins/uci plugins/addrblock plugins/unit_tester +======= plugins/tnccs_dynamic plugins/medsrv plugins/medcli plugins/nm \ plugins/dhcp plugins/android plugins/maemo plugins/ha \ plugins/led plugins/uci plugins/addrblock plugins/unit_tester +>>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -523,7 +587,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -562,8 +632,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -644,9 +717,14 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c \ processing/jobs/send_keepalive_job.h \ +<<<<<<< HEAD + processing/jobs/roam_job.c processing/jobs/roam_job.h \ + processing/jobs/update_sa_job.c \ +======= processing/jobs/start_action_job.c \ processing/jobs/start_action_job.h processing/jobs/roam_job.c \ processing/jobs/roam_job.h processing/jobs/update_sa_job.c \ +>>>>>>> upstream/4.5.1 processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h \ @@ -682,12 +760,17 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ +<<<<<<< HEAD + tnccs/tnccs.c tnccs/tnccs.h tnccs/tnccs_manager.h \ + tnccs/tnccs_manager.c $(am__append_1) +======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h tnc/imv/imv.h \ tnc/imv/imv_manager.h tnc/imv/imv_recommendations.c \ tnc/imv/imv_recommendations.h tnc/tnccs/tnccs.c \ tnc/tnccs/tnccs.h tnc/tnccs/tnccs_manager.c \ tnc/tnccs/tnccs_manager.h $(am__append_1) +>>>>>>> upstream/4.5.1 INCLUDES = \ -I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ @@ -713,8 +796,12 @@ libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) \ +<<<<<<< HEAD + $(am__append_78) $(am__append_80) $(am__append_82) +======= $(am__append_78) $(am__append_80) $(am__append_82) \ $(am__append_84) +>>>>>>> upstream/4.5.1 EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) $(am__append_5) \ @MONOLITHIC_FALSE@ $(am__append_7) $(am__append_9) \ @@ -735,7 +822,11 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \ @MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \ @MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ +<<<<<<< HEAD +@MONOLITHIC_FALSE@ $(am__append_81) +======= @MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) +>>>>>>> upstream/4.5.1 # build optional plugins ######################## @@ -758,7 +849,11 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \ @MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \ @MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ +<<<<<<< HEAD +@MONOLITHIC_TRUE@ $(am__append_81) +======= @MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) +>>>>>>> upstream/4.5.1 all: all-recursive .SUFFIXES: @@ -882,7 +977,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Plo@am__quote@ +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_recommendations.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Plo@am__quote@ @@ -914,13 +1012,19 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_manager.Plo@am__quote@ +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/start_action_job.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_manager.Plo@am__quote@ +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncifimv.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Plo@am__quote@ @@ -1301,6 +1405,8 @@ send_keepalive_job.lo: processing/jobs/send_keepalive_job.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c +<<<<<<< HEAD +======= start_action_job.lo: processing/jobs/start_action_job.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT start_action_job.lo -MD -MP -MF $(DEPDIR)/start_action_job.Tpo -c -o start_action_job.lo `test -f 'processing/jobs/start_action_job.c' || echo '$(srcdir)/'`processing/jobs/start_action_job.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/start_action_job.Tpo $(DEPDIR)/start_action_job.Plo @@ -1308,6 +1414,7 @@ start_action_job.lo: processing/jobs/start_action_job.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o start_action_job.lo `test -f 'processing/jobs/start_action_job.c' || echo '$(srcdir)/'`processing/jobs/start_action_job.c +>>>>>>> upstream/4.5.1 roam_job.lo: processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.lo -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Plo @@ -1546,6 +1653,21 @@ task.lo: sa/tasks/task.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c +<<<<<<< HEAD +tnccs.lo: tnccs/tnccs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs.lo -MD -MP -MF $(DEPDIR)/tnccs.Tpo -c -o tnccs.lo `test -f 'tnccs/tnccs.c' || echo '$(srcdir)/'`tnccs/tnccs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs.Tpo $(DEPDIR)/tnccs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnccs/tnccs.c' object='tnccs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs.lo `test -f 'tnccs/tnccs.c' || echo '$(srcdir)/'`tnccs/tnccs.c + +tnccs_manager.lo: tnccs/tnccs_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs_manager.lo -MD -MP -MF $(DEPDIR)/tnccs_manager.Tpo -c -o tnccs_manager.lo `test -f 'tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnccs/tnccs_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs_manager.Tpo $(DEPDIR)/tnccs_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnccs/tnccs_manager.c' object='tnccs_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_manager.lo `test -f 'tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnccs/tnccs_manager.c +======= tncifimv.lo: tnc/tncifimv.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tncifimv.lo -MD -MP -MF $(DEPDIR)/tncifimv.Tpo -c -o tncifimv.lo `test -f 'tnc/tncifimv.c' || echo '$(srcdir)/'`tnc/tncifimv.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tncifimv.Tpo $(DEPDIR)/tncifimv.Plo @@ -1573,6 +1695,7 @@ tnccs_manager.lo: tnc/tnccs/tnccs_manager.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnc/tnccs/tnccs_manager.c' object='tnccs_manager.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_manager.lo `test -f 'tnc/tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnc/tnccs/tnccs_manager.c +>>>>>>> upstream/4.5.1 endpoint_notify.lo: encoding/payloads/endpoint_notify.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.lo -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 23931c47d..9abc07598 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -227,13 +227,20 @@ static bool log_cb(entry_t *entry, log_data_t *data) { entry->blocker = FALSE; entry->condvar->signal(entry->condvar); +<<<<<<< HEAD +======= entry->calling--; +>>>>>>> upstream/4.5.1 } else { entry_destroy(entry); } va_end(args); +<<<<<<< HEAD + entry->calling--; +======= +>>>>>>> upstream/4.5.1 return TRUE; } va_end(args); diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index e78cb702d..93635ca15 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -96,11 +96,14 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } +<<<<<<< HEAD +======= else { me_cand->destroy(me_cand); return MATCH_NONE; } +>>>>>>> upstream/4.5.1 me_cand->destroy(me_cand); } else @@ -124,11 +127,14 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } +<<<<<<< HEAD +======= else { other_cand->destroy(other_cand); return MATCH_NONE; } +>>>>>>> upstream/4.5.1 other_cand->destroy(other_cand); } else @@ -138,8 +144,16 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) return match; } +<<<<<<< HEAD +/** + * implements backend_manager_t.get_ike_cfg. + */ +static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, + host_t *me, host_t *other) +======= METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*, private_backend_manager_t *this, host_t *me, host_t *other) +>>>>>>> upstream/4.5.1 { ike_cfg_t *current, *found = NULL; enumerator_t *enumerator; @@ -315,9 +329,18 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, } } +<<<<<<< HEAD +/** + * Implements backend_manager_t.create_peer_cfg_enumerator. + */ +static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, + host_t *me, host_t *other, identification_t *my_id, + identification_t *other_id) +======= METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, private_backend_manager_t *this, host_t *me, host_t *other, identification_t *my_id, identification_t *other_id) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; peer_data_t *data; @@ -376,8 +399,15 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, (void*)peer_enum_filter_destroy); } +<<<<<<< HEAD +/** + * implements backend_manager_t.get_peer_cfg_by_name. + */ +static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name) +======= METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*, private_backend_manager_t *this, char *name) +>>>>>>> upstream/4.5.1 { backend_t *backend; peer_cfg_t *config = NULL; @@ -394,24 +424,45 @@ METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*, return config; } +<<<<<<< HEAD +/** + * Implementation of backend_manager_t.remove_backend. + */ +static void remove_backend(private_backend_manager_t *this, backend_t *backend) +======= METHOD(backend_manager_t, remove_backend, void, private_backend_manager_t *this, backend_t *backend) +>>>>>>> upstream/4.5.1 { this->lock->write_lock(this->lock); this->backends->remove(this->backends, backend, NULL); this->lock->unlock(this->lock); } +<<<<<<< HEAD +/** + * Implementation of backend_manager_t.add_backend. + */ +static void add_backend(private_backend_manager_t *this, backend_t *backend) +======= METHOD(backend_manager_t, add_backend, void, private_backend_manager_t *this, backend_t *backend) +>>>>>>> upstream/4.5.1 { this->lock->write_lock(this->lock); this->backends->insert_last(this->backends, backend); this->lock->unlock(this->lock); } +<<<<<<< HEAD +/** + * Implementation of backend_manager_t.destroy. + */ +static void destroy(private_backend_manager_t *this) +======= METHOD(backend_manager_t, destroy, void, private_backend_manager_t *this) +>>>>>>> upstream/4.5.1 { this->backends->destroy(this->backends); this->lock->destroy(this->lock); @@ -420,6 +471,22 @@ METHOD(backend_manager_t, destroy, void, /* * Described in header-file +<<<<<<< HEAD + */ +backend_manager_t *backend_manager_create() +{ + private_backend_manager_t *this = malloc_thing(private_backend_manager_t); + + this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg; + this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name; + this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator; + this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend; + this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend; + this->public.destroy = (void (*)(backend_manager_t*))destroy; + + this->backends = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); +======= */ backend_manager_t *backend_manager_create() @@ -438,6 +505,7 @@ backend_manager_t *backend_manager_create() .backends = linked_list_create(), .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 74949be3c..6edceffd6 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -80,11 +80,14 @@ struct private_child_cfg_t { ipsec_mode_t mode; /** +<<<<<<< HEAD +======= * action to take to start CHILD_SA */ action_t start_action; /** +>>>>>>> upstream/4.5.1 * action to take on DPD */ action_t dpd_action; @@ -123,12 +126,15 @@ struct private_child_cfg_t { * Optional mark to install outbound CHILD_SA with */ mark_t mark_out; +<<<<<<< HEAD +======= /** * Traffic Flow Confidentiality padding, if enabled */ u_int32_t tfc; +>>>>>>> upstream/4.5.1 /** * set up IPsec transport SA in MIPv6 proxy mode */ @@ -140,20 +146,41 @@ struct private_child_cfg_t { bool install_policy; }; +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_name. + */ +static char *get_name(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_name, char*, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->name; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.add_proposal. + */ +static void add_proposal(private_child_cfg_t *this, proposal_t *proposal) +======= METHOD(child_cfg_t, add_proposal, void, private_child_cfg_t *this, proposal_t *proposal) +>>>>>>> upstream/4.5.1 { this->proposals->insert_last(this->proposals, proposal); } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_proposals. + */ +static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) +======= METHOD(child_cfg_t, get_proposals, linked_list_t*, private_child_cfg_t *this, bool strip_dh) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; proposal_t *current; @@ -174,9 +201,18 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, return proposals; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.select_proposal. + */ +static proposal_t* select_proposal(private_child_cfg_t*this, + linked_list_t *proposals, bool strip_dh, + bool private) +======= METHOD(child_cfg_t, select_proposal, proposal_t*, private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, bool private) +>>>>>>> upstream/4.5.1 { enumerator_t *stored_enum, *supplied_enum; proposal_t *stored, *supplied, *selected = NULL; @@ -221,8 +257,16 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, return selected; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.add_traffic_selector. + */ +static void add_traffic_selector(private_child_cfg_t *this, bool local, + traffic_selector_t *ts) +======= METHOD(child_cfg_t, add_traffic_selector, void, private_child_cfg_t *this, bool local, traffic_selector_t *ts) +>>>>>>> upstream/4.5.1 { if (local) { @@ -234,8 +278,17 @@ METHOD(child_cfg_t, add_traffic_selector, void, } } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_traffic_selectors. + */ +static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool local, + linked_list_t *supplied, + host_t *host) +======= METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, private_child_cfg_t *this, bool local, linked_list_t *supplied, host_t *host) +>>>>>>> upstream/4.5.1 { enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; @@ -341,14 +394,28 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, return result; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_updown. + */ +static char* get_updown(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_updown, char*, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->updown; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_hostaccess. + */ +static bool get_hostaccess(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_hostaccess, bool, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->hostaccess; } @@ -369,8 +436,15 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) } #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_lifetime. + */ +static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); @@ -380,12 +454,25 @@ METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, return lft; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_mode. + */ +static ipsec_mode_t get_mode(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_mode, ipsec_mode_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->mode; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_dpd_action. + */ +static action_t get_dpd_action(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_start_action, action_t, private_child_cfg_t *this) { @@ -394,18 +481,33 @@ METHOD(child_cfg_t, get_start_action, action_t, METHOD(child_cfg_t, get_dpd_action, action_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->dpd_action; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_close_action. + */ +static action_t get_close_action(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_close_action, action_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->close_action; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_dh_group. + */ +static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; proposal_t *proposal; @@ -423,30 +525,65 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, return dh_group; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.use_ipcomp. + */ +static bool use_ipcomp(private_child_cfg_t *this) +======= METHOD(child_cfg_t, use_ipcomp, bool, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->use_ipcomp; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_inactivity. + */ +static u_int32_t get_inactivity(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_inactivity, u_int32_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->inactivity; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_reqid. + */ +static u_int32_t get_reqid(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_reqid, u_int32_t, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->reqid; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_mark. + */ +static mark_t get_mark(private_child_cfg_t *this, bool inbound) +======= METHOD(child_cfg_t, get_mark, mark_t, private_child_cfg_t *this, bool inbound) +>>>>>>> upstream/4.5.1 { return inbound ? this->mark_in : this->mark_out; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.set_mipv6_options. + */ +static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode, + bool install_policy) +======= METHOD(child_cfg_t, get_tfc, u_int32_t, private_child_cfg_t *this) { @@ -455,32 +592,61 @@ METHOD(child_cfg_t, get_tfc, u_int32_t, METHOD(child_cfg_t, set_mipv6_options, void, private_child_cfg_t *this, bool proxy_mode, bool install_policy) +>>>>>>> upstream/4.5.1 { this->proxy_mode = proxy_mode; this->install_policy = install_policy; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.use_proxy_mode. + */ +static bool use_proxy_mode(private_child_cfg_t *this) +======= METHOD(child_cfg_t, use_proxy_mode, bool, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->proxy_mode; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.install_policy. + */ +static bool install_policy(private_child_cfg_t *this) +======= METHOD(child_cfg_t, install_policy, bool, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { return this->install_policy; } +<<<<<<< HEAD +/** + * Implementation of child_cfg_t.get_ref. + */ +static child_cfg_t* get_ref(private_child_cfg_t *this) +======= METHOD(child_cfg_t, get_ref, child_cfg_t*, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { ref_get(&this->refcount); return &this->public; } +<<<<<<< HEAD +/** + * Implements child_cfg_t.destroy. + */ +static void destroy(private_child_cfg_t *this) +======= METHOD(child_cfg_t, destroy, void, private_child_cfg_t *this) +>>>>>>> upstream/4.5.1 { if (ref_put(&this->refcount)) { @@ -501,6 +667,47 @@ METHOD(child_cfg_t, destroy, void, */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, +<<<<<<< HEAD + ipsec_mode_t mode, action_t dpd_action, + action_t close_action, bool ipcomp, + u_int32_t inactivity, u_int32_t reqid, + mark_t *mark_in, mark_t *mark_out) +{ + private_child_cfg_t *this = malloc_thing(private_child_cfg_t); + + this->public.get_name = (char* (*) (child_cfg_t*))get_name; + this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector; + this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors; + this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal; + this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals; + this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool,bool))select_proposal; + this->public.get_updown = (char* (*) (child_cfg_t*))get_updown; + this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess; + this->public.get_mode = (ipsec_mode_t (*) (child_cfg_t *))get_mode; + this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action; + this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action; + this->public.get_lifetime = (lifetime_cfg_t* (*) (child_cfg_t *))get_lifetime; + this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group; + this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options; + this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp; + this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity; + this->public.get_reqid = (u_int32_t (*) (child_cfg_t *))get_reqid; + this->public.get_mark = (mark_t (*) (child_cfg_t *,bool))get_mark; + this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode; + this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; + this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; + this->public.destroy = (void (*) (child_cfg_t*))destroy; + + this->name = strdup(name); + this->updown = updown ? strdup(updown) : NULL; + this->hostaccess = hostaccess; + this->mode = mode; + this->dpd_action = dpd_action; + this->close_action = close_action; + this->use_ipcomp = ipcomp; + this->inactivity = inactivity; + this->reqid = reqid; +======= ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, @@ -553,15 +760,39 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .other_ts = linked_list_create(), .tfc = tfc, ); +>>>>>>> upstream/4.5.1 if (mark_in) { this->mark_in = *mark_in; } +<<<<<<< HEAD + else + { + this->mark_in.value = 0; + this->mark_in.mask = 0; + } +======= +>>>>>>> upstream/4.5.1 if (mark_out) { this->mark_out = *mark_out; } +<<<<<<< HEAD + else + { + this->mark_out.value = 0; + this->mark_out.mask = 0; + } + + this->proxy_mode = FALSE; + this->install_policy = TRUE; + this->refcount = 1; + this->proposals = linked_list_create(); + this->my_ts = linked_list_create(); + this->other_ts = linked_list_create(); +======= +>>>>>>> upstream/4.5.1 memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); return &this->public; diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 175ced76c..d933b2a04 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -32,15 +32,25 @@ typedef struct child_cfg_t child_cfg_t; #include <kernel/kernel_ipsec.h> /** +<<<<<<< HEAD + * Action to take when DPD detected/connection gets closed by peer. +======= * Action to take when connection is loaded, DPD is detected or * connection gets closed by peer. +>>>>>>> upstream/4.5.1 */ enum action_t { /** No action */ ACTION_NONE, +<<<<<<< HEAD + /** Route config to reestablish on demand */ + ACTION_ROUTE, + /** Restart config immediately */ +======= /** Route config to establish or reestablish on demand */ ACTION_ROUTE, /** Start or restart config immediately */ +>>>>>>> upstream/4.5.1 ACTION_RESTART, }; @@ -170,6 +180,8 @@ struct child_cfg_t { ipsec_mode_t (*get_mode) (child_cfg_t *this); /** +<<<<<<< HEAD +======= * Action to take to start CHILD_SA. * * @return start action @@ -177,6 +189,7 @@ struct child_cfg_t { action_t (*get_start_action) (child_cfg_t *this); /** +>>>>>>> upstream/4.5.1 * Action to take on DPD. * * @return DPD action @@ -228,6 +241,8 @@ struct child_cfg_t { mark_t (*get_mark)(child_cfg_t *this, bool inbound); /** +<<<<<<< HEAD +======= * Get the TFC padding value to use for CHILD_SA. * * @return TFC padding, 0 to disable, -1 for MTU @@ -235,6 +250,7 @@ struct child_cfg_t { u_int32_t (*get_tfc)(child_cfg_t *this); /** +>>>>>>> upstream/4.5.1 * Sets two options needed for Mobile IPv6 interoperability * * @param proxy_mode use IPsec transport proxy mode (default FALSE) @@ -291,7 +307,10 @@ struct child_cfg_t { * @param updown updown script to execute on up/down event * @param hostaccess TRUE to allow access to the local host * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET +<<<<<<< HEAD +======= * @param start_action start action +>>>>>>> upstream/4.5.1 * @param dpd_action DPD action * @param close_action close action * @param ipcomp use IPComp, if peer supports it @@ -299,14 +318,24 @@ struct child_cfg_t { * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign * @param mark_in optional inbound mark (can be NULL) * @param mark_out optional outbound mark (can be NULL) +<<<<<<< HEAD +======= * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU +>>>>>>> upstream/4.5.1 * @return child_cfg_t object */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, +<<<<<<< HEAD + ipsec_mode_t mode, action_t dpd_action, + action_t close_action, bool ipcomp, + u_int32_t inactivity, u_int32_t reqid, + mark_t *mark_in, mark_t *mark_out); +======= ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, mark_t *mark_in, mark_t *mark_out, u_int32_t tfc); +>>>>>>> upstream/4.5.1 #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 6f0c87279..2b31eca04 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -682,7 +682,11 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->use_mobike = mobike; this->dpd = dpd; this->virtual_ip = virtual_ip; +<<<<<<< HEAD + this->pool = pool ? strdup(pool) : NULL; +======= this->pool = strdupnull(pool); +>>>>>>> upstream/4.5.1 this->local_auth = linked_list_create(); this->remote_auth = linked_list_create(); this->refcount = 1; diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 86a59bc1b..aba7feede 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -560,7 +560,10 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) if (token == NULL) { +<<<<<<< HEAD +======= DBG1(DBG_CFG, "algorithm '%.*s' not recognized", alg.len, alg.ptr); +>>>>>>> upstream/4.5.1 return FAILED; } @@ -741,10 +744,16 @@ static void proposal_add_supported_ike(private_proposal_t *this) integrity_algorithm_t integrity; pseudo_random_function_t prf; diffie_hellman_group_t group; +<<<<<<< HEAD + + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption)) +======= const char *plugin_name; enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) +>>>>>>> upstream/4.5.1 { switch (encryption) { @@ -779,7 +788,11 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_signer_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &integrity)) +======= while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) +>>>>>>> upstream/4.5.1 { switch (integrity) { @@ -798,7 +811,11 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_prf_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &prf)) +======= while (enumerator->enumerate(enumerator, &prf, &plugin_name)) +>>>>>>> upstream/4.5.1 { switch (prf) { @@ -817,7 +834,11 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &group)) +======= while (enumerator->enumerate(enumerator, &group, &plugin_name)) +>>>>>>> upstream/4.5.1 { switch (group) { diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 4f2831e42..4223d5a8d 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -19,6 +19,16 @@ #include <stdio.h> #include <sys/types.h> #include <unistd.h> +<<<<<<< HEAD +#include <syslog.h> +#include <time.h> +#include <errno.h> + +#ifdef CAPABILITIES +#ifdef HAVE_SYS_CAPABILITY_H +#include <sys/capability.h> +#endif /* HAVE_SYS_CAPABILITY_H */ +======= #include <time.h> #ifdef CAPABILITIES @@ -27,6 +37,7 @@ # elif defined(CAPABILITIES_NATIVE) # include <linux/capability.h> # endif /* CAPABILITIES_NATIVE */ +>>>>>>> upstream/4.5.1 #endif /* CAPABILITIES */ #include "daemon.h" @@ -34,7 +45,14 @@ #include <library.h> #include <config/proposal.h> #include <kernel/kernel_handler.h> +<<<<<<< HEAD + +#ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ +#define LOG_AUTHPRIV LOG_AUTH +#endif +======= #include <processing/jobs/start_action_job.h> +>>>>>>> upstream/4.5.1 typedef struct private_daemon_t private_daemon_t; @@ -59,7 +77,11 @@ struct private_daemon_t { cap_t caps; #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE +<<<<<<< HEAD + struct __user_cap_data_struct caps; +======= struct __user_cap_data_struct caps[2]; +>>>>>>> upstream/4.5.1 #endif /* CAPABILITIES_NATIVE */ }; @@ -144,6 +166,11 @@ METHOD(daemon_t, keep_cap, void, cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET); #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE +<<<<<<< HEAD + this->caps.effective |= 1 << cap; + this->caps.permitted |= 1 << cap; + this->caps.inheritable |= 1 << cap; +======= int i = 0; if (cap >= 32) @@ -154,6 +181,7 @@ METHOD(daemon_t, keep_cap, void, this->caps[i].effective |= 1 << cap; this->caps[i].permitted |= 1 << cap; this->caps[i].inheritable |= 1 << cap; +>>>>>>> upstream/4.5.1 #endif /* CAPABILITIES_NATIVE */ } @@ -168,6 +196,11 @@ METHOD(daemon_t, drop_capabilities, bool, #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE struct __user_cap_header_struct header = { +<<<<<<< HEAD + .version = _LINUX_CAPABILITY_VERSION, + }; + if (capset(&header, &this->caps) != 0) +======= #if defined(_LINUX_CAPABILITY_VERSION_3) .version = _LINUX_CAPABILITY_VERSION_3, #elif defined(_LINUX_CAPABILITY_VERSION_2) @@ -177,6 +210,7 @@ METHOD(daemon_t, drop_capabilities, bool, #endif }; if (capset(&header, this->caps) != 0) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -212,9 +246,161 @@ static void print_plugins() DBG1(DBG_DMN, "loaded plugins: %s", buf); } +<<<<<<< HEAD +/** + * Initialize logging + */ +static void initialize_loggers(private_daemon_t *this, bool use_stderr, + level_t levels[]) +{ + sys_logger_t *sys_logger; + file_logger_t *file_logger; + enumerator_t *enumerator; + char *facility, *filename; + int loggers_defined = 0; + debug_t group; + level_t def; + bool append, ike_name; + FILE *file; + + /* setup sysloggers */ + enumerator = lib->settings->create_section_enumerator(lib->settings, + "charon.syslog"); + while (enumerator->enumerate(enumerator, &facility)) + { + loggers_defined++; + + ike_name = lib->settings->get_bool(lib->settings, + "charon.syslog.%s.ike_name", FALSE, facility); + if (streq(facility, "daemon")) + { + sys_logger = sys_logger_create(LOG_DAEMON, ike_name); + } + else if (streq(facility, "auth")) + { + sys_logger = sys_logger_create(LOG_AUTHPRIV, ike_name); + } + else + { + continue; + } + def = lib->settings->get_int(lib->settings, + "charon.syslog.%s.default", 1, facility); + for (group = 0; group < DBG_MAX; group++) + { + sys_logger->set_level(sys_logger, group, + lib->settings->get_int(lib->settings, + "charon.syslog.%s.%N", def, + facility, debug_lower_names, group)); + } + this->public.sys_loggers->insert_last(this->public.sys_loggers, + sys_logger); + this->public.bus->add_listener(this->public.bus, &sys_logger->listener); + } + enumerator->destroy(enumerator); + + /* and file loggers */ + enumerator = lib->settings->create_section_enumerator(lib->settings, + "charon.filelog"); + while (enumerator->enumerate(enumerator, &filename)) + { + loggers_defined++; + if (streq(filename, "stderr")) + { + file = stderr; + } + else if (streq(filename, "stdout")) + { + file = stdout; + } + else + { + append = lib->settings->get_bool(lib->settings, + "charon.filelog.%s.append", TRUE, filename); + file = fopen(filename, append ? "a" : "w"); + if (file == NULL) + { + DBG1(DBG_DMN, "opening file %s for logging failed: %s", + filename, strerror(errno)); + continue; + } + if (lib->settings->get_bool(lib->settings, + "charon.filelog.%s.flush_line", FALSE, filename)) + { + setlinebuf(file); + } + } + file_logger = file_logger_create(file, + lib->settings->get_str(lib->settings, + "charon.filelog.%s.time_format", NULL, filename), + lib->settings->get_bool(lib->settings, + "charon.filelog.%s.ike_name", FALSE, filename)); + def = lib->settings->get_int(lib->settings, + "charon.filelog.%s.default", 1, filename); + for (group = 0; group < DBG_MAX; group++) + { + file_logger->set_level(file_logger, group, + lib->settings->get_int(lib->settings, + "charon.filelog.%s.%N", def, + filename, debug_lower_names, group)); + } + this->public.file_loggers->insert_last(this->public.file_loggers, + file_logger); + this->public.bus->add_listener(this->public.bus, &file_logger->listener); + + } + enumerator->destroy(enumerator); + + /* set up legacy style default loggers provided via command-line */ + if (!loggers_defined) + { + /* set up default stdout file_logger */ + file_logger = file_logger_create(stdout, NULL, FALSE); + this->public.bus->add_listener(this->public.bus, &file_logger->listener); + this->public.file_loggers->insert_last(this->public.file_loggers, + file_logger); + /* set up default daemon sys_logger */ + sys_logger = sys_logger_create(LOG_DAEMON, FALSE); + this->public.bus->add_listener(this->public.bus, &sys_logger->listener); + this->public.sys_loggers->insert_last(this->public.sys_loggers, + sys_logger); + for (group = 0; group < DBG_MAX; group++) + { + sys_logger->set_level(sys_logger, group, levels[group]); + if (use_stderr) + { + file_logger->set_level(file_logger, group, levels[group]); + } + } + + /* set up default auth sys_logger */ + sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE); + this->public.bus->add_listener(this->public.bus, &sys_logger->listener); + this->public.sys_loggers->insert_last(this->public.sys_loggers, + sys_logger); + sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); + } +} + +METHOD(daemon_t, initialize, bool, + private_daemon_t *this, bool syslog, level_t levels[]) +{ + /* for uncritical pseudo random numbers */ + srandom(time(NULL) + getpid()); + + /* setup bus and it's listeners first to enable log output */ + this->public.bus = bus_create(); + /* set up hook to log dbg message in library via charons message bus */ + dbg_old = dbg; + dbg = dbg_bus; + + initialize_loggers(this, !syslog, levels); + +======= METHOD(daemon_t, initialize, bool, private_daemon_t *this) { +>>>>>>> upstream/4.5.1 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); if (lib->integrity) @@ -226,6 +412,19 @@ METHOD(daemon_t, initialize, bool, DBG1(DBG_DMN, "daemon 'charon': passed file integrity test"); } +<<<<<<< HEAD + /* load secrets, ca certificates and crls */ + this->public.controller = controller_create(); + this->public.eap = eap_manager_create(); + this->public.sim = sim_manager_create(); + this->public.tnccs = tnccs_manager_create(); + this->public.backends = backend_manager_create(); + this->public.socket = socket_manager_create(); + this->public.traps = trap_manager_create(); + this->kernel_handler = kernel_handler_create(); + +======= +>>>>>>> upstream/4.5.1 /* load plugins, further infrastructure may need it */ if (!lib->plugins->load(lib->plugins, NULL, lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) @@ -247,9 +446,12 @@ METHOD(daemon_t, initialize, bool, return FALSE; } +<<<<<<< HEAD +======= /* Queue start_action job */ lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create()); +>>>>>>> upstream/4.5.1 #ifdef ME this->public.connect_manager = connect_manager_create(); if (this->public.connect_manager == NULL) @@ -275,11 +477,16 @@ private_daemon_t *daemon_create() .drop_capabilities = _drop_capabilities, .initialize = _initialize, .start = _start, +<<<<<<< HEAD +======= .bus = bus_create(), +>>>>>>> upstream/4.5.1 .file_loggers = linked_list_create(), .sys_loggers = linked_list_create(), }, ); +<<<<<<< HEAD +======= charon = &this->public; this->public.controller = controller_create(); this->public.eap = eap_manager_create(); @@ -289,6 +496,7 @@ private_daemon_t *daemon_create() this->public.socket = socket_manager_create(); this->public.traps = trap_manager_create(); this->kernel_handler = kernel_handler_create(); +>>>>>>> upstream/4.5.1 #ifdef CAPABILITIES #ifdef CAPABILITIES_LIBCAP @@ -309,6 +517,10 @@ private_daemon_t *daemon_create() */ void libcharon_deinit() { +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 destroy((private_daemon_t*)charon); charon = NULL; } @@ -321,6 +533,9 @@ bool libcharon_init() private_daemon_t *this; this = daemon_create(); +<<<<<<< HEAD + charon = &this->public; +======= /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); @@ -328,6 +543,7 @@ bool libcharon_init() /* set up hook to log dbg message in library via charons message bus */ dbg_old = dbg; dbg = dbg_bus; +>>>>>>> upstream/4.5.1 lib->printf_hook->add_handler(lib->printf_hook, 'P', proposal_printf_hook, diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index 04f1fc249..ae590601f 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -149,9 +149,13 @@ typedef struct daemon_t daemon_t; #include <config/backend_manager.h> #include <sa/authenticators/eap/eap_manager.h> #include <sa/authenticators/eap/sim_manager.h> +<<<<<<< HEAD +#include <tnccs/tnccs_manager.h> +======= #include <tnc/imc/imc_manager.h> #include <tnc/imv/imv_manager.h> #include <tnc/tnccs/tnccs_manager.h> +>>>>>>> upstream/4.5.1 #ifdef ME #include <sa/connect_manager.h> @@ -239,6 +243,8 @@ struct daemon_t { sim_manager_t *sim; /** +<<<<<<< HEAD +======= * TNC IMC manager controlling Integrity Measurement Collectors */ imc_manager_t *imcs; @@ -249,6 +255,7 @@ struct daemon_t { imv_manager_t *imvs; /** +>>>>>>> upstream/4.5.1 * TNCCS manager to maintain registered TNCCS protocols */ tnccs_manager_t *tnccs; @@ -298,7 +305,11 @@ struct daemon_t { /** * Initialize the daemon. */ +<<<<<<< HEAD + bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]); +======= bool (*initialize)(daemon_t *this); +>>>>>>> upstream/4.5.1 /** * Starts the daemon, i.e. spawns the threads of the thread pool. @@ -317,9 +328,12 @@ extern daemon_t *charon; /** * Initialize libcharon and create the "charon" instance of daemon_t. * +<<<<<<< HEAD +======= * This function initializes the bus, listeners can be registered before * calling initialize(). * +>>>>>>> upstream/4.5.1 * @return FALSE if integrity check failed */ bool libcharon_init(); diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index ce3844361..785f1430a 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -41,7 +41,10 @@ #include <encoding/payloads/cp_payload.h> #include <encoding/payloads/configuration_attribute.h> #include <encoding/payloads/eap_payload.h> +<<<<<<< HEAD +======= #include <encoding/payloads/unknown_payload.h> +>>>>>>> upstream/4.5.1 /** * Generating is done in a data buffer. @@ -90,10 +93,27 @@ struct private_generator_t { */ void *data_struct; +<<<<<<< HEAD + /* + * Last payload length position offset in the buffer. + */ + u_int32_t last_payload_length_position_offset; + + /** + * Offset of the header length field in the buffer. + */ + u_int32_t header_length_position_offset; + + /** + * Last SPI size. + */ + u_int8_t last_spi_size; +======= /** * Offset of the header length field in the buffer. */ u_int32_t header_length_offset; +>>>>>>> upstream/4.5.1 /** * Attribute format of the last generated transform attribute. @@ -184,6 +204,36 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, } /** +<<<<<<< HEAD + * Writes a specific amount of byte into the buffer at a specific offset. + */ +static void write_bytes_to_buffer_at_offset(private_generator_t *this, + void *bytes, int number_of_bytes, u_int32_t offset) +{ + int i; + u_int8_t *read_position = (u_int8_t *)bytes; + u_int8_t *write_position; + u_int32_t free_space_after_offset = get_size(this) - offset; + + /* check first if enough space for new data is available */ + if (number_of_bytes > free_space_after_offset) + { + make_space_available(this, + (number_of_bytes - free_space_after_offset) * 8); + } + + write_position = this->buffer + offset; + for (i = 0; i < number_of_bytes; i++) + { + *write_position = *read_position; + read_position++; + write_position++; + } +} + +/** +======= +>>>>>>> upstream/4.5.1 * Generates a U_INT-Field type and writes it to buffer. */ static void generate_u_int_type(private_generator_t *this, @@ -198,13 +248,19 @@ static void generate_u_int_type(private_generator_t *this, number_of_bits = 4; break; case TS_TYPE: +<<<<<<< HEAD +======= case RESERVED_BYTE: case SPI_SIZE: +>>>>>>> upstream/4.5.1 case U_INT_8: number_of_bits = 8; break; case U_INT_16: +<<<<<<< HEAD +======= case PAYLOAD_LENGTH: +>>>>>>> upstream/4.5.1 case CONFIGURATION_ATTRIBUTE_LENGTH: number_of_bits = 16; break; @@ -268,8 +324,11 @@ static void generate_u_int_type(private_generator_t *this, break; } case TS_TYPE: +<<<<<<< HEAD +======= case RESERVED_BYTE: case SPI_SIZE: +>>>>>>> upstream/4.5.1 case U_INT_8: { /* 8 bit values are written as they are */ @@ -307,7 +366,10 @@ static void generate_u_int_type(private_generator_t *this, } case U_INT_16: +<<<<<<< HEAD +======= case PAYLOAD_LENGTH: +>>>>>>> upstream/4.5.1 case CONFIGURATION_ATTRIBUTE_LENGTH: { u_int16_t val = htons(*((u_int16_t*)(this->data_struct + offset))); @@ -341,6 +403,52 @@ static void generate_u_int_type(private_generator_t *this, } /** +<<<<<<< HEAD + * Generate a reserved bit or byte + */ +static void generate_reserved_field(private_generator_t *this, int bits) +{ + /* only one bit or 8 bit fields are supported */ + if (bits != 1 && bits != 8) + { + DBG1(DBG_ENC, "reserved field of %d bits cannot be generated", bits); + return ; + } + make_space_available(this, bits); + + if (bits == 1) + { + u_int8_t reserved_bit = ~(1 << (7 - this->current_bit)); + + *(this->out_position) = *(this->out_position) & reserved_bit; + if (this->current_bit == 0) + { + /* memory must be zero */ + *(this->out_position) = 0x00; + } + this->current_bit++; + if (this->current_bit >= 8) + { + this->current_bit = this->current_bit % 8; + this->out_position++; + } + } + else + { + if (this->current_bit > 0) + { + DBG1(DBG_ENC, "reserved field cannot be written cause " + "alignement of current bit is %d", this->current_bit); + return; + } + *(this->out_position) = 0x00; + this->out_position++; + } +} + +/** +======= +>>>>>>> upstream/4.5.1 * Generate a FLAG filed */ static void generate_flag(private_generator_t *this, u_int32_t offset) @@ -395,7 +503,11 @@ METHOD(generator_t, get_chunk, chunk_t, { chunk_t data; +<<<<<<< HEAD + *lenpos = (u_int32_t*)(this->buffer + this->header_length_position_offset); +======= *lenpos = (u_int32_t*)(this->buffer + this->header_length_offset); +>>>>>>> upstream/4.5.1 data = chunk_create(this->buffer, get_length(this)); DBG3(DBG_ENC, "generated data of this generator %B", &data); return data; @@ -411,6 +523,11 @@ METHOD(generator_t, generate_payload, void, this->data_struct = payload; payload_type = payload->get_type(payload); +<<<<<<< HEAD + /* spi size has to get reseted */ + this->last_spi_size = 0; +======= +>>>>>>> upstream/4.5.1 offset_start = this->out_position - this->buffer; @@ -430,6 +547,58 @@ METHOD(generator_t, generate_payload, void, case U_INT_8: case U_INT_16: case U_INT_32: +<<<<<<< HEAD + case IKE_SPI: + case TS_TYPE: + case ATTRIBUTE_TYPE: + case CONFIGURATION_ATTRIBUTE_LENGTH: + { + generate_u_int_type(this, rules[i].type, rules[i].offset); + break; + } + case RESERVED_BIT: + { + generate_reserved_field(this, 1); + break; + } + case RESERVED_BYTE: + { + generate_reserved_field(this, 8); + break; + } + case FLAG: + { + generate_flag(this, rules[i].offset); + break; + } + case PAYLOAD_LENGTH: + { + this->last_payload_length_position_offset = get_offset(this); + generate_u_int_type(this, U_INT_16,rules[i].offset); + break; + } + case HEADER_LENGTH: + { + this->header_length_position_offset = get_offset(this); + generate_u_int_type(this ,U_INT_32, rules[i].offset); + break; + } + case SPI_SIZE: + generate_u_int_type(this, U_INT_8, rules[i].offset); + this->last_spi_size = *((u_int8_t *)(this->data_struct + + rules[i].offset)); + break; + case ADDRESS: + { + generate_from_chunk(this, rules[i].offset); + break; + } + case SPI: + { + generate_from_chunk(this, rules[i].offset); + break; + } +======= case PAYLOAD_LENGTH: case IKE_SPI: case RESERVED_BYTE: @@ -449,6 +618,7 @@ METHOD(generator_t, generate_payload, void, break; case ADDRESS: case SPI: +>>>>>>> upstream/4.5.1 case KEY_EXCHANGE_DATA: case NOTIFICATION_DATA: case NONCE_DATA: @@ -460,6 +630,198 @@ METHOD(generator_t, generate_payload, void, case CONFIGURATION_ATTRIBUTE_VALUE: case VID_DATA: case EAP_DATA: +<<<<<<< HEAD + { + u_int32_t payload_length_position_offset; + u_int16_t length_of_payload; + u_int16_t header_length = 0; + u_int16_t length_in_network_order; + + switch(rules[i].type) + { + case KEY_EXCHANGE_DATA: + header_length = KE_PAYLOAD_HEADER_LENGTH; + break; + case NOTIFICATION_DATA: + header_length = NOTIFY_PAYLOAD_HEADER_LENGTH + + this->last_spi_size; + break; + case NONCE_DATA: + header_length = NONCE_PAYLOAD_HEADER_LENGTH; + break; + case ID_DATA: + header_length = ID_PAYLOAD_HEADER_LENGTH; + break; + case AUTH_DATA: + header_length = AUTH_PAYLOAD_HEADER_LENGTH; + break; + case CERT_DATA: + header_length = CERT_PAYLOAD_HEADER_LENGTH; + break; + case CERTREQ_DATA: + header_length = CERTREQ_PAYLOAD_HEADER_LENGTH; + break; + case SPIS: + header_length = DELETE_PAYLOAD_HEADER_LENGTH; + break; + case VID_DATA: + header_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH; + break; + case CONFIGURATION_ATTRIBUTE_VALUE: + header_length = CONFIGURATION_ATTRIBUTE_HEADER_LENGTH; + break; + case EAP_DATA: + header_length = EAP_PAYLOAD_HEADER_LENGTH; + break; + default: + break; + } + generate_from_chunk(this, rules[i].offset); + + payload_length_position_offset = + this->last_payload_length_position_offset; + + length_of_payload = header_length + + ((chunk_t *)(this->data_struct + rules[i].offset))->len; + + length_in_network_order = htons(length_of_payload); + write_bytes_to_buffer_at_offset(this, &length_in_network_order, + sizeof(u_int16_t), payload_length_position_offset); + break; + } + case PROPOSALS: + { + u_int32_t payload_length_position_offset = + this->last_payload_length_position_offset; + /* Length of SA_PAYLOAD is calculated */ + u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH; + u_int16_t int16_val; + linked_list_t *proposals = *((linked_list_t **) + (this->data_struct + rules[i].offset)); + iterator_t *iterator; + payload_t *current_proposal; + + iterator = proposals->create_iterator(proposals,TRUE); + while (iterator->iterate(iterator, (void**)¤t_proposal)) + { + u_int32_t before_generate_position_offset; + u_int32_t after_generate_position_offset; + + before_generate_position_offset = get_offset(this); + generate_payload(this, current_proposal); + after_generate_position_offset = get_offset(this); + length_of_sa_payload += (after_generate_position_offset - + before_generate_position_offset); + } + iterator->destroy(iterator); + + int16_val = htons(length_of_sa_payload); + write_bytes_to_buffer_at_offset(this, &int16_val, + sizeof(u_int16_t),payload_length_position_offset); + break; + } + case TRANSFORMS: + { + u_int32_t payload_length_position_offset = + this->last_payload_length_position_offset; + u_int16_t length_of_proposal = + PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; + u_int16_t int16_val; + linked_list_t *transforms = *((linked_list_t **) + (this->data_struct + rules[i].offset)); + iterator_t *iterator; + payload_t *current_transform; + + iterator = transforms->create_iterator(transforms,TRUE); + while (iterator->iterate(iterator, (void**)¤t_transform)) + { + u_int32_t before_generate_position_offset; + u_int32_t after_generate_position_offset; + + before_generate_position_offset = get_offset(this); + generate_payload(this, current_transform); + after_generate_position_offset = get_offset(this); + + length_of_proposal += (after_generate_position_offset - + before_generate_position_offset); + } + iterator->destroy(iterator); + + int16_val = htons(length_of_proposal); + write_bytes_to_buffer_at_offset(this, &int16_val, + sizeof(u_int16_t), payload_length_position_offset); + break; + } + case TRANSFORM_ATTRIBUTES: + { + u_int32_t transform_length_position_offset = + this->last_payload_length_position_offset; + u_int16_t length_of_transform = + TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; + u_int16_t int16_val; + linked_list_t *transform_attributes =*((linked_list_t **) + (this->data_struct + rules[i].offset)); + iterator_t *iterator; + payload_t *current_attribute; + + iterator = transform_attributes->create_iterator( + transform_attributes, TRUE); + while (iterator->iterate(iterator, (void**)¤t_attribute)) + { + u_int32_t before_generate_position_offset; + u_int32_t after_generate_position_offset; + + before_generate_position_offset = get_offset(this); + generate_payload(this, current_attribute); + after_generate_position_offset = get_offset(this); + + length_of_transform += (after_generate_position_offset - + before_generate_position_offset); + } + + iterator->destroy(iterator); + + int16_val = htons(length_of_transform); + write_bytes_to_buffer_at_offset(this, &int16_val, + sizeof(u_int16_t),transform_length_position_offset); + break; + } + case CONFIGURATION_ATTRIBUTES: + { + u_int32_t configurations_length_position_offset = + this->last_payload_length_position_offset; + u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; + u_int16_t int16_val; + linked_list_t *configuration_attributes = *((linked_list_t **) + (this->data_struct + rules[i].offset)); + iterator_t *iterator; + payload_t *current_attribute; + + iterator = configuration_attributes->create_iterator( + configuration_attributes,TRUE); + while (iterator->iterate(iterator, (void**)¤t_attribute)) + { + u_int32_t before_generate_position_offset; + u_int32_t after_generate_position_offset; + + before_generate_position_offset = get_offset(this); + generate_payload(this, current_attribute); + after_generate_position_offset = get_offset(this); + + length_of_configurations += after_generate_position_offset - + before_generate_position_offset; + } + + iterator->destroy(iterator); + + int16_val = htons(length_of_configurations); + write_bytes_to_buffer_at_offset(this, &int16_val, + sizeof(u_int16_t),configurations_length_position_offset); + break; + } + case ATTRIBUTE_FORMAT: + { +======= case ENCRYPTED_DATA: case UNKNOWN_DATA: generate_from_chunk(this, rules[i].offset); @@ -485,19 +847,41 @@ METHOD(generator_t, generate_payload, void, break; } case ATTRIBUTE_FORMAT: +>>>>>>> upstream/4.5.1 generate_flag(this, rules[i].offset); /* Attribute format is a flag which is stored in context*/ this->attribute_format = *((bool *)(this->data_struct + rules[i].offset)); break; +<<<<<<< HEAD + } + + case ATTRIBUTE_LENGTH_OR_VALUE: + { + if (this->attribute_format == FALSE) + { + generate_u_int_type(this, U_INT_16, rules[i].offset); + /* this field hold the length of the attribute */ + this->attribute_length = + *((u_int16_t *)(this->data_struct + rules[i].offset)); +======= case ATTRIBUTE_LENGTH_OR_VALUE: if (this->attribute_format) { generate_u_int_type(this, U_INT_16, rules[i].offset); +>>>>>>> upstream/4.5.1 } else { generate_u_int_type(this, U_INT_16, rules[i].offset); +<<<<<<< HEAD + } + break; + } + case ATTRIBUTE_VALUE: + { + if (this->attribute_format == FALSE) +======= /* this field hold the length of the attribute */ this->attribute_length = *((u_int16_t *)(this->data_struct + rules[i].offset)); @@ -506,6 +890,7 @@ METHOD(generator_t, generate_payload, void, case ATTRIBUTE_VALUE: { if (!this->attribute_format) +>>>>>>> upstream/4.5.1 { DBG2(DBG_ENC, "attribute value has not fixed size"); /* the attribute value is generated */ @@ -513,6 +898,47 @@ METHOD(generator_t, generate_payload, void, } break; } +<<<<<<< HEAD + case TRAFFIC_SELECTORS: + { + u_int32_t payload_length_position_offset = + this->last_payload_length_position_offset; + u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH; + u_int16_t int16_val; + linked_list_t *traffic_selectors = *((linked_list_t **) + (this->data_struct + rules[i].offset)); + iterator_t *iterator; + payload_t *current_tss; + + iterator = traffic_selectors->create_iterator( + traffic_selectors,TRUE); + while (iterator->iterate(iterator, (void **)¤t_tss)) + { + u_int32_t before_generate_position_offset; + u_int32_t after_generate_position_offset; + + before_generate_position_offset = get_offset(this); + generate_payload(this, current_tss); + after_generate_position_offset = get_offset(this); + + length_of_ts_payload += (after_generate_position_offset - + before_generate_position_offset); + } + iterator->destroy(iterator); + + int16_val = htons(length_of_ts_payload); + write_bytes_to_buffer_at_offset(this, &int16_val, + sizeof(u_int16_t),payload_length_position_offset); + break; + } + + case ENCRYPTED_DATA: + { + generate_from_chunk(this, rules[i].offset); + break; + } +======= +>>>>>>> upstream/4.5.1 default: DBG1(DBG_ENC, "field type %N is not supported", encoding_type_names, rules[i].type); diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index dbef340ab..071424812 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -131,7 +131,10 @@ static payload_rule_t ike_sa_init_r_rules[] = { {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, {NONCE, 1, 1, FALSE, FALSE}, +<<<<<<< HEAD +======= {CERTIFICATE_REQUEST, 1, 1, FALSE, FALSE}, +>>>>>>> upstream/4.5.1 {VENDOR_ID, 0, 10, FALSE, FALSE}, }; @@ -491,6 +494,8 @@ struct private_message_t { bool is_request; /** +<<<<<<< HEAD +======= * Higher version supported? */ bool version_flag; @@ -506,6 +511,7 @@ struct private_message_t { bool sort_disabled; /** +>>>>>>> upstream/4.5.1 * Message ID of this message. */ u_int32_t message_id; @@ -663,6 +669,20 @@ METHOD(message_t, get_request, bool, return this->is_request; } +<<<<<<< HEAD +/** + * Is this message in an encoded form? + */ +static bool is_encoded(private_message_t *this) +{ + chunk_t data = this->packet->get_data(this->packet); + + if (data.ptr == NULL) + { + return FALSE; + } + return TRUE; +======= METHOD(message_t, set_version_flag, void, private_message_t *this) { @@ -692,6 +712,7 @@ METHOD(message_t, is_encoded, bool, private_message_t *this) { return this->packet->get_data(this->packet).ptr != NULL; +>>>>>>> upstream/4.5.1 } METHOD(message_t, add_payload, void, @@ -765,12 +786,15 @@ METHOD(message_t, create_payload_enumerator, enumerator_t*, return this->payloads->create_enumerator(this->payloads); } +<<<<<<< HEAD +======= METHOD(message_t, remove_payload_at, void, private_message_t *this, enumerator_t *enumerator) { this->payloads->remove_at(this->payloads, enumerator); } +>>>>>>> upstream/4.5.1 METHOD(message_t, get_payload, payload_t*, private_message_t *this, payload_type_t type) { @@ -1040,12 +1064,15 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) return encryption; } +<<<<<<< HEAD +======= METHOD(message_t, disable_sort, void, private_message_t *this) { this->sort_disabled = TRUE; } +>>>>>>> upstream/4.5.1 METHOD(message_t, generate, status_t, private_message_t *this, aead_t *aead, packet_t **packet) { @@ -1057,8 +1084,17 @@ METHOD(message_t, generate, status_t, chunk_t chunk; char str[256]; u_int32_t *lenpos; +<<<<<<< HEAD + + if (is_encoded(this)) + { /* already generated, return a new packet clone */ + *packet = this->packet->clone(this->packet); + return SUCCESS; + } +======= bool *reserved; int i; +>>>>>>> upstream/4.5.1 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { @@ -1080,10 +1116,14 @@ METHOD(message_t, generate, status_t, return NOT_SUPPORTED; } +<<<<<<< HEAD + order_payloads(this); +======= if (!this->sort_disabled) { order_payloads(this); } +>>>>>>> upstream/4.5.1 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); @@ -1097,12 +1137,18 @@ METHOD(message_t, generate, status_t, } ike_header = ike_header_create(); +<<<<<<< HEAD + ike_header->set_exchange_type(ike_header, this->exchange_type); + ike_header->set_message_id(ike_header, this->message_id); + ike_header->set_response_flag(ike_header, !this->is_request); +======= ike_header->set_maj_version(ike_header, this->major_version); ike_header->set_min_version(ike_header, this->minor_version); ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_message_id(ike_header, this->message_id); ike_header->set_response_flag(ike_header, !this->is_request); ike_header->set_version_flag(ike_header, this->version_flag); +>>>>>>> upstream/4.5.1 ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id)); ike_header->set_initiator_spi(ike_header, @@ -1110,6 +1156,8 @@ METHOD(message_t, generate, status_t, ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); +<<<<<<< HEAD +======= for (i = 0; i < countof(this->reserved); i++) { reserved = payload_get_field(&ike_header->payload_interface, @@ -1120,6 +1168,7 @@ METHOD(message_t, generate, status_t, } } +>>>>>>> upstream/4.5.1 generator = generator_create(); /* generate all payloads with proper next type */ @@ -1188,8 +1237,11 @@ METHOD(message_t, parse_header, status_t, { ike_header_t *ike_header; status_t status; +<<<<<<< HEAD +======= bool *reserved; int i; +>>>>>>> upstream/4.5.1 DBG2(DBG_ENC, "parsing header of message"); @@ -1224,6 +1276,9 @@ METHOD(message_t, parse_header, status_t, this->minor_version = ike_header->get_min_version(ike_header); this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); +<<<<<<< HEAD + +======= for (i = 0; i < countof(this->reserved); i++) { reserved = payload_get_field(&ike_header->payload_interface, @@ -1233,6 +1288,7 @@ METHOD(message_t, parse_header, status_t, this->reserved[i] = *reserved; } } +>>>>>>> upstream/4.5.1 DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); @@ -1249,6 +1305,8 @@ METHOD(message_t, parse_header, status_t, } /** +<<<<<<< HEAD +======= * Check if a payload is for a mediation extension connectivity check */ static bool is_connectivity_check(private_message_t *this, payload_t *payload) @@ -1274,6 +1332,7 @@ static bool is_connectivity_check(private_message_t *this, payload_t *payload) } /** +>>>>>>> upstream/4.5.1 * Decrypt payload from the encryption payload */ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) @@ -1344,15 +1403,23 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) } encryption->destroy(encryption); } +<<<<<<< HEAD + if (type != UNKNOWN_PAYLOAD && !was_encrypted) +======= if (payload_is_known(type) && !was_encrypted && !is_connectivity_check(this, payload)) +>>>>>>> upstream/4.5.1 { rule = get_payload_rule(this, type); if (!rule || rule->encrypted) { DBG1(DBG_ENC, "payload type %N was not encrypted", payload_type_names, type); +<<<<<<< HEAD + status = VERIFY_ERROR; +======= status = FAILED; +>>>>>>> upstream/4.5.1 break; } } @@ -1367,7 +1434,10 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) */ static status_t verify(private_message_t *this) { +<<<<<<< HEAD +======= bool complete = FALSE; +>>>>>>> upstream/4.5.1 int i; DBG2(DBG_ENC, "verifying message structure"); @@ -1385,9 +1455,28 @@ static status_t verify(private_message_t *this) while (enumerator->enumerate(enumerator, &payload)) { payload_type_t type; +<<<<<<< HEAD + unknown_payload_t *unknown; + + type = payload->get_type(payload); + if (type == UNKNOWN_PAYLOAD) + { + /* unknown payloads are ignored if they are not critical */ + unknown = (unknown_payload_t*)payload; + if (unknown->is_critical(unknown)) + { + DBG1(DBG_ENC, "%N is not supported, but its critical!", + payload_type_names, type); + enumerator->destroy(enumerator); + return NOT_SUPPORTED; + } + } + else if (type == rule->type) +======= type = payload->get_type(payload); if (type == rule->type) +>>>>>>> upstream/4.5.1 { found++; DBG2(DBG_ENC, "found payload of type %N", @@ -1404,15 +1493,25 @@ static status_t verify(private_message_t *this) } enumerator->destroy(enumerator); +<<<<<<< HEAD + if (found < rule->min_occurence) +======= if (!complete && found < rule->min_occurence) +>>>>>>> upstream/4.5.1 { DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", payload_type_names, rule->type, rule->min_occurence, found); return VERIFY_ERROR; } +<<<<<<< HEAD + if (rule->sufficient) + { + return SUCCESS; +======= if (found && rule->sufficient) { complete = TRUE; +>>>>>>> upstream/4.5.1 } } return SUCCESS; @@ -1441,7 +1540,11 @@ METHOD(message_t, parse_body, status_t, { DBG1(DBG_ENC, "payload type %N could not be parsed", payload_type_names, type); +<<<<<<< HEAD + return PARSE_ERROR; +======= return this->exchange_type == IKE_SA_INIT ? PARSE_ERROR : FAILED; +>>>>>>> upstream/4.5.1 } DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type); @@ -1451,7 +1554,11 @@ METHOD(message_t, parse_body, status_t, DBG1(DBG_ENC, "%N payload verification failed", payload_type_names, type); payload->destroy(payload); +<<<<<<< HEAD + return VERIFY_ERROR; +======= return this->exchange_type == IKE_SA_INIT ? VERIFY_ERROR : FAILED; +>>>>>>> upstream/4.5.1 } DBG2(DBG_ENC, "%N payload verified. Adding to payload list", @@ -1469,11 +1576,22 @@ METHOD(message_t, parse_body, status_t, type = payload->get_next_type(payload); } +<<<<<<< HEAD + if (type == ENCRYPTED) + { + status = decrypt_payloads(this, aead); + if (status != SUCCESS) + { + DBG1(DBG_ENC, "could not decrypt payloads"); + return status; + } +======= status = decrypt_payloads(this, aead); if (status != SUCCESS) { DBG1(DBG_ENC, "could not decrypt payloads"); return status; +>>>>>>> upstream/4.5.1 } status = verify(this); @@ -1521,6 +1639,11 @@ message_t *message_create_from_packet(packet_t *packet) .get_first_payload_type = _get_first_payload_type, .set_request = _set_request, .get_request = _get_request, +<<<<<<< HEAD + .add_payload = _add_payload, + .add_notify = _add_notify, + .generate = _generate, +======= .set_version_flag = _set_version_flag, .get_reserved_header_bit = _get_reserved_header_bit, .set_reserved_header_bit = _set_reserved_header_bit, @@ -1529,12 +1652,16 @@ message_t *message_create_from_packet(packet_t *packet) .disable_sort = _disable_sort, .generate = _generate, .is_encoded = _is_encoded, +>>>>>>> upstream/4.5.1 .set_source = _set_source, .get_source = _get_source, .set_destination = _set_destination, .get_destination = _get_destination, .create_payload_enumerator = _create_payload_enumerator, +<<<<<<< HEAD +======= .remove_payload_at = _remove_payload_at, +>>>>>>> upstream/4.5.1 .get_payload = _get_payload, .get_notify = _get_notify, .parse_header = _parse_header, @@ -1543,8 +1670,11 @@ message_t *message_create_from_packet(packet_t *packet) .get_packet_data = _get_packet_data, .destroy = _destroy, }, +<<<<<<< HEAD +======= .major_version = IKE_MAJOR_VERSION, .minor_version = IKE_MINOR_VERSION, +>>>>>>> upstream/4.5.1 .exchange_type = EXCHANGE_TYPE_UNDEFINED, .is_request = TRUE, .first_payload = NO_PAYLOAD, diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 51197308c..dcc9b0577 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -154,6 +154,8 @@ struct message_t { bool (*get_request) (message_t *this); /** +<<<<<<< HEAD +======= * Set the version flag in the IKE header. */ void (*set_version_flag)(message_t *this); @@ -174,6 +176,7 @@ struct message_t { void (*set_reserved_header_bit)(message_t *this, u_int nr); /** +>>>>>>> upstream/4.5.1 * Append a payload to the message. * * If the payload must be encrypted is not specified here. Encryption @@ -201,11 +204,14 @@ struct message_t { chunk_t data); /** +<<<<<<< HEAD +======= * Disable automatic payload sorting for this message. */ void (*disable_sort)(message_t *this); /** +>>>>>>> upstream/4.5.1 * Parses header of message. * * Begins parisng of a message created via message_create_from_packet(). @@ -231,6 +237,11 @@ struct message_t { * @param aead aead transform to verify/decrypt message * @return * - SUCCESS if parsing successful +<<<<<<< HEAD + * - NOT_SUPPORTED if ciritcal unknown payloads found + * - NOT_SUPPORTED if message type is not supported! +======= +>>>>>>> upstream/4.5.1 * - PARSE_ERROR if message parsing failed * - VERIFY_ERROR if message verification failed (bad syntax) * - FAILED if integrity check failed @@ -258,6 +269,8 @@ struct message_t { status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet); /** +<<<<<<< HEAD +======= * Check if the message has already been encoded using generate(). * * @return TRUE if message has been encoded @@ -265,6 +278,7 @@ struct message_t { bool (*is_encoded)(message_t *this); /** +>>>>>>> upstream/4.5.1 * Gets the source host informations. * * @warning Returned host_t object is not getting cloned, @@ -312,6 +326,8 @@ struct message_t { enumerator_t * (*create_payload_enumerator) (message_t *this); /** +<<<<<<< HEAD +======= * Remove the payload at the current enumerator position. * * @param enumerator enumerator created by create_payload_enumerator() @@ -319,6 +335,7 @@ struct message_t { void (*remove_payload_at)(message_t *this, enumerator_t *enumerator); /** +>>>>>>> upstream/4.5.1 * Find a payload of a specific type. * * Returns the first occurance. diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index 32cefb9e7..7a5ec8495 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -387,6 +387,15 @@ static status_t parse_payload(private_parser_t *this, DBG3(DBG_ENC, "parsing payload from %b", this->byte_pos, this->input_roof - this->byte_pos); +<<<<<<< HEAD + if (pld->get_type(pld) == UNKNOWN_PAYLOAD) + { + DBG1(DBG_ENC, " payload type %d is unknown, handling as %N", + payload_type, payload_type_names, UNKNOWN_PAYLOAD); + } + +======= +>>>>>>> upstream/4.5.1 /* base pointer for output, avoids casting in every rule */ output = pld; @@ -409,7 +418,10 @@ static status_t parse_payload(private_parser_t *this, break; } case U_INT_8: +<<<<<<< HEAD +======= case RESERVED_BYTE: +>>>>>>> upstream/4.5.1 { if (!parse_uint8(this, rule_number, output + rule->offset)) { @@ -428,7 +440,10 @@ static status_t parse_payload(private_parser_t *this, break; } case U_INT_32: +<<<<<<< HEAD +======= case HEADER_LENGTH: +>>>>>>> upstream/4.5.1 { if (!parse_uint32(this, rule_number, output + rule->offset)) { @@ -447,6 +462,26 @@ static status_t parse_payload(private_parser_t *this, break; } case RESERVED_BIT: +<<<<<<< HEAD + { + if (!parse_bit(this, rule_number, NULL)) + { + pld->destroy(pld); + return PARSE_ERROR; + } + break; + } + case RESERVED_BYTE: + { + if (!parse_uint8(this, rule_number, NULL)) + { + pld->destroy(pld); + return PARSE_ERROR; + } + break; + } +======= +>>>>>>> upstream/4.5.1 case FLAG: { if (!parse_bit(this, rule_number, output + rule->offset)) @@ -472,6 +507,18 @@ static status_t parse_payload(private_parser_t *this, } break; } +<<<<<<< HEAD + case HEADER_LENGTH: + { + if (!parse_uint32(this, rule_number, output + rule->offset)) + { + pld->destroy(pld); + return PARSE_ERROR; + } + break; + } +======= +>>>>>>> upstream/4.5.1 case SPI_SIZE: { if (!parse_uint8(this, rule_number, output + rule->offset)) diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index cb44a997c..25a57511a 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -19,6 +23,10 @@ #include <encoding/payloads/encodings.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_auth_payload_t private_auth_payload_t; /** @@ -43,6 +51,8 @@ struct private_auth_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved_bit[7]; @@ -53,6 +63,7 @@ struct private_auth_payload_t { u_int8_t reserved_byte[3]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -76,6 +87,29 @@ struct private_auth_payload_t { */ encoding_rule_t auth_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ +<<<<<<< HEAD + { U_INT_8, offsetof(private_auth_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_auth_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_auth_payload_t, payload_length)}, + /* 1 Byte AUTH type*/ + { U_INT_8, offsetof(private_auth_payload_t, auth_method) }, + /* 3 reserved bytes */ + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + /* some auth data bytes, length is defined in PAYLOAD_LENGTH */ + { AUTH_DATA, offsetof(private_auth_payload_t, auth_data) } +======= { U_INT_8, offsetof(private_auth_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_auth_payload_t, critical) }, @@ -97,6 +131,7 @@ encoding_rule_t auth_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_auth_payload_t, reserved_byte[2]) }, /* some auth data bytes, length is defined in PAYLOAD_LENGTH */ { AUTH_DATA, offsetof(private_auth_payload_t, auth_data) } +>>>>>>> upstream/4.5.1 }; /* @@ -113,6 +148,36 @@ encoding_rule_t auth_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_auth_payload_t *this) +{ + if (this->auth_method == 0 || + (this->auth_method >= 4 && this->auth_method <= 8) || + (this->auth_method >= 12 && this->auth_method <= 200)) + { + /* reserved IDs */ + return FAILED; + } + return SUCCESS; +} + +/** + * Implementation of auth_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_auth_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = auth_payload_encodings; + *rule_count = sizeof(auth_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_auth_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_auth_payload_t *this) { @@ -128,10 +193,25 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_auth_payload_t *this) +>>>>>>> upstream/4.5.1 { return AUTHENTICATION; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_auth_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_auth_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_next_type, payload_type_t, private_auth_payload_t *this) { @@ -140,22 +220,94 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_auth_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_auth_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_auth_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of auth_payload_t.set_auth_method. + */ +static void set_auth_method (private_auth_payload_t *this, auth_method_t method) +======= METHOD(auth_payload_t, set_auth_method, void, private_auth_payload_t *this, auth_method_t method) +>>>>>>> upstream/4.5.1 { this->auth_method = method; } +<<<<<<< HEAD +/** + * Implementation of auth_payload_t.get_auth_method. + */ +static auth_method_t get_auth_method (private_auth_payload_t *this) +{ + return (this->auth_method); +} + +/** + * Implementation of auth_payload_t.set_data. + */ +static void set_data (private_auth_payload_t *this, chunk_t data) +{ + if (this->auth_data.ptr != NULL) + { + chunk_free(&(this->auth_data)); + } + this->auth_data.ptr = clalloc(data.ptr,data.len); + this->auth_data.len = data.len; + this->payload_length = AUTH_PAYLOAD_HEADER_LENGTH + this->auth_data.len; +} + +/** + * Implementation of auth_payload_t.get_data. + */ +static chunk_t get_data (private_auth_payload_t *this) +{ + return (this->auth_data); +} + +/** + * Implementation of auth_payload_t.get_data_clone. + */ +static chunk_t get_data_clone (private_auth_payload_t *this) +{ + chunk_t cloned_data; + if (this->auth_data.ptr == NULL) + { + return (this->auth_data); + } + cloned_data.ptr = clalloc(this->auth_data.ptr,this->auth_data.len); + cloned_data.len = this->auth_data.len; + return cloned_data; +} + +/** + * Implementation of payload_t.destroy and auth_payload_t.destroy. + */ +static void destroy(private_auth_payload_t *this) +{ + if (this->auth_data.ptr != NULL) + { + chunk_free(&(this->auth_data)); + } + +======= METHOD(auth_payload_t, get_auth_method, auth_method_t, private_auth_payload_t *this) { @@ -180,6 +332,7 @@ METHOD2(payload_t, auth_payload_t, destroy, void, private_auth_payload_t *this) { free(this->auth_data.ptr); +>>>>>>> upstream/4.5.1 free(this); } @@ -188,6 +341,34 @@ METHOD2(payload_t, auth_payload_t, destroy, void, */ auth_payload_t *auth_payload_create() { +<<<<<<< HEAD + private_auth_payload_t *this = malloc_thing(private_auth_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.destroy = (void (*) (auth_payload_t *)) destroy; + this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method; + this->public.get_auth_method = (auth_method_t (*) (auth_payload_t *)) get_auth_method; + this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data; + this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone; + this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length =AUTH_PAYLOAD_HEADER_LENGTH; + this->auth_data = chunk_empty; + + return (&(this->public)); +======= private_auth_payload_t *this; INIT(this, @@ -211,4 +392,5 @@ auth_payload_t *auth_payload_create() .payload_length = AUTH_PAYLOAD_HEADER_LENGTH, ); return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h index e4c4e6ae3..c28fc1e06 100644 --- a/src/libcharon/encoding/payloads/auth_payload.h +++ b/src/libcharon/encoding/payloads/auth_payload.h @@ -62,13 +62,35 @@ struct auth_payload_t { /** * Set the AUTH data. * +<<<<<<< HEAD + * Data gets cloned. + * + * @param data AUTH data as chunk_t +======= * @param data AUTH data as chunk_t, gets cloned +>>>>>>> upstream/4.5.1 */ void (*set_data) (auth_payload_t *this, chunk_t data); /** * Get the AUTH data. * +<<<<<<< HEAD + * Returned data are a copy of the internal one. + * + * @return AUTH data as chunk_t + */ + chunk_t (*get_data_clone) (auth_payload_t *this); + + /** + * Get the AUTH data. + * + * Returned data are NOT copied + * + * @return AUTH data as chunk_t + */ + chunk_t (*get_data) (auth_payload_t *this); +======= * @return AUTH data as chunk_t, internal data */ chunk_t (*get_data) (auth_payload_t *this); @@ -87,6 +109,7 @@ struct auth_payload_t { * @param nr number of the reserved bit, 0-6 */ void (*set_reserved_bit)(auth_payload_t *this, u_int nr); +>>>>>>> upstream/4.5.1 /** * Destroys an auth_payload_t object. diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index c42cec680..6a28cd658 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -1,7 +1,11 @@ /* * Copyright (C) 2008 Tobias Brunner +<<<<<<< HEAD + * Copyright (C) 2005-2007 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -44,9 +48,15 @@ typedef struct private_cert_payload_t private_cert_payload_t; /** * Private data of an cert_payload_t object. +<<<<<<< HEAD + * + */ +struct private_cert_payload_t { +======= */ struct private_cert_payload_t { +>>>>>>> upstream/4.5.1 /** * Public cert_payload_t interface. */ @@ -63,11 +73,14 @@ struct private_cert_payload_t { bool critical; /** +<<<<<<< HEAD +======= * reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -97,6 +110,19 @@ struct private_cert_payload_t { */ encoding_rule_t cert_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ +<<<<<<< HEAD + { U_INT_8, offsetof(private_cert_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_cert_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= { U_INT_8, offsetof(private_cert_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_cert_payload_t, critical) }, @@ -108,12 +134,17 @@ encoding_rule_t cert_payload_encodings[] = { { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_cert_payload_t, payload_length)}, /* 1 Byte CERT type*/ { U_INT_8, offsetof(private_cert_payload_t, encoding) }, /* some cert data bytes, length is defined in PAYLOAD_LENGTH */ +<<<<<<< HEAD + { CERT_DATA, offsetof(private_cert_payload_t, data) } +======= { CERT_DATA, offsetof(private_cert_payload_t, data) } +>>>>>>> upstream/4.5.1 }; /* @@ -129,23 +160,43 @@ encoding_rule_t cert_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_cert_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_cert_payload_t *this) +>>>>>>> upstream/4.5.1 { if (this->encoding == ENC_X509_HASH_AND_URL || this->encoding == ENC_X509_HASH_AND_URL_BUNDLE) { +<<<<<<< HEAD +======= int i; +>>>>>>> upstream/4.5.1 /* coarse verification of "Hash and URL" encoded certificates */ if (this->data.len <= 20) { DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore", +<<<<<<< HEAD + this->data.len); + this->invalid_hash_and_url = TRUE; + return SUCCESS; + } + + int i = 20; /* skipping the hash */ + for (; i < this->data.len; ++i) +======= this->data.len); this->invalid_hash_and_url = TRUE; return SUCCESS; } for (i = 20; i < this->data.len; ++i) +>>>>>>> upstream/4.5.1 { if (this->data.ptr[i] == '\0') { @@ -155,17 +206,47 @@ METHOD(payload_t, verify, status_t, else if (!isprint(this->data.ptr[i])) { DBG1(DBG_ENC, "non printable characters in url of hash-and-url" +<<<<<<< HEAD + " encoded certificate payload, ignore"); +======= " encoded certificate payload, ignore"); +>>>>>>> upstream/4.5.1 this->invalid_hash_and_url = TRUE; return SUCCESS; } } +<<<<<<< HEAD + + /* URL is not null terminated, correct that */ + chunk_t data = chunk_alloc(this->data.len + 1); + memcpy(data.ptr, this->data.ptr, this->data.len); + data.ptr[this->data.len] = '\0'; + chunk_free(&this->data); + this->data = data; +======= /* URL is not null terminated, correct that */ this->data = chunk_cat("mc", this->data, chunk_from_chars(0)); +>>>>>>> upstream/4.5.1 } return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of cert_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_cert_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) +{ + *rules = cert_payload_encodings; + *rule_count = sizeof(cert_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_cert_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_cert_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -175,34 +256,87 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_cert_payload_t *this) +>>>>>>> upstream/4.5.1 { return CERTIFICATE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_cert_payload_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_cert_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->next_payload; } +<<<<<<< HEAD +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_cert_payload_t *this,payload_type_t type) +======= METHOD(payload_t, set_next_type, void, private_cert_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_cert_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_cert_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of cert_payload_t.get_cert_encoding. + */ +static cert_encoding_t get_cert_encoding(private_cert_payload_t *this) +======= METHOD(cert_payload_t, get_cert_encoding, cert_encoding_t, private_cert_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->encoding; } +<<<<<<< HEAD +/** + * Implementation of cert_payload_t.get_cert. + */ +static certificate_t *get_cert(private_cert_payload_t *this) +{ + if (this->encoding != ENC_X509_SIGNATURE) + { + return NULL; + } + return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, this->data, + BUILD_END); +} + +/** + * Implementation of cert_payload_t.get_hash. + */ +static chunk_t get_hash(private_cert_payload_t *this) +{ + chunk_t hash = chunk_empty; + if ((this->encoding != ENC_X509_HASH_AND_URL && + this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || +======= METHOD(cert_payload_t, get_cert, certificate_t*, private_cert_payload_t *this) { @@ -230,6 +364,7 @@ METHOD(cert_payload_t, get_hash, chunk_t, if ((this->encoding != ENC_X509_HASH_AND_URL && this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || +>>>>>>> upstream/4.5.1 this->invalid_hash_and_url) { return hash; @@ -239,11 +374,21 @@ METHOD(cert_payload_t, get_hash, chunk_t, return hash; } +<<<<<<< HEAD +/** + * Implementation of cert_payload_t.get_url. + */ +static char *get_url(private_cert_payload_t *this) +{ + if ((this->encoding != ENC_X509_HASH_AND_URL && + this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || +======= METHOD(cert_payload_t, get_url, char*, private_cert_payload_t *this) { if ((this->encoding != ENC_X509_HASH_AND_URL && this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || +>>>>>>> upstream/4.5.1 this->invalid_hash_and_url) { return NULL; @@ -251,10 +396,19 @@ METHOD(cert_payload_t, get_url, char*, return (char*)this->data.ptr + 20; } +<<<<<<< HEAD +/** + * Implementation of payload_t.destroy and cert_payload_t.destroy. + */ +static void destroy(private_cert_payload_t *this) +{ + chunk_free(&this->data); +======= METHOD2(payload_t, cert_payload_t, destroy, void, private_cert_payload_t *this) { free(this->data.ptr); +>>>>>>> upstream/4.5.1 free(this); } @@ -263,6 +417,31 @@ METHOD2(payload_t, cert_payload_t, destroy, void, */ cert_payload_t *cert_payload_create() { +<<<<<<< HEAD + private_cert_payload_t *this = malloc_thing(private_cert_payload_t); + + this->public.payload_interface.verify = (status_t (*) (payload_t*))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**, size_t*))get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t*))get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; + + this->public.destroy = (void (*) (cert_payload_t*))destroy; + this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; + this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; + this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; + this->public.get_url = (char* (*) (cert_payload_t*))get_url; + + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; + this->data = chunk_empty; + this->encoding = 0; + this->invalid_hash_and_url = FALSE; + +======= private_cert_payload_t *this; INIT(this, @@ -285,6 +464,7 @@ cert_payload_t *cert_payload_create() .next_payload = NO_PAYLOAD, .payload_length = CERT_PAYLOAD_HEADER_LENGTH, ); +>>>>>>> upstream/4.5.1 return &this->public; } @@ -329,6 +509,8 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) return &this->public; } +<<<<<<< HEAD +======= /* * Described in header */ @@ -341,3 +523,4 @@ cert_payload_t *cert_payload_create_custom(cert_encoding_t type, chunk_t data) this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; return &this->public; } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h index 21b503a40..74d2b3cd2 100644 --- a/src/libcharon/encoding/payloads/cert_payload.h +++ b/src/libcharon/encoding/payloads/cert_payload.h @@ -134,6 +134,8 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); */ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); +<<<<<<< HEAD +======= /** * Creates a custom certificate payload using type and associated data. * @@ -143,4 +145,5 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); */ cert_payload_t *cert_payload_create_custom(cert_encoding_t type, chunk_t data); +>>>>>>> upstream/4.5.1 #endif /** CERT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 8e0836f0e..0c59fd66d 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -23,13 +27,23 @@ #include "certreq_payload.h" +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_certreq_payload_t private_certreq_payload_t; /** * Private data of an certreq_payload_t object. +<<<<<<< HEAD + * + */ +struct private_certreq_payload_t { +======= */ struct private_certreq_payload_t { +>>>>>>> upstream/4.5.1 /** * Public certreq_payload_t interface. */ @@ -46,11 +60,14 @@ struct private_certreq_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -71,6 +88,23 @@ struct private_certreq_payload_t { * * The defined offsets are the positions in a object of type * private_certreq_payload_t. +<<<<<<< HEAD + * + */ +encoding_rule_t certreq_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_certreq_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_certreq_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= */ encoding_rule_t certreq_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -85,6 +119,7 @@ encoding_rule_t certreq_payload_encodings[] = { { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length) }, /* 1 Byte CERTREQ type*/ @@ -106,8 +141,15 @@ encoding_rule_t certreq_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_certreq_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_certreq_payload_t *this) +>>>>>>> upstream/4.5.1 { if (this->encoding == ENC_X509_SIGNATURE) { @@ -122,6 +164,21 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of certreq_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_certreq_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = certreq_payload_encodings; + *rule_count = sizeof(certreq_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_certreq_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_certreq_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -131,10 +188,25 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_certreq_payload_t *this) +>>>>>>> upstream/4.5.1 { return CERTIFICATE_REQUEST; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_certreq_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_certreq_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_next_type, payload_type_t, private_certreq_payload_t *this) { @@ -143,18 +215,33 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_certreq_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_certreq_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_certreq_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of certreq_payload_t.add_keyid. + */ +static void add_keyid(private_certreq_payload_t *this, chunk_t keyid) +======= METHOD(certreq_payload_t, add_keyid, void, private_certreq_payload_t *this, chunk_t keyid) +>>>>>>> upstream/4.5.1 { this->data = chunk_cat("mc", this->data, keyid); this->payload_length += keyid.len; @@ -171,8 +258,15 @@ struct keyid_enumerator_t { u_char *pos; }; +<<<<<<< HEAD +/** + * enumerate function for keyid_enumerator + */ +static bool keyid_enumerate(keyid_enumerator_t *this, chunk_t *chunk) +======= METHOD(enumerator_t, keyid_enumerate, bool, keyid_enumerator_t *this, chunk_t *chunk) +>>>>>>> upstream/4.5.1 { if (this->pos == NULL) { @@ -195,6 +289,25 @@ METHOD(enumerator_t, keyid_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of certreq_payload_t.create_keyid_enumerator. + */ +static enumerator_t* create_keyid_enumerator(private_certreq_payload_t *this) +{ + keyid_enumerator_t *enumerator = malloc_thing(keyid_enumerator_t); + enumerator->public.enumerate = (void*)keyid_enumerate; + enumerator->public.destroy = (void*)free; + enumerator->full = this->data; + enumerator->pos = NULL; + return &enumerator->public; +} + +/** + * Implementation of certreq_payload_t.get_cert_type. + */ +static certificate_type_t get_cert_type(private_certreq_payload_t *this) +======= METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, private_certreq_payload_t *this) { @@ -212,6 +325,7 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, METHOD(certreq_payload_t, get_cert_type, certificate_type_t, private_certreq_payload_t *this) +>>>>>>> upstream/4.5.1 { switch (this->encoding) { @@ -222,8 +336,15 @@ METHOD(certreq_payload_t, get_cert_type, certificate_type_t, } } +<<<<<<< HEAD +/** + * Implementation of payload_t.destroy and certreq_payload_t.destroy. + */ +static void destroy(private_certreq_payload_t *this) +======= METHOD2(payload_t, certreq_payload_t, destroy, void, private_certreq_payload_t *this) +>>>>>>> upstream/4.5.1 { chunk_free(&this->data); free(this); @@ -234,6 +355,32 @@ METHOD2(payload_t, certreq_payload_t, destroy, void, */ certreq_payload_t *certreq_payload_create() { +<<<<<<< HEAD + private_certreq_payload_t *this = malloc_thing(private_certreq_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t*))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**,size_t*))get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t*))get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; + + /* public functions */ + this->public.destroy = (void (*) (certreq_payload_t*)) destroy; + this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; + this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; + this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH; + this->data = chunk_empty; + this->encoding = 0; + +======= private_certreq_payload_t *this; INIT(this, @@ -255,6 +402,7 @@ certreq_payload_t *certreq_payload_create() .next_payload = NO_PAYLOAD, .payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index e608497bd..1ef8be800 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2009 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -23,24 +27,37 @@ #include <library.h> #include <daemon.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_configuration_attribute_t private_configuration_attribute_t; /** * Private data of an configuration_attribute_t object. +<<<<<<< HEAD + * + */ +struct private_configuration_attribute_t { +======= */ struct private_configuration_attribute_t { +>>>>>>> upstream/4.5.1 /** * Public configuration_attribute_t interface. */ configuration_attribute_t public; /** +<<<<<<< HEAD +======= * Reserved bit */ bool reserved; /** +>>>>>>> upstream/4.5.1 * Type of the attribute. */ u_int16_t type; @@ -63,8 +80,13 @@ struct private_configuration_attribute_t { * private_configuration_attribute_t. */ encoding_rule_t configuration_attribute_encodings[] = { +<<<<<<< HEAD + + { RESERVED_BIT, 0 }, +======= /* 1 reserved bit */ { RESERVED_BIT, offsetof(private_configuration_attribute_t, reserved)}, +>>>>>>> upstream/4.5.1 /* type of the attribute as 15 bit unsigned integer */ { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, type) }, /* Length of attribute value */ @@ -85,8 +107,15 @@ encoding_rule_t configuration_attribute_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_configuration_attribute_t *this) +======= METHOD(payload_t, verify, status_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { bool failed = FALSE; @@ -154,6 +183,22 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_configuration_attribute_t *this, + encoding_rule_t **rules, size_t *rule_count) +{ + *rules = configuration_attribute_encodings; + *rule_count = sizeof(configuration_attribute_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_configuration_attribute_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_configuration_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -164,16 +209,38 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { return CONFIGURATION_ATTRIBUTE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_configuration_attribute_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { return NO_PAYLOAD; } +<<<<<<< HEAD +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_configuration_attribute_t *this, + payload_type_t type) +{ +} + +/** + * Implementation of configuration_attribute_t.get_length. + */ +static size_t get_length(private_configuration_attribute_t *this) +======= METHOD(payload_t, set_next_type, void, private_configuration_attribute_t *this, payload_type_t type) { @@ -181,24 +248,47 @@ METHOD(payload_t, set_next_type, void, METHOD(payload_t, get_length, size_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { return this->value.len + CONFIGURATION_ATTRIBUTE_HEADER_LENGTH; } +<<<<<<< HEAD +/** + * Implementation of configuration_attribute_t.get_type. + */ +static configuration_attribute_type_t get_configuration_attribute_type( + private_configuration_attribute_t *this) +======= METHOD(configuration_attribute_t, get_cattr_type, configuration_attribute_type_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { return this->type; } +<<<<<<< HEAD +/** + * Implementation of configuration_attribute_t.get_value. + */ +static chunk_t get_value(private_configuration_attribute_t *this) +======= METHOD(configuration_attribute_t, get_value, chunk_t, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { return this->value; } +<<<<<<< HEAD +/** + * Implementation of configuration_attribute_t.destroy and payload_t.destroy. + */ +static void destroy(private_configuration_attribute_t *this) +======= METHOD2(payload_t, configuration_attribute_t, destroy, void, private_configuration_attribute_t *this) +>>>>>>> upstream/4.5.1 { free(this->value.ptr); free(this); @@ -211,6 +301,25 @@ configuration_attribute_t *configuration_attribute_create() { private_configuration_attribute_t *this; +<<<<<<< HEAD + this = malloc_thing(private_configuration_attribute_t); + this->public.payload_interface.verify = (status_t(*)(payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void(*)(payload_t *, encoding_rule_t **, size_t *) )get_encoding_rules; + this->public.payload_interface.get_length = (size_t(*)(payload_t *))get_length; + this->public.payload_interface.get_next_type = (payload_type_t(*)(payload_t *))get_next_type; + this->public.payload_interface.set_next_type = (void(*)(payload_t *,payload_type_t))set_next_type; + this->public.payload_interface.get_type = (payload_type_t(*)(payload_t *))get_type; + this->public.payload_interface.destroy = (void(*)(payload_t*))destroy; + + this->public.get_value = (chunk_t(*)(configuration_attribute_t *))get_value; + this->public.get_type = (configuration_attribute_type_t(*)(configuration_attribute_t *))get_configuration_attribute_type; + this->public.destroy = (void (*)(configuration_attribute_t*))destroy; + + this->type = 0; + this->value = chunk_empty; + this->length = 0; + +======= INIT(this, .public = { .payload_interface = { @@ -227,6 +336,7 @@ configuration_attribute_t *configuration_attribute_create() .destroy = _destroy, }, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index 82e9e51b7..d8779d27f 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2009 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -33,9 +37,15 @@ typedef struct private_cp_payload_t private_cp_payload_t; /** * Private data of an cp_payload_t object. +<<<<<<< HEAD + * + */ +struct private_cp_payload_t { +======= */ struct private_cp_payload_t { +>>>>>>> upstream/4.5.1 /** * Public cp_payload_t interface. */ @@ -52,6 +62,8 @@ struct private_cp_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved_bit[7]; @@ -62,6 +74,7 @@ struct private_cp_payload_t { u_int8_t reserved_byte[3]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -82,6 +95,32 @@ struct private_cp_payload_t { * * The defined offsets are the positions in a object of type * private_cp_payload_t. +<<<<<<< HEAD + * + */ +encoding_rule_t cp_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_cp_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole CP payload*/ + { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, + /* Proposals are stored in a proposal substructure, + offset points to a linked_list_t pointer */ + { U_INT_8, offsetof(private_cp_payload_t, type) }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, + { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } +======= */ encoding_rule_t cp_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -106,6 +145,7 @@ encoding_rule_t cp_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[2])}, { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } +>>>>>>> upstream/4.5.1 }; /* @@ -122,8 +162,15 @@ encoding_rule_t cp_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_cp_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { status_t status = SUCCESS; enumerator_t *enumerator; @@ -142,6 +189,22 @@ METHOD(payload_t, verify, status_t, return status; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_cp_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) +{ + *rules = cp_payload_encodings; + *rule_count = sizeof(cp_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_cp_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_cp_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -151,18 +214,33 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { return CONFIGURATION; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_cp_payload_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->next_payload; } +<<<<<<< HEAD +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_cp_payload_t *this,payload_type_t type) +======= METHOD(payload_t, set_next_type, void, private_cp_payload_t *this,payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -185,33 +263,69 @@ static void compute_length(private_cp_payload_t *this) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_cp_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of cp_payload_t.create_attribute_enumerator. + */ +static enumerator_t *create_attribute_enumerator(private_cp_payload_t *this) +======= METHOD(cp_payload_t, create_attribute_enumerator, enumerator_t*, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->attributes->create_enumerator(this->attributes); } +<<<<<<< HEAD +/** + * Implementation of cp_payload_t.add_attribute. + */ +static void add_attribute(private_cp_payload_t *this, + configuration_attribute_t *attribute) +======= METHOD(cp_payload_t, add_attribute, void, private_cp_payload_t *this, configuration_attribute_t *attribute) +>>>>>>> upstream/4.5.1 { this->attributes->insert_last(this->attributes, attribute); compute_length(this); } +<<<<<<< HEAD +/** + * Implementation of cp_payload_t.get_type. + */ +static config_type_t get_config_type(private_cp_payload_t *this) +======= METHOD(cp_payload_t, get_config_type, config_type_t, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.destroy and cp_payload_t.destroy. + */ +static void destroy(private_cp_payload_t *this) +======= METHOD2(payload_t, cp_payload_t, destroy, void, private_cp_payload_t *this) +>>>>>>> upstream/4.5.1 { this->attributes->destroy_offset(this->attributes, offsetof(configuration_attribute_t, destroy)); @@ -221,6 +335,32 @@ METHOD2(payload_t, cp_payload_t, destroy, void, /* * Described in header. */ +<<<<<<< HEAD +cp_payload_t *cp_payload_create() +{ + private_cp_payload_t *this = malloc_thing(private_cp_payload_t); + + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + this->public.create_attribute_enumerator = (enumerator_t*(*)(cp_payload_t *))create_attribute_enumerator; + this->public.add_attribute = (void (*) (cp_payload_t *,configuration_attribute_t*))add_attribute; + this->public.get_type = (config_type_t (*) (cp_payload_t *))get_config_type; + this->public.destroy = (void (*)(cp_payload_t *))destroy; + + /* set default values of the fields */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = CP_PAYLOAD_HEADER_LENGTH; + this->attributes = linked_list_create(); + this->type = CFG_REQUEST; + +======= cp_payload_t *cp_payload_create_type(config_type_t type) { private_cp_payload_t *this; @@ -246,13 +386,26 @@ cp_payload_t *cp_payload_create_type(config_type_t type) .attributes = linked_list_create(), .type = type, ); +>>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header. */ +<<<<<<< HEAD +cp_payload_t *cp_payload_create_type(config_type_t type) +{ + private_cp_payload_t *this = (private_cp_payload_t*)cp_payload_create(); + + this->type = type; + + return &this->public; +} + +======= cp_payload_t *cp_payload_create() { return cp_payload_create_type(CFG_REQUEST); } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index e6ee07d39..4e94ff417 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -43,11 +43,14 @@ struct private_delete_payload_t { bool critical; /** +<<<<<<< HEAD +======= * reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -84,6 +87,16 @@ encoding_rule_t delete_payload_encodings[] = { { U_INT_8, offsetof(private_delete_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_delete_payload_t, critical) }, +<<<<<<< HEAD + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= /* 7 Bit reserved bits */ { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[1]) }, @@ -92,6 +105,7 @@ encoding_rule_t delete_payload_encodings[] = { { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_delete_payload_t, payload_length) }, { U_INT_8, offsetof(private_delete_payload_t, protocol_id) }, diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index eafb668b6..8f5c8700a 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -43,11 +43,14 @@ struct private_eap_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -71,6 +74,15 @@ static encoding_rule_t eap_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_eap_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ +<<<<<<< HEAD + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[2]) }, @@ -78,6 +90,7 @@ static encoding_rule_t eap_payload_encodings[] = { { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_eap_payload_t, payload_length) }, /* chunt to data, starting at "code" */ diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 3befadfe2..58250e766 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -1,7 +1,12 @@ /* +<<<<<<< HEAD + * Copyright (C) 2007 Tobias Brunner + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2007 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * * Hochschule fuer Technik Rapperswil @@ -52,6 +57,8 @@ struct private_id_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved_bit[7]; @@ -62,6 +69,7 @@ struct private_id_payload_t { u_int8_t reserved_byte[3]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -82,12 +90,26 @@ struct private_id_payload_t { * * The defined offsets are the positions in a object of type * private_id_payload_t. +<<<<<<< HEAD + * +======= +>>>>>>> upstream/4.5.1 */ encoding_rule_t id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_id_payload_t, critical) }, +<<<<<<< HEAD + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= /* 7 Bit reserved bits */ { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[0]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[1]) }, @@ -96,16 +118,25 @@ encoding_rule_t id_payload_encodings[] = { { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[4]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[5]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_id_payload_t, payload_length) }, /* 1 Byte ID type*/ { U_INT_8, offsetof(private_id_payload_t, id_type) }, /* 3 reserved bytes */ +<<<<<<< HEAD + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + /* some id data bytes, length is defined in PAYLOAD_LENGTH */ + { ID_DATA, offsetof(private_id_payload_t, id_data) } +======= { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[0])}, { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[2])}, /* some id data bytes, length is defined in PAYLOAD_LENGTH */ { ID_DATA, offsetof(private_id_payload_t, id_data) } +>>>>>>> upstream/4.5.1 }; /* @@ -122,15 +153,46 @@ encoding_rule_t id_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_id_payload_t *this) +{ + if ((this->id_type == 0) || + (this->id_type == 4) || + ((this->id_type >= 6) && (this->id_type <= 8)) || + ((this->id_type >= 12) && (this->id_type <= 200))) +======= METHOD(payload_t, verify, status_t, private_id_payload_t *this) { if (this->id_type == 0 || this->id_type == 4) +>>>>>>> upstream/4.5.1 { /* reserved IDs */ DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type); return FAILED; } +<<<<<<< HEAD + + return SUCCESS; +} + +/** + * Implementation of id_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_id_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = id_payload_encodings; + *rule_count = sizeof(id_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_id_payload_t *this) +======= return SUCCESS; } @@ -143,28 +205,123 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_id_payload_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->next_payload; } +<<<<<<< HEAD +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_id_payload_t *this,payload_type_t type) +======= METHOD(payload_t, set_next_type, void, private_id_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_id_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of id_payload_t.set_type. + */ +static void set_id_type (private_id_payload_t *this, id_type_t type) +{ + this->id_type = type; +} + +/** + * Implementation of id_payload_t.get_id_type. + */ +static id_type_t get_id_type (private_id_payload_t *this) +{ + return (this->id_type); +} + +/** + * Implementation of id_payload_t.set_data. + */ +static void set_data (private_id_payload_t *this, chunk_t data) +{ + if (this->id_data.ptr != NULL) + { + chunk_free(&(this->id_data)); + } + this->id_data.ptr = clalloc(data.ptr,data.len); + this->id_data.len = data.len; + this->payload_length = ID_PAYLOAD_HEADER_LENGTH + this->id_data.len; +} + + +/** + * Implementation of id_payload_t.get_data_clone. + */ +static chunk_t get_data (private_id_payload_t *this) +{ + return (this->id_data); +} + +/** + * Implementation of id_payload_t.get_data_clone. + */ +static chunk_t get_data_clone (private_id_payload_t *this) +{ + chunk_t cloned_data; + if (this->id_data.ptr == NULL) + { + return (this->id_data); + } + cloned_data.ptr = clalloc(this->id_data.ptr,this->id_data.len); + cloned_data.len = this->id_data.len; + return cloned_data; +} + +/** + * Implementation of id_payload_t.get_identification. + */ +static identification_t *get_identification (private_id_payload_t *this) +{ + return identification_create_from_encoding(this->id_type,this->id_data); +} + +/** + * Implementation of payload_t.destroy and id_payload_t.destroy. + */ +static void destroy(private_id_payload_t *this) +{ + if (this->id_data.ptr != NULL) + { + chunk_free(&(this->id_data)); + } +======= METHOD(id_payload_t, get_identification, identification_t*, private_id_payload_t *this) { @@ -175,6 +332,7 @@ METHOD2(payload_t, id_payload_t, destroy, void, private_id_payload_t *this) { free(this->id_data.ptr); +>>>>>>> upstream/4.5.1 free(this); } @@ -183,6 +341,37 @@ METHOD2(payload_t, id_payload_t, destroy, void, */ id_payload_t *id_payload_create(payload_type_t payload_type) { +<<<<<<< HEAD + private_id_payload_t *this = malloc_thing(private_id_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.destroy = (void (*) (id_payload_t *)) destroy; + this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type; + this->public.get_id_type = (id_type_t (*) (id_payload_t *)) get_id_type; + this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data; + this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; + this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone; + + this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length =ID_PAYLOAD_HEADER_LENGTH; + this->id_data = chunk_empty; + this->payload_type = payload_type; + + return (&(this->public)); +======= private_id_payload_t *this; INIT(this, @@ -204,11 +393,20 @@ id_payload_t *id_payload_create(payload_type_t payload_type) .payload_type = payload_type, ); return &this->public; +>>>>>>> upstream/4.5.1 } /* * Described in header. */ +<<<<<<< HEAD +id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *identification) +{ + id_payload_t *this= id_payload_create(payload_type); + this->set_data(this,identification->get_encoding(identification)); + this->set_id_type(this,identification->get_type(identification)); + return this; +======= id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *id) { @@ -220,4 +418,5 @@ id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, this->payload_length += this->id_data.len; return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index 99831f85f..b5b9c5907 100644 --- a/src/libcharon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h @@ -40,15 +40,66 @@ typedef struct id_payload_t id_payload_t; * The ID payload format is described in RFC section 3.5. */ struct id_payload_t { +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * The payload_t interface. */ payload_t payload_interface; /** +<<<<<<< HEAD + * Set the ID type. + * + * @param type Type of ID + */ + void (*set_id_type) (id_payload_t *this, id_type_t type); + + /** + * Get the ID type. + * + * @return type of the ID + */ + id_type_t (*get_id_type) (id_payload_t *this); + + /** + * Set the ID data. + * + * Data are getting cloned. + * + * @param data ID data as chunk_t + */ + void (*set_data) (id_payload_t *this, chunk_t data); + + /** + * Get the ID data. + * + * Returned data are a copy of the internal one + * + * @return ID data as chunk_t + */ + chunk_t (*get_data_clone) (id_payload_t *this); + + /** + * Get the ID data. + * + * Returned data are NOT copied. + * + * @return ID data as chunk_t + */ + chunk_t (*get_data) (id_payload_t *this); + + /** + * Creates an identification object of this id payload. + * + * Returned object has to get destroyed by the caller. + * +======= * Creates an identification object of this id payload. * +>>>>>>> upstream/4.5.1 * @return identification_t object */ identification_t *(*get_identification) (id_payload_t *this); diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 80dcee0cb..1462b346b 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -84,11 +84,14 @@ struct private_ike_header_t { } flags; /** +<<<<<<< HEAD +======= * Reserved bits of IKE header */ bool reserved[5]; /** +>>>>>>> upstream/4.5.1 * Associated Message-ID. */ u_int32_t message_id; @@ -124,6 +127,32 @@ encoding_rule_t ike_header_encodings[] = { /* 8 Byte SPI, stored in the field initiator_spi */ { IKE_SPI, offsetof(private_ike_header_t, initiator_spi) }, /* 8 Byte SPI, stored in the field responder_spi */ +<<<<<<< HEAD + { IKE_SPI, offsetof(private_ike_header_t, responder_spi) }, + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_ike_header_t, next_payload) }, + /* 4 Bit major version, stored in the field maj_version */ + { U_INT_4, offsetof(private_ike_header_t, maj_version) }, + /* 4 Bit minor version, stored in the field min_version */ + { U_INT_4, offsetof(private_ike_header_t, min_version) }, + /* 8 Bit for the exchange type */ + { U_INT_8, offsetof(private_ike_header_t, exchange_type) }, + /* 2 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* 3 Bit flags, stored in the fields response, version and initiator */ + { FLAG, offsetof(private_ike_header_t, flags.response) }, + { FLAG, offsetof(private_ike_header_t, flags.version) }, + { FLAG, offsetof(private_ike_header_t, flags.initiator) }, + /* 3 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* 4 Byte message id, stored in the field message_id */ + { U_INT_32, offsetof(private_ike_header_t, message_id) }, + /* 4 Byte length fied, stored in the field length */ + { HEADER_LENGTH, offsetof(private_ike_header_t, length) } +======= { IKE_SPI, offsetof(private_ike_header_t, responder_spi) }, /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ike_header_t, next_payload) }, @@ -148,6 +177,7 @@ encoding_rule_t ike_header_encodings[] = { { U_INT_32, offsetof(private_ike_header_t, message_id) }, /* 4 Byte length fied, stored in the field length */ { HEADER_LENGTH,offsetof(private_ike_header_t, length) }, +>>>>>>> upstream/4.5.1 }; @@ -168,8 +198,16 @@ encoding_rule_t ike_header_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD + +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_ike_header_t *this) +======= METHOD(payload_t, verify, status_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { if ((this->exchange_type < IKE_SA_INIT) || ((this->exchange_type > INFORMATIONAL) @@ -181,6 +219,10 @@ METHOD(payload_t, verify, status_t, /* unsupported exchange type */ return FAILED; } +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 if (this->initiator_spi == 0 #ifdef ME /* we allow zero spi for INFORMATIONAL exchanges, @@ -192,6 +234,25 @@ METHOD(payload_t, verify, status_t, /* initiator spi not set */ return FAILED; } +<<<<<<< HEAD + + /* verification of version is not done in here */ + + return SUCCESS; +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(payload_t *this,payload_type_t type) +{ + ((private_ike_header_t *)this)->next_payload = type; +} +/** + * Implementation of ike_header_t.get_initiator_spi. + */ +static u_int64_t get_initiator_spi(private_ike_header_t *this) +======= return SUCCESS; } @@ -228,34 +289,69 @@ METHOD(payload_t, get_length, size_t, METHOD(ike_header_t, get_initiator_spi, u_int64_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->initiator_spi; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_initiator_spi. + */ +static void set_initiator_spi(private_ike_header_t *this, u_int64_t initiator_spi) +======= METHOD(ike_header_t, set_initiator_spi, void, private_ike_header_t *this, u_int64_t initiator_spi) +>>>>>>> upstream/4.5.1 { this->initiator_spi = initiator_spi; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_responder_spi. + */ +static u_int64_t get_responder_spi(private_ike_header_t *this) +======= METHOD(ike_header_t, get_responder_spi, u_int64_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->responder_spi; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_responder_spi. + */ +static void set_responder_spi(private_ike_header_t *this, u_int64_t responder_spi) +======= METHOD(ike_header_t, set_responder_spi, void, private_ike_header_t *this, u_int64_t responder_spi) +>>>>>>> upstream/4.5.1 { this->responder_spi = responder_spi; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_maj_version. + */ +static u_int8_t get_maj_version(private_ike_header_t *this) +======= METHOD(ike_header_t, get_maj_version, u_int8_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->maj_version; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_min_version. + */ +static u_int8_t get_min_version(private_ike_header_t *this) +======= METHOD(ike_header_t, set_maj_version, void, private_ike_header_t *this, u_int8_t major) { @@ -264,10 +360,17 @@ METHOD(ike_header_t, set_maj_version, void, METHOD(ike_header_t, get_min_version, u_int8_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->min_version; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_response_flag. + */ +static bool get_response_flag(private_ike_header_t *this) +======= METHOD(ike_header_t, set_min_version, void, private_ike_header_t *this, u_int8_t minor) { @@ -276,22 +379,43 @@ METHOD(ike_header_t, set_min_version, void, METHOD(ike_header_t, get_response_flag, bool, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->flags.response; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_response_flag. + */ +static void set_response_flag(private_ike_header_t *this, bool response) +======= METHOD(ike_header_t, set_response_flag, void, private_ike_header_t *this, bool response) +>>>>>>> upstream/4.5.1 { this->flags.response = response; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_version_flag. + */ +static bool get_version_flag(private_ike_header_t *this) +======= METHOD(ike_header_t, get_version_flag, bool, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->flags.version; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_initiator_flag. + */ +static bool get_initiator_flag(private_ike_header_t *this) +======= METHOD(ike_header_t, set_version_flag, void, private_ike_header_t *this, bool version) { @@ -300,51 +424,174 @@ METHOD(ike_header_t, set_version_flag, void, METHOD(ike_header_t, get_initiator_flag, bool, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->flags.initiator; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_initiator_flag. + */ +static void set_initiator_flag(private_ike_header_t *this, bool initiator) +======= METHOD(ike_header_t, set_initiator_flag, void, private_ike_header_t *this, bool initiator) +>>>>>>> upstream/4.5.1 { this->flags.initiator = initiator; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.get_exchange_type. + */ +static u_int8_t get_exchange_type(private_ike_header_t *this) +======= METHOD(ike_header_t, get_exchange_type, u_int8_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->exchange_type; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_exchange_type. + */ +static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type) +======= METHOD(ike_header_t, set_exchange_type, void, private_ike_header_t *this, u_int8_t exchange_type) +>>>>>>> upstream/4.5.1 { this->exchange_type = exchange_type; } +<<<<<<< HEAD +/** + * Implements ike_header_t's get_message_id function. + * See #ike_header_t.get_message_id for description. + */ +static u_int32_t get_message_id(private_ike_header_t *this) +======= METHOD(ike_header_t, get_message_id, u_int32_t, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { return this->message_id; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.set_message_id. + */ +static void set_message_id(private_ike_header_t *this, u_int32_t message_id) +======= METHOD(ike_header_t, set_message_id, void, private_ike_header_t *this, u_int32_t message_id) +>>>>>>> upstream/4.5.1 { this->message_id = message_id; } +<<<<<<< HEAD +/** + * Implementation of ike_header_t.destroy and payload_t.destroy. + */ +static void destroy(ike_header_t *this) +======= METHOD2(payload_t, ike_header_t, destroy, void, private_ike_header_t *this) +>>>>>>> upstream/4.5.1 { free(this); } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = ike_header_encodings; + *rule_count = sizeof(ike_header_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(payload_t *this) +{ + return HEADER; +} + +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(payload_t *this) +{ + return (((private_ike_header_t*)this)->next_payload); +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(payload_t *this) +{ + return (((private_ike_header_t*)this)->length); +} + +======= +>>>>>>> upstream/4.5.1 /* * Described in header. */ ike_header_t *ike_header_create() { +<<<<<<< HEAD + private_ike_header_t *this = malloc_thing(private_ike_header_t); + + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = get_encoding_rules; + this->public.payload_interface.get_length = get_length; + this->public.payload_interface.get_next_type = get_next_type; + this->public.payload_interface.set_next_type = set_next_type; + this->public.payload_interface.get_type = get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + this->public.destroy = destroy; + + this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi; + this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi; + this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi; + this->public.set_responder_spi = (void (*) (ike_header_t *,u_int64_t))set_responder_spi; + this->public.get_maj_version = (u_int8_t (*) (ike_header_t*))get_maj_version; + this->public.get_min_version = (u_int8_t (*) (ike_header_t*))get_min_version; + this->public.get_response_flag = (bool (*) (ike_header_t*))get_response_flag; + this->public.set_response_flag = (void (*) (ike_header_t*,bool))set_response_flag; + this->public.get_version_flag = (bool (*) (ike_header_t*))get_version_flag; + this->public.get_initiator_flag = (bool (*) (ike_header_t*))get_initiator_flag; + this->public.set_initiator_flag = (void (*) (ike_header_t*,bool))set_initiator_flag; + this->public.get_exchange_type = (u_int8_t (*) (ike_header_t*))get_exchange_type; + this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type; + this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id; + this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id; + + /* set default values of the fields */ + this->initiator_spi = 0; + this->responder_spi = 0; + this->next_payload = 0; + this->maj_version = IKE_MAJOR_VERSION; + this->min_version = IKE_MINOR_VERSION; + this->exchange_type = EXCHANGE_TYPE_UNDEFINED; + this->flags.initiator = TRUE; + this->flags.version = HIGHER_VERSION_SUPPORTED_FLAG; + this->flags.response = FALSE; + this->message_id = 0; + this->length = IKE_HEADER_LENGTH; + + return (ike_header_t*)this; +======= private_ike_header_t *this; INIT(this, @@ -389,4 +636,5 @@ ike_header_t *ike_header_create() ); return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index f52c852c5..77e23efb7 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -143,6 +143,8 @@ struct ike_header_t { u_int8_t (*get_maj_version) (ike_header_t *this); /** +<<<<<<< HEAD +======= * Set the major version. * * @param major major version @@ -150,6 +152,7 @@ struct ike_header_t { void (*set_maj_version) (ike_header_t *this, u_int8_t major); /** +>>>>>>> upstream/4.5.1 * Get the minor version. * * @return minor version @@ -157,6 +160,8 @@ struct ike_header_t { u_int8_t (*get_min_version) (ike_header_t *this); /** +<<<<<<< HEAD +======= * Set the minor version. * * @param minor minor version @@ -164,6 +169,7 @@ struct ike_header_t { void (*set_min_version) (ike_header_t *this, u_int8_t minor); /** +>>>>>>> upstream/4.5.1 * Get the response flag. * * @return response flag @@ -176,7 +182,10 @@ struct ike_header_t { * @param response response flag */ void (*set_response_flag) (ike_header_t *this, bool response); +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * Get "higher version supported"-flag. * @@ -185,6 +194,8 @@ struct ike_header_t { bool (*get_version_flag) (ike_header_t *this); /** +<<<<<<< HEAD +======= * Set the "higher version supported"-flag. * * @param version flag value @@ -192,6 +203,7 @@ struct ike_header_t { void (*set_version_flag)(ike_header_t *this, bool version); /** +>>>>>>> upstream/4.5.1 * Get the initiator flag. * * @return initiator flag diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 999d73192..dd239b212 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -21,13 +25,23 @@ #include <encoding/payloads/encodings.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_ke_payload_t private_ke_payload_t; /** * Private data of an ke_payload_t object. +<<<<<<< HEAD + * + */ +struct private_ke_payload_t { +======= */ struct private_ke_payload_t { +>>>>>>> upstream/4.5.1 /** * Public ke_payload_t interface. */ @@ -44,6 +58,8 @@ struct private_ke_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved_bit[7]; @@ -54,6 +70,7 @@ struct private_ke_payload_t { u_int8_t reserved_byte[2]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -74,6 +91,29 @@ struct private_ke_payload_t { * * The defined offsets are the positions in a object of type * private_ke_payload_t. +<<<<<<< HEAD + * + */ +encoding_rule_t ke_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_ke_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_ke_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, + /* DH Group number as 16 bit field*/ + { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, +======= */ encoding_rule_t ke_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -95,6 +135,7 @@ encoding_rule_t ke_payload_encodings[] = { /* 2 reserved bytes */ { RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[0])}, { RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[1])}, +>>>>>>> upstream/4.5.1 /* Key Exchange Data is from variable size */ { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)} }; @@ -113,6 +154,42 @@ encoding_rule_t ke_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_ke_payload_t *this) +{ + /* dh group is not verified in here */ + return SUCCESS; +} + +/** + * Implementation of payload_t.destroy. + */ +static void destroy(private_ke_payload_t *this) +{ + if (this->key_exchange_data.ptr != NULL) + { + free(this->key_exchange_data.ptr); + } + free(this); +} + +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_ke_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = ke_payload_encodings; + *rule_count = sizeof(ke_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_ke_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_ke_payload_t *this) { @@ -128,10 +205,25 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_ke_payload_t *this) +>>>>>>> upstream/4.5.1 { return KEY_EXCHANGE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_ke_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_ke_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_next_type, payload_type_t, private_ke_payload_t *this) { @@ -140,10 +232,66 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_ke_payload_t *this,payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * recompute the length of the payload. + */ +static void compute_length(private_ke_payload_t *this) +{ + size_t length = KE_PAYLOAD_HEADER_LENGTH; + if (this->key_exchange_data.ptr != NULL) + { + length += this->key_exchange_data.len; + } + this->payload_length = length; +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_ke_payload_t *this) +{ + compute_length(this); + return this->payload_length; +} + +/** + * Implementation of ke_payload_t.get_key_exchange_data. + */ +static chunk_t get_key_exchange_data(private_ke_payload_t *this) +{ + return (this->key_exchange_data); +} + +/** + * Implementation of ke_payload_t.set_key_exchange_data. + */ +static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchange_data) +{ + /* destroy existing data first */ + if (this->key_exchange_data.ptr != NULL) + { + /* free existing value */ + free(this->key_exchange_data.ptr); + this->key_exchange_data.ptr = NULL; + this->key_exchange_data.len = 0; + + } + + this->key_exchange_data = chunk_clone(key_exchange_data); + compute_length(this); +} + +/** + * Implementation of ke_payload_t.get_dh_group_number. + */ +static diffie_hellman_group_t get_dh_group_number(private_ke_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_ke_payload_t *this) { @@ -158,15 +306,25 @@ METHOD(ke_payload_t, get_key_exchange_data, chunk_t, METHOD(ke_payload_t, get_dh_group_number, diffie_hellman_group_t, private_ke_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->dh_group_number; } +<<<<<<< HEAD +/** + * Implementation of ke_payload_t.set_dh_group_number. + */ +static void set_dh_group_number(private_ke_payload_t *this, diffie_hellman_group_t dh_group_number) +{ + this->dh_group_number = dh_group_number; +======= METHOD2(payload_t, ke_payload_t, destroy, void, private_ke_payload_t *this) { free(this->key_exchange_data.ptr); free(this); +>>>>>>> upstream/4.5.1 } /* @@ -174,6 +332,33 @@ METHOD2(payload_t, ke_payload_t, destroy, void, */ ke_payload_t *ke_payload_create() { +<<<<<<< HEAD + private_ke_payload_t *this = malloc_thing(private_ke_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.get_key_exchange_data = (chunk_t (*) (ke_payload_t *)) get_key_exchange_data; + this->public.set_key_exchange_data = (void (*) (ke_payload_t *,chunk_t)) set_key_exchange_data; + this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number; + this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number; + this->public.destroy = (void (*) (ke_payload_t *)) destroy; + + /* set default values of the fields */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = KE_PAYLOAD_HEADER_LENGTH; + this->key_exchange_data = chunk_empty; + this->dh_group_number = MODP_NONE; + +======= private_ke_payload_t *this; INIT(this, @@ -195,6 +380,7 @@ ke_payload_t *ke_payload_create() .payload_length = KE_PAYLOAD_HEADER_LENGTH, .dh_group_number = MODP_NONE, ); +>>>>>>> upstream/4.5.1 return &this->public; } @@ -207,7 +393,11 @@ ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh) dh->get_my_public_value(dh, &this->key_exchange_data); this->dh_group_number = dh->get_dh_group(dh); +<<<<<<< HEAD + compute_length(this); +======= this->payload_length = this->key_exchange_data.len + KE_PAYLOAD_HEADER_LENGTH; +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index 65cc11883..edf271add 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -47,13 +47,33 @@ struct ke_payload_t { payload_t payload_interface; /** +<<<<<<< HEAD + * Returns the currently set key exchange data of this KE payload. + * + * @warning Returned data are not copied. + * + * @return chunk_t pointing to the value +======= * Returns the key exchange data of this KE payload. * * @return chunk_t pointing to internal data +>>>>>>> upstream/4.5.1 */ chunk_t (*get_key_exchange_data) (ke_payload_t *this); /** +<<<<<<< HEAD + * Sets the key exchange data of this KE payload. + * + * Value is getting copied. + * + * @param key_exchange_data chunk_t pointing to the value to set + */ + void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); + + /** +======= +>>>>>>> upstream/4.5.1 * Gets the Diffie-Hellman Group Number of this KE payload. * * @return DH Group Number of this payload @@ -61,6 +81,17 @@ struct ke_payload_t { diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); /** +<<<<<<< HEAD + * Sets the Diffie-Hellman Group Number of this KE payload. + * + * @param dh_group_number DH Group to set + */ + void (*set_dh_group_number) (ke_payload_t *this, + diffie_hellman_group_t dh_group_number); + + /** +======= +>>>>>>> upstream/4.5.1 * Destroys an ke_payload_t object. */ void (*destroy) (ke_payload_t *this); diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index 78000b8c6..ccaf60c09 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -15,19 +19,33 @@ * for more details. */ +<<<<<<< HEAD +/* offsetof macro */ +======= +>>>>>>> upstream/4.5.1 #include <stddef.h> #include "nonce_payload.h" #include <encoding/payloads/encodings.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_nonce_payload_t private_nonce_payload_t; /** * Private data of an nonce_payload_t object. +<<<<<<< HEAD + * + */ +struct private_nonce_payload_t { +======= */ struct private_nonce_payload_t { +>>>>>>> upstream/4.5.1 /** * Public nonce_payload_t interface. */ @@ -44,11 +62,14 @@ struct private_nonce_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -64,6 +85,27 @@ struct private_nonce_payload_t { * * The defined offsets are the positions in a object of type * private_nonce_payload_t. +<<<<<<< HEAD + * + */ +encoding_rule_t nonce_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_nonce_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_nonce_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole nonce payload*/ + { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, + /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ + { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } +======= */ encoding_rule_t nonce_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -82,6 +124,7 @@ encoding_rule_t nonce_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) }, +>>>>>>> upstream/4.5.1 }; /* 1 2 3 @@ -95,6 +138,57 @@ encoding_rule_t nonce_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_nonce_payload_t *this) +{ + if ((this->nonce.len < 16) || ((this->nonce.len > 256))) + { + /* nonce length is wrong */ + return FAILED; + } + + return SUCCESS; +} + +/** + * Implementation of nonce_payload_t.set_nonce. + */ +static status_t set_nonce(private_nonce_payload_t *this, chunk_t nonce) +{ + this->nonce.ptr = clalloc(nonce.ptr, nonce.len); + this->nonce.len = nonce.len; + this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + nonce.len; + return SUCCESS; +} + +/** + * Implementation of nonce_payload_t.get_nonce. + */ +static chunk_t get_nonce(private_nonce_payload_t *this) +{ + chunk_t nonce; + nonce.ptr = clalloc(this->nonce.ptr,this->nonce.len); + nonce.len = this->nonce.len; + return nonce; +} + +/** + * Implementation of nonce_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_nonce_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = nonce_payload_encodings; + *rule_count = sizeof(nonce_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_nonce_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_nonce_payload_t *this) { @@ -114,10 +208,25 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_nonce_payload_t *this) +>>>>>>> upstream/4.5.1 { return NONCE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_nonce_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_nonce_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_next_type, payload_type_t, private_nonce_payload_t *this) { @@ -126,10 +235,40 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_nonce_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * recompute the length of the payload. + */ +static void compute_length(private_nonce_payload_t *this) +{ + this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + this->nonce.len; +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_nonce_payload_t *this) +{ + compute_length(this); + return this->payload_length; +} + +/** + * Implementation of payload_t.destroy and nonce_payload_t.destroy. + */ +static void destroy(private_nonce_payload_t *this) +{ + if (this->nonce.ptr != NULL) + { + free(this->nonce.ptr); + } + +======= METHOD(payload_t, get_length, size_t, private_nonce_payload_t *this) { @@ -153,6 +292,7 @@ METHOD2(payload_t, nonce_payload_t, destroy, void, private_nonce_payload_t *this) { free(this->nonce.ptr); +>>>>>>> upstream/4.5.1 free(this); } @@ -161,6 +301,35 @@ METHOD2(payload_t, nonce_payload_t, destroy, void, */ nonce_payload_t *nonce_payload_create() { +<<<<<<< HEAD + private_nonce_payload_t *this = malloc_thing(private_nonce_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.destroy = (void (*) (nonce_payload_t *)) destroy; + this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce; + this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH; + this->nonce.ptr = NULL; + this->nonce.len = 0; + + return (&(this->public)); +} + + +======= private_nonce_payload_t *this; INIT(this, @@ -183,3 +352,4 @@ nonce_payload_t *nonce_payload_create() ); return &this->public; } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 77f15ec6d..59668bb9d 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -1,8 +1,14 @@ /* +<<<<<<< HEAD + * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006 Daniel Roethlisberger + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -187,9 +193,15 @@ typedef struct private_notify_payload_t private_notify_payload_t; /** * Private data of an notify_payload_t object. +<<<<<<< HEAD + * + */ +struct private_notify_payload_t { +======= */ struct private_notify_payload_t { +>>>>>>> upstream/4.5.1 /** * Public notify_payload_t interface. */ @@ -206,11 +218,14 @@ struct private_notify_payload_t { bool critical; /** +<<<<<<< HEAD +======= * reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -246,6 +261,10 @@ struct private_notify_payload_t { * * The defined offsets are the positions in a object of type * private_notify_payload_t. +<<<<<<< HEAD + * +======= +>>>>>>> upstream/4.5.1 */ encoding_rule_t notify_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -253,6 +272,15 @@ encoding_rule_t notify_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_notify_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ +<<<<<<< HEAD + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[2]) }, @@ -260,6 +288,7 @@ encoding_rule_t notify_payload_encodings[] = { { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, /* Protocol ID as 8 bit field*/ @@ -267,11 +296,19 @@ encoding_rule_t notify_payload_encodings[] = { /* SPI Size as 8 bit field*/ { SPI_SIZE, offsetof(private_notify_payload_t, spi_size) }, /* Notify message type as 16 bit field*/ +<<<<<<< HEAD + { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, + /* SPI as variable length field*/ + { SPI, offsetof(private_notify_payload_t, spi) }, + /* Key Exchange Data is from variable size */ + { NOTIFICATION_DATA, offsetof(private_notify_payload_t, notification_data) } +======= { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, /* SPI as variable length field*/ { SPI, offsetof(private_notify_payload_t, spi) }, /* Key Exchange Data is from variable size */ { NOTIFICATION_DATA,offsetof(private_notify_payload_t, notification_data) } +>>>>>>> upstream/4.5.1 }; /* @@ -292,8 +329,15 @@ encoding_rule_t notify_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_notify_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_notify_payload_t *this) +>>>>>>> upstream/4.5.1 { bool bad_length = FALSE; @@ -407,6 +451,21 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_notify_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = notify_payload_encodings; + *rule_count = sizeof(notify_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_notify_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_notify_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -416,10 +475,25 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_notify_payload_t *this) +>>>>>>> upstream/4.5.1 { return NOTIFY; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_notify_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_notify_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_next_type, payload_type_t, private_notify_payload_t *this) { @@ -428,6 +502,7 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_notify_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -438,7 +513,10 @@ METHOD(payload_t, set_next_type, void, static void compute_length (private_notify_payload_t *this) { size_t length = NOTIFY_PAYLOAD_HEADER_LENGTH; +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 if (this->notification_data.ptr != NULL) { length += this->notification_data.len; @@ -450,6 +528,21 @@ static void compute_length (private_notify_payload_t *this) this->payload_length = length; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_notify_payload_t *this) +{ + compute_length(this); + return this->payload_length; +} + +/** + * Implementation of notify_payload_t.get_protocol_id. + */ +static u_int8_t get_protocol_id(private_notify_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_notify_payload_t *this) { @@ -458,30 +551,59 @@ METHOD(payload_t, get_length, size_t, METHOD(notify_payload_t, get_protocol_id, u_int8_t, private_notify_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->protocol_id; } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.set_protocol_id. + */ +static void set_protocol_id(private_notify_payload_t *this, u_int8_t protocol_id) +======= METHOD(notify_payload_t, set_protocol_id, void, private_notify_payload_t *this, u_int8_t protocol_id) +>>>>>>> upstream/4.5.1 { this->protocol_id = protocol_id; } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.get_notify_type. + */ +static notify_type_t get_notify_type(private_notify_payload_t *this) +======= METHOD(notify_payload_t, get_notify_type, notify_type_t, private_notify_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->notify_type; } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.set_notify_type. + */ +static void set_notify_type(private_notify_payload_t *this, u_int16_t notify_type) +======= METHOD(notify_payload_t, set_notify_type, void, private_notify_payload_t *this, notify_type_t notify_type) +>>>>>>> upstream/4.5.1 { this->notify_type = notify_type; } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.get_spi. + */ +static u_int32_t get_spi(private_notify_payload_t *this) +======= METHOD(notify_payload_t, get_spi, u_int32_t, private_notify_payload_t *this) +>>>>>>> upstream/4.5.1 { switch (this->protocol_id) { @@ -497,8 +619,15 @@ METHOD(notify_payload_t, get_spi, u_int32_t, return 0; } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.set_spi. + */ +static void set_spi(private_notify_payload_t *this, u_int32_t spi) +======= METHOD(notify_payload_t, set_spi, void, private_notify_payload_t *this, u_int32_t spi) +>>>>>>> upstream/4.5.1 { chunk_free(&this->spi); switch (this->protocol_id) @@ -515,6 +644,39 @@ METHOD(notify_payload_t, set_spi, void, compute_length(this); } +<<<<<<< HEAD +/** + * Implementation of notify_payload_t.get_notification_data. + */ +static chunk_t get_notification_data(private_notify_payload_t *this) +{ + return (this->notification_data); +} + +/** + * Implementation of notify_payload_t.set_notification_data. + */ +static status_t set_notification_data(private_notify_payload_t *this, chunk_t notification_data) +{ + chunk_free(&this->notification_data); + if (notification_data.len > 0) + { + this->notification_data = chunk_clone(notification_data); + } + compute_length(this); + return SUCCESS; +} + +/** + * Implementation of notify_payload_t.destroy and notify_payload_t.destroy. + */ +static status_t destroy(private_notify_payload_t *this) +{ + chunk_free(&this->notification_data); + chunk_free(&this->spi); + free(this); + return SUCCESS; +======= METHOD(notify_payload_t, get_notification_data, chunk_t, private_notify_payload_t *this) { @@ -535,6 +697,7 @@ METHOD2(payload_t, notify_payload_t, destroy, void, free(this->notification_data.ptr); free(this->spi.ptr); free(this); +>>>>>>> upstream/4.5.1 } /* @@ -542,6 +705,42 @@ METHOD2(payload_t, notify_payload_t, destroy, void, */ notify_payload_t *notify_payload_create() { +<<<<<<< HEAD + private_notify_payload_t *this = malloc_thing(private_notify_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.get_protocol_id = (u_int8_t (*) (notify_payload_t *)) get_protocol_id; + this->public.set_protocol_id = (void (*) (notify_payload_t *,u_int8_t)) set_protocol_id; + this->public.get_notify_type = (notify_type_t (*) (notify_payload_t *)) get_notify_type; + this->public.set_notify_type = (void (*) (notify_payload_t *,notify_type_t)) set_notify_type; + this->public.get_spi = (u_int32_t (*) (notify_payload_t *)) get_spi; + this->public.set_spi = (void (*) (notify_payload_t *,u_int32_t)) set_spi; + this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data; + this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data; + this->public.destroy = (void (*) (notify_payload_t *)) destroy; + + /* set default values of the fields */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = NOTIFY_PAYLOAD_HEADER_LENGTH; + this->protocol_id = 0; + this->notify_type = 0; + this->spi.ptr = NULL; + this->spi.len = 0; + this->spi_size = 0; + this->notification_data.ptr = NULL; + this->notification_data.len = 0; + +======= private_notify_payload_t *this; INIT(this, @@ -568,12 +767,21 @@ notify_payload_t *notify_payload_create() .next_payload = NO_PAYLOAD, .payload_length = NOTIFY_PAYLOAD_HEADER_LENGTH, ); +>>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header. */ +<<<<<<< HEAD +notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_type_t notify_type) +{ + notify_payload_t *notify = notify_payload_create(); + + notify->set_notify_type(notify,notify_type); + notify->set_protocol_id(notify,protocol_id); +======= notify_payload_t *notify_payload_create_from_protocol_and_type( protocol_id_t protocol_id, notify_type_t notify_type) { @@ -581,6 +789,7 @@ notify_payload_t *notify_payload_create_from_protocol_and_type( notify->set_notify_type(notify, notify_type); notify->set_protocol_id(notify, protocol_id); +>>>>>>> upstream/4.5.1 return notify; } diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index d1e677db7..35d073240 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -59,23 +59,41 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N #ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "ID_PEER"); +<<<<<<< HEAD +ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, +======= ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, +>>>>>>> upstream/4.5.1 "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", "TRANSFORM_ATTRIBUTE", "TRAFFIC_SELECTOR_SUBSTRUCTURE", +<<<<<<< HEAD + "CONFIGURATION_ATTRIBUTE", + "UNKNOWN_PAYLOAD"); +#else +ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, +======= "CONFIGURATION_ATTRIBUTE"); #else ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, +>>>>>>> upstream/4.5.1 "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", "TRANSFORM_ATTRIBUTE", "TRAFFIC_SELECTOR_SUBSTRUCTURE", +<<<<<<< HEAD + "CONFIGURATION_ATTRIBUTE", + "UNKNOWN_PAYLOAD"); +#endif /* ME */ +ENUM_END(payload_type_names, UNKNOWN_PAYLOAD); +======= "CONFIGURATION_ATTRIBUTE"); #endif /* ME */ ENUM_END(payload_type_names, CONFIGURATION_ATTRIBUTE); +>>>>>>> upstream/4.5.1 /* short forms of payload names */ ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, @@ -100,23 +118,41 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT #ifdef ME ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "IDp"); +<<<<<<< HEAD +ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, +======= ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, +>>>>>>> upstream/4.5.1 "HDR", "PROP", "TRANS", "TRANSATTR", "TSSUB", +<<<<<<< HEAD + "CPATTR", + "??"); +#else +ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, +======= "CPATTR"); #else ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, +>>>>>>> upstream/4.5.1 "HDR", "PROP", "TRANS", "TRANSATTR", "TSSUB", +<<<<<<< HEAD + "CPATTR", + "??"); +#endif /* ME */ +ENUM_END(payload_type_short_names, UNKNOWN_PAYLOAD); +======= "CPATTR"); #endif /* ME */ ENUM_END(payload_type_short_names, CONFIGURATION_ATTRIBUTE); +>>>>>>> upstream/4.5.1 /* * see header @@ -174,6 +210,12 @@ payload_t *payload_create(payload_type_t type) case ENCRYPTED: return (payload_t*)encryption_payload_create(); default: +<<<<<<< HEAD + return (payload_t*)unknown_payload_create(); + } +} + +======= return (payload_t*)unknown_payload_create(type); } } @@ -216,3 +258,4 @@ void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip) } return NULL; } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0f407ff42..68fbb01c0 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -137,7 +137,11 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle IKEv2-Header like a payload. */ +<<<<<<< HEAD + HEADER = 140, +======= HEADER = 256, +>>>>>>> upstream/4.5.1 /** * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -145,7 +149,11 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a proposal substructure like a payload. */ +<<<<<<< HEAD + PROPOSAL_SUBSTRUCTURE = 141, +======= PROPOSAL_SUBSTRUCTURE = 257, +>>>>>>> upstream/4.5.1 /** * TRANSFORM_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -153,7 +161,11 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform substructure like a payload. */ +<<<<<<< HEAD + TRANSFORM_SUBSTRUCTURE = 142, +======= TRANSFORM_SUBSTRUCTURE = 258, +>>>>>>> upstream/4.5.1 /** * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. @@ -161,7 +173,11 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ +<<<<<<< HEAD + TRANSFORM_ATTRIBUTE = 143, +======= TRANSFORM_ATTRIBUTE = 259, +>>>>>>> upstream/4.5.1 /** * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -169,7 +185,11 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform selector like a payload. */ +<<<<<<< HEAD + TRAFFIC_SELECTOR_SUBSTRUCTURE = 144, +======= TRAFFIC_SELECTOR_SUBSTRUCTURE = 260, +>>>>>>> upstream/4.5.1 /** * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. @@ -177,9 +197,24 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ +<<<<<<< HEAD + CONFIGURATION_ATTRIBUTE = 145, + + /** + * A unknown payload has a value of PRIVATE USE space. + * + * This payload type is not sent over wire and just + * used internally to handle a unknown payload. + */ + UNKNOWN_PAYLOAD = 146, +}; + + +======= CONFIGURATION_ATTRIBUTE = 261, }; +>>>>>>> upstream/4.5.1 /** * enum names for payload_type_t. */ @@ -260,6 +295,8 @@ struct payload_t { */ payload_t *payload_create(payload_type_t type); +<<<<<<< HEAD +======= /** * Check if a specific payload is implemented, or handled as unknown payload. * @@ -278,4 +315,5 @@ bool payload_is_known(payload_type_t type); */ void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip); +>>>>>>> upstream/4.5.1 #endif /** PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index f39c3b0e6..9272d1b63 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -47,11 +47,14 @@ struct private_proposal_substructure_t { u_int8_t next_payload; /** +<<<<<<< HEAD +======= * reserved byte */ u_int8_t reserved; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t proposal_length; @@ -96,8 +99,13 @@ struct private_proposal_substructure_t { encoding_rule_t proposal_substructure_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_proposal_substructure_t, next_payload) }, +<<<<<<< HEAD + /* Reserved Byte is skipped */ + { RESERVED_BYTE, 0 }, +======= /* 1 Reserved Byte */ { RESERVED_BYTE, offsetof(private_proposal_substructure_t, reserved) }, +>>>>>>> upstream/4.5.1 /* Length of the whole proposal substructure payload*/ { PAYLOAD_LENGTH, offsetof(private_proposal_substructure_t, proposal_length) }, /* proposal number is a number of 8 bit */ @@ -218,6 +226,24 @@ METHOD(payload_t, set_next_type, void, */ static void compute_length(private_proposal_substructure_t *this) { +<<<<<<< HEAD + iterator_t *iterator; + payload_t *current_transform; + size_t transforms_count = 0; + size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; + + iterator = this->transforms->create_iterator(this->transforms,TRUE); + while (iterator->iterate(iterator, (void**)¤t_transform)) + { + length += current_transform->get_length(current_transform); + transforms_count++; + } + iterator->destroy(iterator); + + length += this->spi.len; + this->transforms_count = transforms_count; + this->proposal_length = length; +======= enumerator_t *enumerator; payload_t *transform; @@ -230,11 +256,16 @@ static void compute_length(private_proposal_substructure_t *this) this->transforms_count++; } enumerator->destroy(enumerator); +>>>>>>> upstream/4.5.1 } METHOD(payload_t, get_length, size_t, private_proposal_substructure_t *this) { +<<<<<<< HEAD + compute_length(this); +======= +>>>>>>> upstream/4.5.1 return this->proposal_length; } @@ -342,10 +373,39 @@ METHOD(proposal_substructure_t, get_proposal, proposal_t*, return proposal; } +<<<<<<< HEAD +METHOD(proposal_substructure_t, clone_, proposal_substructure_t*, + private_proposal_substructure_t *this) +{ + private_proposal_substructure_t *clone; + enumerator_t *enumerator; + transform_substructure_t *current; + + clone = (private_proposal_substructure_t*)proposal_substructure_create(); + clone->next_payload = this->next_payload; + clone->proposal_number = this->proposal_number; + clone->protocol_id = this->protocol_id; + clone->spi_size = this->spi_size; + if (this->spi.ptr != NULL) + { + clone->spi.ptr = clalloc(this->spi.ptr, this->spi.len); + clone->spi.len = this->spi.len; + } + enumerator = this->transforms->create_enumerator(this->transforms); + while (enumerator->enumerate(enumerator, ¤t)) + { + current = current->clone(current); + add_transform_substructure(clone, current); + } + enumerator->destroy(enumerator); + + return &clone->public; +======= METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*, private_proposal_substructure_t *this) { return this->transforms->create_enumerator(this->transforms); +>>>>>>> upstream/4.5.1 } METHOD2(payload_t, proposal_substructure_t, destroy, void, @@ -381,6 +441,14 @@ proposal_substructure_t *proposal_substructure_create() .get_protocol_id = _get_protocol_id, .set_is_last_proposal = _set_is_last_proposal, .get_proposal = _get_proposal, +<<<<<<< HEAD + .set_spi = _set_spi, + .get_spi = _get_spi, + .clone = _clone_, + .destroy = _destroy, + }, + .next_payload = NO_PAYLOAD, +======= .create_substructure_enumerator = _create_substructure_enumerator, .set_spi = _set_spi, .get_spi = _get_spi, @@ -388,6 +456,7 @@ proposal_substructure_t *proposal_substructure_create() }, .next_payload = NO_PAYLOAD, .proposal_length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH, +>>>>>>> upstream/4.5.1 .transforms = linked_list_create(), ); @@ -479,7 +548,10 @@ proposal_substructure_t *proposal_substructure_create_from_proposal( } this->proposal_number = proposal->get_number(proposal); this->protocol_id = proposal->get_protocol(proposal); +<<<<<<< HEAD +======= compute_length(this); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index d0ba1fd2a..a7ad97e1c 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -111,11 +111,19 @@ struct proposal_substructure_t { proposal_t * (*get_proposal) (proposal_substructure_t *this); /** +<<<<<<< HEAD + * Clones an proposal_substructure_t object. + * + * @return cloned object + */ + proposal_substructure_t* (*clone) (proposal_substructure_t *this); +======= * Create an enumerator over transform substructures. * * @return enumerator over transform_substructure_t */ enumerator_t* (*create_substructure_enumerator)(proposal_substructure_t *this); +>>>>>>> upstream/4.5.1 /** * Destroys an proposal_substructure_t object. diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index db20d052f..faa19b614 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -46,11 +46,14 @@ struct private_sa_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -73,6 +76,15 @@ encoding_rule_t sa_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_sa_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ +<<<<<<< HEAD + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, +======= { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[2]) }, @@ -80,6 +92,7 @@ encoding_rule_t sa_payload_encodings[] = { { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[6]) }, +>>>>>>> upstream/4.5.1 /* Length of the whole SA payload*/ { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, /* Proposals are stored in a proposal substructure, @@ -190,6 +203,10 @@ static void compute_length(private_sa_payload_t *this) METHOD(payload_t, get_length, size_t, private_sa_payload_t *this) { +<<<<<<< HEAD + compute_length(this); +======= +>>>>>>> upstream/4.5.1 return this->payload_length; } @@ -262,12 +279,15 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, return list; } +<<<<<<< HEAD +======= METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*, private_sa_payload_t *this) { return this->proposals->create_enumerator(this->proposals); } +>>>>>>> upstream/4.5.1 METHOD2(payload_t, sa_payload_t, destroy, void, private_sa_payload_t *this) { @@ -296,7 +316,10 @@ sa_payload_t *sa_payload_create() }, .add_proposal = _add_proposal, .get_proposals = _get_proposals, +<<<<<<< HEAD +======= .create_substructure_enumerator = _create_substructure_enumerator, +>>>>>>> upstream/4.5.1 .destroy = _destroy, }, .next_payload = NO_PAYLOAD, diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index cc8c481c8..fb0227016 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -61,6 +61,8 @@ struct sa_payload_t { void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); /** +<<<<<<< HEAD +======= * Create an enumerator over all proposal substructures. * * @return enumerator over proposal_substructure_t @@ -68,6 +70,7 @@ struct sa_payload_t { enumerator_t* (*create_substructure_enumerator)(sa_payload_t *this); /** +>>>>>>> upstream/4.5.1 * Destroys an sa_payload_t object. */ void (*destroy) (sa_payload_t *this); diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index df36e4383..f631714a2 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -20,13 +24,23 @@ #include <encoding/payloads/encodings.h> #include <utils/linked_list.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_traffic_selector_substructure_t private_traffic_selector_substructure_t; /** * Private data of an traffic_selector_substructure_t object. +<<<<<<< HEAD + * + */ +struct private_traffic_selector_substructure_t { +======= */ struct private_traffic_selector_substructure_t { +>>>>>>> upstream/4.5.1 /** * Public traffic_selector_substructure_t interface. */ @@ -73,6 +87,26 @@ struct private_traffic_selector_substructure_t { * * The defined offsets are the positions in a object of type * private_traffic_selector_substructure_t. +<<<<<<< HEAD + * + */ +encoding_rule_t traffic_selector_substructure_encodings[] = { + /* 1 Byte next ts type*/ + { TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) }, + /* 1 Byte IP protocol id*/ + { U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) }, + /* 2 Byte start port*/ + { U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) }, + /* 2 Byte end port*/ + { U_INT_16, offsetof(private_traffic_selector_substructure_t, end_port) }, + /* starting address is either 4 or 16 byte */ + { ADDRESS, offsetof(private_traffic_selector_substructure_t, starting_address) }, + /* ending address is either 4 or 16 byte */ + { ADDRESS, offsetof(private_traffic_selector_substructure_t, ending_address) } + +======= */ encoding_rule_t traffic_selector_substructure_encodings[] = { /* 1 Byte next ts type*/ @@ -89,6 +123,7 @@ encoding_rule_t traffic_selector_substructure_encodings[] = { { ADDRESS, offsetof(private_traffic_selector_substructure_t, starting_address) }, /* ending address is either 4 or 16 byte */ { ADDRESS, offsetof(private_traffic_selector_substructure_t, ending_address) } +>>>>>>> upstream/4.5.1 }; /* @@ -109,8 +144,15 @@ encoding_rule_t traffic_selector_substructure_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_traffic_selector_substructure_t *this) +======= METHOD(payload_t, verify, status_t, private_traffic_selector_substructure_t *this) +>>>>>>> upstream/4.5.1 { if (this->start_port > this->end_port) { @@ -148,6 +190,21 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of traffic_selector_substructure_t.get_encoding_rules. + */ +static void get_encoding_rules(private_traffic_selector_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = traffic_selector_substructure_encodings; + *rule_count = sizeof(traffic_selector_substructure_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_traffic_selector_substructure_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_traffic_selector_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -158,10 +215,33 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_traffic_selector_substructure_t *this) +>>>>>>> upstream/4.5.1 { return TRAFFIC_SELECTOR_SUBSTRUCTURE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_traffic_selector_substructure_t *this) +{ + return 0; +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type) +{ + +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_traffic_selector_substructure_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_traffic_selector_substructure_t *this) { @@ -175,10 +255,38 @@ METHOD(payload_t, set_next_type, void, METHOD(payload_t, get_length, size_t, private_traffic_selector_substructure_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of traffic_selector_substructure_t.get_traffic_selector. + */ +static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this) +{ + traffic_selector_t *ts; + ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, + this->starting_address, this->start_port, + this->ending_address, this->end_port); + return ts; +} + +/** + * recompute length field of the payload + */ +void compute_length(private_traffic_selector_substructure_t *this) +{ + this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH + + this->ending_address.len + this->starting_address.len; +} + +/** + * Implementation of payload_t.destroy and traffic_selector_substructure_t.destroy. + */ +static void destroy(private_traffic_selector_substructure_t *this) +======= METHOD(traffic_selector_substructure_t, get_traffic_selector, traffic_selector_t*, private_traffic_selector_substructure_t *this) { @@ -190,6 +298,7 @@ METHOD(traffic_selector_substructure_t, get_traffic_selector, traffic_selector_t METHOD2(payload_t, traffic_selector_substructure_t, destroy, void, private_traffic_selector_substructure_t *this) +>>>>>>> upstream/4.5.1 { free(this->starting_address.ptr); free(this->ending_address.ptr); @@ -201,6 +310,34 @@ METHOD2(payload_t, traffic_selector_substructure_t, destroy, void, */ traffic_selector_substructure_t *traffic_selector_substructure_create() { +<<<<<<< HEAD + private_traffic_selector_substructure_t *this = malloc_thing(private_traffic_selector_substructure_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector; + this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy; + + /* private variables */ + this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH; + this->start_port = 0; + this->end_port = 0; + this->starting_address = chunk_empty; + this->ending_address = chunk_empty; + this->ip_protocol_id = 0; + /* must be set to be valid */ + this->ts_type = TS_IPV4_ADDR_RANGE; + + return (&(this->public)); +======= private_traffic_selector_substructure_t *this; INIT(this, @@ -222,11 +359,27 @@ traffic_selector_substructure_t *traffic_selector_substructure_create() .ts_type = TS_IPV4_ADDR_RANGE, ); return &this->public; +>>>>>>> upstream/4.5.1 } /* * Described in header */ +<<<<<<< HEAD +traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(traffic_selector_t *traffic_selector) +{ + private_traffic_selector_substructure_t *this = (private_traffic_selector_substructure_t*)traffic_selector_substructure_create(); + this->ts_type = traffic_selector->get_type(traffic_selector); + this->ip_protocol_id = traffic_selector->get_protocol(traffic_selector); + this->start_port = traffic_selector->get_from_port(traffic_selector); + this->end_port = traffic_selector->get_to_port(traffic_selector); + this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector)); + this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector)); + + compute_length(this); + + return &(this->public); +======= traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector( traffic_selector_t *ts) { @@ -243,4 +396,5 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff this->ending_address.len + this->starting_address.len; return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 7d21258b1..7332b939b 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -27,9 +31,15 @@ typedef struct private_transform_attribute_t private_transform_attribute_t; /** * Private data of an transform_attribute_t object. +<<<<<<< HEAD + * + */ +struct private_transform_attribute_t { +======= */ struct private_transform_attribute_t { +>>>>>>> upstream/4.5.1 /** * Public transform_attribute_t interface. */ @@ -71,6 +81,10 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH); * * The defined offsets are the positions in a object of type * private_transform_attribute_t. +<<<<<<< HEAD + * +======= +>>>>>>> upstream/4.5.1 */ encoding_rule_t transform_attribute_encodings[] = { /* Flag defining the format of this payload */ @@ -78,7 +92,11 @@ encoding_rule_t transform_attribute_encodings[] = { /* type of the attribute as 15 bit unsigned integer */ { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, /* Length or value, depending on the attribute format flag */ +<<<<<<< HEAD + { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) }, +======= { ATTRIBUTE_LENGTH_OR_VALUE,offsetof(private_transform_attribute_t, attribute_length_or_value) }, +>>>>>>> upstream/4.5.1 /* Value of attribute if attribute format flag is zero */ { ATTRIBUTE_VALUE, offsetof(private_transform_attribute_t, attribute_value) } }; @@ -95,6 +113,34 @@ encoding_rule_t transform_attribute_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_transform_attribute_t *this) +{ + if (this->attribute_type != KEY_LENGTH) + { + return FAILED; + } + + return SUCCESS; +} + +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_transform_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = transform_attribute_encodings; + *rule_count = sizeof(transform_attribute_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_transform_attribute_t *this) +======= METHOD(payload_t, verify, status_t, private_transform_attribute_t *this) { @@ -111,10 +157,61 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_transform_attribute_t *this) +>>>>>>> upstream/4.5.1 { return TRANSFORM_ATTRIBUTE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_transform_attribute_t *this) +{ + return (NO_PAYLOAD); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_transform_attribute_t *this,payload_type_t type) +{ +} + +/** + * Implementation of transform_attribute_t.get_length. + */ +static size_t get_length(private_transform_attribute_t *this) +{ + if (this->attribute_format == TRUE) + { + /*Attribute size is only 4 byte */ + return 4; + } + return (this->attribute_length_or_value + 4); +} + +/** + * Implementation of transform_attribute_t.set_value_chunk. + */ +static void set_value_chunk(private_transform_attribute_t *this, chunk_t value) +{ + if (this->attribute_value.ptr != NULL) + { + /* free existing value */ + free(this->attribute_value.ptr); + this->attribute_value.ptr = NULL; + this->attribute_value.len = 0; + + } + + if (value.len > 2) + { + this->attribute_value.ptr = clalloc(value.ptr,value.len); + this->attribute_value.len = value.len; + this->attribute_length_or_value = value.len; + /* attribute has not a fixed length */ +======= METHOD(payload_t, get_next_type, payload_type_t, private_transform_attribute_t *this) { @@ -145,10 +242,58 @@ METHOD(transform_attribute_t, set_value_chunk, void, { this->attribute_value = chunk_clone(value); this->attribute_length_or_value = value.len; +>>>>>>> upstream/4.5.1 this->attribute_format = FALSE; } else { +<<<<<<< HEAD + memcpy(&(this->attribute_length_or_value),value.ptr,value.len); + } +} + +/** + * Implementation of transform_attribute_t.set_value. + */ +static void set_value(private_transform_attribute_t *this, u_int16_t value) +{ + if (this->attribute_value.ptr != NULL) + { + /* free existing value */ + free(this->attribute_value.ptr); + this->attribute_value.ptr = NULL; + this->attribute_value.len = 0; + + } + this->attribute_length_or_value = value; +} + +/** + * Implementation of transform_attribute_t.get_value_chunk. + */ +static chunk_t get_value_chunk (private_transform_attribute_t *this) +{ + chunk_t value; + + if (this->attribute_format == FALSE) + { + value.ptr = this->attribute_value.ptr; + value.len = this->attribute_value.len; + } + else + { + value.ptr = (void *) &(this->attribute_length_or_value); + value.len = 2; + } + + return value; +} + +/** + * Implementation of transform_attribute_t.get_value. + */ +static u_int16_t get_value (private_transform_attribute_t *this) +======= memcpy(&this->attribute_length_or_value, value.ptr, value.len); } } @@ -173,28 +318,55 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t, METHOD(transform_attribute_t, get_value, u_int16_t, private_transform_attribute_t *this) +>>>>>>> upstream/4.5.1 { return this->attribute_length_or_value; } +<<<<<<< HEAD + +/** + * Implementation of transform_attribute_t.set_attribute_type. + */ +static void set_attribute_type (private_transform_attribute_t *this, u_int16_t type) +======= METHOD(transform_attribute_t, set_attribute_type, void, private_transform_attribute_t *this, u_int16_t type) +>>>>>>> upstream/4.5.1 { this->attribute_type = type & 0x7FFF; } +<<<<<<< HEAD +/** + * Implementation of transform_attribute_t.get_attribute_type. + */ +static u_int16_t get_attribute_type (private_transform_attribute_t *this) +======= METHOD(transform_attribute_t, get_attribute_type, u_int16_t, private_transform_attribute_t *this) +>>>>>>> upstream/4.5.1 { return this->attribute_type; } +<<<<<<< HEAD +/** + * Implementation of transform_attribute_t.clone. + */ +static transform_attribute_t * _clone(private_transform_attribute_t *this) +{ + private_transform_attribute_t *new_clone; + + new_clone = (private_transform_attribute_t *) transform_attribute_create(); +======= METHOD(transform_attribute_t, clone_, transform_attribute_t*, private_transform_attribute_t *this) { private_transform_attribute_t *new_clone; new_clone = (private_transform_attribute_t *)transform_attribute_create(); +>>>>>>> upstream/4.5.1 new_clone->attribute_format = this->attribute_format; new_clone->attribute_type = this->attribute_type; @@ -202,6 +374,24 @@ METHOD(transform_attribute_t, clone_, transform_attribute_t*, if (!new_clone->attribute_format) { +<<<<<<< HEAD + new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); + new_clone->attribute_value.len = this->attribute_value.len; + } + + return (transform_attribute_t *) new_clone; +} + +/** + * Implementation of transform_attribute_t.destroy and payload_t.destroy. + */ +static void destroy(private_transform_attribute_t *this) +{ + if (this->attribute_value.ptr != NULL) + { + free(this->attribute_value.ptr); + } +======= new_clone->attribute_value = chunk_clone(this->attribute_value); } return &new_clone->public; @@ -211,6 +401,7 @@ METHOD2(payload_t, transform_attribute_t, destroy, void, private_transform_attribute_t *this) { free(this->attribute_value.ptr); +>>>>>>> upstream/4.5.1 free(this); } @@ -219,6 +410,37 @@ METHOD2(payload_t, transform_attribute_t, destroy, void, */ transform_attribute_t *transform_attribute_create() { +<<<<<<< HEAD + private_transform_attribute_t *this = malloc_thing(private_transform_attribute_t); + + /* payload interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk; + this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value; + this->public.get_value_chunk = (chunk_t (*) (transform_attribute_t *)) get_value_chunk; + this->public.get_value = (u_int16_t (*) (transform_attribute_t *)) get_value; + this->public.set_attribute_type = (void (*) (transform_attribute_t *,u_int16_t type)) set_attribute_type; + this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type; + this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone; + this->public.destroy = (void (*) (transform_attribute_t *)) destroy; + + /* set default values of the fields */ + this->attribute_format = TRUE; + this->attribute_type = 0; + this->attribute_length_or_value = 0; + this->attribute_value.ptr = NULL; + this->attribute_value.len = 0; + + return (&(this->public)); +======= private_transform_attribute_t *this; INIT(this, @@ -244,6 +466,7 @@ transform_attribute_t *transform_attribute_create() .attribute_format = TRUE, ); return &this->public; +>>>>>>> upstream/4.5.1 } /* @@ -252,7 +475,12 @@ transform_attribute_t *transform_attribute_create() transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length) { transform_attribute_t *attribute = transform_attribute_create(); +<<<<<<< HEAD + attribute->set_attribute_type(attribute,KEY_LENGTH); + attribute->set_value(attribute,key_length); +======= attribute->set_attribute_type(attribute, KEY_LENGTH); attribute->set_value(attribute, key_length); +>>>>>>> upstream/4.5.1 return attribute; } diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index 0428da726..fa711a7b5 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -25,13 +29,23 @@ #include <utils/linked_list.h> #include <daemon.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 typedef struct private_transform_substructure_t private_transform_substructure_t; /** * Private data of an transform_substructure_t object. +<<<<<<< HEAD + * + */ +struct private_transform_substructure_t { +======= */ struct private_transform_substructure_t { +>>>>>>> upstream/4.5.1 /** * Public transform_substructure_t interface. */ @@ -41,16 +55,24 @@ struct private_transform_substructure_t { * Next payload type. */ u_int8_t next_payload; +<<<<<<< HEAD + +======= /** * Reserved bytes */ u_int8_t reserved[2]; +>>>>>>> upstream/4.5.1 /** * Length of this payload. */ u_int16_t transform_length; +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 /** * Type of the transform. */ @@ -67,11 +89,35 @@ struct private_transform_substructure_t { linked_list_t *attributes; }; +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 /** * Encoding rules to parse or generate a Transform substructure. * * The defined offsets are the positions in a object of type * private_transform_substructure_t. +<<<<<<< HEAD + * + */ +encoding_rule_t transform_substructure_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_transform_substructure_t, next_payload) }, + /* Reserved Byte is skipped */ + { RESERVED_BYTE, 0 }, + /* Length of the whole transform substructure*/ + { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, + /* transform type is a number of 8 bit */ + { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, + /* Reserved Byte is skipped */ + { RESERVED_BYTE, 0 }, + /* tranform ID is a number of 8 bit */ + { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, + /* Attributes are stored in a transform attribute, + offset points to a linked_list_t pointer */ + { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } +======= */ encoding_rule_t transform_substructure_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -89,6 +135,7 @@ encoding_rule_t transform_substructure_encodings[] = { /* Attributes are stored in a transform attribute, offset points to a linked_list_t pointer */ { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } +>>>>>>> upstream/4.5.1 }; /* @@ -105,6 +152,21 @@ encoding_rule_t transform_substructure_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD + +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_transform_substructure_t *this) +{ + status_t status = SUCCESS; + iterator_t *iterator; + payload_t *current_attributes; + + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) + { + /* must be 0 or 3 */ +======= METHOD(payload_t, verify, status_t, private_transform_substructure_t *this) { @@ -114,6 +176,7 @@ METHOD(payload_t, verify, status_t, if (this->next_payload != NO_PAYLOAD && this->next_payload != 3) { +>>>>>>> upstream/4.5.1 DBG1(DBG_ENC, "inconsistent next payload"); return FAILED; } @@ -134,6 +197,19 @@ METHOD(payload_t, verify, status_t, return FAILED; } } +<<<<<<< HEAD + iterator = this->attributes->create_iterator(this->attributes,TRUE); + + while(iterator->iterate(iterator, (void**)¤t_attributes)) + { + status = current_attributes->verify(current_attributes); + if (status != SUCCESS) + { + DBG1(DBG_ENC, "TRANSFORM_ATTRIBUTE verification failed"); + } + } + iterator->destroy(iterator); +======= enumerator = this->attributes->create_enumerator(this->attributes); while (enumerator->enumerate(enumerator, &attribute)) @@ -146,11 +222,27 @@ METHOD(payload_t, verify, status_t, } } enumerator->destroy(enumerator); +>>>>>>> upstream/4.5.1 /* proposal number is checked in SA payload */ return status; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_transform_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = transform_substructure_encodings; + *rule_count = sizeof(transform_substructure_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_type(private_transform_substructure_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_transform_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -161,14 +253,24 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_transform_substructure_t *this) +>>>>>>> upstream/4.5.1 { return TRANSFORM_SUBSTRUCTURE; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_transform_substructure_t *this) +{ + return (this->next_payload); +======= METHOD(payload_t, get_next_type, payload_type_t, private_transform_substructure_t *this) { return this->next_payload; +>>>>>>> upstream/4.5.1 } /** @@ -176,6 +278,83 @@ METHOD(payload_t, get_next_type, payload_type_t, */ static void compute_length (private_transform_substructure_t *this) { +<<<<<<< HEAD + iterator_t *iterator; + payload_t *current_attribute; + size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; + + iterator = this->attributes->create_iterator(this->attributes,TRUE); + while (iterator->iterate(iterator, (void**)¤t_attribute)) + { + length += current_attribute->get_length(current_attribute); + } + iterator->destroy(iterator); + + this->transform_length = length; +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_transform_substructure_t *this) +{ + compute_length(this); + return this->transform_length; +} + +/** + * Implementation of transform_substructure_t.create_transform_attribute_iterator. + */ +static iterator_t *create_transform_attribute_iterator (private_transform_substructure_t *this,bool forward) +{ + return this->attributes->create_iterator(this->attributes,forward); +} + +/** + * Implementation of transform_substructure_t.add_transform_attribute. + */ +static void add_transform_attribute (private_transform_substructure_t *this,transform_attribute_t *attribute) +{ + this->attributes->insert_last(this->attributes,(void *) attribute); + compute_length(this); +} + +/** + * Implementation of transform_substructure_t.set_is_last_transform. + */ +static void set_is_last_transform (private_transform_substructure_t *this, bool is_last) +{ + this->next_payload = (is_last) ? 0: TRANSFORM_TYPE_VALUE; +} + +/** + * Implementation of transform_substructure_t.get_is_last_transform. + */ +static bool get_is_last_transform (private_transform_substructure_t *this) +{ + return ((this->next_payload == TRANSFORM_TYPE_VALUE) ? FALSE : TRUE); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_transform_substructure_t *this,payload_type_t type) +{ +} + +/** + * Implementation of transform_substructure_t.set_transform_type. + */ +static void set_transform_type (private_transform_substructure_t *this,u_int8_t type) +{ + this->transform_type = type; +} + +/** + * Implementation of transform_substructure_t.get_transform_type. + */ +static u_int8_t get_transform_type (private_transform_substructure_t *this) +======= enumerator_t *enumerator; payload_t *attribute; @@ -207,16 +386,87 @@ METHOD(payload_t, set_next_type, void, METHOD(transform_substructure_t, get_transform_type, u_int8_t, private_transform_substructure_t *this) +>>>>>>> upstream/4.5.1 { return this->transform_type; } +<<<<<<< HEAD +/** + * Implementation of transform_substructure_t.set_transform_id. + */ +static void set_transform_id (private_transform_substructure_t *this,u_int16_t id) +{ + this->transform_id = id; +} + +/** + * Implementation of transform_substructure_t.get_transform_id. + */ +static u_int16_t get_transform_id (private_transform_substructure_t *this) +======= METHOD(transform_substructure_t, get_transform_id, u_int16_t, private_transform_substructure_t *this) +>>>>>>> upstream/4.5.1 { return this->transform_id; } +<<<<<<< HEAD +/** + * Implementation of transform_substructure_t.clone. + */ +static transform_substructure_t *clone_(private_transform_substructure_t *this) +{ + private_transform_substructure_t *clone; + iterator_t *attributes; + transform_attribute_t *current_attribute; + + clone = (private_transform_substructure_t *) transform_substructure_create(); + clone->next_payload = this->next_payload; + clone->transform_type = this->transform_type; + clone->transform_id = this->transform_id; + + attributes = this->attributes->create_iterator(this->attributes, FALSE); + while (attributes->iterate(attributes, (void**)¤t_attribute)) + { + current_attribute = current_attribute->clone(current_attribute); + clone->public.add_transform_attribute(&clone->public, current_attribute); + } + attributes->destroy(attributes); + + return &clone->public; +} + + +/** + * Implementation of transform_substructure_t.get_key_length. + */ +static status_t get_key_length(private_transform_substructure_t *this, u_int16_t *key_length) +{ + iterator_t *attributes; + transform_attribute_t *current_attribute; + + attributes = this->attributes->create_iterator(this->attributes, TRUE); + while (attributes->iterate(attributes, (void**)¤t_attribute)) + { + if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) + { + *key_length = current_attribute->get_value(current_attribute); + attributes->destroy(attributes); + return SUCCESS; + } + } + attributes->destroy(attributes); + return FAILED; +} + + +/** + * Implementation of transform_substructure_t.destroy and payload_t.destroy. + */ +static void destroy(private_transform_substructure_t *this) +======= METHOD(transform_substructure_t, get_key_length, status_t, private_transform_substructure_t *this, u_int16_t *key_length) { @@ -239,6 +489,7 @@ METHOD(transform_substructure_t, get_key_length, status_t, METHOD2(payload_t, transform_substructure_t, destroy, void, private_transform_substructure_t *this) +>>>>>>> upstream/4.5.1 { this->attributes->destroy_offset(this->attributes, offsetof(transform_attribute_t, destroy)); @@ -250,6 +501,40 @@ METHOD2(payload_t, transform_substructure_t, destroy, void, */ transform_substructure_t *transform_substructure_create() { +<<<<<<< HEAD + private_transform_substructure_t *this = malloc_thing(private_transform_substructure_t); + + /* payload interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator; + this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; + this->public.set_is_last_transform = (void (*) (transform_substructure_t *,bool)) set_is_last_transform; + this->public.get_is_last_transform = (bool (*) (transform_substructure_t *)) get_is_last_transform; + this->public.set_transform_type = (void (*) (transform_substructure_t *,u_int8_t)) set_transform_type; + this->public.get_transform_type = (u_int8_t (*) (transform_substructure_t *)) get_transform_type; + this->public.set_transform_id = (void (*) (transform_substructure_t *,u_int16_t)) set_transform_id; + this->public.get_transform_id = (u_int16_t (*) (transform_substructure_t *)) get_transform_id; + this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length; + this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_; + this->public.destroy = (void (*) (transform_substructure_t *)) destroy; + + /* set default values of the fields */ + this->next_payload = NO_PAYLOAD; + this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; + this->transform_id = 0; + this->transform_type = 0; + this->attributes = linked_list_create(); + + return (&(this->public)); +======= private_transform_substructure_t *this; INIT(this, @@ -274,12 +559,32 @@ transform_substructure_t *transform_substructure_create() .attributes = linked_list_create(), ); return &this->public; +>>>>>>> upstream/4.5.1 } /* * Described in header */ transform_substructure_t *transform_substructure_create_type( +<<<<<<< HEAD + transform_type_t transform_type, + u_int16_t transform_id, u_int16_t key_length) +{ + transform_substructure_t *transform = transform_substructure_create(); + + transform->set_transform_type(transform,transform_type); + transform->set_transform_id(transform,transform_id); + + if (key_length) + { + transform_attribute_t *attribute; + + attribute = transform_attribute_create_key_length(key_length); + transform->add_transform_attribute(transform, attribute); + + } + return transform; +======= transform_type_t type, u_int16_t id, u_int16_t key_length) { private_transform_substructure_t *this; @@ -295,5 +600,6 @@ transform_substructure_t *transform_substructure_create_type( compute_length(this); } return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index c961700a4..2a60b65ba 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -34,6 +34,10 @@ typedef struct transform_substructure_t transform_substructure_t; #include <crypto/crypters/crypter.h> #include <config/proposal.h> +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 /** * IKEv1 Value for a transform payload. */ @@ -44,19 +48,42 @@ typedef struct transform_substructure_t transform_substructure_t; */ #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8 +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 /** * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. * * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. */ struct transform_substructure_t { +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * The payload_t interface. */ payload_t payload_interface; /** +<<<<<<< HEAD + * Creates an iterator of stored transform_attribute_t objects. + * + * When deleting an transform attribute using this iterator, + * the length of this transform substructure has to be refreshed + * by calling get_length(). + * + * @param forward iterator direction (TRUE: front to end) + * @return created iterator_t object. + */ + iterator_t * (*create_transform_attribute_iterator) ( + transform_substructure_t *this, bool forward); + + /** +======= +>>>>>>> upstream/4.5.1 * Adds a transform_attribute_t object to this object. * * @param proposal transform_attribute_t object to add @@ -75,6 +102,23 @@ struct transform_substructure_t { void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); /** +<<<<<<< HEAD + * Checks if this is the last transform. + * + * @return TRUE if this is the last Transform, FALSE otherwise + */ + bool (*get_is_last_transform) (transform_substructure_t *this); + + /** + * Sets transform type of the current transform substructure. + * + * @param type type value to set + */ + void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); + + /** +======= +>>>>>>> upstream/4.5.1 * get transform type of the current transform. * * @return Transform type of current transform substructure. @@ -82,14 +126,29 @@ struct transform_substructure_t { u_int8_t (*get_transform_type) (transform_substructure_t *this); /** +<<<<<<< HEAD + * Sets transform id of the current transform substructure. + * + * @param id transform id to set + */ + void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); + + /** + * get transform id of the current transform. +======= * Get transform id of the current transform. +>>>>>>> upstream/4.5.1 * * @return Transform id of current transform substructure. */ u_int16_t (*get_transform_id) (transform_substructure_t *this); /** +<<<<<<< HEAD + * get transform id of the current transform. +======= * Get transform id of the current transform. +>>>>>>> upstream/4.5.1 * * @param key_length The key length is written to this location * @return @@ -101,6 +160,16 @@ struct transform_substructure_t { u_int16_t *key_length); /** +<<<<<<< HEAD + * Clones an transform_substructure_t object. + * + * @return cloned transform_substructure_t object + */ + transform_substructure_t* (*clone) (transform_substructure_t *this); + + /** +======= +>>>>>>> upstream/4.5.1 * Destroys an transform_substructure_t object. */ void (*destroy) (transform_substructure_t *this); @@ -109,13 +178,31 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. * +<<<<<<< HEAD + * @return created transform_substructure_t object +======= * @return created transform_substructure_t object +>>>>>>> upstream/4.5.1 */ transform_substructure_t *transform_substructure_create(void); /** * Creates an empty transform_substructure_t object. * +<<<<<<< HEAD + * The key length is used for the transport types ENCRYPTION_ALGORITHM, + * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all + * other transport types the key_length parameter is not used + * + * @param transform_type type of transform to create + * @param transform_id transform id specifying the specific algorithm of a transform type + * @param key_length Key length for key lenght attribute + * @return transform_substructure_t object + */ +transform_substructure_t *transform_substructure_create_type( + transform_type_t transform_type, u_int16_t transform_id, + u_int16_t key_length); +======= * @param type type of transform to create * @param id transform id specifc for the transform type * @param key_length key length for key lenght attribute, 0 to omit @@ -123,5 +210,6 @@ transform_substructure_t *transform_substructure_create(void); */ transform_substructure_t *transform_substructure_create_type( transform_type_t type, u_int16_t id, u_int16_t key_length); +>>>>>>> upstream/4.5.1 #endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index 28f760e40..db01b433f 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2006 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -26,9 +30,15 @@ typedef struct private_ts_payload_t private_ts_payload_t; /** * Private data of an ts_payload_t object. +<<<<<<< HEAD + * + */ +struct private_ts_payload_t { +======= */ struct private_ts_payload_t { +>>>>>>> upstream/4.5.1 /** * Public ts_payload_t interface. */ @@ -50,6 +60,8 @@ struct private_ts_payload_t { bool critical; /** +<<<<<<< HEAD +======= * reserved bits */ bool reserved_bit[7]; @@ -60,6 +72,7 @@ struct private_ts_payload_t { bool reserved_byte[3]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -67,12 +80,20 @@ struct private_ts_payload_t { /** * Number of traffic selectors */ +<<<<<<< HEAD + u_int8_t number_of_traffic_selectors; +======= u_int8_t ts_num; +>>>>>>> upstream/4.5.1 /** * Contains the traffic selectors of type traffic_selector_substructure_t. */ +<<<<<<< HEAD + linked_list_t *traffic_selectors; +======= linked_list_t *substrs; +>>>>>>> upstream/4.5.1 }; /** @@ -80,6 +101,33 @@ struct private_ts_payload_t { * * The defined offsets are the positions in a object of type * private_ts_payload_t. +<<<<<<< HEAD + * + */ +encoding_rule_t ts_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_ts_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_ts_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)}, + /* 1 Byte TS type*/ + { U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) }, + /* 3 reserved bytes */ + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + /* some ts data bytes, length is defined in PAYLOAD_LENGTH */ + { TRAFFIC_SELECTORS, offsetof(private_ts_payload_t, traffic_selectors) } +======= */ encoding_rule_t ts_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -104,6 +152,7 @@ encoding_rule_t ts_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[2])}, /* some ts data bytes, length is defined in PAYLOAD_LENGTH */ { TRAFFIC_SELECTORS,offsetof(private_ts_payload_t, substrs) } +>>>>>>> upstream/4.5.1 }; /* @@ -120,6 +169,27 @@ encoding_rule_t ts_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_ts_payload_t *this) +{ + iterator_t *iterator; + payload_t *current_traffic_selector; + status_t status = SUCCESS; + + if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) + { + /* must be the same */ + return FAILED; + } + + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); + while(iterator->iterate(iterator, (void**)¤t_traffic_selector)) + { + status = current_traffic_selector->verify(current_traffic_selector); +======= METHOD(payload_t, verify, status_t, private_ts_payload_t *this) { @@ -135,16 +205,36 @@ METHOD(payload_t, verify, status_t, while (enumerator->enumerate(enumerator, &substr)) { status = substr->verify(substr); +>>>>>>> upstream/4.5.1 if (status != SUCCESS) { break; } } +<<<<<<< HEAD + iterator->destroy(iterator); +======= enumerator->destroy(enumerator); +>>>>>>> upstream/4.5.1 return status; } +<<<<<<< HEAD +/** + * Implementation of ts_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_ts_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +{ + *rules = ts_payload_encodings; + *rule_count = sizeof(ts_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_ts_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_ts_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -154,11 +244,32 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_ts_payload_t *this) +>>>>>>> upstream/4.5.1 { if (this->is_initiator) { return TRAFFIC_SELECTOR_INITIATOR; } +<<<<<<< HEAD + else + { + return TRAFFIC_SELECTOR_RESPONDER; + } +} + +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_ts_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_ts_payload_t *this,payload_type_t type) +======= return TRAFFIC_SELECTOR_RESPONDER; } @@ -170,6 +281,7 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_ts_payload_t *this,payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -177,6 +289,48 @@ METHOD(payload_t, set_next_type, void, /** * recompute the length of the payload. */ +<<<<<<< HEAD +static void compute_length (private_ts_payload_t *this) +{ + iterator_t *iterator; + size_t ts_count = 0; + size_t length = TS_PAYLOAD_HEADER_LENGTH; + payload_t *current_traffic_selector; + + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); + while (iterator->iterate(iterator, (void**)¤t_traffic_selector)) + { + length += current_traffic_selector->get_length(current_traffic_selector); + ts_count++; + } + iterator->destroy(iterator); + + this->number_of_traffic_selectors= ts_count; + this->payload_length = length; +} + +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_ts_payload_t *this) +{ + compute_length(this); + return this->payload_length; +} + +/** + * Implementation of ts_payload_t.get_initiator. + */ +static bool get_initiator (private_ts_payload_t *this) +{ + return (this->is_initiator); +} + +/** + * Implementation of ts_payload_t.set_initiator. + */ +static void set_initiator (private_ts_payload_t *this,bool is_initiator) +======= static void compute_length(private_ts_payload_t *this) { enumerator_t *enumerator; @@ -207,10 +361,58 @@ METHOD(ts_payload_t, get_initiator, bool, METHOD(ts_payload_t, set_initiator, void, private_ts_payload_t *this,bool is_initiator) +>>>>>>> upstream/4.5.1 { this->is_initiator = is_initiator; } +<<<<<<< HEAD +/** + * Implementation of ts_payload_t.add_traffic_selector_substructure. + */ +static void add_traffic_selector_substructure (private_ts_payload_t *this,traffic_selector_substructure_t *traffic_selector) +{ + this->traffic_selectors->insert_last(this->traffic_selectors,traffic_selector); + this->number_of_traffic_selectors = this->traffic_selectors->get_count(this->traffic_selectors); +} + +/** + * Implementation of ts_payload_t.create_traffic_selector_substructure_iterator. + */ +static iterator_t * create_traffic_selector_substructure_iterator (private_ts_payload_t *this, bool forward) +{ + return this->traffic_selectors->create_iterator(this->traffic_selectors,forward); +} + +/** + * Implementation of ts_payload_t.get_traffic_selectors. + */ +static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) +{ + traffic_selector_t *ts; + iterator_t *iterator; + traffic_selector_substructure_t *ts_substructure; + linked_list_t *ts_list = linked_list_create(); + + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); + while (iterator->iterate(iterator, (void**)&ts_substructure)) + { + ts = ts_substructure->get_traffic_selector(ts_substructure); + ts_list->insert_last(ts_list, (void*)ts); + } + iterator->destroy(iterator); + + return ts_list; +} + +/** + * Implementation of payload_t.destroy and ts_payload_t.destroy. + */ +static void destroy(private_ts_payload_t *this) +{ + this->traffic_selectors->destroy_offset(this->traffic_selectors, + offsetof(payload_t, destroy)); +======= METHOD(ts_payload_t, get_traffic_selectors, linked_list_t*, private_ts_payload_t *this) { @@ -235,6 +437,7 @@ METHOD2(payload_t, ts_payload_t, destroy, void, private_ts_payload_t *this) { this->substrs->destroy_offset(this->substrs, offsetof(payload_t, destroy)); +>>>>>>> upstream/4.5.1 free(this); } @@ -243,6 +446,36 @@ METHOD2(payload_t, ts_payload_t, destroy, void, */ ts_payload_t *ts_payload_create(bool is_initiator) { +<<<<<<< HEAD + private_ts_payload_t *this = malloc_thing(private_ts_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.destroy = (void (*) (ts_payload_t *)) destroy; + this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator; + this->public.set_initiator = (void (*) (ts_payload_t *,bool)) set_initiator; + this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure; + this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator; + this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length =TS_PAYLOAD_HEADER_LENGTH; + this->is_initiator = is_initiator; + this->number_of_traffic_selectors = 0; + this->traffic_selectors = linked_list_create(); + + return &(this->public); +======= private_ts_payload_t *this; INIT(this, @@ -267,21 +500,43 @@ ts_payload_t *ts_payload_create(bool is_initiator) .substrs = linked_list_create(), ); return &this->public; +>>>>>>> upstream/4.5.1 } /* * Described in header */ +<<<<<<< HEAD +ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors) +{ + iterator_t *iterator; + traffic_selector_t *ts; + traffic_selector_substructure_t *ts_substructure; +======= ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors) { enumerator_t *enumerator; traffic_selector_t *ts; traffic_selector_substructure_t *subst; +>>>>>>> upstream/4.5.1 private_ts_payload_t *this; this = (private_ts_payload_t*)ts_payload_create(is_initiator); +<<<<<<< HEAD + iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); + while (iterator->iterate(iterator, (void**)&ts)) + { + ts_substructure = traffic_selector_substructure_create_from_traffic_selector(ts); + this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); + } + iterator->destroy(iterator); + + return &(this->public); +} + +======= enumerator = traffic_selectors->create_enumerator(traffic_selectors); while (enumerator->enumerate(enumerator, &ts)) { @@ -293,3 +548,4 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, return &this->public; } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h index 88ca00bc9..eb39a5c1d 100644 --- a/src/libcharon/encoding/payloads/ts_payload.h +++ b/src/libcharon/encoding/payloads/ts_payload.h @@ -19,6 +19,10 @@ * @{ @ingroup payloads */ +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 #ifndef TS_PAYLOAD_H_ #define TS_PAYLOAD_H_ @@ -35,13 +39,20 @@ typedef struct ts_payload_t ts_payload_t; */ #define TS_PAYLOAD_HEADER_LENGTH 8 +<<<<<<< HEAD + +======= +>>>>>>> upstream/4.5.1 /** * Class representing an IKEv2 TS payload. * * The TS payload format is described in RFC section 3.13. */ struct ts_payload_t { +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * The payload_t interface. */ @@ -66,6 +77,30 @@ struct ts_payload_t { void (*set_initiator) (ts_payload_t *this,bool is_initiator); /** +<<<<<<< HEAD + * Adds a traffic_selector_substructure_t object to this object. + * + * @param traffic_selector traffic_selector_substructure_t object to add + */ + void (*add_traffic_selector_substructure) (ts_payload_t *this, + traffic_selector_substructure_t *traffic_selector); + + /** + * Creates an iterator of stored traffic_selector_substructure_t objects. + * + * When removing an traffic_selector_substructure_t object + * using this iterator, the length of this payload + * has to get refreshed by calling payload_t.get_length! + * + * @param forward iterator direction (TRUE: front to end) + * @return created iterator_t object + */ + iterator_t *(*create_traffic_selector_substructure_iterator) ( + ts_payload_t *this, bool forward); + + /** +======= +>>>>>>> upstream/4.5.1 * Get a list of nested traffic selectors as traffic_selector_t. * * Resulting list and its traffic selectors must be destroyed after usage @@ -83,15 +118,28 @@ struct ts_payload_t { /** * Creates an empty ts_payload_t object. * +<<<<<<< HEAD + * @param is_initiator + * - TRUE if this payload is of type TSi + * - FALSE if this payload is of type TSr + * @return ts_payload_t object +======= * @param is_initiator TRUE for TSi, FALSE for TSr payload type * @return ts_payload_t object +>>>>>>> upstream/4.5.1 */ ts_payload_t *ts_payload_create(bool is_initiator); /** * Creates ts_payload with a list of traffic_selector_t * +<<<<<<< HEAD + * @param is_initiator + * - TRUE if this payload is of type TSi + * - FALSE if this payload is of type TSr +======= * @param is_initiator TRUE for TSi, FALSE for TSr payload type +>>>>>>> upstream/4.5.1 * @param traffic_selectors list of traffic selectors to include * @return ts_payload_t object */ diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index 27af338b3..2f428ed06 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -18,6 +18,11 @@ #include "unknown_payload.h" +<<<<<<< HEAD + + +======= +>>>>>>> upstream/4.5.1 typedef struct private_unknown_payload_t private_unknown_payload_t; /** @@ -31,11 +36,14 @@ struct private_unknown_payload_t { unknown_payload_t public; /** +<<<<<<< HEAD +======= * Type of this payload */ payload_type_t type; /** +>>>>>>> upstream/4.5.1 * Next payload type. */ u_int8_t next_payload; @@ -46,11 +54,14 @@ struct private_unknown_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -70,6 +81,23 @@ struct private_unknown_payload_t { */ encoding_rule_t unknown_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ +<<<<<<< HEAD + { U_INT_8, offsetof(private_unknown_payload_t, next_payload)}, + /* the critical bit */ + { FLAG, offsetof(private_unknown_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_unknown_payload_t, payload_length)}, + /* some unknown data bytes, length is defined in PAYLOAD_LENGTH */ + { UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) } +======= { U_INT_8, offsetof(private_unknown_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_unknown_payload_t, critical) }, @@ -85,6 +113,7 @@ encoding_rule_t unknown_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_unknown_payload_t, payload_length) }, /* some unknown data bytes, length is defined in PAYLOAD_LENGTH */ { UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) }, +>>>>>>> upstream/4.5.1 }; /* @@ -99,6 +128,21 @@ encoding_rule_t unknown_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_unknown_payload_t *this) +{ + /* can't do any checks, so we assume its good */ + return SUCCESS; +} + +/** + * Implementation of payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_unknown_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +======= METHOD(payload_t, verify, status_t, private_unknown_payload_t *this) { @@ -111,11 +155,34 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, void, private_unknown_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +>>>>>>> upstream/4.5.1 { *rules = unknown_payload_encodings; *rule_count = sizeof(unknown_payload_encodings) / sizeof(encoding_rule_t); } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_unknown_payload_t *this) +{ + return UNKNOWN_PAYLOAD; +} + +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_unknown_payload_t *this) +{ + return (this->next_payload); +} + +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_unknown_payload_t *this,payload_type_t type) +======= METHOD(payload_t, get_payload_type, payload_type_t, private_unknown_payload_t *this) { @@ -130,22 +197,57 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_unknown_payload_t *this,payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_unknown_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_unknown_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of unknown_payload_t.get_data. + */ +static bool is_critical(private_unknown_payload_t *this) +======= METHOD(unknown_payload_t, is_critical, bool, private_unknown_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->critical; } +<<<<<<< HEAD +/** + * Implementation of unknown_payload_t.get_data. + */ +static chunk_t get_data (private_unknown_payload_t *this) +{ + return (this->data); +} + +/** + * Implementation of payload_t.destroy and unknown_payload_t.destroy. + */ +static void destroy(private_unknown_payload_t *this) +{ + if (this->data.ptr != NULL) + { + chunk_free(&(this->data)); + } + +======= METHOD(unknown_payload_t, get_data, chunk_t, private_unknown_payload_t *this) { @@ -156,12 +258,40 @@ METHOD2(payload_t, unknown_payload_t, destroy, void, private_unknown_payload_t *this) { free(this->data.ptr); +>>>>>>> upstream/4.5.1 free(this); } /* * Described in header */ +<<<<<<< HEAD +unknown_payload_t *unknown_payload_create() +{ + private_unknown_payload_t *this = malloc_thing(private_unknown_payload_t); + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + + /* public functions */ + this->public.destroy = (void (*) (unknown_payload_t *)) destroy; + this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical; + this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data; + + /* private variables */ + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = UNKNOWN_PAYLOAD_HEADER_LENGTH; + this->data = chunk_empty; + + return (&(this->public)); +======= unknown_payload_t *unknown_payload_create(payload_type_t type) { private_unknown_payload_t *this; @@ -204,4 +334,5 @@ unknown_payload_t *unknown_payload_create_data(payload_type_t type, this->payload_length = UNKNOWN_PAYLOAD_HEADER_LENGTH + data.len; return &this->public; +>>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h index 5ae85331b..b874f6dc3 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.h +++ b/src/libcharon/encoding/payloads/unknown_payload.h @@ -70,6 +70,13 @@ struct unknown_payload_t { }; /** +<<<<<<< HEAD + * Creates an empty unknown_payload_t object. + * + * @return unknown_payload_t object + */ +unknown_payload_t *unknown_payload_create(void); +======= * Creates an empty unknown_payload_t. * * @param type of the payload @@ -87,5 +94,6 @@ unknown_payload_t *unknown_payload_create(payload_type_t type); */ unknown_payload_t *unknown_payload_create_data(payload_type_t type, bool critical, chunk_t data); +>>>>>>> upstream/4.5.1 #endif /** UNKNOWN_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index e9e80e989..d2295e4a2 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -1,6 +1,10 @@ /* +<<<<<<< HEAD + * Copyright (C) 2005-2009 Martin Willi +======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -42,11 +46,14 @@ struct private_vendor_id_payload_t { bool critical; /** +<<<<<<< HEAD +======= * Reserved bits */ bool reserved[7]; /** +>>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -65,6 +72,23 @@ struct private_vendor_id_payload_t { */ encoding_rule_t vendor_id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ +<<<<<<< HEAD + { U_INT_8, offsetof(private_vendor_id_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_vendor_id_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_vendor_id_payload_t, payload_length)}, + /* some vendor_id data bytes, length is defined in PAYLOAD_LENGTH */ + { VID_DATA, offsetof(private_vendor_id_payload_t, data) } +======= { U_INT_8, offsetof(private_vendor_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_vendor_id_payload_t, critical) }, @@ -80,6 +104,7 @@ encoding_rule_t vendor_id_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_vendor_id_payload_t, payload_length)}, /* some vendor_id data bytes, length is defined in PAYLOAD_LENGTH */ { VID_DATA, offsetof(private_vendor_id_payload_t, data) } +>>>>>>> upstream/4.5.1 }; /* @@ -94,12 +119,35 @@ encoding_rule_t vendor_id_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +<<<<<<< HEAD +/** + * Implementation of payload_t.verify. + */ +static status_t verify(private_vendor_id_payload_t *this) +======= METHOD(payload_t, verify, status_t, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of vendor_id_payload_t.get_encoding_rules. + */ +static void get_encoding_rules(private_vendor_id_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) +{ + *rules = vendor_id_payload_encodings; + *rule_count = sizeof(vendor_id_payload_encodings) / sizeof(encoding_rule_t); +} + +/** + * Implementation of payload_t.get_type. + */ +static payload_type_t get_payload_type(private_vendor_id_payload_t *this) +======= METHOD(payload_t, get_encoding_rules, void, private_vendor_id_payload_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -110,36 +158,72 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return VENDOR_ID; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_next_type. + */ +static payload_type_t get_next_type(private_vendor_id_payload_t *this) +======= METHOD(payload_t, get_next_type, payload_type_t, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->next_payload; } +<<<<<<< HEAD +/** + * Implementation of payload_t.set_next_type. + */ +static void set_next_type(private_vendor_id_payload_t *this,payload_type_t type) +======= METHOD(payload_t, set_next_type, void, private_vendor_id_payload_t *this, payload_type_t type) +>>>>>>> upstream/4.5.1 { this->next_payload = type; } +<<<<<<< HEAD +/** + * Implementation of payload_t.get_length. + */ +static size_t get_length(private_vendor_id_payload_t *this) +======= METHOD(payload_t, get_length, size_t, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->payload_length; } +<<<<<<< HEAD +/** + * Implementation of vendor_id_payload_t.get_data. + */ +static chunk_t get_data(private_vendor_id_payload_t *this) +======= METHOD(vendor_id_payload_t, get_data, chunk_t, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { return this->data; } +<<<<<<< HEAD +/** + * Implementation of payload_t.destroy and vendor_id_payload_t.destroy. + */ +static void destroy(private_vendor_id_payload_t *this) +======= METHOD2(payload_t, vendor_id_payload_t, destroy, void, private_vendor_id_payload_t *this) +>>>>>>> upstream/4.5.1 { free(this->data.ptr); free(this); @@ -148,6 +232,26 @@ METHOD2(payload_t, vendor_id_payload_t, destroy, void, /* * Described in header */ +<<<<<<< HEAD +vendor_id_payload_t *vendor_id_payload_create() +{ + private_vendor_id_payload_t *this = malloc_thing(private_vendor_id_payload_t); + + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; + this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; + this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; + this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data; + + this->critical = FALSE; + this->next_payload = NO_PAYLOAD; + this->payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH; + this->data = chunk_empty; + +======= vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) { private_vendor_id_payload_t *this; @@ -170,13 +274,28 @@ vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) .payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH + data.len, .data = data, ); +>>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header */ +<<<<<<< HEAD +vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) +{ + private_vendor_id_payload_t *this; + + this = (private_vendor_id_payload_t*)vendor_id_payload_create(); + this->payload_length += data.len; + this->data = data; + + return &this->public; +} + +======= vendor_id_payload_t *vendor_id_payload_create() { return vendor_id_payload_create_data(chunk_empty); } +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 4e4e7d8eb..45cce985e 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h @@ -50,11 +50,14 @@ struct vendor_id_payload_t { * @return VID data, pointing to an internal chunk_t */ chunk_t (*get_data)(vendor_id_payload_t *this); +<<<<<<< HEAD +======= /** * Destroy Vendor ID payload. */ void (*destroy)(vendor_id_payload_t *this); +>>>>>>> upstream/4.5.1 }; /** diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 018318a59..7f3cd1692 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c index 12cf0c941..b6836cb1f 100644 --- a/src/libcharon/plugins/addrblock/addrblock_validator.c +++ b/src/libcharon/plugins/addrblock/addrblock_validator.c @@ -1,6 +1,13 @@ /* +<<<<<<< HEAD + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * Copyright (C) 2009 Andreas Steffen + * Hochschule fuer Technik Rapperswil +======= * Copyright (C) 2010 Martin Willi, revosec AG * Copyright (C) 2009 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +>>>>>>> upstream/4.5.1 * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,8 +95,12 @@ static bool check_addrblock(x509_t *subject, x509_t *issuer) METHOD(cert_validator_t, validate, bool, private_addrblock_validator_t *this, certificate_t *subject, +<<<<<<< HEAD + certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *issuer, bool online, int pathlen, bool anchor, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509) diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in index 7d6eb2b9c..d9700f810 100644 --- a/src/libcharon/plugins/android/Makefile.in +++ b/src/libcharon/plugins/android/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/android/android_creds.c b/src/libcharon/plugins/android/android_creds.c index 601c91e7b..69941848c 100644 --- a/src/libcharon/plugins/android/android_creds.c +++ b/src/libcharon/plugins/android/android_creds.c @@ -235,7 +235,11 @@ METHOD(android_creds_t, set_username_password, void, DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); +<<<<<<< HEAD + this->pass = password ? strdup(password) : NULL; +======= this->pass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 487567f2a..c222d8a65 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -291,8 +291,13 @@ static job_requeue_t initiate(private_android_service_t *this) peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 8046fc052..9c4ad3a02 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 8851c1b79..521bf5595 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -459,7 +459,11 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) { dhcp_transaction_t *transaction = NULL; enumerator_t *enumerator; +<<<<<<< HEAD + host_t *offer, *server; +======= host_t *offer, *server = NULL; +>>>>>>> upstream/4.5.1 offer = host_create_from_chunk(AF_INET, chunk_from_thing(dhcp->your_address), 0); @@ -500,7 +504,11 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) chunk_create((char*)&option->data[pos], 4)); } } +<<<<<<< HEAD + if (option->type == DHCP_SERVER_ID && option->len == 4) +======= if (!server && option->type == DHCP_SERVER_ID && option->len == 4) +>>>>>>> upstream/4.5.1 { server = host_create_from_chunk(AF_INET, chunk_create(option->data, 4), DHCP_SERVER_PORT); @@ -515,11 +523,19 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) } DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); transaction->set_address(transaction, offer->clone(offer)); +<<<<<<< HEAD + transaction->set_server(transaction, server->clone(server)); +======= transaction->set_server(transaction, server); +>>>>>>> upstream/4.5.1 } this->mutex->unlock(this->mutex); this->condvar->broadcast(this->condvar); offer->destroy(offer); +<<<<<<< HEAD + server->destroy(server); +======= +>>>>>>> upstream/4.5.1 } /** diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 4a23f9010..adb0d8344 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index ad1ae1906..933bc8a5b 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 142a35e50..1592ea208 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 5c1e07ade..cc51086e6 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 4e01d96cc..e2c3b5c1f 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 495ccf441..669be68e8 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 99084e2c1..58a317769 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 90f203f61..4d219b861 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 3cd766a75..fb72884d4 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index a48fb652a..f7fc71bdf 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index f2af3ae0d..f26ec64df 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index 9a58a6055..b37d2714a 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 9ebb85be9..7334c6ce9 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index cf75585ef..db1f1c8c5 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index dd4ed5322..7d708b3b9 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -18,7 +18,11 @@ #include <tls_eap.h> #include <daemon.h> +<<<<<<< HEAD +#include <library.h> +======= #include <debug.h> +>>>>>>> upstream/4.5.1 typedef struct private_eap_tnc_t private_eap_tnc_t; @@ -114,8 +118,11 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, private_eap_tnc_t *this; size_t frag_size; int max_msg_count; +<<<<<<< HEAD +======= char* protocol; tnccs_type_t type; +>>>>>>> upstream/4.5.1 tnccs_t *tnccs; INIT(this, @@ -135,6 +142,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, "charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT); +<<<<<<< HEAD + tnccs = charon->tnccs->create_instance(charon->tnccs, TNCCS_1_1, is_server); +======= protocol = lib->settings->get_str(lib->settings, "charon.plugins.eap-tnc.protocol", "tnccs-1.1"); if (strcaseeq(protocol, "tnccs-2.0")) @@ -156,6 +166,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, return NULL; } tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server); +>>>>>>> upstream/4.5.1 this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size, max_msg_count); if (!this->tls_eap) { diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index ff67686b2..36121c7a7 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index 29b0a9303..c8e099ad5 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -196,7 +196,10 @@ METHOD(tls_application_t, process, status_t, in->destroy(in); return NEED_MORE; } +<<<<<<< HEAD +======= this->start_phase2 = FALSE; +>>>>>>> upstream/4.5.1 } type = this->method->get_type(this->method, &vendor); diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 21e8b78db..5f6354f32 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 2fcd7cc82..8be700808 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c index 15f7824f9..698f73e12 100644 --- a/src/libcharon/plugins/ha/ha_ctl.c +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -21,8 +21,13 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> +<<<<<<< HEAD +#include <pthread.h> + +======= #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define HA_FIFO IPSEC_PIDDIR "/charon.ha" @@ -60,6 +65,15 @@ struct private_ha_ctl_t { */ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) { +<<<<<<< HEAD + int fifo, old; + char buf[8]; + u_int segment; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old); + fifo = open(HA_FIFO, O_RDONLY); + pthread_setcancelstate(old, NULL); +======= int fifo; bool oldstate; char buf[8]; @@ -68,6 +82,7 @@ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) oldstate = thread_cancelability(TRUE); fifo = open(HA_FIFO, O_RDONLY); thread_cancelability(oldstate); +>>>>>>> upstream/4.5.1 if (fifo == -1) { DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 85dc0f4a4..1015c65d0 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -596,9 +596,15 @@ static void process_child_add(private_ha_dispatcher_t *this, if (initiator) { if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi, +<<<<<<< HEAD + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_i, integ_i, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) +======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_i, integ_i, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) +>>>>>>> upstream/4.5.1 { failed = TRUE; } @@ -606,9 +612,15 @@ static void process_child_add(private_ha_dispatcher_t *this, else { if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi, +<<<<<<< HEAD + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_r, integ_r, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) +======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_r, integ_r, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) +>>>>>>> upstream/4.5.1 { failed = TRUE; } diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index 7c7bef851..a83c1fd43 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -15,10 +15,18 @@ #include "ha_segments.h" +<<<<<<< HEAD +#include <pthread.h> + +#include <threading/mutex.h> +#include <threading/condvar.h> +#include <utils/linked_list.h> +======= #include <threading/mutex.h> #include <threading/condvar.h> #include <utils/linked_list.h> #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define DEFAULT_HEARTBEAT_DELAY 1000 @@ -254,6 +262,18 @@ METHOD(listener_t, alert_hook, bool, */ static job_requeue_t watchdog(private_ha_segments_t *this) { +<<<<<<< HEAD + int oldstate; + bool timeout; + + this->mutex->lock(this->mutex); + pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + timeout = this->condvar->timed_wait(this->condvar, this->mutex, + this->heartbeat_timeout); + pthread_setcancelstate(oldstate, NULL); + pthread_cleanup_pop(TRUE); +======= bool timeout, oldstate; this->mutex->lock(this->mutex); @@ -263,6 +283,7 @@ static job_requeue_t watchdog(private_ha_segments_t *this) this->heartbeat_timeout); thread_cancelability(oldstate); thread_cleanup_pop(TRUE); +>>>>>>> upstream/4.5.1 if (timeout) { DBG1(DBG_CFG, "no heartbeat received, taking all segments"); diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c index 086178442..29734bea3 100644 --- a/src/libcharon/plugins/ha/ha_socket.c +++ b/src/libcharon/plugins/ha/ha_socket.c @@ -20,10 +20,17 @@ #include <sys/socket.h> #include <errno.h> #include <unistd.h> +<<<<<<< HEAD +#include <pthread.h> + +#include <daemon.h> +#include <utils/host.h> +======= #include <daemon.h> #include <utils/host.h> #include <threading/thread.h> +>>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> typedef struct private_ha_socket_t private_ha_socket_t; @@ -121,12 +128,21 @@ METHOD(ha_socket_t, pull, ha_message_t*, { ha_message_t *message; char buf[1024]; +<<<<<<< HEAD + int oldstate; + ssize_t len; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + len = recv(this->fd, buf, sizeof(buf), 0); + pthread_setcancelstate(oldstate, NULL); +======= bool oldstate; ssize_t len; oldstate = thread_cancelability(TRUE); len = recv(this->fd, buf, sizeof(buf), 0); thread_cancelability(oldstate); +>>>>>>> upstream/4.5.1 if (len <= 0) { switch (errno) diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 299053ec1..6021ece01 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -223,8 +223,13 @@ static void setup_tunnel(private_ha_tunnel_t *this, peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index fa1194fd0..0684599f8 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index c921ec3db..91bae2d05 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -225,7 +225,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,8 +270,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 71391d593..65fb5100e 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -224,8 +224,13 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index ef9d7f9ef..701fd59e4 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -52,7 +52,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 8fd65adfa..f93cdf154 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -28,8 +28,11 @@ #include <threading/condvar.h> #include <threading/mutex.h> +<<<<<<< HEAD +======= static const char *plugin_name = "load_tester"; +>>>>>>> upstream/4.5.1 typedef struct private_load_tester_plugin_t private_load_tester_plugin_t; /** @@ -191,7 +194,11 @@ plugin_t *load_tester_plugin_create() this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +<<<<<<< HEAD + lib->crypto->add_dh(lib->crypto, MODP_NULL, +======= lib->crypto->add_dh(lib->crypto, MODP_NULL, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)load_tester_diffie_hellman_create); this->delay = lib->settings->get_int(lib->settings, diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am index 0bf7fad5d..95a76fe90 100644 --- a/src/libcharon/plugins/maemo/Makefile.am +++ b/src/libcharon/plugins/maemo/Makefile.am @@ -19,9 +19,13 @@ libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service +<<<<<<< HEAD +EXTRA_DIST = $(dbusservice_DATA) +======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index 0ca1fa436..cfa6e6115 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -288,8 +297,12 @@ libstrongswan_maemo_la_SOURCES = \ libstrongswan_maemo_la_LDFLAGS = -module -avoid-version libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service +<<<<<<< HEAD +EXTRA_DIST = $(dbusservice_DATA) +======= EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) +>>>>>>> upstream/4.5.1 all: all-am .SUFFIXES: @@ -529,7 +542,10 @@ install-strip: mostlyclean-generic: clean-generic: +<<<<<<< HEAD +======= -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +>>>>>>> upstream/4.5.1 distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -628,9 +644,12 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES uninstall-pluginLTLIBRARIES +<<<<<<< HEAD +======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ +>>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 0e9fd8ccc..38ac6f8fc 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -115,11 +115,20 @@ METHOD(listener_t, ike_updown, bool, return TRUE; } +<<<<<<< HEAD +METHOD(listener_t, child_state_change, bool, + private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + child_sa_state_t state) +{ + /* this call back is only registered during initiation */ + if (this->ike_sa == ike_sa && state == CHILD_DESTROYING) +======= METHOD(listener_t, ike_state_change, bool, private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) { /* this call back is only registered during initiation */ if (this->ike_sa == ike_sa && state == IKE_DESTROYING) +>>>>>>> upstream/4.5.1 { change_status(this, VPN_STATUS_CONNECTION_FAILED); return FALSE; @@ -137,7 +146,11 @@ METHOD(listener_t, child_updown, bool, { /* disable hooks registered to catch initiation failures */ this->public.listener.ike_updown = NULL; +<<<<<<< HEAD + this->public.listener.child_state_change = NULL; +======= this->public.listener.ike_state_change = NULL; +>>>>>>> upstream/4.5.1 change_status(this, VPN_STATUS_CONNECTED); } else @@ -346,7 +359,11 @@ static gboolean initiate_connection(private_maemo_service_t *this, child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, +<<<<<<< HEAD + FALSE, 0, 0, NULL, NULL); +======= ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); @@ -370,7 +387,11 @@ static gboolean initiate_connection(private_maemo_service_t *this, this->ike_sa = ike_sa; this->status = VPN_STATUS_CONNECTING; this->public.listener.ike_updown = _ike_updown; +<<<<<<< HEAD + this->public.listener.child_state_change = _child_state_change; +======= this->public.listener.ike_state_change = _ike_state_change; +>>>>>>> upstream/4.5.1 charon->bus->add_listener(charon->bus, &this->public.listener); if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) @@ -463,7 +484,11 @@ maemo_service_t *maemo_service_create() .public = { .listener = { .ike_updown = _ike_updown, +<<<<<<< HEAD + .child_state_change = _child_state_change, +======= .ike_state_change = _ike_state_change, +>>>>>>> upstream/4.5.1 .child_updown = _child_updown, .ike_rekey = _ike_rekey, }, diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service b/src/libcharon/plugins/maemo/org.strongswan.charon.service new file mode 100644 index 000000000..7dd31ed60 --- /dev/null +++ b/src/libcharon/plugins/maemo/org.strongswan.charon.service @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.strongswan.charon +Exec=/usr/bin/run-standalone.sh /usr/libexec/ipsec/charon +User=root diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 372a436a6..5f965cb8a 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index b5672dba9..c2e8aad12 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -182,8 +182,13 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -261,8 +266,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->current->add_auth_cfg(this->current, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 4bb65bd09..d90ac0149 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in index 69af7bf83..9ad535ea8 100644 --- a/src/libcharon/plugins/nm/Makefile.in +++ b/src/libcharon/plugins/nm/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c index ea98c056d..869520c6c 100644 --- a/src/libcharon/plugins/nm/nm_creds.c +++ b/src/libcharon/plugins/nm/nm_creds.c @@ -400,7 +400,11 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); +<<<<<<< HEAD + this->pass = password ? strdup(password) : NULL; +======= this->pass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -411,7 +415,11 @@ static void set_key_password(private_nm_creds_t *this, char *password) { this->lock->write_lock(this->lock); free(this->keypass); +<<<<<<< HEAD + this->keypass = password ? strdup(password) : NULL; +======= this->keypass = strdupnull(password); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -423,7 +431,11 @@ static void set_pin(private_nm_creds_t *this, chunk_t keyid, char *pin) this->lock->write_lock(this->lock); free(this->keypass); free(this->keyid.ptr); +<<<<<<< HEAD + this->keypass = pin ? strdup(pin) : NULL; +======= this->keypass = strdupnull(pin); +>>>>>>> upstream/4.5.1 this->keyid = chunk_clone(keyid); this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index 4300b57cf..e32fe65dd 100644 --- a/src/libcharon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -518,8 +518,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 3d2cef13c..bac03bd03 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index b82372e30..e9fc5ef07 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 7a49088b2..6059d98a1 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in index 744b12fcf..fe30169b5 100644 --- a/src/libcharon/plugins/socket_raw/Makefile.in +++ b/src/libcharon/plugins/socket_raw/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 4244d3b5e..2446e257d 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index dc016012c..0ca481bb9 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -1,6 +1,9 @@ /* * Copyright (C) 2006-2008 Martin Willi +<<<<<<< HEAD +======= * Copyright (C) 2010 Andreas Steffen +>>>>>>> upstream/4.5.1 * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -39,13 +42,21 @@ struct private_sql_config_t { }; /** +<<<<<<< HEAD + * forward declaration +======= * Forward declaration +>>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other); /** +<<<<<<< HEAD + * build a traffic selector from a SQL query +======= * Build a traffic selector from an SQL query +>>>>>>> upstream/4.5.1 */ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, enumerator_t *e, bool *local) @@ -120,6 +131,18 @@ static void add_traffic_selectors(private_sql_config_t *this, } /** +<<<<<<< HEAD + * build a Child configuration from a SQL query + */ +static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) +{ + int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; + char *name, *updown; + child_cfg_t *child_cfg; + + if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, + &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) +======= * Add ESP proposals to a child config */ static void add_esp_proposals(private_sql_config_t *this, @@ -168,14 +191,21 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid)) +>>>>>>> upstream/4.5.1 { lifetime_cfg_t lft = { .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, +<<<<<<< HEAD + dpd, close, ipcomp, 0, 0, NULL, NULL); + /* TODO: read proposal from db */ + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); +======= start, dpd, close, ipcomp, 0, reqid, NULL, NULL, 0); add_esp_proposals(this, child_cfg, id); +>>>>>>> upstream/4.5.1 add_traffic_selectors(this, child_cfg, id); return child_cfg; } @@ -191,6 +221,15 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) child_cfg_t *child_cfg; e = this->db->query(this->db, +<<<<<<< HEAD + "SELECT id, name, lifetime, rekeytime, jitter, " + "updown, hostaccess, mode, dpd_action, close_action, ipcomp " + "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " + "WHERE peer_cfg = ?", + DB_INT, id, + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, + DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); +======= "SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, " "mode, start_action, dpd_action, close_action, ipcomp, reqid " "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " @@ -198,6 +237,7 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); +>>>>>>> upstream/4.5.1 if (e) { while ((child_cfg = build_child_cfg(this, e))) @@ -209,6 +249,9 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) } /** +<<<<<<< HEAD + * build a ike configuration from a SQL query +======= * Add IKE proposals to an IKE config */ static void add_ike_proposals(private_sql_config_t *this, @@ -247,27 +290,44 @@ static void add_ike_proposals(private_sql_config_t *this, /** * Build an IKE config from an SQL query +>>>>>>> upstream/4.5.1 */ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, host_t *my_host, host_t *other_host) { +<<<<<<< HEAD + int certreq, force_encap; + char *local, *remote; + + while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) +======= int id, certreq, force_encap; char *local, *remote; while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote)) +>>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg; ike_cfg = ike_cfg_create(certreq, force_encap, local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); +<<<<<<< HEAD + /* TODO: read proposal from db */ + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); +======= add_ike_proposals(this, ike_cfg, id); +>>>>>>> upstream/4.5.1 return ike_cfg; } return NULL; } /** +<<<<<<< HEAD + * Query a IKE config by its id +======= * Query an IKE config by its id +>>>>>>> upstream/4.5.1 */ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { @@ -275,10 +335,17 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, +<<<<<<< HEAD + "SELECT certreq, force_encap, local, remote " + "FROM ike_configs WHERE id = ?", + DB_INT, id, + DB_INT, DB_INT, DB_TEXT, DB_TEXT); +======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); +>>>>>>> upstream/4.5.1 if (e) { ike_cfg = build_ike_cfg(this, e, NULL, NULL); @@ -321,7 +388,11 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } /** +<<<<<<< HEAD + * build a peer configuration from a SQL query +======= * Build a peer config from an SQL query +>>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other) @@ -400,8 +471,15 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, return NULL; } +<<<<<<< HEAD +/** + * implements backend_t.get_peer_cfg_by_name. + */ +static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) +======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_sql_config_t *this, char *name) +>>>>>>> upstream/4.5.1 { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; @@ -471,8 +549,16 @@ static void ike_enumerator_destroy(ike_enumerator_t *this) free(this); } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_ike_cfg_enumerator. + */ +static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, + host_t *me, host_t *other) +======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_sql_config_t *this, host_t *me, host_t *other) +>>>>>>> upstream/4.5.1 { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); @@ -484,9 +570,15 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, e->public.destroy = (void*)ike_enumerator_destroy; e->inner = this->db->query(this->db, +<<<<<<< HEAD + "SELECT certreq, force_encap, local, remote " + "FROM ike_configs", + DB_INT, DB_INT, DB_TEXT, DB_TEXT); +======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs", DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); +>>>>>>> upstream/4.5.1 if (!e->inner) { free(e); @@ -536,8 +628,17 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) free(this); } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_peer_cfg_enumerator. + */ +static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, + identification_t *me, + identification_t *other) +======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_sql_config_t *this, identification_t *me, identification_t *other) +>>>>>>> upstream/4.5.1 { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); @@ -574,8 +675,15 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +/** + * Implementation of sql_config_t.destroy. + */ +static void destroy(private_sql_config_t *this) +======= METHOD(sql_config_t, destroy, void, private_sql_config_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -585,6 +693,16 @@ METHOD(sql_config_t, destroy, void, */ sql_config_t *sql_config_create(database_t *db) { +<<<<<<< HEAD + private_sql_config_t *this = malloc_thing(private_sql_config_t); + + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; + this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; + this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; + this->public.destroy = (void(*)(sql_config_t*))destroy; + + this->db = db; +======= private_sql_config_t *this; INIT(this, @@ -598,6 +716,7 @@ sql_config_t *sql_config_create(database_t *db) }, .db = db ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 117eec921..a72450f27 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -38,7 +41,10 @@ struct private_sql_cred_t { database_t *db; }; +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over private keys */ @@ -51,8 +57,16 @@ typedef struct { private_key_t *current; } private_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.public.enumerate + */ +static bool private_enumerator_enumerate(private_enumerator_t *this, + private_key_t **key) +======= METHOD(enumerator_t, private_enumerator_enumerate, bool, private_enumerator_t *this, private_key_t **key) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -61,7 +75,11 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, +<<<<<<< HEAD + BUILD_BLOB_ASN1_DER, blob, +======= BUILD_BLOB_PEM, blob, +>>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -73,14 +91,36 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.public.destroy + */ +static void private_enumerator_destroy(private_enumerator_t *this) +======= METHOD(enumerator_t, private_enumerator_destroy, void, private_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_private_enumerator. + */ +static enumerator_t* create_private_enumerator(private_sql_cred_t *this, + key_type_t type, + identification_t *id) +{ + private_enumerator_t *e; + + e = malloc_thing(private_enumerator_t); + e->current = NULL; + e->public.enumerate = (void*)private_enumerator_enumerate; + e->public.destroy = (void*)private_enumerator_destroy; +======= METHOD(credential_set_t, create_private_enumerator, enumerator_t*, private_sql_cred_t *this, key_type_t type, identification_t *id) { @@ -92,6 +132,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, .destroy = _private_enumerator_destroy, }, ); +>>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -118,7 +159,10 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over certificates */ @@ -131,8 +175,16 @@ typedef struct { certificate_t *current; } cert_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of cert_enumerator_t.public.enumerate + */ +static bool cert_enumerator_enumerate(cert_enumerator_t *this, + certificate_t **cert) +======= METHOD(enumerator_t, cert_enumerator_enumerate, bool, cert_enumerator_t *this, certificate_t **cert) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -141,7 +193,11 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, +<<<<<<< HEAD + BUILD_BLOB_ASN1_DER, blob, +======= BUILD_BLOB_PEM, blob, +>>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -153,14 +209,36 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of cert_enumerator_t.public.destroy + */ +static void cert_enumerator_destroy(cert_enumerator_t *this) +======= METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_cert_enumerator. + */ +static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + cert_enumerator_t *e; + + e = malloc_thing(cert_enumerator_t); + e->current = NULL; + e->public.enumerate = (void*)cert_enumerator_enumerate; + e->public.destroy = (void*)cert_enumerator_destroy; +======= METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, private_sql_cred_t *this, certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) @@ -173,6 +251,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, .destroy = _cert_enumerator_destroy, }, ); +>>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -203,7 +282,10 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 /** * enumerator over shared keys */ @@ -220,9 +302,18 @@ typedef struct { shared_key_t *current; } shared_enumerator_t; +<<<<<<< HEAD +/** + * Implementation of shared_enumerator_t.public.enumerate + */ +static bool shared_enumerator_enumerate(shared_enumerator_t *this, + shared_key_t **shared, + id_match_t *me, id_match_t *other) +======= METHOD(enumerator_t, shared_enumerator_enumerate, bool, shared_enumerator_t *this, shared_key_t **shared, id_match_t *me, id_match_t *other) +>>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -249,14 +340,38 @@ METHOD(enumerator_t, shared_enumerator_enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of shared_enumerator_t.public.destroy + */ +static void shared_enumerator_destroy(shared_enumerator_t *this) +======= METHOD(enumerator_t, shared_enumerator_destroy, void, shared_enumerator_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_shared_enumerator. + */ +static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, + shared_key_type_t type, + identification_t *me, identification_t *other) +{ + shared_enumerator_t *e; + + e = malloc_thing(shared_enumerator_t); + e->me = me; + e->other = other; + e->current = NULL; + e->public.enumerate = (void*)shared_enumerator_enumerate; + e->public.destroy = (void*)shared_enumerator_destroy; +======= METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, private_sql_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) @@ -271,6 +386,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, .me = me, .other = other, ); +>>>>>>> upstream/4.5.1 if (!me && !other) { e->inner = this->db->query(this->db, @@ -314,6 +430,12 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, return &e->public; } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_sql_cred_t *this, certificate_t *cert) +======= /** * enumerator over CDPs @@ -419,21 +541,44 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, METHOD(credential_set_t, cache_cert, void, private_sql_cred_t *this, certificate_t *cert) +>>>>>>> upstream/4.5.1 { /* TODO: implement CRL caching to database */ } +<<<<<<< HEAD +/** + * Implementation of sql_cred_t.destroy. + */ +static void destroy(private_sql_cred_t *this) +{ + free(this); +} +======= METHOD(sql_cred_t, destroy, void, private_sql_cred_t *this) { free(this); } +>>>>>>> upstream/4.5.1 /** * Described in header. */ sql_cred_t *sql_cred_create(database_t *db) { +<<<<<<< HEAD + private_sql_cred_t *this = malloc_thing(private_sql_cred_t); + + this->public.set.create_private_enumerator = (void*)create_private_enumerator; + this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; + this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; + this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)cache_cert; + this->public.destroy = (void(*)(sql_cred_t*))destroy; + + this->db = db; +======= private_sql_cred_t *this; INIT(this, @@ -449,6 +594,7 @@ sql_cred_t *sql_cred_create(database_t *db) }, .db = db, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index ad1eb91b1..49b48c7f4 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -53,8 +53,15 @@ struct private_sql_plugin_t { sql_logger_t *logger; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_sql_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sql_plugin_t *this) +>>>>>>> upstream/4.5.1 { charon->backends->remove_backend(charon->backends, &this->config->backend); lib->credmgr->remove_set(lib->credmgr, &this->cred->set); @@ -81,6 +88,13 @@ plugin_t *sql_plugin_create() return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_sql_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->db = lib->db->create(lib->db, uri); +======= INIT(this, .public = { .plugin = { @@ -90,6 +104,7 @@ plugin_t *sql_plugin_create() .db = lib->db->create(lib->db, uri), ); +>>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "sql plugin failed to connect to database"); diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index e561224e9..29f680174 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -21,6 +21,11 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ +<<<<<<< HEAD + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c +======= stroke_list.h stroke_list.c +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index ccf3eeede..3649c8ee9 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -77,7 +77,11 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_stroke_la_LIBADD = am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \ stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \ +<<<<<<< HEAD + stroke_attribute.lo stroke_list.lo stroke_shared_key.lo +======= stroke_attribute.lo stroke_list.lo +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_OBJECTS = \ $(am_libstrongswan_stroke_la_OBJECTS) libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -223,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -292,7 +305,12 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ +<<<<<<< HEAD + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c +======= stroke_list.h stroke_list.c +>>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version all: all-am @@ -385,6 +403,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_plugin.Plo@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_shared_key.Plo@am__quote@ +======= +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_socket.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 69e13deb9..57126053b 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -113,7 +113,10 @@ static void ca_section_destroy(ca_section_t *this) this->crl->destroy_function(this->crl, free); this->ocsp->destroy_function(this->ocsp, free); this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy)); +<<<<<<< HEAD +======= this->cert->destroy(this->cert); +>>>>>>> upstream/4.5.1 free(this->certuribase); free(this->name); free(this); @@ -208,8 +211,16 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data return enumerator; } +<<<<<<< HEAD +/** + * Implementation of credential_set_t.create_cdp_enumerator. + */ +static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, + certificate_type_t type, identification_t *id) +======= METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, private_stroke_ca_t *this, certificate_type_t type, identification_t *id) +>>>>>>> upstream/4.5.1 { cdp_data_t *data; @@ -233,9 +244,16 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, data, (void*)cdp_data_destroy); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.add. + */ +static void add(private_stroke_ca_t *this, stroke_msg_t *msg) +======= METHOD(stroke_ca_t, add, void, private_stroke_ca_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { certificate_t *cert; ca_section_t *ca; @@ -276,8 +294,15 @@ METHOD(stroke_ca_t, add, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.del. + */ +static void del(private_stroke_ca_t *this, stroke_msg_t *msg) +======= METHOD(stroke_ca_t, del, void, private_stroke_ca_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ca_section_t *ca = NULL; @@ -331,8 +356,15 @@ static void list_uris(linked_list_t *list, char *label, FILE *out) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.check_for_hash_and_url. + */ +static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cert) +======= METHOD(stroke_ca_t, check_for_hash_and_url, void, private_stroke_ca_t *this, certificate_t* cert) +>>>>>>> upstream/4.5.1 { ca_section_t *section; enumerator_t *enumerator; @@ -369,8 +401,15 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void, hasher->destroy(hasher); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.list. + */ +static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_ca_t, list, void, private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { bool first = TRUE; ca_section_t *section; @@ -417,8 +456,15 @@ METHOD(stroke_ca_t, list, void, this->lock->unlock(this->lock); } +<<<<<<< HEAD +/** + * Implementation of stroke_ca_t.destroy + */ +static void destroy(private_stroke_ca_t *this) +======= METHOD(stroke_ca_t, destroy, void, private_stroke_ca_t *this) +>>>>>>> upstream/4.5.1 { this->sections->destroy_function(this->sections, (void*)ca_section_destroy); this->lock->destroy(this->lock); @@ -430,6 +476,24 @@ METHOD(stroke_ca_t, destroy, void, */ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { +<<<<<<< HEAD + private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); + + this->public.set.create_private_enumerator = (void*)return_null; + this->public.set.create_cert_enumerator = (void*)return_null; + this->public.set.create_shared_enumerator = (void*)return_null; + this->public.set.create_cdp_enumerator = (void*)create_cdp_enumerator; + this->public.set.cache_cert = (void*)nop; + this->public.add = (void(*)(stroke_ca_t*, stroke_msg_t *msg))add; + this->public.del = (void(*)(stroke_ca_t*, stroke_msg_t *msg))del; + this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; + this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; + this->public.destroy = (void(*)(stroke_ca_t*))destroy; + + this->sections = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + this->cred = cred; +======= private_stroke_ca_t *this; INIT(this, @@ -451,6 +515,7 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .cred = cred, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index ea7d17592..11822a3bc 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -53,8 +53,17 @@ struct private_stroke_config_t { stroke_cred_t *cred; }; +<<<<<<< HEAD +/** + * Implementation of backend_t.create_peer_cfg_enumerator. + */ +static enumerator_t* create_peer_cfg_enumerator(private_stroke_config_t *this, + identification_t *me, + identification_t *other) +======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, identification_t *me, identification_t *other) +>>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_cleaner(this->list->create_enumerator(this->list), @@ -70,8 +79,16 @@ static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of backend_t.create_ike_cfg_enumerator. + */ +static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this, + host_t *me, host_t *other) +======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, host_t *me, host_t *other) +>>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_filter(this->list->create_enumerator(this->list), @@ -79,8 +96,15 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, (void*)this->mutex->unlock); } +<<<<<<< HEAD +/** + * implements backend_t.get_peer_cfg_by_name. + */ +static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *name) +======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_stroke_config_t *this, char *name) +>>>>>>> upstream/4.5.1 { enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; @@ -429,6 +453,15 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator->destroy(enumerator); } +<<<<<<< HEAD + /* authentication metod (class, actually) */ + if (streq(auth, "pubkey") || + streq(auth, "rsasig") || streq(auth, "rsa") || + streq(auth, "ecdsasig") || streq(auth, "ecdsa")) + { + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + build_crl_policy(cfg, local, msg->add_conn.crl_policy); +======= /* certificatePolicies */ if (end->cert_policy) { @@ -461,6 +494,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, { cfg->add(cfg, AUTH_RULE_ECDSA_STRENGTH, (uintptr_t)strength); } +>>>>>>> upstream/4.5.1 } else if (streq(auth, "psk") || streq(auth, "secret")) { @@ -824,9 +858,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, +<<<<<<< HEAD + msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, + msg->add_conn.inactivity, msg->add_conn.reqid, + &mark_in, &mark_out); +======= msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp, msg->add_conn.inactivity, msg->add_conn.reqid, &mark_in, &mark_out, msg->add_conn.tfc); +>>>>>>> upstream/4.5.1 child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); @@ -837,8 +877,15 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, return child_cfg; } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.add. + */ +static void add(private_stroke_config_t *this, stroke_msg_t *msg) +======= METHOD(stroke_config_t, add, void, private_stroke_config_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg, *existing_ike; peer_cfg_t *peer_cfg, *existing; @@ -898,8 +945,15 @@ METHOD(stroke_config_t, add, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.del. + */ +static void del(private_stroke_config_t *this, stroke_msg_t *msg) +======= METHOD(stroke_config_t, del, void, private_stroke_config_t *this, stroke_msg_t *msg) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; peer_cfg_t *peer; @@ -950,8 +1004,15 @@ METHOD(stroke_config_t, del, void, } } +<<<<<<< HEAD +/** + * Implementation of stroke_config_t.destroy + */ +static void destroy(private_stroke_config_t *this) +======= METHOD(stroke_config_t, destroy, void, private_stroke_config_t *this) +>>>>>>> upstream/4.5.1 { this->list->destroy_offset(this->list, offsetof(peer_cfg_t, destroy)); this->mutex->destroy(this->mutex); @@ -963,6 +1024,21 @@ METHOD(stroke_config_t, destroy, void, */ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { +<<<<<<< HEAD + private_stroke_config_t *this = malloc_thing(private_stroke_config_t); + + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; + this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; + this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; + this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; + this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; + this->public.destroy = (void(*)(stroke_config_t*))destroy; + + this->list = linked_list_create(); + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); + this->ca = ca; + this->cred = cred; +======= private_stroke_config_t *this; INIT(this, @@ -981,6 +1057,7 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) .ca = ca, .cred = cred, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 3541ab8f9..03ba4c305 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -17,8 +17,11 @@ #include <daemon.h> #include <processing/jobs/delete_ike_sa_job.h> +<<<<<<< HEAD +======= #include <processing/jobs/rekey_ike_sa_job.h> #include <processing/jobs/rekey_child_sa_job.h> +>>>>>>> upstream/4.5.1 typedef struct private_stroke_control_t private_stroke_control_t; @@ -92,8 +95,15 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) return found; } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.initiate. + */ +static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, initiate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -137,6 +147,23 @@ METHOD(stroke_control_t, initiate, void, } /** +<<<<<<< HEAD + * Implementation of stroke_control_t.terminate. + */ +static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +{ + char *string, *pos = NULL, *name = NULL; + u_int32_t id = 0; + bool child, all = FALSE; + int len; + ike_sa_t *ike_sa; + enumerator_t *enumerator; + linked_list_t *ike_list, *child_list; + stroke_log_info_t info; + uintptr_t del; + + string = msg->terminate.name; +======= * Parse a terminate/rekey specifier */ static bool parse_specifier(char *string, u_int32_t *id, @@ -148,15 +175,37 @@ static bool parse_specifier(char *string, u_int32_t *id, *id = 0; *name = NULL; *all = FALSE; +>>>>>>> upstream/4.5.1 len = strlen(string); if (len < 1) { +<<<<<<< HEAD + DBG1(DBG_CFG, "error parsing string"); + return; +======= return FALSE; +>>>>>>> upstream/4.5.1 } switch (string[len-1]) { case '}': +<<<<<<< HEAD + child = TRUE; + pos = strchr(string, '{'); + break; + case ']': + child = FALSE; + pos = strchr(string, '['); + break; + default: + name = string; + child = FALSE; + break; + } + + if (name) +======= *child = TRUE; pos = strchr(string, '{'); break; @@ -171,18 +220,44 @@ static bool parse_specifier(char *string, u_int32_t *id, } if (*name) +>>>>>>> upstream/4.5.1 { /* is a single name */ } else if (pos == string + len - 2) { /* is name[] or name{} */ string[len-2] = '\0'; +<<<<<<< HEAD + name = string; +======= *name = string; +>>>>>>> upstream/4.5.1 } else { if (!pos) { +<<<<<<< HEAD + DBG1(DBG_CFG, "error parsing string"); + return; + } + if (*(pos + 1) == '*') + { /* is name[*] */ + all = TRUE; + *pos = '\0'; + name = string; + } + else + { /* is name[123] or name{23} */ + id = atoi(pos + 1); + if (id == 0) + { + DBG1(DBG_CFG, "error parsing string"); + return; + } + } + } +======= return FALSE; } if (*(pos + 1) == '*') @@ -220,6 +295,7 @@ METHOD(stroke_control_t, terminate, void, DBG1(DBG_CFG, "error parsing specifier string"); return; } +>>>>>>> upstream/4.5.1 info.out = out; info.level = msg->output_verbosity; @@ -306,6 +382,13 @@ METHOD(stroke_control_t, terminate, void, child_list->destroy(child_list); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.terminate_srcip. + */ +static void terminate_srcip(private_stroke_control_t *this, + stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, rekey, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { @@ -368,6 +451,7 @@ METHOD(stroke_control_t, rekey, void, METHOD(stroke_control_t, terminate_srcip, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ike_sa_t *ike_sa; @@ -432,8 +516,15 @@ METHOD(stroke_control_t, terminate_srcip, void, DESTROY_IF(end); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.purge_ike + */ +static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, purge_ike, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *iterator; @@ -470,8 +561,15 @@ METHOD(stroke_control_t, purge_ike, void, list->destroy(list); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.route. + */ +static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, route, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -509,8 +607,15 @@ METHOD(stroke_control_t, route, void, child_cfg->destroy(child_cfg); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.unroute. + */ +static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_control_t, unroute, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { child_sa_t *child_sa; enumerator_t *enumerator; @@ -532,8 +637,15 @@ METHOD(stroke_control_t, unroute, void, fprintf(out, "configuration '%s' not found\n", msg->unroute.name); } +<<<<<<< HEAD +/** + * Implementation of stroke_control_t.destroy + */ +static void destroy(private_stroke_control_t *this) +======= METHOD(stroke_control_t, destroy, void, private_stroke_control_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -543,6 +655,17 @@ METHOD(stroke_control_t, destroy, void, */ stroke_control_t *stroke_control_create() { +<<<<<<< HEAD + private_stroke_control_t *this = malloc_thing(private_stroke_control_t); + + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; + this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; + this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; + this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike; + this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; + this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; + this->public.destroy = (void(*)(stroke_control_t*))destroy; +======= private_stroke_control_t *this; INIT(this, @@ -557,6 +680,7 @@ stroke_control_t *stroke_control_create() .destroy = _destroy, }, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h index 869aab3d3..e4d67023a 100644 --- a/src/libcharon/plugins/stroke/stroke_control.h +++ b/src/libcharon/plugins/stroke/stroke_control.h @@ -54,6 +54,8 @@ struct stroke_control_t { void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** +<<<<<<< HEAD +======= * Rekey a connection. * * @param msg stroke message @@ -61,6 +63,7 @@ struct stroke_control_t { void (*rekey)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** +>>>>>>> upstream/4.5.1 * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 83e5a9ad6..6d9440778 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -1,5 +1,9 @@ /* +<<<<<<< HEAD + * Copyright (C) 2008 Tobias Brunner +======= * Copyright (C) 2008-2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -25,6 +29,10 @@ #include <unistd.h> #include "stroke_cred.h" +<<<<<<< HEAD +#include "stroke_shared_key.h" +======= +>>>>>>> upstream/4.5.1 #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -63,9 +71,30 @@ struct private_stroke_cred_t { stroke_cred_t public; /** +<<<<<<< HEAD + * list of trusted peer/signer/CA certificates (certificate_t) + */ + linked_list_t *certs; + + /** + * list of shared secrets (private_shared_key_t) + */ + linked_list_t *shared; + + /** + * list of private keys (private_key_t) + */ + linked_list_t *private; + + /** + * read-write lock to lists + */ + rwlock_t *lock; +======= * credentials */ mem_cred_t *creds; +>>>>>>> upstream/4.5.1 /** * cache CRLs to disk? @@ -74,6 +103,240 @@ struct private_stroke_cred_t { }; /** +<<<<<<< HEAD + * data to pass to various filters + */ +typedef struct { + private_stroke_cred_t *this; + identification_t *id; + certificate_type_t cert; + key_type_t key; +} id_data_t; + +/** + * destroy id enumerator data and unlock list + */ +static void id_data_destroy(id_data_t *data) +{ + data->this->lock->unlock(data->this->lock); + free(data); +} + +/** + * filter function for private key enumerator + */ +static bool private_filter(id_data_t *data, + private_key_t **in, private_key_t **out) +{ + private_key_t *key; + + key = *in; + if (data->key == KEY_ANY || data->key == key->get_type(key)) + { + if (data->id == NULL) + { + *out = key; + return TRUE; + } + if (key->has_fingerprint(key, data->id->get_encoding(data->id))) + { + *out = key; + return TRUE; + } + } + return FALSE; +} + +/** + * Implements credential_set_t.create_private_enumerator + */ +static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, + key_type_t type, identification_t *id) +{ + id_data_t *data; + + data = malloc_thing(id_data_t); + data->this = this; + data->id = id; + data->key = type; + + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->private->create_enumerator(this->private), + (void*)private_filter, data, + (void*)id_data_destroy); +} + +/** + * filter function for certs enumerator + */ +static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **out) +{ + public_key_t *public; + certificate_t *cert = *in; + + if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) + { + return FALSE; + } + if (data->id == NULL || cert->has_subject(cert, data->id)) + { + *out = *in; + return TRUE; + } + + public = cert->get_public_key(cert); + if (public) + { + if (data->key == KEY_ANY || data->key != public->get_type(public)) + { + if (public->has_fingerprint(public, data->id->get_encoding(data->id))) + { + public->destroy(public); + *out = *in; + return TRUE; + } + } + public->destroy(public); + } + return FALSE; +} + +/** + * Implements credential_set_t.create_cert_enumerator + */ +static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + id_data_t *data; + + if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC)) + { + return NULL; + } + data = malloc_thing(id_data_t); + data->this = this; + data->id = id; + data->cert = cert; + data->key = key; + + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->certs->create_enumerator(this->certs), + (void*)certs_filter, data, + (void*)id_data_destroy); +} + +typedef struct { + private_stroke_cred_t *this; + identification_t *me; + identification_t *other; + shared_key_type_t type; +} shared_data_t; + +/** + * free shared key enumerator data and unlock list + */ +static void shared_data_destroy(shared_data_t *data) +{ + data->this->lock->unlock(data->this->lock); + free(data); +} + +/** + * filter function for certs enumerator + */ +static bool shared_filter(shared_data_t *data, + stroke_shared_key_t **in, shared_key_t **out, + void **unused1, id_match_t *me, + void **unused2, id_match_t *other) +{ + id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE; + stroke_shared_key_t *stroke = *in; + shared_key_t *shared = &stroke->shared; + + if (data->type != SHARED_ANY && shared->get_type(shared) != data->type) + { + return FALSE; + } + + if (data->me) + { + my_match = stroke->has_owner(stroke, data->me); + } + if (data->other) + { + other_match = stroke->has_owner(stroke, data->other); + } + if ((data->me || data->other) && (!my_match && !other_match)) + { + return FALSE; + } + *out = shared; + if (me) + { + *me = my_match; + } + if (other) + { + *other = other_match; + } + return TRUE; +} + +/** + * Implements credential_set_t.create_shared_enumerator + */ +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, + shared_key_type_t type, identification_t *me, + identification_t *other) +{ + shared_data_t *data = malloc_thing(shared_data_t); + + data->this = this; + data->me = me; + data->other = other; + data->type = type; + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->shared->create_enumerator(this->shared), + (void*)shared_filter, data, + (void*)shared_data_destroy); +} + +/** + * Add a certificate to chain + */ +static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) +{ + certificate_t *current; + enumerator_t *enumerator; + bool new = TRUE; + + this->lock->read_lock(this->lock); + enumerator = this->certs->create_enumerator(this->certs); + while (enumerator->enumerate(enumerator, (void**)¤t)) + { + if (current->equals(current, cert)) + { + /* cert already in queue */ + cert->destroy(cert); + cert = current; + new = FALSE; + break; + } + } + enumerator->destroy(enumerator); + + if (new) + { + this->certs->insert_last(this->certs, cert); + } + this->lock->unlock(this->lock); + return cert; +} + +/** +======= +>>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_ca. */ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) @@ -105,12 +368,92 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) cert->destroy(cert); return NULL; } +<<<<<<< HEAD + return (certificate_t*)add_cert(this, cert); +======= return this->creds->add_cert_ref(this->creds, TRUE, cert); +>>>>>>> upstream/4.5.1 } return NULL; } /** +<<<<<<< HEAD + * Add X.509 CRL to chain + */ +static bool add_crl(private_stroke_cred_t *this, crl_t* crl) +{ + certificate_t *current, *cert = &crl->certificate; + enumerator_t *enumerator; + bool new = TRUE, found = FALSE; + + this->lock->write_lock(this->lock); + enumerator = this->certs->create_enumerator(this->certs); + while (enumerator->enumerate(enumerator, (void**)¤t)) + { + if (current->get_type(current) == CERT_X509_CRL) + { + crl_t *crl_c = (crl_t*)current; + chunk_t authkey = crl->get_authKeyIdentifier(crl); + chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); + + /* if compare authorityKeyIdentifiers if available */ + if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) + { + found = TRUE; + } + else + { + identification_t *issuer = cert->get_issuer(cert); + identification_t *issuer_c = current->get_issuer(current); + + /* otherwise compare issuer distinguished names */ + if (issuer->equals(issuer, issuer_c)) + { + found = TRUE; + } + } + if (found) + { + new = crl_is_newer(crl, crl_c); + if (new) + { + this->certs->remove_at(this->certs, enumerator); + } + else + { + cert->destroy(cert); + } + break; + } + } + } + enumerator->destroy(enumerator); + + if (new) + { + this->certs->insert_last(this->certs, cert); + } + this->lock->unlock(this->lock); + return new; +} + +/** + * Add X.509 attribute certificate to chain + */ +static bool add_ac(private_stroke_cred_t *this, ac_t* ac) +{ + certificate_t *cert = &ac->certificate; + + this->lock->write_lock(this->lock); + this->certs->insert_last(this->certs, cert); + this->lock->unlock(this->lock); + return TRUE; +} + +/** +======= +>>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_peer. */ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) @@ -133,10 +476,17 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) BUILD_END); if (cert) { +<<<<<<< HEAD + cert = add_cert(this, cert); + DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", + cert->get_subject(cert), filename); + return cert->get_ref(cert); +======= cert = this->creds->add_cert_ref(this->creds, TRUE, cert); DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", cert->get_subject(cert), filename); return cert; +>>>>>>> upstream/4.5.1 } DBG1(DBG_CFG, " loading certificate from '%s' failed", filename); return NULL; @@ -191,8 +541,13 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } else { +<<<<<<< HEAD + DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); +======= DBG1(DBG_CFG, " loaded ca certificate \"%Y\" " "from '%s'", cert->get_subject(cert), file); +>>>>>>> upstream/4.5.1 } } else @@ -220,7 +575,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } if (cert) { +<<<<<<< HEAD + add_cert(this, cert); +======= this->creds->add_cert(this->creds, TRUE, cert); +>>>>>>> upstream/4.5.1 } break; case CERT_X509_CRL: @@ -230,7 +589,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { +<<<<<<< HEAD + add_crl(this, (crl_t*)cert); +======= this->creds->add_crl(this->creds, (crl_t*)cert); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded crl from '%s'", file); } else @@ -245,7 +608,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { +<<<<<<< HEAD + add_ac(this, (ac_t*)cert); +======= this->creds->add_cert(this->creds, FALSE, cert); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded attribute certificate from '%s'", file); } @@ -273,7 +640,11 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) crl_t *crl = (crl_t*)cert; cert->get_ref(cert); +<<<<<<< HEAD + if (add_crl(this, crl)) +======= if (this->creds->add_crl(this->creds, crl)) +>>>>>>> upstream/4.5.1 { char buf[BUF_LEN]; chunk_t chunk, hex; @@ -594,6 +965,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, } /* unlock: smartcard needs the pin and potentially calls public set */ +<<<<<<< HEAD + this->lock->unlock(this->lock); +======= +>>>>>>> upstream/4.5.1 switch (format) { case SC_FORMAT_SLOT_MODULE_KEYID: @@ -615,6 +990,10 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, BUILD_PKCS11_KEYID, chunk, BUILD_END); break; } +<<<<<<< HEAD + this->lock->write_lock(this->lock); +======= +>>>>>>> upstream/4.5.1 if (mem) { lib->credmgr->remove_local_set(lib->credmgr, &mem->set); @@ -629,7 +1008,11 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); +<<<<<<< HEAD + this->private->insert_last(this->private, key); +======= this->creds->add_key(this->creds, key); +>>>>>>> upstream/4.5.1 } return TRUE; } @@ -700,8 +1083,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set); +<<<<<<< HEAD + /* unlock, as the builder might ask for a secret */ + this->lock->unlock(this->lock); key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); + this->lock->write_lock(this->lock); +======= + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, + BUILD_FROM_FILE, path, BUILD_END); +>>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); @@ -717,8 +1108,16 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, mem->add_shared(mem, shared, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set); +<<<<<<< HEAD + /* unlock, as the builder might ask for a secret */ + this->lock->unlock(this->lock); + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, + BUILD_FROM_FILE, path, BUILD_END); + this->lock->write_lock(this->lock); +======= key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); +>>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); @@ -727,7 +1126,11 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, { DBG1(DBG_CFG, " loaded %N private key from '%s'", key_type_names, key->get_type(key), path); +<<<<<<< HEAD + this->private->insert_last(this->private, key); +======= this->creds->add_key(this->creds, key); +>>>>>>> upstream/4.5.1 } else { @@ -742,8 +1145,12 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, shared_key_type_t type, chunk_t ids) { +<<<<<<< HEAD + stroke_shared_key_t *shared_key; +======= shared_key_t *shared_key; linked_list_t *owners; +>>>>>>> upstream/4.5.1 chunk_t secret = chunk_empty; bool any = TRUE; @@ -753,12 +1160,20 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh); return FALSE; } +<<<<<<< HEAD + shared_key = stroke_shared_key_create(type, secret); +======= shared_key = shared_key_create(type, secret); +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); +<<<<<<< HEAD + this->shared->insert_last(this->shared, shared_key); +======= owners = linked_list_create(); +>>>>>>> upstream/4.5.1 while (ids.len > 0) { chunk_t id; @@ -784,15 +1199,25 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, continue; } +<<<<<<< HEAD + shared_key->add_owner(shared_key, peer_id); +======= owners->insert_last(owners, peer_id); +>>>>>>> upstream/4.5.1 any = FALSE; } if (any) { +<<<<<<< HEAD + shared_key->add_owner(shared_key, + identification_create_from_encoding(ID_ANY, chunk_empty)); + } +======= owners->insert_last(owners, identification_create_from_encoding(ID_ANY, chunk_empty)); } this->creds->add_shared_list(this->creds, shared_key, owners); +>>>>>>> upstream/4.5.1 return TRUE; } @@ -804,6 +1229,11 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { int line_nr = 0, fd; chunk_t src, line; +<<<<<<< HEAD + private_key_t *private; + shared_key_t *shared; +======= +>>>>>>> upstream/4.5.1 struct stat sb; void *addr; @@ -832,8 +1262,25 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, src = chunk_create(addr, sb.st_size); if (level == 0) +<<<<<<< HEAD + { + this->lock->write_lock(this->lock); + + /* flush secrets on non-recursive invocation */ + while (this->shared->remove_last(this->shared, + (void**)&shared) == SUCCESS) + { + shared->destroy(shared); + } + while (this->private->remove_last(this->private, + (void**)&private) == SUCCESS) + { + private->destroy(private); + } +======= { /* flush secrets on non-recursive invocation */ this->creds->clear_secrets(this->creds); +>>>>>>> upstream/4.5.1 } while (fetchline(&src, &line)) @@ -894,6 +1341,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, if (glob(pattern, GLOB_ERR, NULL, &buf) != 0) { DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern); +<<<<<<< HEAD + globfree(&buf); +======= +>>>>>>> upstream/4.5.1 } else { @@ -961,6 +1412,13 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, break; } } +<<<<<<< HEAD + if (level == 0) + { + this->lock->unlock(this->lock); + } +======= +>>>>>>> upstream/4.5.1 munmap(addr, sb.st_size); close(fd); } @@ -1039,8 +1497,15 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt) */ static void destroy(private_stroke_cred_t *this) { +<<<<<<< HEAD + this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy)); + this->shared->destroy_offset(this->shared, offsetof(shared_key_t, destroy)); + this->private->destroy_offset(this->private, offsetof(private_key_t, destroy)); + this->lock->destroy(this->lock); +======= lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->creds->destroy(this->creds); +>>>>>>> upstream/4.5.1 free(this); } @@ -1051,9 +1516,15 @@ stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); +<<<<<<< HEAD + this->public.set.create_private_enumerator = (void*)create_private_enumerator; + this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; + this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; +======= this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; +>>>>>>> upstream/4.5.1 this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread; @@ -1062,8 +1533,15 @@ stroke_cred_t *stroke_cred_create() this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; +<<<<<<< HEAD + this->certs = linked_list_create(); + this->shared = linked_list_create(); + this->private = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); +======= this->creds = mem_cred_create(); lib->credmgr->add_set(lib->credmgr, &this->creds->set); +>>>>>>> upstream/4.5.1 load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 36311f092..9c71b2cd2 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -388,8 +388,15 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.status. + */ +static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) +======= METHOD(stroke_list_t, status, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; ike_cfg_t *ike_cfg; @@ -754,7 +761,11 @@ static void stroke_list_certs(linked_list_t *list, char *label, enumerator_t *enumerator; identification_t *altName; bool first_altName = TRUE; +<<<<<<< HEAD + int pathlen; +======= u_int pathlen; +>>>>>>> upstream/4.5.1 chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; @@ -834,10 +845,17 @@ static void stroke_list_certs(linked_list_t *list, char *label, } /* list optional pathLenConstraint */ +<<<<<<< HEAD + pathlen = x509->get_pathLenConstraint(x509); + if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) + { + fprintf(out, " pathlen: %d\n", pathlen); +======= pathlen = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen != X509_NO_CONSTRAINT) { fprintf(out, " pathlen: %u\n", pathlen); +>>>>>>> upstream/4.5.1 } /* list optional ipAddrBlocks */ @@ -977,10 +995,13 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) { fprintf(out, " serial: %#B\n", &chunk); } +<<<<<<< HEAD +======= if (crl->is_delta_crl(crl, &chunk)) { fprintf(out, " delta for: %#B\n", &chunk); } +>>>>>>> upstream/4.5.1 /* count the number of revoked certificates */ { @@ -1062,6 +1083,8 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) } /** +<<<<<<< HEAD +======= * Print the name of an algorithm plus the name of the plugin that registered it */ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, @@ -1081,6 +1104,7 @@ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, } /** +>>>>>>> upstream/4.5.1 * List of registered cryptographical algorithms */ static void list_algs(FILE *out) @@ -1091,6 +1115,51 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; +<<<<<<< HEAD + + fprintf(out, "\n"); + fprintf(out, "List of registered IKEv2 Algorithms:\n"); + fprintf(out, "\n encryption: "); + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption)) + { + fprintf(out, "%N ", encryption_algorithm_names, encryption); + } + enumerator->destroy(enumerator); + fprintf(out, "\n integrity: "); + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &integrity)) + { + fprintf(out, "%N ", integrity_algorithm_names, integrity); + } + enumerator->destroy(enumerator); + fprintf(out, "\n aead: "); + enumerator = lib->crypto->create_aead_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption)) + { + fprintf(out, "%N ", encryption_algorithm_names, encryption); + } + enumerator->destroy(enumerator); + fprintf(out, "\n hasher: "); + enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &hash)) + { + fprintf(out, "%N ", hash_algorithm_names, hash); + } + enumerator->destroy(enumerator); + fprintf(out, "\n prf: "); + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &prf)) + { + fprintf(out, "%N ", pseudo_random_function_names, prf); + } + enumerator->destroy(enumerator); + fprintf(out, "\n dh-group: "); + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &group)) + { + fprintf(out, "%N ", diffie_hellman_group_names, group); +======= rng_quality_t quality; const char *plugin_name; int len; @@ -1151,13 +1220,21 @@ static void list_algs(FILE *out) while (enumerator->enumerate(enumerator, &quality, &plugin_name)) { print_alg(out, &len, rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); fprintf(out, "\n"); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.list. + */ +static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_list_t, list, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { linked_list_t *cert_list = NULL; @@ -1260,8 +1337,15 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, } } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.leases + */ +static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +======= METHOD(stroke_list_t, leases, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; u_int size, offline, online; @@ -1298,8 +1382,15 @@ METHOD(stroke_list_t, leases, void, DESTROY_IF(address); } +<<<<<<< HEAD +/** + * Implementation of stroke_list_t.destroy + */ +static void destroy(private_stroke_list_t *this) +======= METHOD(stroke_list_t, destroy, void, private_stroke_list_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -1309,6 +1400,17 @@ METHOD(stroke_list_t, destroy, void, */ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { +<<<<<<< HEAD + private_stroke_list_t *this = malloc_thing(private_stroke_list_t); + + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; + this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; + this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; + this->public.destroy = (void(*)(stroke_list_t*))destroy; + + this->uptime = time_monotonic(NULL); + this->attribute = attribute; +======= private_stroke_list_t *this; INIT(this, @@ -1322,6 +1424,7 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) .uptime = time_monotonic(NULL), .attribute = attribute, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 2e83d0d28..81274b599 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -36,8 +36,15 @@ struct private_stroke_plugin_t { stroke_socket_t *socket; }; +<<<<<<< HEAD +/** + * Implementation of stroke_plugin_t.destroy + */ +static void destroy(private_stroke_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_stroke_plugin_t *this) +>>>>>>> upstream/4.5.1 { this->socket->destroy(this->socket); free(this); @@ -48,6 +55,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *stroke_plugin_create() { +<<<<<<< HEAD + private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->socket = stroke_socket_create(); +======= private_stroke_plugin_t *this; INIT(this, @@ -59,6 +73,7 @@ plugin_t *stroke_plugin_create() .socket = stroke_socket_create(), ); +>>>>>>> upstream/4.5.1 if (this->socket == NULL) { free(this); diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c new file mode 100644 index 000000000..4f716e83a --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "stroke_shared_key.h" + +#include <utils/linked_list.h> + +typedef struct private_stroke_shared_key_t private_stroke_shared_key_t; + +/** + * private data of shared_key + */ +struct private_stroke_shared_key_t { + + /** + * implements shared_key_t + */ + stroke_shared_key_t public; + + /** + * type of this key + */ + shared_key_type_t type; + + /** + * data of the key + */ + chunk_t key; + + /** + * list of key owners, as identification_t + */ + linked_list_t *owners; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Implementation of shared_key_t.get_type. + */ +static shared_key_type_t get_type(private_stroke_shared_key_t *this) +{ + return this->type; +} + +/** + * Implementation of shared_key_t.get_ref. + */ +static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of shared_key_t.get_key. + */ +static chunk_t get_key(private_stroke_shared_key_t *this) +{ + return this->key; +} + +/** + * Implementation of stroke_shared_key_t.has_owner. + */ +static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + enumerator_t *enumerator; + id_match_t match, best = ID_MATCH_NONE; + identification_t *current; + + enumerator = this->owners->create_enumerator(this->owners); + while (enumerator->enumerate(enumerator, ¤t)) + { + match = owner->matches(owner, current); + if (match > best) + { + best = match; + } + } + enumerator->destroy(enumerator); + return best; +} +/** + * Implementation of stroke_shared_key_t.add_owner. + */ +static void add_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + this->owners->insert_last(this->owners, owner); +} + +/** + * Implementation of stroke_shared_key_t.destroy + */ +static void destroy(private_stroke_shared_key_t *this) +{ + if (ref_put(&this->ref)) + { + this->owners->destroy_offset(this->owners, offsetof(identification_t, destroy)); + chunk_free(&this->key); + free(this); + } +} + +/** + * create a shared key + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key) +{ + private_stroke_shared_key_t *this = malloc_thing(private_stroke_shared_key_t); + + this->public.shared.get_type = (shared_key_type_t(*)(shared_key_t*))get_type; + this->public.shared.get_key = (chunk_t(*)(shared_key_t*))get_key; + this->public.shared.get_ref = (shared_key_t*(*)(shared_key_t*))get_ref; + this->public.shared.destroy = (void(*)(shared_key_t*))destroy; + this->public.add_owner = (void(*)(stroke_shared_key_t*, identification_t *owner))add_owner; + this->public.has_owner = (id_match_t(*)(stroke_shared_key_t*, identification_t *owner))has_owner; + + this->owners = linked_list_create(); + this->type = type; + this->key = key; + this->ref = 1; + + return &this->public; +} diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h new file mode 100644 index 000000000..05ad55083 --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stroke_shared_key stroke_shared_key + * @{ @ingroup stroke + */ + +#ifndef STROKE_SHARED_KEY_H_ +#define STROKE_SHARED_KEY_H_ + +#include <utils/identification.h> +#include <credentials/keys/shared_key.h> + +typedef struct stroke_shared_key_t stroke_shared_key_t; + +/** + * Shared key implementation for keys read from ipsec.secrets + */ +struct stroke_shared_key_t { + + /** + * Implements the shared_key_t interface. + */ + shared_key_t shared; + + /** + * Add an owner to the key. + * + * @param owner owner to add + */ + void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); + + /** + * Check if a key has a specific owner. + * + * @param owner owner to check + * @return best match found + */ + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); +}; + +/** + * Create a stroke_shared_key instance. + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key); + +#endif /** STROKE_SHARED_KEY_H_ @}*/ diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 18e77905d..e9ed86d09 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -151,7 +151,10 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca); pop_string(msg, &end->ca2); pop_string(msg, &end->groups); +<<<<<<< HEAD +======= pop_string(msg, &end->cert_policy); +>>>>>>> upstream/4.5.1 pop_string(msg, &end->updown); DBG2(DBG_CFG, " %s=%s", label, end->address); @@ -247,6 +250,8 @@ static void stroke_terminate_srcip(private_stroke_socket_t *this, } /** +<<<<<<< HEAD +======= * rekey a connection by name/id */ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -258,6 +263,7 @@ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE } /** +>>>>>>> upstream/4.5.1 * route a policy (install SPD entries) */ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -360,6 +366,8 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } +<<<<<<< HEAD +======= if (msg->purge.flags & PURGE_CRLS) { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL); @@ -368,6 +376,7 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509); } +>>>>>>> upstream/4.5.1 if (msg->purge.flags & PURGE_IKE) { this->control->purge_ike(this->control, msg, out); @@ -530,9 +539,12 @@ static job_requeue_t process(stroke_job_context_t *ctx) case STR_TERMINATE_SRCIP: stroke_terminate_srcip(this, msg, out); break; +<<<<<<< HEAD +======= case STR_REKEY: stroke_rekey(this, msg, out); break; +>>>>>>> upstream/4.5.1 case STR_STATUS: stroke_status(this, msg, out, FALSE); break; diff --git a/src/libcharon/plugins/tnc_imc/Makefile.am b/src/libcharon/plugins/tnc_imc/Makefile.am index 2c551813e..604536953 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.am +++ b/src/libcharon/plugins/tnc_imc/Makefile.am @@ -1,9 +1,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnc_imc_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la else @@ -11,8 +20,12 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imc.la endif libstrongswan_tnc_imc_la_SOURCES = \ +<<<<<<< HEAD + tnc_imc_plugin.h tnc_imc_plugin.c +======= tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in index dc44408ff..61fe74a15 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.in +++ b/src/libcharon/plugins/tnc_imc/Makefile.in @@ -74,9 +74,14 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnc_imc_la_DEPENDENCIES = +am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo +======= libstrongswan_tnc_imc_la_LIBADD = am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo tnc_imc.lo \ tnc_imc_manager.lo tnc_imc_bind_function.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_OBJECTS = \ $(am_libstrongswan_tnc_imc_la_OBJECTS) libstrongswan_tnc_imc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -222,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -274,6 +288,16 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnc_imc_la_LIBADD = -ltnc +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imc.la +libstrongswan_tnc_imc_la_SOURCES = \ + tnc_imc_plugin.h tnc_imc_plugin.c +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -282,6 +306,7 @@ AM_CFLAGS = -rdynamic libstrongswan_tnc_imc_la_SOURCES = \ tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version all: all-am @@ -367,9 +392,12 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_manager.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_plugin.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c index 89888040a..f7d6c00d7 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c @@ -14,6 +14,12 @@ */ #include "tnc_imc_plugin.h" +<<<<<<< HEAD + +#include <libtnctncc.h> + +#include <daemon.h> +======= #include "tnc_imc_manager.h" #include "tnc_imc.h" @@ -140,11 +146,16 @@ static bool load_imcs(char *filename) close(fd); return TRUE; } +>>>>>>> upstream/4.5.1 METHOD(plugin_t, destroy, void, tnc_imc_plugin_t *this) { +<<<<<<< HEAD + libtnc_tncc_Terminate(); +======= charon->imcs->destroy(charon->imcs); +>>>>>>> upstream/4.5.1 free(this); } @@ -153,7 +164,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *tnc_imc_plugin_create() { +<<<<<<< HEAD + char *tnc_config, *pref_lang; +======= char *tnc_config; +>>>>>>> upstream/4.5.1 tnc_imc_plugin_t *this; INIT(this, @@ -162,6 +177,20 @@ plugin_t *tnc_imc_plugin_create() }, ); +<<<<<<< HEAD + pref_lang = lib->settings->get_str(lib->settings, + "charon.plugins.tnc-imc.preferred_language", "en"); + tnc_config = lib->settings->get_str(lib->settings, + "charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config"); + + if (libtnc_tncc_Initialize(tnc_config) != TNC_RESULT_SUCCESS) + { + free(this); + DBG1(DBG_TNC, "TNC IMC initialization failed"); + return NULL; + } + +======= /* Create IMC manager */ charon->imcs = tnc_imc_manager_create(); @@ -175,6 +204,7 @@ plugin_t *tnc_imc_plugin_create() free(this); return NULL; } +>>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnc_imv/Makefile.am b/src/libcharon/plugins/tnc_imv/Makefile.am index 3ba283bb7..13e8076cd 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.am +++ b/src/libcharon/plugins/tnc_imv/Makefile.am @@ -1,9 +1,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnc_imv_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la else @@ -11,9 +20,13 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imv.la endif libstrongswan_tnc_imv_la_SOURCES = \ +<<<<<<< HEAD + tnc_imv_plugin.h tnc_imv_plugin.c +======= tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imv/Makefile.in b/src/libcharon/plugins/tnc_imv/Makefile.in index 0324d2eb9..10190313b 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.in +++ b/src/libcharon/plugins/tnc_imv/Makefile.in @@ -74,10 +74,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnc_imv_la_DEPENDENCIES = +am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo +======= libstrongswan_tnc_imv_la_LIBADD = am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo tnc_imv.lo \ tnc_imv_manager.lo tnc_imv_bind_function.lo \ tnc_imv_recommendations.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_OBJECTS = \ $(am_libstrongswan_tnc_imv_la_OBJECTS) libstrongswan_tnc_imv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -223,7 +228,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +273,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -275,6 +289,16 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnc_imv_la_LIBADD = -ltnc +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imv.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imv.la +libstrongswan_tnc_imv_la_SOURCES = \ + tnc_imv_plugin.h tnc_imv_plugin.c +======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -284,6 +308,7 @@ libstrongswan_tnc_imv_la_SOURCES = \ tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c +>>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version all: all-am @@ -369,11 +394,15 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_recommendations.Plo@am__quote@ +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c index f238f01ea..24fde3797 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c @@ -14,6 +14,12 @@ */ #include "tnc_imv_plugin.h" +<<<<<<< HEAD + +#include <libtnctncs.h> + +#include <daemon.h> +======= #include "tnc_imv_manager.h" #include "tnc_imv.h" @@ -140,11 +146,16 @@ static bool load_imvs(char *filename) close(fd); return TRUE; } +>>>>>>> upstream/4.5.1 METHOD(plugin_t, destroy, void, tnc_imv_plugin_t *this) { +<<<<<<< HEAD + libtnc_tncs_Terminate(); +======= charon->imvs->destroy(charon->imvs); +>>>>>>> upstream/4.5.1 free(this); } @@ -164,6 +175,15 @@ plugin_t *tnc_imv_plugin_create() tnc_config = lib->settings->get_str(lib->settings, "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config"); +<<<<<<< HEAD + if (libtnc_tncs_Initialize(tnc_config) != TNC_RESULT_SUCCESS) + { + free(this); + DBG1(DBG_TNC, "TNC IMV initialization failed"); + return NULL; + } + +======= /* Create IMV manager */ charon->imvs = tnc_imv_manager_create(); @@ -176,6 +196,7 @@ plugin_t *tnc_imv_plugin_create() free(this); return NULL; } +>>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnccs_11/Makefile.am b/src/libcharon/plugins/tnccs_11/Makefile.am index 1042c3514..1a034e25b 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.am +++ b/src/libcharon/plugins/tnccs_11/Makefile.am @@ -1,15 +1,31 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnccs_11_la_LIBADD = -ltnc +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-11.la else plugin_LTLIBRARIES = libstrongswan-tnccs-11.la +<<<<<<< HEAD +libstrongswan_tnccs_11_la_LIBADD += $(top_builddir)/src/libtls/libtls.la +endif + +libstrongswan_tnccs_11_la_SOURCES = \ + tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c +======= endif libstrongswan_tnccs_11_la_SOURCES = \ @@ -22,6 +38,7 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnccs_11/Makefile.in b/src/libcharon/plugins/tnccs_11/Makefile.in index 5ab7ccbca..a39745773 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.in +++ b/src/libcharon/plugins/tnccs_11/Makefile.in @@ -34,6 +34,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +<<<<<<< HEAD +@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la +======= +>>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_11 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -74,12 +78,17 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__append_1) +am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo +======= am__DEPENDENCIES_1 = libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo \ tnccs_batch.lo tnccs_msg.lo imc_imv_msg.lo tnccs_error_msg.lo \ tnccs_preferred_language_msg.lo tnccs_reason_strings_msg.lo \ tnccs_recommendation_msg.lo tnccs_tncs_contact_info_msg.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_OBJECTS = \ $(am_libstrongswan_tnccs_11_la_OBJECTS) libstrongswan_tnccs_11_la_LINK = $(LIBTOOL) --tag=CC \ @@ -226,7 +235,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +280,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -278,6 +296,17 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnccs_11_la_LIBADD = -ltnc $(am__append_1) +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-11.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-11.la +libstrongswan_tnccs_11_la_SOURCES = \ + tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic @@ -294,6 +323,7 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version all: all-am @@ -379,6 +409,10 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_imv_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ @@ -389,6 +423,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_reason_strings_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_tncs_contact_info_msg.Plo@am__quote@ +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -411,6 +446,8 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +<<<<<<< HEAD +======= tnccs_batch.lo: batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs_batch.lo -MD -MP -MF $(DEPDIR)/tnccs_batch.Tpo -c -o tnccs_batch.lo `test -f 'batch/tnccs_batch.c' || echo '$(srcdir)/'`batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs_batch.Tpo $(DEPDIR)/tnccs_batch.Plo @@ -467,6 +504,7 @@ tnccs_tncs_contact_info_msg.lo: messages/tnccs_tncs_contact_info_msg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_tncs_contact_info_msg.lo `test -f 'messages/tnccs_tncs_contact_info_msg.c' || echo '$(srcdir)/'`messages/tnccs_tncs_contact_info_msg.c +>>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index 2104bf401..012a3ce6e 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -14,6 +14,83 @@ */ #include "tnccs_11.h" +<<<<<<< HEAD + +#include <libtnctncc.h> +#include <libtnctncs.h> + +#include <daemon.h> +#include <debug.h> + +#define TNC_SEND_BUFFER_SIZE 32 + +static chunk_t tnc_send_buffer[TNC_SEND_BUFFER_SIZE]; + +/** + * Buffers TNCCS batch to be sent (TODO make the buffer scalable) + */ +static TNC_Result buffer_batch(u_int32_t id, const char *data, size_t len) +{ + if (id >= TNC_SEND_BUFFER_SIZE) + { + DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be stored in " + "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); + return TNC_RESULT_FATAL; + } + if (tnc_send_buffer[id].ptr) + { + DBG1(DBG_TNC, "send buffer slot for Connection ID %u is already " + "occupied", id); + return TNC_RESULT_FATAL; + } + tnc_send_buffer[id] = chunk_alloc(len); + memcpy(tnc_send_buffer[id].ptr, data, len); + + return TNC_RESULT_SUCCESS; +} + +/** + * Retrieves TNCCS batch to be sent + */ +static bool retrieve_batch(u_int32_t id, chunk_t *batch) +{ + if (id >= TNC_SEND_BUFFER_SIZE) + { + DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be retrieved from " + "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); + return FALSE; + } + + *batch = tnc_send_buffer[id]; + return TRUE; +} + +/** + * Frees TNCCS batch that was sent + */ +static void free_batch(u_int32_t id) +{ + if (id < TNC_SEND_BUFFER_SIZE) + { + chunk_free(&tnc_send_buffer[id]); + } +} + +/** + * Define callback functions called by the libtnc library + */ +TNC_Result TNC_TNCC_SendBatch(libtnc_tncc_connection* conn, + const char* messageBuffer, size_t messageLength) +{ + return buffer_batch(conn->connectionID, messageBuffer, messageLength); +} + +TNC_Result TNC_TNCS_SendBatch(libtnc_tncs_connection* conn, + const char* messageBuffer, size_t messageLength) +{ + return buffer_batch(conn->connectionID, messageBuffer, messageLength); +} +======= #include "batch/tnccs_batch.h" #include "messages/tnccs_msg.h" #include "messages/imc_imv_msg.h" @@ -28,6 +105,7 @@ #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> +>>>>>>> upstream/4.5.1 typedef struct private_tnccs_11_t private_tnccs_11_t; @@ -47,6 +125,118 @@ struct private_tnccs_11_t { bool is_server; /** +<<<<<<< HEAD + * TNCC Connection to IMCs + */ + libtnc_tncc_connection* tncc_connection; + + /** + * TNCS Connection to IMVs + */ + libtnc_tncs_connection* tncs_connection; +}; + +METHOD(tls_t, process, status_t, + private_tnccs_11_t *this, void *buf, size_t buflen) +{ + u_int32_t conn_id; + + if (this->is_server && !this->tncs_connection) + { + this->tncs_connection = libtnc_tncs_CreateConnection(NULL); + if (!this->tncs_connection) + { + DBG1(DBG_TNC, "TNCS CreateConnection failed"); + return FAILED; + } + DBG1(DBG_TNC, "assigned TNCS Connection ID %u", + this->tncs_connection->connectionID); + if (libtnc_tncs_BeginSession(this->tncs_connection) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCS BeginSession failed"); + return FAILED; + } + } + conn_id = this->is_server ? this->tncs_connection->connectionID + : this->tncc_connection->connectionID; + + DBG1(DBG_TNC, "received TNCCS Batch (%u bytes) for Connection ID %u", + buflen, conn_id); + DBG3(DBG_TNC, "%.*s", buflen, buf); + + if (this->is_server) + { + if (libtnc_tncs_ReceiveBatch(this->tncs_connection, buf, buflen) != + TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCS ReceiveBatch failed"); + return FAILED; + } + } + else + { + if (libtnc_tncc_ReceiveBatch(this->tncc_connection, buf, buflen) != + TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCC ReceiveBatch failed"); + return FAILED; + } + } + return NEED_MORE; +} + +METHOD(tls_t, build, status_t, + private_tnccs_11_t *this, void *buf, size_t *buflen, size_t *msglen) +{ + chunk_t batch; + u_int32_t conn_id; + size_t len; + + if (!this->is_server && !this->tncc_connection) + { + this->tncc_connection = libtnc_tncc_CreateConnection(NULL); + if (!this->tncc_connection) + { + DBG1(DBG_TNC, "TNCC CreateConnection failed"); + return FAILED; + } + DBG1(DBG_TNC, "assigned TNCC Connection ID %u", + this->tncc_connection->connectionID); + if (libtnc_tncc_BeginSession(this->tncc_connection) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "TNCC BeginSession failed"); + return FAILED; + } + } + conn_id = this->is_server ? this->tncs_connection->connectionID + : this->tncc_connection->connectionID; + + if (!retrieve_batch(conn_id, &batch)) + { + return FAILED; + } + len = *buflen; + len = min(len, batch.len); + *buflen = len; + if (msglen) + { + *msglen = batch.len; + } + + if (batch.len) + { + DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u", + batch.len, conn_id); + DBG3(DBG_TNC, "%.*s", batch.len, batch.ptr); + memcpy(buf, batch.ptr, len); + free_batch(conn_id); + return ALREADY_DONE; + } + else + { + return INVALID_STATE; + } +======= * Connection ID assigned to this TNCCS connection */ TNC_ConnectionID connection_id; @@ -413,6 +603,7 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; +>>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -432,6 +623,41 @@ METHOD(tls_t, is_complete, bool, { TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; +<<<<<<< HEAD + char *group; + identification_t *id; + ike_sa_t *ike_sa; + auth_cfg_t *auth; + + if (libtnc_tncs_HaveRecommendation(this->tncs_connection, &rec, &eval) == + TNC_RESULT_SUCCESS) + { + switch (rec) + { + case TNC_IMV_ACTION_RECOMMENDATION_ALLOW: + DBG1(DBG_TNC, "TNC recommendation is allow"); + group = "allow"; + break; + case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE: + DBG1(DBG_TNC, "TNC recommendation is isolate"); + group = "isolate"; + break; + case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS: + case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION: + default: + DBG1(DBG_TNC, "TNC recommendation is none"); + return FALSE; + } + ike_sa = charon->bus->get_sa(charon->bus); + if (ike_sa) + { + auth = ike_sa->get_auth_cfg(ike_sa, FALSE); + id = identification_create_from_string(group); + auth->add(auth, AUTH_RULE_GROUP, id); + DBG1(DBG_TNC, "added group membership '%s' based on TNC recommendation", group); + } + return TRUE; +======= if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval)) { @@ -440,6 +666,7 @@ METHOD(tls_t, is_complete, bool, TNC_IMV_Evaluation_Result_names, eval); return charon->imvs->enforce_recommendation(charon->imvs, rec); +>>>>>>> upstream/4.5.1 } else { @@ -458,6 +685,21 @@ METHOD(tls_t, destroy, void, { if (this->is_server) { +<<<<<<< HEAD + if (this->tncs_connection) + { + libtnc_tncs_DeleteConnection(this->tncs_connection); + } + } + else + { + if (this->tncc_connection) + { + libtnc_tncc_DeleteConnection(this->tncc_connection); + } + libtnc_tncc_Terminate(); + } +======= charon->imvs->notify_connection_change(charon->imvs, this->connection_id, TNC_CONNECTION_STATE_DELETE); } @@ -469,6 +711,7 @@ METHOD(tls_t, destroy, void, charon->tnccs->remove_connection(charon->tnccs, this->connection_id); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); +>>>>>>> upstream/4.5.1 free(this); } @@ -490,7 +733,10 @@ tls_t *tnccs_11_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, +<<<<<<< HEAD +======= .mutex = mutex_create(MUTEX_TYPE_DEFAULT), +>>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_20/Makefile.am b/src/libcharon/plugins/tnccs_20/Makefile.am index d72fd3e34..14f02a682 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.am +++ b/src/libcharon/plugins/tnccs_20/Makefile.am @@ -1,13 +1,33 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic + +libstrongswan_tnccs_20_la_LIBADD = -ltnc + +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic +>>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la else plugin_LTLIBRARIES = libstrongswan-tnccs-20.la +<<<<<<< HEAD +libstrongswan_tnccs_20_la_LIBADD += $(top_builddir)/src/libtls/libtls.la +endif + +libstrongswan_tnccs_20_la_SOURCES = \ + tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c + +libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version + +======= libstrongswan_tnccs_20_la_LIBADD = $(top_builddir)/src/libtls/libtls.la endif @@ -26,3 +46,4 @@ libstrongswan_tnccs_20_la_SOURCES = \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version +>>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in index 9853be338..bb0c419f4 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.in +++ b/src/libcharon/plugins/tnccs_20/Makefile.in @@ -34,6 +34,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +<<<<<<< HEAD +@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la +======= +>>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_20 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -74,6 +78,10 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +<<<<<<< HEAD +libstrongswan_tnccs_20_la_DEPENDENCIES = $(am__append_1) +am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo +======= @MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_DEPENDENCIES = \ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ @@ -82,6 +90,7 @@ am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ pb_access_recommendation_msg.lo pb_error_msg.lo \ pb_language_preference_msg.lo pb_reason_string_msg.lo \ pb_remediation_parameters_msg.lo pb_tnc_state_machine.lo +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_OBJECTS = \ $(am_libstrongswan_tnccs_20_la_OBJECTS) libstrongswan_tnccs_20_la_LINK = $(LIBTOOL) --tag=CC \ @@ -228,7 +237,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,8 +282,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -280,6 +298,17 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ +<<<<<<< HEAD + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ + `xml2-config --cflags` + +AM_CFLAGS = -rdynamic +libstrongswan_tnccs_20_la_LIBADD = -ltnc $(am__append_1) +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la +libstrongswan_tnccs_20_la_SOURCES = \ + tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c +======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @@ -299,6 +328,7 @@ libstrongswan_tnccs_20_la_SOURCES = \ messages/pb_reason_string_msg.h messages/pb_reason_string_msg.c \ messages/pb_remediation_parameters_msg.h messages/pb_remediation_parameters_msg.c \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c +>>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version all: all-am @@ -384,6 +414,8 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +<<<<<<< HEAD +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_access_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_assessment_result_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_error_msg.Plo@am__quote@ @@ -395,6 +427,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_batch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_state_machine.Plo@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20_plugin.Plo@am__quote@ @@ -419,6 +452,8 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +<<<<<<< HEAD +======= pb_tnc_batch.lo: batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pb_tnc_batch.lo -MD -MP -MF $(DEPDIR)/pb_tnc_batch.Tpo -c -o pb_tnc_batch.lo `test -f 'batch/pb_tnc_batch.c' || echo '$(srcdir)/'`batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pb_tnc_batch.Tpo $(DEPDIR)/pb_tnc_batch.Plo @@ -496,6 +531,7 @@ pb_tnc_state_machine.lo: state_machine/pb_tnc_state_machine.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pb_tnc_state_machine.lo `test -f 'state_machine/pb_tnc_state_machine.c' || echo '$(srcdir)/'`state_machine/pb_tnc_state_machine.c +>>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index d53fd8eb7..28cfa2cbc 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Sansar Choinyanbuu +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -15,6 +18,12 @@ */ #include "tnccs_20.h" +<<<<<<< HEAD + +#include <debug.h> + +static chunk_t tncc_output; +======= #include "batch/pb_tnc_batch.h" #include "messages/pb_tnc_msg.h" #include "messages/pb_pa_msg.h" @@ -32,6 +41,7 @@ #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> +>>>>>>> upstream/4.5.1 typedef struct private_tnccs_20_t private_tnccs_20_t; @@ -49,6 +59,20 @@ struct private_tnccs_20_t { * TNCC if TRUE, TNCS if FALSE */ bool is_server; +<<<<<<< HEAD +}; + +METHOD(tls_t, process, status_t, + private_tnccs_20_t *this, void *buf, size_t buflen) +{ + return NEED_MORE; +} + +METHOD(tls_t, build, status_t, + private_tnccs_20_t *this, void *buf, size_t *buflen, size_t *msglen) +{ + return ALREADY_DONE; +======= /** * PB-TNC State Machine @@ -584,6 +608,7 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; +>>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -601,6 +626,9 @@ METHOD(tls_t, get_purpose, tls_purpose_t, METHOD(tls_t, is_complete, bool, private_tnccs_20_t *this) { +<<<<<<< HEAD + return FALSE; +======= TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; @@ -616,6 +644,7 @@ METHOD(tls_t, is_complete, bool, { return FALSE; } +>>>>>>> upstream/4.5.1 } METHOD(tls_t, get_eap_msk, chunk_t, @@ -627,6 +656,8 @@ METHOD(tls_t, get_eap_msk, chunk_t, METHOD(tls_t, destroy, void, private_tnccs_20_t *this) { +<<<<<<< HEAD +======= if (this->is_server) { charon->imvs->notify_connection_change(charon->imvs, @@ -641,6 +672,7 @@ METHOD(tls_t, destroy, void, this->state_machine->destroy(this->state_machine); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); +>>>>>>> upstream/4.5.1 free(this); } @@ -662,8 +694,11 @@ tls_t *tnccs_20_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, +<<<<<<< HEAD +======= .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), +>>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index f7162d800..ca2522e46 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 4e43388ec..9032d8353 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -196,8 +196,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, +<<<<<<< HEAD + ACTION_NONE, ACTION_NONE, FALSE, 0, 0, + NULL, NULL); +======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); +>>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 5fa749e56..c2f8f43fb 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 5dd2dc843..4b7622e17 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index 3544dd332..7a38d2553 100644 --- a/src/libcharon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -45,16 +45,30 @@ struct private_acquire_job_t { traffic_selector_t *dst_ts; }; +<<<<<<< HEAD +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_acquire_job_t *this) +======= METHOD(job_t, destroy, void, private_acquire_job_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->src_ts); DESTROY_IF(this->dst_ts); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_acquire_job_t *this) +======= METHOD(job_t, execute, void, private_acquire_job_t *this) +>>>>>>> upstream/4.5.1 { charon->traps->acquire(charon->traps, this->reqid, this->src_ts, this->dst_ts); @@ -68,6 +82,16 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { +<<<<<<< HEAD + private_acquire_job_t *this = malloc_thing(private_acquire_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + this->reqid = reqid; + this->src_ts = src_ts; + this->dst_ts = dst_ts; +======= private_acquire_job_t *this; INIT(this, @@ -81,6 +105,7 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, .src_ts = src_ts, .dst_ts = dst_ts, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index 29122cd03..12b4dc1e2 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -46,14 +46,28 @@ struct private_delete_child_sa_job_t { u_int32_t spi; }; +<<<<<<< HEAD +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_delete_child_sa_job_t *this) +======= METHOD(job_t, destroy, void, private_delete_child_sa_job_t *this) +>>>>>>> upstream/4.5.1 { free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_delete_child_sa_job_t *this) +======= METHOD(job_t, execute, void, private_delete_child_sa_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -80,6 +94,18 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi) { +<<<<<<< HEAD + private_delete_child_sa_job_t *this = malloc_thing(private_delete_child_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->protocol = protocol; + this->spi = spi; +======= private_delete_child_sa_job_t *this; INIT(this, @@ -93,6 +119,7 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, .protocol = protocol, .spi = spi, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index da3ecf06f..2297f3fba 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -41,15 +41,29 @@ struct private_delete_ike_sa_job_t { }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_delete_ike_sa_job_t *this) +======= METHOD(job_t, destroy, void, private_delete_ike_sa_job_t *this) +>>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_delete_ike_sa_job_t *this) +======= METHOD(job_t, execute, void, private_delete_ike_sa_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -98,6 +112,17 @@ METHOD(job_t, execute, void, delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool delete_if_established) { +<<<<<<< HEAD + private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + this->delete_if_established = delete_if_established; +======= private_delete_ike_sa_job_t *this; INIT(this, @@ -110,6 +135,7 @@ delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, .ike_sa_id = ike_sa_id->clone(ike_sa_id), .delete_if_established = delete_if_established, ); +>>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 5e7c7ae88..7ddd0a82b 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -57,8 +57,15 @@ struct private_migrate_job_t { host_t *remote; }; +<<<<<<< HEAD +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_migrate_job_t *this) +======= METHOD(job_t, destroy, void, private_migrate_job_t *this) +>>>>>>> upstream/4.5.1 { DESTROY_IF(this->src_ts); DESTROY_IF(this->dst_ts); @@ -67,8 +74,15 @@ METHOD(job_t, destroy, void, free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_migrate_job_t *this) +======= METHOD(job_t, execute, void, private_migrate_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa = NULL; @@ -129,6 +143,20 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, policy_dir_t dir, host_t *local, host_t *remote) { +<<<<<<< HEAD + private_migrate_job_t *this = malloc_thing(private_migrate_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts; + this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts; + this->local = local; + this->remote = remote; +======= private_migrate_job_t *this; INIT(this, @@ -144,6 +172,7 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, .local = local, .remote = remote, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index b6de4fc0f..733775cfa 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -35,15 +35,29 @@ struct private_process_message_job_t { message_t *message; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_process_message_job_t *this) +======= METHOD(job_t, destroy, void, private_process_message_job_t *this) +>>>>>>> upstream/4.5.1 { this->message->destroy(this->message); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_process_message_job_t *this) +======= METHOD(job_t, execute, void, private_process_message_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -89,6 +103,16 @@ METHOD(job_t, execute, void, */ process_message_job_t *process_message_job_create(message_t *message) { +<<<<<<< HEAD + private_process_message_job_t *this = malloc_thing(private_process_message_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void(*)(job_t*))destroy; + + /* private variables */ + this->message = message; +======= private_process_message_job_t *this; INIT(this, @@ -100,6 +124,7 @@ process_message_job_t *process_message_job_create(message_t *message) }, .message = message, ); +>>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index 2bcee2ddf..5e147fda6 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -45,14 +45,28 @@ struct private_rekey_child_sa_job_t { u_int32_t spi; }; +<<<<<<< HEAD +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_rekey_child_sa_job_t *this) +======= METHOD(job_t, destroy, void, private_rekey_child_sa_job_t *this) +>>>>>>> upstream/4.5.1 { free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_rekey_child_sa_job_t *this) +======= METHOD(job_t, execute, void, private_rekey_child_sa_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -78,6 +92,18 @@ rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi) { +<<<<<<< HEAD + private_rekey_child_sa_job_t *this = malloc_thing(private_rekey_child_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->reqid = reqid; + this->protocol = protocol; + this->spi = spi; +======= private_rekey_child_sa_job_t *this; INIT(this, @@ -91,6 +117,7 @@ rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, .protocol = protocol, .spi = spi, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index dc86ba9b3..5f43b2cd5 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -39,15 +39,29 @@ struct private_rekey_ike_sa_job_t { bool reauth; }; +<<<<<<< HEAD +/** + * Implementation of job_t.destroy. + */ +static void destroy(private_rekey_ike_sa_job_t *this) +======= METHOD(job_t, destroy, void, private_rekey_ike_sa_job_t *this) +>>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_rekey_ike_sa_job_t *this) +======= METHOD(job_t, execute, void, private_rekey_ike_sa_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; status_t status = SUCCESS; @@ -86,6 +100,17 @@ METHOD(job_t, execute, void, */ rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) { +<<<<<<< HEAD + private_rekey_ike_sa_job_t *this = malloc_thing(private_rekey_ike_sa_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); + this->reauth = reauth; +======= private_rekey_ike_sa_job_t *this; INIT(this, @@ -98,6 +123,7 @@ rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) .ike_sa_id = ike_sa_id->clone(ike_sa_id), .reauth = reauth, ); +>>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index 1c78abd27..0b73f1485 100644 --- a/src/libcharon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -40,15 +40,29 @@ struct private_retransmit_job_t { ike_sa_id_t *ike_sa_id; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_retransmit_job_t *this) +======= METHOD(job_t, destroy, void, private_retransmit_job_t *this) +>>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_retransmit_job_t *this) +======= METHOD(job_t, execute, void, private_retransmit_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -75,6 +89,17 @@ METHOD(job_t, execute, void, */ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) { +<<<<<<< HEAD + private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->message_id = message_id; + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); +======= private_retransmit_job_t *this; INIT(this, @@ -87,6 +112,7 @@ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa .message_id = message_id, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c index 74ef8bd6d..bcc96686c 100644 --- a/src/libcharon/processing/jobs/roam_job.c +++ b/src/libcharon/processing/jobs/roam_job.c @@ -38,14 +38,28 @@ struct private_roam_job_t { bool address; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_roam_job_t *this) +======= METHOD(job_t, destroy, void, private_roam_job_t *this) +>>>>>>> upstream/4.5.1 { free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_roam_job_t *this) +======= METHOD(job_t, execute, void, private_roam_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; linked_list_t *list; @@ -90,6 +104,14 @@ METHOD(job_t, execute, void, */ roam_job_t *roam_job_create(bool address) { +<<<<<<< HEAD + private_roam_job_t *this = malloc_thing(private_roam_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + this->address = address; +======= private_roam_job_t *this; INIT(this, @@ -101,6 +123,7 @@ roam_job_t *roam_job_create(bool address) }, .address = address, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c index 47b525363..0a0fd2144 100644 --- a/src/libcharon/processing/jobs/send_dpd_job.c +++ b/src/libcharon/processing/jobs/send_dpd_job.c @@ -38,15 +38,29 @@ struct private_send_dpd_job_t { ike_sa_id_t *ike_sa_id; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_send_dpd_job_t *this) +======= METHOD(job_t, destroy, void, private_send_dpd_job_t *this) +>>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_send_dpd_job_t *this) +======= METHOD(job_t, execute, void, private_send_dpd_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -71,6 +85,16 @@ METHOD(job_t, execute, void, */ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) { +<<<<<<< HEAD + private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); +======= private_send_dpd_job_t *this; INIT(this, @@ -82,6 +106,7 @@ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) }, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c index 8d98aad7e..21b78919f 100644 --- a/src/libcharon/processing/jobs/send_keepalive_job.c +++ b/src/libcharon/processing/jobs/send_keepalive_job.c @@ -38,15 +38,29 @@ struct private_send_keepalive_job_t { ike_sa_id_t *ike_sa_id; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_send_keepalive_job_t *this) +======= METHOD(job_t, destroy, void, private_send_keepalive_job_t *this) +>>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_send_keepalive_job_t *this) +======= METHOD(job_t, execute, void, private_send_keepalive_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -65,6 +79,16 @@ METHOD(job_t, execute, void, */ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) { +<<<<<<< HEAD + private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->ike_sa_id = ike_sa_id->clone(ike_sa_id); +======= private_send_keepalive_job_t *this; INIT(this, @@ -76,6 +100,7 @@ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) }, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 3b4e9949f..eeaf9f1c4 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -43,15 +43,29 @@ struct private_update_sa_job_t { host_t *new; }; +<<<<<<< HEAD +/** + * Implements job_t.destroy. + */ +static void destroy(private_update_sa_job_t *this) +======= METHOD(job_t, destroy, void, private_update_sa_job_t *this) +>>>>>>> upstream/4.5.1 { this->new->destroy(this->new); free(this); } +<<<<<<< HEAD +/** + * Implementation of job_t.execute. + */ +static void execute(private_update_sa_job_t *this) +======= METHOD(job_t, execute, void, private_update_sa_job_t *this) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -67,7 +81,11 @@ METHOD(job_t, execute, void, if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) && !ike_sa->has_condition(ike_sa, COND_NAT_HERE)) { +<<<<<<< HEAD + ike_sa->update_hosts(ike_sa, NULL, this->new); +======= ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE); +>>>>>>> upstream/4.5.1 } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } @@ -79,6 +97,15 @@ METHOD(job_t, execute, void, */ update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) { +<<<<<<< HEAD + private_update_sa_job_t *this = malloc_thing(private_update_sa_job_t); + + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + this->reqid = reqid; + this->new = new; +======= private_update_sa_job_t *this; INIT(this, @@ -91,6 +118,7 @@ update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) .reqid = reqid, .new = new, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c index 83f5fbaad..3f176f9be 100644 --- a/src/libcharon/sa/authenticators/authenticator.c +++ b/src/libcharon/sa/authenticators/authenticator.c @@ -39,8 +39,12 @@ ENUM_END(auth_method_names, AUTH_ECDSA_521); */ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init) +======= chunk_t received_init, chunk_t sent_init, char reserved[3]) +>>>>>>> upstream/4.5.1 { switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS)) { @@ -48,6 +52,15 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, /* defaults to PUBKEY */ case AUTH_CLASS_PUBKEY: return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa, +<<<<<<< HEAD + received_nonce, sent_init); + case AUTH_CLASS_PSK: + return (authenticator_t*)psk_authenticator_create_builder(ike_sa, + received_nonce, sent_init); + case AUTH_CLASS_EAP: + return (authenticator_t*)eap_authenticator_create_builder(ike_sa, + received_nonce, sent_nonce, received_init, sent_init); +======= received_nonce, sent_init, reserved); case AUTH_CLASS_PSK: return (authenticator_t*)psk_authenticator_create_builder(ike_sa, @@ -56,6 +69,7 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, return (authenticator_t*)eap_authenticator_create_builder(ike_sa, received_nonce, sent_nonce, received_init, sent_init, reserved); +>>>>>>> upstream/4.5.1 default: return NULL; } @@ -67,8 +81,12 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, authenticator_t *authenticator_create_verifier( ike_sa_t *ike_sa, message_t *message, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init) +======= chunk_t received_init, chunk_t sent_init, char reserved[3]) +>>>>>>> upstream/4.5.1 { auth_payload_t *auth_payload; @@ -76,8 +94,12 @@ authenticator_t *authenticator_create_verifier( if (auth_payload == NULL) { return (authenticator_t*)eap_authenticator_create_verifier(ike_sa, +<<<<<<< HEAD + received_nonce, sent_nonce, received_init, sent_init); +======= received_nonce, sent_nonce, received_init, sent_init, reserved); +>>>>>>> upstream/4.5.1 } switch (auth_payload->get_auth_method(auth_payload)) { @@ -86,10 +108,17 @@ authenticator_t *authenticator_create_verifier( case AUTH_ECDSA_384: case AUTH_ECDSA_521: return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa, +<<<<<<< HEAD + sent_nonce, received_init); + case AUTH_PSK: + return (authenticator_t*)psk_authenticator_create_verifier(ike_sa, + sent_nonce, received_init); +======= sent_nonce, received_init, reserved); case AUTH_PSK: return (authenticator_t*)psk_authenticator_create_verifier(ike_sa, sent_nonce, received_init, reserved); +>>>>>>> upstream/4.5.1 default: return NULL; } diff --git a/src/libcharon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h index d27e006a3..d30094c9b 100644 --- a/src/libcharon/sa/authenticators/authenticator.h +++ b/src/libcharon/sa/authenticators/authenticator.h @@ -130,14 +130,21 @@ struct authenticator_t { * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD +======= * @param reserved reserved bytes of the ID payload +>>>>>>> upstream/4.5.1 * @return authenticator, NULL if not supported */ authenticator_t *authenticator_create_builder( ike_sa_t *ike_sa, auth_cfg_t *cfg, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init); +======= chunk_t received_init, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Create an authenticator to verify signatures. @@ -148,13 +155,20 @@ authenticator_t *authenticator_create_builder( * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD +======= * @param reserved reserved bytes of the ID payload +>>>>>>> upstream/4.5.1 * @return authenticator, NULL if not supported */ authenticator_t *authenticator_create_verifier( ike_sa_t *ike_sa, message_t *message, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init); +======= chunk_t received_init, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 #endif /** AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c index dea02755d..a5268e186 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/authenticators/eap_authenticator.c @@ -58,11 +58,14 @@ struct private_eap_authenticator_t { chunk_t sent_init; /** +<<<<<<< HEAD +======= * Reserved bytes of ID payload */ char reserved[3]; /** +>>>>>>> upstream/4.5.1 * Current EAP method processing */ eap_method_t *method; @@ -427,7 +430,11 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, other_id = this->ike_sa->get_other_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); auth_data = keymat->get_psk_sig(keymat, TRUE, init, nonce, +<<<<<<< HEAD + this->msk, other_id); +======= this->msk, other_id, this->reserved); +>>>>>>> upstream/4.5.1 recv_auth_data = auth_payload->get_data(auth_payload); if (!auth_data.len || !chunk_equals(auth_data, recv_auth_data)) { @@ -463,8 +470,12 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message, DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_class_names, AUTH_CLASS_EAP); +<<<<<<< HEAD + auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id); +======= auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id, this->reserved); +>>>>>>> upstream/4.5.1 auth_payload = auth_payload_create(); auth_payload->set_auth_method(auth_payload, AUTH_PSK); auth_payload->set_data(auth_payload, auth_data); @@ -648,8 +659,12 @@ METHOD(authenticator_t, destroy, void, */ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init) +======= chunk_t received_init, chunk_t sent_init, char reserved[3]) +>>>>>>> upstream/4.5.1 { private_eap_authenticator_t *this; @@ -668,7 +683,10 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, .sent_init = sent_init, .sent_nonce = sent_nonce, ); +<<<<<<< HEAD +======= memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } @@ -678,8 +696,12 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, */ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init) +======= chunk_t received_init, chunk_t sent_init, char reserved[3]) +>>>>>>> upstream/4.5.1 { private_eap_authenticator_t *this; @@ -698,7 +720,10 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, .sent_init = sent_init, .sent_nonce = sent_nonce, ); +<<<<<<< HEAD +======= memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/eap_authenticator.h b/src/libcharon/sa/authenticators/eap_authenticator.h index 726411a18..625084d4f 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.h +++ b/src/libcharon/sa/authenticators/eap_authenticator.h @@ -75,13 +75,20 @@ struct eap_authenticator_t { * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD +======= * @param reserved reserved bytes of ID payload +>>>>>>> upstream/4.5.1 * @return EAP authenticator */ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init); +======= chunk_t received_init, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Create an authenticator to authenticate EAP clients. @@ -91,12 +98,19 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD +======= * @param reserved reserved bytes of ID payload +>>>>>>> upstream/4.5.1 * @return EAP authenticator */ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, +<<<<<<< HEAD + chunk_t received_init, chunk_t sent_init); +======= chunk_t received_init, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 #endif /** EAP_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index 21fc0f9b8..9789ec93b 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c @@ -45,6 +45,14 @@ struct private_psk_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; +<<<<<<< HEAD +}; + +/* + * Implementation of authenticator_t.build for builder + */ +static status_t build(private_psk_authenticator_t *this, message_t *message) +======= /** * Reserved bytes of ID payload @@ -54,6 +62,7 @@ struct private_psk_authenticator_t { METHOD(authenticator_t, build, status_t, private_psk_authenticator_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { identification_t *my_id, *other_id; auth_payload_t *auth_payload; @@ -73,7 +82,11 @@ METHOD(authenticator_t, build, status_t, return NOT_FOUND; } auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, +<<<<<<< HEAD + this->nonce, key->get_key(key), my_id); +======= this->nonce, key->get_key(key), my_id, this->reserved); +>>>>>>> upstream/4.5.1 key->destroy(key); DBG2(DBG_IKE, "successfully created shared key MAC"); auth_payload = auth_payload_create(); @@ -85,8 +98,15 @@ METHOD(authenticator_t, build, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of authenticator_t.process for verifier + */ +static status_t process(private_psk_authenticator_t *this, message_t *message) +======= METHOD(authenticator_t, process, status_t, private_psk_authenticator_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { chunk_t auth_data, recv_auth_data; identification_t *my_id, *other_id; @@ -114,7 +134,11 @@ METHOD(authenticator_t, process, status_t, keys_found++; auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, +<<<<<<< HEAD + this->nonce, key->get_key(key), other_id); +======= this->nonce, key->get_key(key), other_id, this->reserved); +>>>>>>> upstream/4.5.1 if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", @@ -142,8 +166,24 @@ METHOD(authenticator_t, process, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of authenticator_t.process for builder + * Implementation of authenticator_t.build for verifier + */ +static status_t return_failed() +{ + return FAILED; +} + +/** + * Implementation of authenticator_t.destroy. + */ +static void destroy(private_psk_authenticator_t *this) +======= METHOD(authenticator_t, destroy, void, private_psk_authenticator_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -152,6 +192,20 @@ METHOD(authenticator_t, destroy, void, * Described in header. */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, +<<<<<<< HEAD + chunk_t received_nonce, chunk_t sent_init) +{ + private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); + + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; + this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; + this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; + + this->ike_sa = ike_sa; + this->ike_sa_init = sent_init; + this->nonce = received_nonce; +======= chunk_t received_nonce, chunk_t sent_init, char reserved[3]) { @@ -171,6 +225,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, .nonce = received_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } @@ -179,6 +234,20 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, +<<<<<<< HEAD + chunk_t sent_nonce, chunk_t received_init) +{ + private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); + + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))return_failed; + this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; + this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; + + this->ike_sa = ike_sa; + this->ike_sa_init = received_init; + this->nonce = sent_nonce; +======= chunk_t sent_nonce, chunk_t received_init, char reserved[3]) { @@ -198,6 +267,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, .nonce = sent_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/psk_authenticator.h b/src/libcharon/sa/authenticators/psk_authenticator.h index 8cf1a0f98..2897c3fe2 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.h +++ b/src/libcharon/sa/authenticators/psk_authenticator.h @@ -42,12 +42,19 @@ struct psk_authenticator_t { * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD + * @return PSK authenticator + */ +psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, + chunk_t received_nonce, chunk_t sent_init); +======= * @param reserved reserved bytes of ID payload * @return PSK authenticator */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Create an authenticator to verify PSK signatures. @@ -55,11 +62,18 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data +<<<<<<< HEAD + * @return PSK authenticator + */ +psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, + chunk_t sent_nonce, chunk_t received_init); +======= * @param reserved reserved bytes of ID payload * @return PSK authenticator */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init, char reserved[3]); +>>>>>>> upstream/4.5.1 #endif /** PSK_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index 247891670..030433db0 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c @@ -46,6 +46,14 @@ struct private_pubkey_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; +<<<<<<< HEAD +}; + +/** + * Implementation of authenticator_t.build for builder + */ +static status_t build(private_pubkey_authenticator_t *this, message_t *message) +======= /** * Reserved bytes of ID payload @@ -55,6 +63,7 @@ struct private_pubkey_authenticator_t { METHOD(authenticator_t, build, status_t, private_pubkey_authenticator_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { chunk_t octets, auth_data; status_t status = FAILED; @@ -112,7 +121,11 @@ METHOD(authenticator_t, build, status_t, } keymat = this->ike_sa->get_keymat(this->ike_sa); octets = keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, +<<<<<<< HEAD + this->nonce, id); +======= this->nonce, id, this->reserved); +>>>>>>> upstream/4.5.1 if (private->sign(private, scheme, octets, &auth_data)) { auth_payload = auth_payload_create(); @@ -131,8 +144,15 @@ METHOD(authenticator_t, build, status_t, return status; } +<<<<<<< HEAD +/** + * Implementation of authenticator_t.process for verifier + */ +static status_t process(private_pubkey_authenticator_t *this, message_t *message) +======= METHOD(authenticator_t, process, status_t, private_pubkey_authenticator_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { public_key_t *public; auth_method_t auth_method; @@ -176,7 +196,11 @@ METHOD(authenticator_t, process, status_t, id = this->ike_sa->get_other_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); octets = keymat->get_auth_octets(keymat, TRUE, this->ike_sa_init, +<<<<<<< HEAD + this->nonce, id); +======= this->nonce, id, this->reserved); +>>>>>>> upstream/4.5.1 auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, key_type, id, auth); @@ -207,8 +231,24 @@ METHOD(authenticator_t, process, status_t, return status; } +<<<<<<< HEAD +/** + * Implementation of authenticator_t.process for builder + * Implementation of authenticator_t.build for verifier + */ +static status_t return_failed() +{ + return FAILED; +} + +/** + * Implementation of authenticator_t.destroy. + */ +static void destroy(private_pubkey_authenticator_t *this) +======= METHOD(authenticator_t, destroy, void, private_pubkey_authenticator_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -217,6 +257,20 @@ METHOD(authenticator_t, destroy, void, * Described in header. */ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, +<<<<<<< HEAD + chunk_t received_nonce, chunk_t sent_init) +{ + private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); + + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; + this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; + this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; + + this->ike_sa = ike_sa; + this->ike_sa_init = sent_init; + this->nonce = received_nonce; +======= chunk_t received_nonce, chunk_t sent_init, char reserved[3]) { @@ -236,6 +290,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, .nonce = received_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } @@ -244,6 +299,20 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, +<<<<<<< HEAD + chunk_t sent_nonce, chunk_t received_init) +{ + private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); + + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))return_failed; + this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; + this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; + + this->ike_sa = ike_sa; + this->ike_sa_init = received_init; + this->nonce = sent_nonce; +======= chunk_t sent_nonce, chunk_t received_init, char reserved[3]) { @@ -263,6 +332,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, .nonce = sent_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.h b/src/libcharon/sa/authenticators/pubkey_authenticator.h index 4c3937ecc..9e2606b95 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.h +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.h @@ -43,12 +43,19 @@ struct pubkey_authenticator_t { * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_init sent IKE_SA_INIT message data +<<<<<<< HEAD + * @return public key authenticator + */ +pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, + chunk_t received_nonce, chunk_t sent_init); +======= * @param reserved reserved bytes of ID payload * @return public key authenticator */ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Create an authenticator to verify public key signatures. @@ -56,11 +63,18 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data +<<<<<<< HEAD + * @return public key authenticator + */ +pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, + chunk_t sent_nonce, chunk_t received_init); +======= * @param reserved reserved bytes of ID payload * @return public key authenticator */ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init, char reserved[3]); +>>>>>>> upstream/4.5.1 #endif /** PUBKEY_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 495929965..a29e692fd 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -559,14 +559,21 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t, METHOD(child_sa_t, install, status_t, private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi, +<<<<<<< HEAD + u_int16_t cpi, bool inbound, linked_list_t *my_ts, +======= u_int16_t cpi, bool inbound, bool tfcv3, linked_list_t *my_ts, +>>>>>>> upstream/4.5.1 linked_list_t *other_ts) { u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; traffic_selector_t *src_ts = NULL, *dst_ts = NULL; time_t now; lifetime_cfg_t *lifetime; +<<<<<<< HEAD +======= u_int32_t tfc = 0; +>>>>>>> upstream/4.5.1 host_t *src, *dst; status_t status; bool update = FALSE; @@ -591,11 +598,14 @@ METHOD(child_sa_t, install, status_t, dst = this->other_addr; this->other_spi = spi; this->other_cpi = cpi; +<<<<<<< HEAD +======= if (tfcv3) { tfc = this->config->get_tfc(this->config); } +>>>>>>> upstream/4.5.1 } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", @@ -626,7 +636,11 @@ METHOD(child_sa_t, install, status_t, lifetime->time.rekey = 0; } +<<<<<<< HEAD + if (this->mode == MODE_BEET) +======= if (this->mode == MODE_BEET || this->mode == MODE_TRANSPORT) +>>>>>>> upstream/4.5.1 { /* BEET requires the bound address from the traffic selectors. * TODO: We add just the first traffic selector for now, as the @@ -645,7 +659,11 @@ METHOD(child_sa_t, install, status_t, status = hydra->kernel_interface->add_sa(hydra->kernel_interface, src, dst, spi, proto_ike2ip(this->protocol), this->reqid, +<<<<<<< HEAD + inbound ? this->mark_in : this->mark_out, +======= inbound ? this->mark_in : this->mark_out, tfc, +>>>>>>> upstream/4.5.1 lifetime, enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, this->encap, update, src_ts, dst_ts); diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index f17ef01ac..513807b34 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -313,13 +313,20 @@ struct child_sa_t { * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param inbound TRUE to install an inbound SA, FALSE for outbound +<<<<<<< HEAD +======= * @param tfcv3 TRUE if peer supports ESPv3 TFC +>>>>>>> upstream/4.5.1 * @param my_ts negotiated local traffic selector list * @param other_ts negotiated remote traffic selector list * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, +<<<<<<< HEAD + u_int32_t spi, u_int16_t cpi, bool inbound, +======= u_int32_t spi, u_int16_t cpi, bool inbound, bool tfcv3, +>>>>>>> upstream/4.5.1 linked_list_t *my_ts, linked_list_t *other_ts); /** * Install the policies using some traffic selectors. diff --git a/src/libcharon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c index 972cc98ad..f481f2059 100644 --- a/src/libcharon/sa/connect_manager.c +++ b/src/libcharon/sa/connect_manager.c @@ -1194,10 +1194,14 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) DBG1(DBG_IKE, "establishing mediated connection failed"); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); } +<<<<<<< HEAD + charon->ike_sa_manager->checkin(charon->ike_sa_manager, sa); +======= else { charon->ike_sa_manager->checkin(charon->ike_sa_manager, sa); } +>>>>>>> upstream/4.5.1 } iterator->destroy(iterator); } diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 9b6f9d06d..58d24b48c 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -50,7 +50,10 @@ #include <processing/jobs/send_dpd_job.h> #include <processing/jobs/send_keepalive_job.h> #include <processing/jobs/rekey_ike_sa_job.h> +<<<<<<< HEAD +======= #include <encoding/payloads/unknown_payload.h> +>>>>>>> upstream/4.5.1 #ifdef ME #include <sa/tasks/ike_me.h> @@ -560,6 +563,16 @@ METHOD(ike_sa_t, send_dpd, status_t, time_t diff, delay; delay = this->peer_cfg->get_dpd(this->peer_cfg); +<<<<<<< HEAD + + if (delay == 0) + { + /* DPD disabled */ + return SUCCESS; + } + +======= +>>>>>>> upstream/4.5.1 if (this->task_manager->busy(this->task_manager)) { /* an exchange is in the air, no need to start a DPD check */ @@ -572,7 +585,11 @@ METHOD(ike_sa_t, send_dpd, status_t, last_in = get_use_time(this, TRUE); now = time_monotonic(NULL); diff = now - last_in; +<<<<<<< HEAD + if (diff >= delay) +======= if (!delay || diff >= delay) +>>>>>>> upstream/4.5.1 { /* to long ago, initiate dead peer detection */ task_t *task; @@ -598,11 +615,16 @@ METHOD(ike_sa_t, send_dpd, status_t, } } /* recheck in "interval" seconds */ +<<<<<<< HEAD + job = (job_t*)send_dpd_job_create(this->ike_sa_id); + lib->scheduler->schedule_job(lib->scheduler, job, delay - diff); +======= if (delay) { job = (job_t*)send_dpd_job_create(this->ike_sa_id); lib->scheduler->schedule_job(lib->scheduler, job, delay - diff); } +>>>>>>> upstream/4.5.1 return SUCCESS; } @@ -677,10 +699,14 @@ METHOD(ike_sa_t, set_state, void, } /* start DPD checks */ +<<<<<<< HEAD + send_dpd(this); +======= if (this->peer_cfg->get_dpd(this->peer_cfg)) { send_dpd(this); } +>>>>>>> upstream/4.5.1 } break; } @@ -825,7 +851,11 @@ METHOD(ike_sa_t, float_ports, void, } METHOD(ike_sa_t, update_hosts, void, +<<<<<<< HEAD + private_ike_sa_t *this, host_t *me, host_t *other) +======= private_ike_sa_t *this, host_t *me, host_t *other, bool force) +>>>>>>> upstream/4.5.1 { bool update = FALSE; @@ -858,7 +888,11 @@ METHOD(ike_sa_t, update_hosts, void, if (!other->equals(other, this->other_host)) { /* update others adress if we are NOT NATed */ +<<<<<<< HEAD + if (!has_condition(this, COND_NAT_HERE)) +======= if (force || !has_condition(this, COND_NAT_HERE)) +>>>>>>> upstream/4.5.1 { set_other_host(this, other->clone(other)); update = TRUE; @@ -891,6 +925,10 @@ METHOD(ike_sa_t, update_hosts, void, METHOD(ike_sa_t, generate_message, status_t, private_ike_sa_t *this, message_t *message, packet_t **packet) { +<<<<<<< HEAD + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); + message->set_ike_sa_id(message, this->ike_sa_id); +======= if (message->is_encoded(message)) { /* already done */ *packet = message->get_packet(message); @@ -899,6 +937,7 @@ METHOD(ike_sa_t, generate_message, status_t, this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); charon->bus->message(charon->bus, message, FALSE); +>>>>>>> upstream/4.5.1 return message->generate(message, this->keymat->get_aead(this->keymat, FALSE), packet); } @@ -907,7 +946,11 @@ METHOD(ike_sa_t, generate_message, status_t, * send a notify back to the sender */ static void send_notify_response(private_ike_sa_t *this, message_t *request, +<<<<<<< HEAD + notify_type_t type) +======= notify_type_t type, chunk_t data) +>>>>>>> upstream/4.5.1 { message_t *response; packet_t *packet; @@ -916,7 +959,11 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, response->set_exchange_type(response, request->get_exchange_type(request)); response->set_request(response, FALSE); response->set_message_id(response, request->get_message_id(request)); +<<<<<<< HEAD + response->add_notify(response, FALSE, type, chunk_empty); +======= response->add_notify(response, FALSE, type, data); +>>>>>>> upstream/4.5.1 if (this->my_host->is_anyaddr(this->my_host)) { this->my_host->destroy(this->my_host); @@ -1181,7 +1228,10 @@ METHOD(ike_sa_t, process_message, status_t, { status_t status; bool is_request; +<<<<<<< HEAD +======= u_int8_t type = 0; +>>>>>>> upstream/4.5.1 if (this->state == IKE_PASSIVE) { /* do not handle messages in passive state */ @@ -1192,6 +1242,11 @@ METHOD(ike_sa_t, process_message, status_t, status = message->parse_body(message, this->keymat->get_aead(this->keymat, TRUE)); +<<<<<<< HEAD + if (status != SUCCESS) + { + +======= if (status == SUCCESS) { /* check for unsupported critical payloads */ enumerator_t *enumerator; @@ -1215,6 +1270,7 @@ METHOD(ike_sa_t, process_message, status_t, } if (status != SUCCESS) { +>>>>>>> upstream/4.5.1 if (is_request) { switch (status) @@ -1223,28 +1279,40 @@ METHOD(ike_sa_t, process_message, status_t, DBG1(DBG_IKE, "critical unknown payloads found"); if (is_request) { +<<<<<<< HEAD + send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD); +======= send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD, chunk_from_thing(type)); this->task_manager->incr_mid(this->task_manager, FALSE); +>>>>>>> upstream/4.5.1 } break; case PARSE_ERROR: DBG1(DBG_IKE, "message parsing failed"); if (is_request) { +<<<<<<< HEAD + send_notify_response(this, message, INVALID_SYNTAX); +======= send_notify_response(this, message, INVALID_SYNTAX, chunk_empty); this->task_manager->incr_mid(this->task_manager, FALSE); +>>>>>>> upstream/4.5.1 } break; case VERIFY_ERROR: DBG1(DBG_IKE, "message verification failed"); if (is_request) { +<<<<<<< HEAD + send_notify_response(this, message, INVALID_SYNTAX); +======= send_notify_response(this, message, INVALID_SYNTAX, chunk_empty); this->task_manager->incr_mid(this->task_manager, FALSE); +>>>>>>> upstream/4.5.1 } break; case FAILED: @@ -1253,6 +1321,13 @@ METHOD(ike_sa_t, process_message, status_t, break; case INVALID_STATE: DBG1(DBG_IKE, "found encrypted message, but no keys available"); +<<<<<<< HEAD + if (is_request) + { + send_notify_response(this, message, INVALID_SYNTAX); + } +======= +>>>>>>> upstream/4.5.1 default: break; } @@ -1282,8 +1357,12 @@ METHOD(ike_sa_t, process_message, status_t, /* no config found for these hosts, destroy */ DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N", me, other, notify_type_names, NO_PROPOSAL_CHOSEN); +<<<<<<< HEAD + send_notify_response(this, message, NO_PROPOSAL_CHOSEN); +======= send_notify_response(this, message, NO_PROPOSAL_CHOSEN, chunk_empty); +>>>>>>> upstream/4.5.1 return DESTROY_ME; } /* add a timeout if peer does not establish it completely */ diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 988100bcc..1f96f9abd 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -343,9 +343,14 @@ struct ike_sa_t { * * @param me new local host address, or NULL * @param other new remote host address, or NULL +<<<<<<< HEAD + */ + void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other); +======= * @param force force update */ void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other, bool force); +>>>>>>> upstream/4.5.1 /** * Get the own identification. diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index d695c7f7c..ea31f5359 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1,7 +1,12 @@ /* +<<<<<<< HEAD + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2005-2008 Martin Willi +======= * Copyright (C) 2005-2011 Martin Willi * Copyright (C) 2011 revosec AG * Copyright (C) 2008 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -86,9 +91,13 @@ struct entry_t { chunk_t init_hash; /** +<<<<<<< HEAD + * remote host address, required for DoS detection +======= * remote host address, required for DoS detection and duplicate * checking (host with same my_id and other_id is *not* considered * a duplicate if the address family differs) +>>>>>>> upstream/4.5.1 */ host_t *other; @@ -244,9 +253,12 @@ struct connected_peers_t { /** remote identity */ identification_t *other_id; +<<<<<<< HEAD +======= /** ip address family of peer */ int family; +>>>>>>> upstream/4.5.1 /** list of ike_sa_id_t objects of IKE_SAs between the two identities */ linked_list_t *sas; }; @@ -263,12 +275,19 @@ static void connected_peers_destroy(connected_peers_t *this) * Function that matches connected_peers_t objects by the given ids. */ static bool connected_peers_match(connected_peers_t *connected_peers, +<<<<<<< HEAD + identification_t *my_id, identification_t *other_id) +{ + return my_id->equals(my_id, connected_peers->my_id) && + other_id->equals(other_id, connected_peers->other_id); +======= identification_t *my_id, identification_t *other_id, uintptr_t family) { return my_id->equals(my_id, connected_peers->my_id) && other_id->equals(other_id, connected_peers->other_id) && family == connected_peers->family; +>>>>>>> upstream/4.5.1 } typedef struct segment_t segment_t; @@ -404,7 +423,11 @@ static void lock_all_segments(private_ike_sa_manager_t *this) { u_int i; +<<<<<<< HEAD + for (i = 0; i < this->segment_count; ++i) +======= for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->segments[i].mutex->lock(this->segments[i].mutex); } @@ -417,7 +440,11 @@ static void unlock_all_segments(private_ike_sa_manager_t *this) { u_int i; +<<<<<<< HEAD + for (i = 0; i < this->segment_count; ++i) +======= for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->segments[i].mutex->unlock(this->segments[i].mutex); } @@ -461,8 +488,15 @@ struct private_enumerator_t { enumerator_t *current; }; +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.enumerator.enumerate. + */ +static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segment) +======= METHOD(enumerator_t, enumerate, bool, private_enumerator_t *this, entry_t **entry, u_int *segment) +>>>>>>> upstream/4.5.1 { if (this->entry) { @@ -508,8 +542,15 @@ METHOD(enumerator_t, enumerate, bool, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of private_enumerator_t.enumerator.destroy. + */ +static void enumerator_destroy(private_enumerator_t *this) +======= METHOD(enumerator_t, enumerator_destroy, void, private_enumerator_t *this) +>>>>>>> upstream/4.5.1 { if (this->entry) { @@ -528,6 +569,18 @@ METHOD(enumerator_t, enumerator_destroy, void, */ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) { +<<<<<<< HEAD + private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); + + enumerator->enumerator.enumerate = (void*)enumerate; + enumerator->enumerator.destroy = (void*)enumerator_destroy; + enumerator->manager = this; + enumerator->segment = 0; + enumerator->entry = NULL; + enumerator->row = 0; + enumerator->current = NULL; + +======= private_enumerator_t *enumerator; INIT(enumerator, @@ -537,6 +590,7 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) }, .manager = this, ); +>>>>>>> upstream/4.5.1 return &enumerator->enumerator; } @@ -547,6 +601,13 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; +<<<<<<< HEAD + u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; + u_int segment = row & this->segment_mask; + + lock_single_segment(this, segment); + if ((list = this->ike_sa_table[row]) == NULL) +======= u_int row, segment; row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; @@ -555,6 +616,7 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) lock_single_segment(this, segment); list = this->ike_sa_table[row]; if (!list) +>>>>>>> upstream/4.5.1 { list = this->ike_sa_table[row] = linked_list_create(); } @@ -570,6 +632,16 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; +<<<<<<< HEAD + u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; + u_int segment = row & this->segment_mask; + + if ((list = this->ike_sa_table[row]) != NULL) + { + entry_t *current; + + enumerator_t *enumerator = list->create_enumerator(list); +======= u_int row, segment; row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; @@ -581,6 +653,7 @@ static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) enumerator_t *enumerator; enumerator = list->create_enumerator(list); +>>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, ¤t)) { if (current == entry) @@ -618,6 +691,13 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, { entry_t *current; linked_list_t *list; +<<<<<<< HEAD + u_int row = ike_sa_id_hash(ike_sa_id) & this->table_mask; + u_int seg = row & this->segment_mask; + + lock_single_segment(this, seg); + if ((list = this->ike_sa_table[row]) != NULL) +======= u_int row, seg; row = ike_sa_id_hash(ike_sa_id) & this->table_mask; @@ -626,6 +706,7 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, lock_single_segment(this, seg); list = this->ike_sa_table[row]; if (list) +>>>>>>> upstream/4.5.1 { if (list->find_first(list, match, (void**)¤t, p1, p2) == SUCCESS) { @@ -709,6 +790,21 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) { half_open_t *half_open = NULL; linked_list_t *list; +<<<<<<< HEAD + chunk_t addr = entry->other->get_address(entry->other); + u_int row = chunk_hash(addr) & this->table_mask; + u_int segment = row & this->segment_mask; + + rwlock_t *lock = this->half_open_segments[segment].lock; + lock->write_lock(lock); + if ((list = this->half_open_table[row]) == NULL) + { + list = this->half_open_table[row] = linked_list_create(); + } + else + { + half_open_t *current; +======= chunk_t addr; u_int row, segment; rwlock_t *lock; @@ -723,6 +819,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) { half_open_t *current; +>>>>>>> upstream/4.5.1 if (list->find_first(list, (linked_list_match_t)half_open_match, (void**)¤t, &addr) == SUCCESS) { @@ -731,6 +828,14 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) this->half_open_segments[segment].count++; } } +<<<<<<< HEAD + + if (!half_open) + { + half_open = malloc_thing(half_open_t); + half_open->other = chunk_clone(addr); + half_open->count = 1; +======= else { list = this->half_open_table[row] = linked_list_create(); @@ -742,6 +847,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) .other = chunk_clone(addr), .count = 1, ); +>>>>>>> upstream/4.5.1 list->insert_last(list, half_open); this->half_open_segments[segment].count++; } @@ -754,6 +860,18 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; +<<<<<<< HEAD + chunk_t addr = entry->other->get_address(entry->other); + u_int row = chunk_hash(addr) & this->table_mask; + u_int segment = row & this->segment_mask; + + rwlock_t *lock = this->half_open_segments[segment].lock; + lock->write_lock(lock); + if ((list = this->half_open_table[row]) != NULL) + { + half_open_t *current; + enumerator_t *enumerator = list->create_enumerator(list); +======= chunk_t addr; u_int row, segment; rwlock_t *lock; @@ -770,6 +888,7 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) enumerator_t *enumerator; enumerator = list->create_enumerator(list); +>>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, ¤t)) { if (half_open_match(current, &addr)) @@ -793,6 +912,26 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) */ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) { +<<<<<<< HEAD + linked_list_t *list; + connected_peers_t *connected_peers = NULL; + chunk_t my_id = entry->my_id->get_encoding(entry->my_id), + other_id = entry->other_id->get_encoding(entry->other_id); + u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; + u_int segment = row & this->segment_mask; + + rwlock_t *lock = this->connected_peers_segments[segment].lock; + lock->write_lock(lock); + if ((list = this->connected_peers_table[row]) == NULL) + { + list = this->connected_peers_table[row] = linked_list_create(); + } + else + { + connected_peers_t *current; + if (list->find_first(list, (linked_list_match_t)connected_peers_match, + (void**)¤t, entry->my_id, entry->other_id) == SUCCESS) +======= connected_peers_t *connected_peers = NULL; chunk_t my_id, other_id; linked_list_t *list; @@ -813,6 +952,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, entry->my_id, entry->other_id, (uintptr_t)entry->other->get_family(entry->other)) == SUCCESS) +>>>>>>> upstream/4.5.1 { connected_peers = current; if (connected_peers->sas->find_first(connected_peers->sas, @@ -824,6 +964,15 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) } } } +<<<<<<< HEAD + + if (!connected_peers) + { + connected_peers = malloc_thing(connected_peers_t); + connected_peers->my_id = entry->my_id->clone(entry->my_id); + connected_peers->other_id = entry->other_id->clone(entry->other_id); + connected_peers->sas = linked_list_create(); +======= else { list = this->connected_peers_table[row] = linked_list_create(); @@ -837,6 +986,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) .family = entry->other->get_family(entry->other), .sas = linked_list_create(), ); +>>>>>>> upstream/4.5.1 list->insert_last(list, connected_peers); } connected_peers->sas->insert_last(connected_peers->sas, @@ -850,6 +1000,26 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) */ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) { +<<<<<<< HEAD + linked_list_t *list; + chunk_t my_id = entry->my_id->get_encoding(entry->my_id), + other_id = entry->other_id->get_encoding(entry->other_id); + u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; + u_int segment = row & this->segment_mask; + + rwlock_t *lock = this->connected_peers_segments[segment].lock; + lock->write_lock(lock); + if ((list = this->connected_peers_table[row]) != NULL) + { + connected_peers_t *current; + enumerator_t *enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (connected_peers_match(current, entry->my_id, entry->other_id)) + { + ike_sa_id_t *ike_sa_id; + enumerator_t *inner = current->sas->create_enumerator(current->sas); +======= chunk_t my_id, other_id; linked_list_t *list; u_int row, segment; @@ -878,6 +1048,7 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr enumerator_t *inner; inner = current->sas->create_enumerator(current->sas); +>>>>>>> upstream/4.5.1 while (inner->enumerate(inner, &ike_sa_id)) { if (ike_sa_id->equals(ike_sa_id, entry->ike_sa_id)) @@ -903,6 +1074,22 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr } /** +<<<<<<< HEAD + * Implementation of private_ike_sa_manager_t.get_next_spi. + */ +static u_int64_t get_next_spi(private_ike_sa_manager_t *this) +{ + u_int64_t spi; + + this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi); + return spi; +} + +/** + * Implementation of of ike_sa_manager.checkout. + */ +static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id) +======= * Get a random SPI for new IKE_SAs */ static u_int64_t get_spi(private_ike_sa_manager_t *this) @@ -918,6 +1105,7 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) METHOD(ike_sa_manager_t, checkout, ike_sa_t*, private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id) +>>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa = NULL; entry_t *entry; @@ -940,6 +1128,27 @@ METHOD(ike_sa_manager_t, checkout, ike_sa_t*, return ike_sa; } +<<<<<<< HEAD +/** + * Implementation of of ike_sa_manager.checkout_new. + */ +static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) +{ + ike_sa_id_t *ike_sa_id; + ike_sa_t *ike_sa; + entry_t *entry; + u_int segment; + + if (initiator) + { + ike_sa_id = ike_sa_id_create(get_next_spi(this), 0, TRUE); + } + else + { + ike_sa_id = ike_sa_id_create(0, get_next_spi(this), FALSE); + } + ike_sa = ike_sa_create(ike_sa_id); +======= METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, private_ike_sa_manager_t* this, bool initiator) { @@ -956,30 +1165,63 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, } ike_sa = ike_sa_create(ike_sa_id); ike_sa_id->destroy(ike_sa_id); +>>>>>>> upstream/4.5.1 DBG2(DBG_MGR, "created IKE_SA %s[%u]", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa)); +<<<<<<< HEAD + if (!initiator) + { + ike_sa_id->destroy(ike_sa_id); + return ike_sa; + } + + entry = entry_create(); + entry->ike_sa_id = ike_sa_id; + entry->ike_sa = ike_sa; + segment = put_entry(this, entry); + entry->checked_out = TRUE; + unlock_single_segment(this, segment); + return entry->ike_sa; +} + +/** + * Implementation of of ike_sa_manager.checkout_by_message. + */ +static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, + message_t *message) +======= return ike_sa; } METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, private_ike_sa_manager_t* this, message_t *message) +>>>>>>> upstream/4.5.1 { u_int segment; entry_t *entry; ike_sa_t *ike_sa = NULL; +<<<<<<< HEAD + ike_sa_id_t *id = message->get_ike_sa_id(message); + +======= ike_sa_id_t *id; id = message->get_ike_sa_id(message); +>>>>>>> upstream/4.5.1 id = id->clone(id); id->switch_initiator(id); DBG2(DBG_MGR, "checkout IKE_SA by message"); if (message->get_request(message) && +<<<<<<< HEAD + message->get_exchange_type(message) == IKE_SA_INIT) +======= message->get_exchange_type(message) == IKE_SA_INIT && this->hasher) +>>>>>>> upstream/4.5.1 { /* IKE_SA_INIT request. Check for an IKE_SA with such a message hash. */ chunk_t data, hash; @@ -1015,7 +1257,11 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, message->get_exchange_type(message) == IKE_SA_INIT) { /* no IKE_SA found, create a new one */ +<<<<<<< HEAD + id->set_responder_spi(id, get_next_spi(this)); +======= id->set_responder_spi(id, get_spi(this)); +>>>>>>> upstream/4.5.1 entry = entry_create(); entry->ike_sa = ike_sa_create(id); entry->ike_sa_id = id->clone(id); @@ -1075,8 +1321,16 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, return ike_sa; } +<<<<<<< HEAD +/** + * Implementation of of ike_sa_manager.checkout_by_config. + */ +static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, + peer_cfg_t *peer_cfg) +======= METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; entry_t *entry; @@ -1131,8 +1385,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, return ike_sa; } +<<<<<<< HEAD +/** + * Implementation of of ike_sa_manager.checkout_by_id. + */ +static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, + bool child) +======= METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, private_ike_sa_manager_t *this, u_int32_t id, bool child) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *children; @@ -1185,8 +1447,16 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, return ike_sa; } +<<<<<<< HEAD +/** + * Implementation of of ike_sa_manager.checkout_by_name. + */ +static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, + bool child) +======= METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*, private_ike_sa_manager_t *this, char *name, bool child) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *children; @@ -1251,6 +1521,22 @@ static bool enumerator_filter(private_ike_sa_manager_t *this, return FALSE; } +<<<<<<< HEAD +/** + * Implementation of ike_sa_manager_t.create_enumerator. + */ +static enumerator_t *create_enumerator(private_ike_sa_manager_t* this) +{ + return enumerator_create_filter( + create_table_enumerator(this), + (void*)enumerator_filter, this, NULL); +} + +/** + * Implementation of ike_sa_manager_t.checkin. + */ +static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) +======= METHOD(ike_sa_manager_t, create_enumerator, enumerator_t*, private_ike_sa_manager_t* this) { @@ -1260,6 +1546,7 @@ METHOD(ike_sa_manager_t, create_enumerator, enumerator_t*, METHOD(ike_sa_manager_t, checkin, void, private_ike_sa_manager_t *this, ike_sa_t *ike_sa) +>>>>>>> upstream/4.5.1 { /* to check the SA back in, we look for the pointer of the ike_sa * in all entries. @@ -1324,16 +1611,25 @@ METHOD(ike_sa_manager_t, checkin, void, segment = put_entry(this, entry); } +<<<<<<< HEAD + /* apply identities for duplicate test (only as responder) */ + if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && + ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && +======= /* apply identities for duplicate test */ if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && +>>>>>>> upstream/4.5.1 entry->my_id == NULL && entry->other_id == NULL) { entry->my_id = my_id->clone(my_id); entry->other_id = other_id->clone(other_id); +<<<<<<< HEAD +======= if (!entry->other) { entry->other = other->clone(other); } +>>>>>>> upstream/4.5.1 put_connected_peers(this, entry); } @@ -1342,8 +1638,15 @@ METHOD(ike_sa_manager_t, checkin, void, charon->bus->set_sa(charon->bus, NULL); } +<<<<<<< HEAD +/** + * Implementation of ike_sa_manager_t.checkin_and_destroy. + */ +static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) +======= METHOD(ike_sa_manager_t, checkin_and_destroy, void, private_ike_sa_manager_t *this, ike_sa_t *ike_sa) +>>>>>>> upstream/4.5.1 { /* deletion is a bit complex, we must ensure that no thread is waiting for * this SA. @@ -1380,7 +1683,12 @@ METHOD(ike_sa_manager_t, checkin_and_destroy, void, { remove_half_open(this, entry); } +<<<<<<< HEAD + if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && + entry->my_id && entry->other_id) +======= if (entry->my_id && entry->other_id) +>>>>>>> upstream/4.5.1 { remove_connected_peers(this, entry); } @@ -1397,8 +1705,16 @@ METHOD(ike_sa_manager_t, checkin_and_destroy, void, charon->bus->set_sa(charon->bus, NULL); } +<<<<<<< HEAD + +/** + * Implementation of ike_sa_manager_t.check_uniqueness. + */ +static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) +======= METHOD(ike_sa_manager_t, check_uniqueness, bool, private_ike_sa_manager_t *this, ike_sa_t *ike_sa, bool force_replace) +>>>>>>> upstream/4.5.1 { bool cancel = FALSE; peer_cfg_t *peer_cfg; @@ -1412,7 +1728,11 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); +<<<<<<< HEAD + if (policy == UNIQUE_NO) +======= if (policy == UNIQUE_NO && !force_replace) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -1426,6 +1746,14 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, lock = this->connected_peers_segments[segment & this->segment_mask].lock; lock->read_lock(lock); +<<<<<<< HEAD + if ((list = this->connected_peers_table[row]) != NULL) + { + connected_peers_t *current; + + if (list->find_first(list, (linked_list_match_t)connected_peers_match, + (void**)¤t, me, other) == SUCCESS) +======= list = this->connected_peers_table[row]; if (list) { @@ -1436,6 +1764,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, me, other, (uintptr_t)other_host->get_family(other_host)) == SUCCESS) +>>>>>>> upstream/4.5.1 { /* clone the list, so we can release the lock */ duplicate_ids = current->sas->clone_offset(current->sas, @@ -1460,6 +1789,8 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, { continue; } +<<<<<<< HEAD +======= if (force_replace) { DBG1(DBG_IKE, "destroying duplicate IKE_SA for peer '%Y', " @@ -1467,6 +1798,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, checkin_and_destroy(this, duplicate); continue; } +>>>>>>> upstream/4.5.1 peer_cfg = duplicate->get_peer_cfg(duplicate); if (peer_cfg && peer_cfg->equals(peer_cfg, ike_sa->get_peer_cfg(ike_sa))) { @@ -1511,6 +1843,13 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, return cancel; } +<<<<<<< HEAD +/** + * Implementation of ike_sa_manager_t.get_half_open_count. + */ +static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) +{ +======= METHOD(ike_sa_manager_t, has_contact, bool, private_ike_sa_manager_t *this, identification_t *me, identification_t *other, int family) @@ -1546,14 +1885,24 @@ METHOD(ike_sa_manager_t, get_half_open_count, int, u_int segment, row; rwlock_t *lock; chunk_t addr; +>>>>>>> upstream/4.5.1 int count = 0; if (ip) { +<<<<<<< HEAD + linked_list_t *list; + chunk_t addr = ip->get_address(ip); + u_int row = chunk_hash(addr) & this->table_mask; + u_int segment = row & this->segment_mask; + + rwlock_t *lock = this->half_open_segments[segment & this->segment_mask].lock; +======= addr = ip->get_address(ip); row = chunk_hash(addr) & this->table_mask; segment = row & this->segment_mask; lock = this->half_open_segments[segment & this->segment_mask].lock; +>>>>>>> upstream/4.5.1 lock->read_lock(lock); if ((list = this->half_open_table[row]) != NULL) { @@ -1569,19 +1918,38 @@ METHOD(ike_sa_manager_t, get_half_open_count, int, } else { +<<<<<<< HEAD + u_int segment; + + for (segment = 0; segment < this->segment_count; ++segment) + { + rwlock_t *lock; +======= for (segment = 0; segment < this->segment_count; segment++) { +>>>>>>> upstream/4.5.1 lock = this->half_open_segments[segment & this->segment_mask].lock; lock->read_lock(lock); count += this->half_open_segments[segment].count; lock->unlock(lock); } } +<<<<<<< HEAD + + return count; +} + +/** + * Implementation of ike_sa_manager_t.flush. + */ +static void flush(private_ike_sa_manager_t *this) +======= return count; } METHOD(ike_sa_manager_t, flush, void, private_ike_sa_manager_t *this) +>>>>>>> upstream/4.5.1 { /* destroy all list entries */ enumerator_t *enumerator; @@ -1645,7 +2013,12 @@ METHOD(ike_sa_manager_t, flush, void, { remove_half_open(this, entry); } +<<<<<<< HEAD + if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && + entry->my_id && entry->other_id) +======= if (entry->my_id && entry->other_id) +>>>>>>> upstream/4.5.1 { remove_connected_peers(this, entry); } @@ -1657,6 +2030,34 @@ METHOD(ike_sa_manager_t, flush, void, unlock_all_segments(this); this->rng->destroy(this->rng); +<<<<<<< HEAD + this->hasher->destroy(this->hasher); +} + +/** + * Implementation of ike_sa_manager_t.destroy. + */ +static void destroy(private_ike_sa_manager_t *this) +{ + u_int i; + + for (i = 0; i < this->table_size; ++i) + { + linked_list_t *list; + + if ((list = this->ike_sa_table[i]) != NULL) + { + list->destroy(list); + } + if ((list = this->half_open_table[i]) != NULL) + { + list->destroy(list); + } + if ((list = this->connected_peers_table[i]) != NULL) + { + list->destroy(list); + } +======= this->rng = NULL; this->hasher->destroy(this->hasher); this->hasher = NULL; @@ -1672,11 +2073,16 @@ METHOD(ike_sa_manager_t, destroy, void, DESTROY_IF(this->ike_sa_table[i]); DESTROY_IF(this->half_open_table[i]); DESTROY_IF(this->connected_peers_table[i]); +>>>>>>> upstream/4.5.1 } free(this->ike_sa_table); free(this->half_open_table); free(this->connected_peers_table); +<<<<<<< HEAD + for (i = 0; i < this->segment_count; ++i) +======= for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->segments[i].mutex->destroy(this->segments[i].mutex); this->half_open_segments[i].lock->destroy(this->half_open_segments[i].lock); @@ -1712,6 +2118,27 @@ static u_int get_nearest_powerof2(u_int n) */ ike_sa_manager_t *ike_sa_manager_create() { +<<<<<<< HEAD + u_int i; + private_ike_sa_manager_t *this = malloc_thing(private_ike_sa_manager_t); + + /* assign public functions */ + this->public.flush = (void(*)(ike_sa_manager_t*))flush; + this->public.destroy = (void(*)(ike_sa_manager_t*))destroy; + this->public.checkout = (ike_sa_t*(*)(ike_sa_manager_t*, ike_sa_id_t*))checkout; + this->public.checkout_new = (ike_sa_t*(*)(ike_sa_manager_t*,bool))checkout_new; + this->public.checkout_by_message = (ike_sa_t*(*)(ike_sa_manager_t*,message_t*))checkout_by_message; + this->public.checkout_by_config = (ike_sa_t*(*)(ike_sa_manager_t*,peer_cfg_t*))checkout_by_config; + this->public.checkout_by_id = (ike_sa_t*(*)(ike_sa_manager_t*,u_int32_t,bool))checkout_by_id; + this->public.checkout_by_name = (ike_sa_t*(*)(ike_sa_manager_t*,char*,bool))checkout_by_name; + this->public.check_uniqueness = (bool(*)(ike_sa_manager_t*, ike_sa_t *ike_sa))check_uniqueness; + this->public.create_enumerator = (enumerator_t*(*)(ike_sa_manager_t*))create_enumerator; + this->public.checkin = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin; + this->public.checkin_and_destroy = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin_and_destroy; + this->public.get_half_open_count = (int(*)(ike_sa_manager_t*,host_t*))get_half_open_count; + + /* initialize private variables */ +======= private_ike_sa_manager_t *this; u_int i; @@ -1734,6 +2161,7 @@ ike_sa_manager_t *ike_sa_manager_create() }, ); +>>>>>>> upstream/4.5.1 this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) { @@ -1749,7 +2177,10 @@ ike_sa_manager_t *ike_sa_manager_create() free(this); return NULL; } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 this->table_size = get_nearest_powerof2(lib->settings->get_int(lib->settings, "charon.ikesa_table_size", DEFAULT_HASHTABLE_SIZE)); this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE)); @@ -1759,10 +2190,18 @@ ike_sa_manager_t *ike_sa_manager_create() "charon.ikesa_table_segments", DEFAULT_SEGMENT_COUNT)); this->segment_count = max(1, min(this->segment_count, this->table_size)); this->segment_mask = this->segment_count - 1; +<<<<<<< HEAD + + this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); + + this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); + for (i = 0; i < this->segment_count; ++i) +======= this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->segments[i].mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->segments[i].count = 0; @@ -1771,7 +2210,11 @@ ike_sa_manager_t *ike_sa_manager_create() /* we use the same table parameters for the table to track half-open SAs */ this->half_open_table = calloc(this->table_size, sizeof(linked_list_t*)); this->half_open_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); +<<<<<<< HEAD + for (i = 0; i < this->segment_count; ++i) +======= for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->half_open_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->half_open_segments[i].count = 0; @@ -1780,7 +2223,11 @@ ike_sa_manager_t *ike_sa_manager_create() /* also for the hash table used for duplicate tests */ this->connected_peers_table = calloc(this->table_size, sizeof(linked_list_t*)); this->connected_peers_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); +<<<<<<< HEAD + for (i = 0; i < this->segment_count; ++i) +======= for (i = 0; i < this->segment_count; i++) +>>>>>>> upstream/4.5.1 { this->connected_peers_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->connected_peers_segments[i].count = 0; diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index ec157ab3a..2c81592d2 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -52,6 +52,12 @@ struct ike_sa_manager_t { /** * Create and check out a new IKE_SA. * +<<<<<<< HEAD + * @note If initiator equals FALSE, the returned IKE_SA is not registered + * in the manager. + * +======= +>>>>>>> upstream/4.5.1 * @param initiator TRUE for initiator, FALSE otherwise * @returns created and checked out IKE_SA */ @@ -106,6 +112,12 @@ struct ike_sa_manager_t { * deadlocks occur otherwise. * * @param ike_sa ike_sa to check +<<<<<<< HEAD + * @return TRUE, if the given IKE_SA has duplicates and + * should be deleted + */ + bool (*check_uniqueness)(ike_sa_manager_t *this, ike_sa_t *ike_sa); +======= * @param force_replace replace existing SAs, regardless of unique policy * @return TRUE, if the given IKE_SA has duplicates and * should be deleted @@ -123,6 +135,7 @@ struct ike_sa_manager_t { */ bool (*has_contact)(ike_sa_manager_t *this, identification_t *me, identification_t *other, int family); +>>>>>>> upstream/4.5.1 /** * Check out an IKE_SA a unique ID. diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c index 33ece24b2..2721fb3b9 100644 --- a/src/libcharon/sa/keymat.c +++ b/src/libcharon/sa/keymat.c @@ -214,7 +214,11 @@ static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg, { DBG1(DBG_IKE, "%N %N (key size %d) not supported!", transform_type_names, ENCRYPTION_ALGORITHM, +<<<<<<< HEAD + encryption_algorithm_names, enc_alg, key_size); +======= encryption_algorithm_names, enc_alg, enc_size); +>>>>>>> upstream/4.5.1 signer_i->destroy(signer_i); signer_r->destroy(signer_r); return FALSE; @@ -540,7 +544,11 @@ METHOD(keymat_t, get_aead, aead_t*, METHOD(keymat_t, get_auth_octets, chunk_t, private_keymat_t *this, bool verify, chunk_t ike_sa_init, +<<<<<<< HEAD + chunk_t nonce, identification_t *id) +======= chunk_t nonce, identification_t *id, char reserved[3]) +>>>>>>> upstream/4.5.1 { chunk_t chunk, idx, octets; chunk_t skp; @@ -548,8 +556,13 @@ METHOD(keymat_t, get_auth_octets, chunk_t, skp = verify ? this->skp_verify : this->skp_build; chunk = chunk_alloca(4); +<<<<<<< HEAD + memset(chunk.ptr, 0, chunk.len); + chunk.ptr[0] = id->get_type(id); +======= chunk.ptr[0] = id->get_type(id); memcpy(chunk.ptr + 1, reserved, 3); +>>>>>>> upstream/4.5.1 idx = chunk_cata("cc", chunk, id->get_encoding(id)); DBG3(DBG_IKE, "IDx' %B", &idx); @@ -570,7 +583,11 @@ METHOD(keymat_t, get_auth_octets, chunk_t, METHOD(keymat_t, get_psk_sig, chunk_t, private_keymat_t *this, bool verify, chunk_t ike_sa_init, +<<<<<<< HEAD + chunk_t nonce, chunk_t secret, identification_t *id) +======= chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3]) +>>>>>>> upstream/4.5.1 { chunk_t key_pad, key, sig, octets; @@ -578,7 +595,11 @@ METHOD(keymat_t, get_psk_sig, chunk_t, { /* EAP uses SK_p if no MSK has been established */ secret = verify ? this->skp_verify : this->skp_build; } +<<<<<<< HEAD + octets = get_auth_octets(this, verify, ike_sa_init, nonce, id); +======= octets = get_auth_octets(this, verify, ike_sa_init, nonce, id, reserved); +>>>>>>> upstream/4.5.1 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */ key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH); this->prf->set_key(this->prf, secret); diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h index 11e0fa79a..d1d0591c5 100644 --- a/src/libcharon/sa/keymat.h +++ b/src/libcharon/sa/keymat.h @@ -117,12 +117,19 @@ struct keymat_t { * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value * @param id identity +<<<<<<< HEAD + * @return authentication octets + */ + chunk_t (*get_auth_octets)(keymat_t *this, bool verify, chunk_t ike_sa_init, + chunk_t nonce, identification_t *id); +======= * @param reserved reserved bytes of id_payload * @return authentication octets */ chunk_t (*get_auth_octets)(keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Build the shared secret signature used for PSK and EAP authentication. * @@ -135,12 +142,19 @@ struct keymat_t { * @param nonce nonce value * @param secret optional secret to include into signature * @param id identity +<<<<<<< HEAD + * @return signature octets + */ + chunk_t (*get_psk_sig)(keymat_t *this, bool verify, chunk_t ike_sa_init, + chunk_t nonce, chunk_t secret, identification_t *id); +======= * @param reserved reserved bytes of id_payload * @return signature octets */ chunk_t (*get_psk_sig)(keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3]); +>>>>>>> upstream/4.5.1 /** * Destroy a keymat_t. */ diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index 9467d1586..97c5510f2 100644 --- a/src/libcharon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -465,6 +465,10 @@ METHOD(task_manager_t, initiate, status_t, /* update exchange type if a task changed it */ this->initiating.type = message->get_exchange_type(message); +<<<<<<< HEAD + charon->bus->message(charon->bus, message, FALSE); +======= +>>>>>>> upstream/4.5.1 status = this->ike_sa->generate_message(this->ike_sa, message, &this->initiating.packet); if (status != SUCCESS) @@ -653,6 +657,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request) /* message complete, send it */ DESTROY_IF(this->responding.packet); this->responding.packet = NULL; +<<<<<<< HEAD + charon->bus->message(charon->bus, message, FALSE); +======= +>>>>>>> upstream/4.5.1 status = this->ike_sa->generate_message(this->ike_sa, message, &this->responding.packet); message->destroy(message); @@ -880,12 +888,17 @@ static status_t process_request(private_task_manager_t *this, METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { +<<<<<<< HEAD + u_int32_t mid = msg->get_message_id(msg); + host_t *me = msg->get_destination(msg), *other = msg->get_source(msg); +======= host_t *me, *other; u_int32_t mid; mid = msg->get_message_id(msg); me = msg->get_destination(msg); other = msg->get_source(msg); +>>>>>>> upstream/4.5.1 if (msg->get_request(msg)) { @@ -897,6 +910,12 @@ METHOD(task_manager_t, process_message, status_t, { /* only do host updates based on verified messages */ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) { /* with MOBIKE, we do no implicit updates */ +<<<<<<< HEAD + this->ike_sa->update_hosts(this->ike_sa, me, other); + } + } + charon->bus->message(charon->bus, msg, TRUE); +======= this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1); } } @@ -905,6 +924,7 @@ METHOD(task_manager_t, process_message, status_t, { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ return SUCCESS; } +>>>>>>> upstream/4.5.1 if (process_request(this, msg) != SUCCESS) { flush(this); @@ -915,15 +935,26 @@ METHOD(task_manager_t, process_message, status_t, else if ((mid == this->responding.mid - 1) && this->responding.packet) { packet_t *clone; +<<<<<<< HEAD + host_t *me, *other; +======= host_t *host; +>>>>>>> upstream/4.5.1 DBG1(DBG_IKE, "received retransmit of request with ID %d, " "retransmitting response", mid); clone = this->responding.packet->clone(this->responding.packet); +<<<<<<< HEAD + me = msg->get_destination(msg); + other = msg->get_source(msg); + clone->set_source(clone, me->clone(me)); + clone->set_destination(clone, other->clone(other)); +======= host = msg->get_destination(msg); clone->set_source(clone, host->clone(host)); host = msg->get_source(msg); clone->set_destination(clone, host->clone(host)); +>>>>>>> upstream/4.5.1 charon->sender->send(charon->sender, clone); } else @@ -942,6 +973,12 @@ METHOD(task_manager_t, process_message, status_t, { /* only do host updates based on verified messages */ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) { /* with MOBIKE, we do no implicit updates */ +<<<<<<< HEAD + this->ike_sa->update_hosts(this->ike_sa, me, other); + } + } + charon->bus->message(charon->bus, msg, TRUE); +======= this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE); } } @@ -950,6 +987,7 @@ METHOD(task_manager_t, process_message, status_t, { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ return SUCCESS; } +>>>>>>> upstream/4.5.1 if (process_response(this, msg) != SUCCESS) { flush(this); @@ -1012,6 +1050,8 @@ METHOD(task_manager_t, busy, bool, return (this->active_tasks->get_count(this->active_tasks) > 0); } +<<<<<<< HEAD +======= METHOD(task_manager_t, incr_mid, void, private_task_manager_t *this, bool initiate) { @@ -1025,6 +1065,7 @@ METHOD(task_manager_t, incr_mid, void, } } +>>>>>>> upstream/4.5.1 METHOD(task_manager_t, reset, void, private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) { @@ -1108,7 +1149,10 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) .queue_task = _queue_task, .initiate = _initiate, .retransmit = _retransmit, +<<<<<<< HEAD +======= .incr_mid = _incr_mid, +>>>>>>> upstream/4.5.1 .reset = _reset, .adopt_tasks = _adopt_tasks, .busy = _busy, diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index 5bc6c80c4..f5dcc8977 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -149,6 +149,8 @@ struct task_manager_t { void (*adopt_tasks) (task_manager_t *this, task_manager_t *other); /** +<<<<<<< HEAD +======= * Increment a message ID counter, in- or outbound. * * If a message is processed outside of the manager, this call increments @@ -159,6 +161,7 @@ struct task_manager_t { void (*incr_mid)(task_manager_t *this, bool initiate); /** +>>>>>>> upstream/4.5.1 * Reset message ID counters of the task manager. * * The IKEv2 protocol requires to restart exchanges with message IDs diff --git a/src/libcharon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index fc02a334b..16f7b6d81 100644 --- a/src/libcharon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -117,11 +117,14 @@ struct private_child_create_t { ipsec_mode_t mode; /** +<<<<<<< HEAD +======= * peer accepts TFC padding for this SA */ bool tfcv3; /** +>>>>>>> upstream/4.5.1 * IPComp transform to use */ ipcomp_transform_t ipcomp; @@ -460,6 +463,19 @@ static status_t select_and_install(private_child_create_t *this, { if (this->initiator) { +<<<<<<< HEAD + status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, + this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); + status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, + this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); + } + else + { + status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, + this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); + status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, + this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); +======= status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, TRUE, this->tfcv3, my_ts, other_ts); @@ -475,6 +491,7 @@ static status_t select_and_install(private_child_create_t *this, status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, this->other_spi, this->other_cpi, FALSE, this->tfcv3, my_ts, other_ts); +>>>>>>> upstream/4.5.1 } } chunk_clear(&integ_i); @@ -640,6 +657,9 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify ipcomp_transform_names, ipcomp); break; } +<<<<<<< HEAD + } +======= break; } case ESP_TFC_PADDING_NOT_SUPPORTED: @@ -647,6 +667,7 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify notify_type_names, notify->get_notify_type(notify)); this->tfcv3 = FALSE; break; +>>>>>>> upstream/4.5.1 default: break; } @@ -706,8 +727,15 @@ static void process_payloads(private_child_create_t *this, message_t *message) enumerator->destroy(enumerator); } +<<<<<<< HEAD +/** + * Implementation of task_t.build for initiator + */ +static status_t build_i(private_child_create_t *this, message_t *message) +======= METHOD(task_t, build_i, status_t, private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { host_t *me, *other, *vip; peer_cfg_t *peer_cfg; @@ -844,8 +872,15 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } +<<<<<<< HEAD +/** + * Implementation of task_t.process for responder + */ +static status_t process_r(private_child_create_t *this, message_t *message) +======= METHOD(task_t, process_r, status_t, private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { switch (message->get_exchange_type(message)) { @@ -888,8 +923,15 @@ static void handle_child_sa_failure(private_child_create_t *this, } } +<<<<<<< HEAD +/** + * Implementation of task_t.build for responder + */ +static status_t build_r(private_child_create_t *this, message_t *message) +======= METHOD(task_t, build_r, status_t, private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; payload_t *payload; @@ -967,7 +1009,11 @@ METHOD(task_t, build_r, status_t, case INTERNAL_ADDRESS_FAILURE: case FAILED_CP_REQUIRED: { +<<<<<<< HEAD + DBG1(DBG_IKE,"configuration payload negotation " +======= DBG1(DBG_IKE,"configuration payload negotiation " +>>>>>>> upstream/4.5.1 "failed, no CHILD_SA built"); enumerator->destroy(enumerator); handle_child_sa_failure(this, message); @@ -1038,8 +1084,15 @@ METHOD(task_t, build_r, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of task_t.process for initiator + */ +static status_t process_i(private_child_create_t *this, message_t *message) +======= METHOD(task_t, process_i, status_t, private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; payload_t *payload; @@ -1110,6 +1163,9 @@ METHOD(task_t, process_i, status_t, return NEED_MORE; } default: +<<<<<<< HEAD + break; +======= { if (message->get_exchange_type(message) == CREATE_CHILD_SA) { /* handle notifies if not handled in IKE_AUTH */ @@ -1125,6 +1181,7 @@ METHOD(task_t, process_i, status_t, } break; } +>>>>>>> upstream/4.5.1 } } } @@ -1176,20 +1233,49 @@ METHOD(task_t, process_i, status_t, return SUCCESS; } +<<<<<<< HEAD +/** + * Implementation of task_t.get_type + */ +static task_type_t get_type(private_child_create_t *this) +{ + return CHILD_CREATE; +} + +/** + * Implementation of child_create_t.use_reqid + */ +static void use_reqid(private_child_create_t *this, u_int32_t reqid) +======= METHOD(child_create_t, use_reqid, void, private_child_create_t *this, u_int32_t reqid) +>>>>>>> upstream/4.5.1 { this->reqid = reqid; } +<<<<<<< HEAD +/** + * Implementation of child_create_t.get_child + */ +static child_sa_t* get_child(private_child_create_t *this) +======= METHOD(child_create_t, get_child, child_sa_t*, private_child_create_t *this) +>>>>>>> upstream/4.5.1 { return this->child_sa; } +<<<<<<< HEAD +/** + * Implementation of child_create_t.get_lower_nonce + */ +static chunk_t get_lower_nonce(private_child_create_t *this) +======= METHOD(child_create_t, get_lower_nonce, chunk_t, private_child_create_t *this) +>>>>>>> upstream/4.5.1 { if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, min(this->my_nonce.len, this->other_nonce.len)) < 0) @@ -1202,6 +1288,12 @@ METHOD(child_create_t, get_lower_nonce, chunk_t, } } +<<<<<<< HEAD +/** + * Implementation of task_t.migrate + */ +static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) +======= METHOD(task_t, get_type, task_type_t, private_child_create_t *this) { @@ -1210,6 +1302,7 @@ METHOD(task_t, get_type, task_type_t, METHOD(task_t, migrate, void, private_child_create_t *this, ike_sa_t *ike_sa) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1245,8 +1338,15 @@ METHOD(task_t, migrate, void, this->established = FALSE; } +<<<<<<< HEAD +/** + * Implementation of task_t.destroy + */ +static void destroy(private_child_create_t *this) +======= METHOD(task_t, destroy, void, private_child_create_t *this) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1282,6 +1382,20 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config, bool rekey, traffic_selector_t *tsi, traffic_selector_t *tsr) { +<<<<<<< HEAD + private_child_create_t *this = malloc_thing(private_child_create_t); + + this->public.get_child = (child_sa_t*(*)(child_create_t*))get_child; + this->public.get_lower_nonce = (chunk_t(*)(child_create_t*))get_lower_nonce; + this->public.use_reqid = (void(*)(child_create_t*,u_int32_t))use_reqid; + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; + this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; + this->public.task.destroy = (void(*)(task_t*))destroy; + if (config) + { + this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; + this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; +======= private_child_create_t *this; INIT(this, @@ -1312,15 +1426,49 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, { this->public.task.build = _build_i; this->public.task.process = _process_i; +>>>>>>> upstream/4.5.1 this->initiator = TRUE; config->get_ref(config); } else { +<<<<<<< HEAD + this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; + this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + this->initiator = FALSE; + } + + this->ike_sa = ike_sa; + this->config = config; + this->my_nonce = chunk_empty; + this->other_nonce = chunk_empty; + this->proposals = NULL; + this->proposal = NULL; + this->tsi = NULL; + this->tsr = NULL; + this->packet_tsi = tsi ? tsi->clone(tsi) : NULL; + this->packet_tsr = tsr ? tsr->clone(tsr) : NULL; + this->dh = NULL; + this->dh_group = MODP_NONE; + this->keymat = ike_sa->get_keymat(ike_sa); + this->child_sa = NULL; + this->mode = MODE_TUNNEL; + this->ipcomp = IPCOMP_NONE; + this->ipcomp_received = IPCOMP_NONE; + this->my_spi = 0; + this->other_spi = 0; + this->my_cpi = 0; + this->other_cpi = 0; + this->reqid = 0; + this->established = FALSE; + this->rekey = rekey; + +======= this->public.task.build = _build_r; this->public.task.process = _process_r; this->initiator = FALSE; } +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c index e74ca4eef..5ffe49293 100644 --- a/src/libcharon/sa/tasks/child_rekey.c +++ b/src/libcharon/sa/tasks/child_rekey.c @@ -241,11 +241,20 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ if (memcmp(this_nonce.ptr, other_nonce.ptr, +<<<<<<< HEAD + min(this_nonce.len, other_nonce.len)) < 0) + { + child_sa_t *child_sa; + + DBG1(DBG_IKE, "CHILD_SA rekey collision won, " + "deleting rekeyed child"); +======= min(this_nonce.len, other_nonce.len)) > 0) { child_sa_t *child_sa; DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child"); +>>>>>>> upstream/4.5.1 to_delete = this->child_sa; /* don't touch child other created, it has already been deleted */ if (!this->other_child_destroyed) @@ -258,7 +267,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) else { DBG1(DBG_IKE, "CHILD_SA rekey collision lost, " +<<<<<<< HEAD + "deleting redundant child"); +======= "deleting rekeyed child"); +>>>>>>> upstream/4.5.1 to_delete = this->child_create->get_child(this->child_create); } } diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index 0756c7d60..fbc177d6f 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -68,11 +68,14 @@ struct private_ike_auth_t { packet_t *other_packet; /** +<<<<<<< HEAD +======= * Reserved bytes of ID payload */ char reserved[3]; /** +>>>>>>> upstream/4.5.1 * currently active authenticator, to authenticate us */ authenticator_t *my_auth; @@ -106,11 +109,14 @@ struct private_ike_auth_t { * should we send a AUTHENTICATION_FAILED notify? */ bool authentication_failed; +<<<<<<< HEAD +======= /** * received an INITIAL_CONTACT? */ bool initial_contact; +>>>>>>> upstream/4.5.1 }; /** @@ -170,6 +176,8 @@ static status_t collect_other_init_data(private_ike_auth_t *this, } /** +<<<<<<< HEAD +======= * Get and store reserved bytes of id_payload, required for AUTH payload */ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) @@ -188,6 +196,7 @@ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) } /** +>>>>>>> upstream/4.5.1 * Get the next authentication configuration */ static auth_cfg_t *get_auth_cfg(private_ike_auth_t *this, bool local) @@ -357,8 +366,15 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) return this->peer_cfg != NULL; } +<<<<<<< HEAD +/** + * Implementation of task_t.build for initiator + */ +static status_t build_i(private_ike_auth_t *this, message_t *message) +======= METHOD(task_t, build_i, status_t, private_ike_auth_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { auth_cfg_t *cfg; @@ -393,7 +409,11 @@ METHOD(task_t, build_i, status_t, /* check if an authenticator is in progress */ if (this->my_auth == NULL) { +<<<<<<< HEAD + identification_t *id; +======= identification_t *idi, *idr = NULL; +>>>>>>> upstream/4.5.1 id_payload_t *id_payload; /* clean up authentication config from a previous round */ @@ -404,24 +424,44 @@ METHOD(task_t, build_i, status_t, cfg = get_auth_cfg(this, FALSE); if (cfg) { +<<<<<<< HEAD + id = cfg->get(cfg, AUTH_RULE_IDENTITY); + if (id && !id->contains_wildcards(id)) + { + this->ike_sa->set_other_id(this->ike_sa, id->clone(id)); + id_payload = id_payload_create_from_identification( + ID_RESPONDER, id); +======= idr = cfg->get(cfg, AUTH_RULE_IDENTITY); if (idr && !idr->contains_wildcards(idr)) { this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr)); id_payload = id_payload_create_from_identification( ID_RESPONDER, idr); +>>>>>>> upstream/4.5.1 message->add_payload(message, (payload_t*)id_payload); } } /* add IDi */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->merge(cfg, get_auth_cfg(this, TRUE), TRUE); +<<<<<<< HEAD + id = cfg->get(cfg, AUTH_RULE_IDENTITY); + if (!id) +======= idi = cfg->get(cfg, AUTH_RULE_IDENTITY); if (!idi) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "configuration misses IDi"); return FAILED; } +<<<<<<< HEAD + this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); + id_payload = id_payload_create_from_identification(ID_INITIATOR, id); + message->add_payload(message, (payload_t*)id_payload); + +======= this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi)); id_payload = id_payload_create_from_identification(ID_INITIATOR, idi); get_reserved_id_bytes(this, id_payload); @@ -440,12 +480,17 @@ METHOD(task_t, build_i, status_t, } } +>>>>>>> upstream/4.5.1 /* build authentication data */ this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), +<<<<<<< HEAD + this->my_packet->get_data(this->my_packet)); +======= this->my_packet->get_data(this->my_packet), this->reserved); +>>>>>>> upstream/4.5.1 if (!this->my_auth) { return FAILED; @@ -482,8 +527,15 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } +<<<<<<< HEAD +/** + * Implementation of task_t.process for responder + */ +static status_t process_r(private_ike_auth_t *this, message_t *message) +======= METHOD(task_t, process_r, status_t, private_ike_auth_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { auth_cfg_t *cfg, *cand; id_payload_t *id_payload; @@ -537,7 +589,10 @@ METHOD(task_t, process_r, status_t, return FAILED; } id = id_payload->get_identification(id_payload); +<<<<<<< HEAD +======= get_reserved_id_bytes(this, id_payload); +>>>>>>> upstream/4.5.1 this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); @@ -588,8 +643,12 @@ METHOD(task_t, process_r, status_t, this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), +<<<<<<< HEAD + this->my_packet->get_data(this->my_packet)); +======= this->my_packet->get_data(this->my_packet), this->reserved); +>>>>>>> upstream/4.5.1 if (!this->other_auth) { this->authentication_failed = TRUE; @@ -613,6 +672,12 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } +<<<<<<< HEAD + /* store authentication information */ + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); +======= /* If authenticated (with non-EAP) and received INITIAL_CONTACT, * delete any existing IKE_SAs with that peer. */ if (message->get_message_id(message) == 1 && @@ -620,6 +685,7 @@ METHOD(task_t, process_r, status_t, { this->initial_contact = TRUE; } +>>>>>>> upstream/4.5.1 /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) @@ -629,11 +695,14 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } +<<<<<<< HEAD +======= /* store authentication information */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); +>>>>>>> upstream/4.5.1 if (!update_cfg_candidates(this, FALSE)) { this->authentication_failed = TRUE; @@ -652,8 +721,15 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } +<<<<<<< HEAD +/** + * Implementation of task_t.build for responder + */ +static status_t build_r(private_ike_auth_t *this, message_t *message) +======= METHOD(task_t, build_r, status_t, private_ike_auth_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { auth_cfg_t *cfg; @@ -709,6 +785,10 @@ METHOD(task_t, build_r, status_t, } id_payload = id_payload_create_from_identification(ID_RESPONDER, id); +<<<<<<< HEAD + message->add_payload(message, (payload_t*)id_payload); + +======= get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -719,6 +799,7 @@ METHOD(task_t, build_r, status_t, this->initial_contact = FALSE; } +>>>>>>> upstream/4.5.1 if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP) { /* EAP-only authentication */ if (!this->ike_sa->supports_extension(this->ike_sa, @@ -737,8 +818,12 @@ METHOD(task_t, build_r, status_t, this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), +<<<<<<< HEAD + this->my_packet->get_data(this->my_packet)); +======= this->my_packet->get_data(this->my_packet), this->reserved); +>>>>>>> upstream/4.5.1 if (!this->my_auth) { message->add_notify(message, TRUE, AUTHENTICATION_FAILED, @@ -800,7 +885,11 @@ METHOD(task_t, build_r, status_t, if (!this->do_another_auth && !this->expect_another_auth) { if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, +<<<<<<< HEAD + this->ike_sa)) +======= this->ike_sa, FALSE)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_IKE, "cancelling IKE_SA setup due uniqueness policy"); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, @@ -828,8 +917,15 @@ METHOD(task_t, build_r, status_t, return NEED_MORE; } +<<<<<<< HEAD +/** + * Implementation of task_t.process for initiator + */ +static status_t process_i(private_ike_auth_t *this, message_t *message) +======= METHOD(task_t, process_i, status_t, private_ike_auth_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; payload_t *payload; @@ -911,7 +1007,10 @@ METHOD(task_t, process_i, status_t, return FAILED; } id = id_payload->get_identification(id_payload); +<<<<<<< HEAD +======= get_reserved_id_bytes(this, id_payload); +>>>>>>> upstream/4.5.1 this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); @@ -922,8 +1021,12 @@ METHOD(task_t, process_i, status_t, this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), +<<<<<<< HEAD + this->my_packet->get_data(this->my_packet)); +======= this->my_packet->get_data(this->my_packet), this->reserved); +>>>>>>> upstream/4.5.1 if (!this->other_auth) { return FAILED; @@ -949,17 +1052,28 @@ METHOD(task_t, process_i, status_t, this->other_auth->destroy(this->other_auth); this->other_auth = NULL; } +<<<<<<< HEAD + /* store authentication information, reset authenticator */ + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + +======= +>>>>>>> upstream/4.5.1 /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling"); return FAILED; } +<<<<<<< HEAD +======= /* store authentication information, reset authenticator */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); +>>>>>>> upstream/4.5.1 } if (this->my_auth) @@ -1020,14 +1134,28 @@ METHOD(task_t, process_i, status_t, return NEED_MORE; } +<<<<<<< HEAD +/** + * Implementation of task_t.get_type + */ +static task_type_t get_type(private_ike_auth_t *this) +======= METHOD(task_t, get_type, task_type_t, private_ike_auth_t *this) +>>>>>>> upstream/4.5.1 { return IKE_AUTHENTICATE; } +<<<<<<< HEAD +/** + * Implementation of task_t.migrate + */ +static void migrate(private_ike_auth_t *this, ike_sa_t *ike_sa) +======= METHOD(task_t, migrate, void, private_ike_auth_t *this, ike_sa_t *ike_sa) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1050,8 +1178,15 @@ METHOD(task_t, migrate, void, this->candidates = linked_list_create(); } +<<<<<<< HEAD +/** + * Implementation of task_t.destroy + */ +static void destroy(private_ike_auth_t *this) +======= METHOD(task_t, destroy, void, private_ike_auth_t *this) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1069,6 +1204,39 @@ METHOD(task_t, destroy, void, */ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) { +<<<<<<< HEAD + private_ike_auth_t *this = malloc_thing(private_ike_auth_t); + + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; + this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; + this->public.task.destroy = (void(*)(task_t*))destroy; + + if (initiator) + { + this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; + this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + } + else + { + this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; + this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; + } + + this->ike_sa = ike_sa; + this->initiator = initiator; + this->my_nonce = chunk_empty; + this->other_nonce = chunk_empty; + this->my_packet = NULL; + this->other_packet = NULL; + this->peer_cfg = NULL; + this->candidates = linked_list_create(); + this->my_auth = NULL; + this->other_auth = NULL; + this->do_another_auth = TRUE; + this->expect_another_auth = TRUE; + this->authentication_failed = FALSE; + +======= private_ike_auth_t *this; INIT(this, @@ -1092,6 +1260,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = _build_i; this->public.task.process = _process_i; } +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index a59b8dcce..8da8d549a 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c @@ -76,7 +76,10 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { certreq_payload_t *certreq = (certreq_payload_t*)payload; enumerator_t *enumerator; +<<<<<<< HEAD +======= u_int unknown = 0; +>>>>>>> upstream/4.5.1 chunk_t keyid; this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE); @@ -104,18 +107,26 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) } else { +<<<<<<< HEAD + DBG1(DBG_IKE, "received cert request for unknown ca " + "with keyid %Y", id); +======= DBG2(DBG_IKE, "received cert request for unknown ca " "with keyid %Y", id); unknown++; +>>>>>>> upstream/4.5.1 } id->destroy(id); } enumerator->destroy(enumerator); +<<<<<<< HEAD +======= if (unknown) { DBG1(DBG_IKE, "received %u cert requests for an unknown ca", unknown); } +>>>>>>> upstream/4.5.1 break; } case NOTIFY: @@ -260,6 +271,8 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) } break; } +<<<<<<< HEAD +======= case ENC_CRL: cert = cert_payload->get_cert(cert_payload); if (cert) @@ -269,10 +282,15 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) auth->add(auth, AUTH_HELPER_REVOCATION_CERT, cert); } break; +>>>>>>> upstream/4.5.1 case ENC_PKCS7_WRAPPED_X509: case ENC_PGP: case ENC_DNS_SIGNED_KEY: case ENC_KERBEROS_TOKEN: +<<<<<<< HEAD + case ENC_CRL: +======= +>>>>>>> upstream/4.5.1 case ENC_ARL: case ENC_SPKI: case ENC_X509_ATTRIBUTE: diff --git a/src/libcharon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c index 44c55036e..1698ddd34 100644 --- a/src/libcharon/sa/tasks/ike_rekey.c +++ b/src/libcharon/sa/tasks/ike_rekey.c @@ -255,20 +255,32 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ if (memcmp(this_nonce.ptr, other_nonce.ptr, +<<<<<<< HEAD + min(this_nonce.len, other_nonce.len)) < 0) +======= min(this_nonce.len, other_nonce.len)) > 0) +>>>>>>> upstream/4.5.1 { /* peer should delete this SA. Add a timeout just in case. */ job_t *job = (job_t*)delete_ike_sa_job_create( other->new_sa->get_id(other->new_sa), TRUE); lib->scheduler->schedule_job(lib->scheduler, job, 10); +<<<<<<< HEAD + DBG1(DBG_IKE, "IKE_SA rekey collision won, deleting rekeyed IKE_SA"); +======= DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete"); +>>>>>>> upstream/4.5.1 charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); other->new_sa = NULL; } else { +<<<<<<< HEAD + DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant IKE_SA"); +======= DBG1(DBG_IKE, "IKE_SA rekey collision lost, " "deleting redundant IKE_SA"); +>>>>>>> upstream/4.5.1 /* apply host for a proper delete */ host = this->ike_sa->get_my_host(this->ike_sa); this->new_sa->set_my_host(this->new_sa, host->clone(host)); diff --git a/src/libcharon/tnccs/tnccs.c b/src/libcharon/tnccs/tnccs.c new file mode 100644 index 000000000..2facf02c8 --- /dev/null +++ b/src/libcharon/tnccs/tnccs.c @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnccs.h" + +ENUM(eap_type_names, TNCCS_1_1, TNCCS_2_0, + "TNCCS 1.1", + "TNCCS SOH", + "TNCCS 2.0", +); diff --git a/src/libcharon/tnccs/tnccs.h b/src/libcharon/tnccs/tnccs.h new file mode 100644 index 000000000..583512e82 --- /dev/null +++ b/src/libcharon/tnccs/tnccs.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnccs tnccs + * @{ @ingroup libcharon + */ + +#ifndef TNCCS_H_ +#define TNCCS_H_ + +typedef enum tnccs_type_t tnccs_type_t; + +#include <library.h> + +/** + * Type of TNC Client/Server protocol + */ +enum tnccs_type_t { + TNCCS_1_1, + TNCCS_SOH, + TNCCS_2_0 +}; + +/** + * enum names for tnccs_type_t. + */ +extern enum_name_t *tnccs_type_names; + +typedef struct tnccs_t tnccs_t; + +/** + * Constructor definition for a pluggable TNCCS protocol implementation. + * + * @param is_server TRUE if TNC Server, FALSE if TNC Client + * @return implementation of the tnccs_t interface + */ +typedef tnccs_t* (*tnccs_constructor_t)(bool is_server); + +#endif /** TNC_H_ @}*/ diff --git a/src/libcharon/tnccs/tnccs_manager.c b/src/libcharon/tnccs/tnccs_manager.c new file mode 100644 index 000000000..0fd6737c0 --- /dev/null +++ b/src/libcharon/tnccs/tnccs_manager.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnccs_manager.h" + +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_tnccs_manager_t private_tnccs_manager_t; +typedef struct tnccs_entry_t tnccs_entry_t; + +/** + * TNCCS constructor entry + */ +struct tnccs_entry_t { + + /** + * TNCCS protocol type + */ + tnccs_type_t type; + + /** + * constructor function to create instance + */ + tnccs_constructor_t constructor; +}; + +/** + * private data of tnccs_manager + */ +struct private_tnccs_manager_t { + + /** + * public functions + */ + tnccs_manager_t public; + + /** + * list of tnccs_entry_t's + */ + linked_list_t *protocols; + + /** + * rwlock to lock methods + */ + rwlock_t *lock; +}; + +METHOD(tnccs_manager_t, add_method, void, + private_tnccs_manager_t *this, tnccs_type_t type, + tnccs_constructor_t constructor) +{ + tnccs_entry_t *entry = malloc_thing(tnccs_entry_t); + + entry->type = type; + entry->constructor = constructor; + + this->lock->write_lock(this->lock); + this->protocols->insert_last(this->protocols, entry); + this->lock->unlock(this->lock); +} + +METHOD(tnccs_manager_t, remove_method, void, + private_tnccs_manager_t *this, tnccs_constructor_t constructor) +{ + enumerator_t *enumerator; + tnccs_entry_t *entry; + + this->lock->write_lock(this->lock); + enumerator = this->protocols->create_enumerator(this->protocols); + while (enumerator->enumerate(enumerator, &entry)) + { + if (constructor == entry->constructor) + { + this->protocols->remove_at(this->protocols, enumerator); + free(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(tnccs_manager_t, create_instance, tnccs_t*, + private_tnccs_manager_t *this, tnccs_type_t type, bool is_server) +{ + enumerator_t *enumerator; + tnccs_entry_t *entry; + tnccs_t *protocol = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->protocols->create_enumerator(this->protocols); + while (enumerator->enumerate(enumerator, &entry)) + { + if (type == entry->type) + { + protocol = entry->constructor(is_server); + if (protocol) + { + break; + } + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return protocol; +} + +METHOD(tnccs_manager_t, destroy, void, + private_tnccs_manager_t *this) +{ + this->protocols->destroy_function(this->protocols, free); + this->lock->destroy(this->lock); + free(this); +} + +/* + * See header + */ +tnccs_manager_t *tnccs_manager_create() +{ + private_tnccs_manager_t *this; + + INIT(this, + .public = { + .add_method = _add_method, + .remove_method = _remove_method, + .create_instance = _create_instance, + .destroy = _destroy, + }, + .protocols = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + diff --git a/src/libcharon/tnccs/tnccs_manager.h b/src/libcharon/tnccs/tnccs_manager.h new file mode 100644 index 000000000..2f4a961a7 --- /dev/null +++ b/src/libcharon/tnccs/tnccs_manager.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnccs_manager tnccs_manager + * @{ @ingroup tnccs + */ + +#ifndef TNCCS_MANAGER_H_ +#define TNCCS_MANAGER_H_ + +#include "tnccs.h" + +typedef struct tnccs_manager_t tnccs_manager_t; + +/** + * The TNCCS manager manages all TNCCS implementations and creates instances. + * + * A plugin registers its implemented TNCCS protocol with the manager by + * providing type and a constructor function. The manager then creates + * TNCCS protocol instances via the provided constructor. + */ +struct tnccs_manager_t { + + /** + * Register a TNCCS protocol implementation. + * + * @param type TNCCS protocol type + * @param constructor constructor, returns a TNCCS protocol implementation + */ + void (*add_method)(tnccs_manager_t *this, tnccs_type_t type, + tnccs_constructor_t constructor); + + /** + * Unregister a TNCCS protocol implementation using it's constructor. + * + * @param constructor constructor function to remove, as added in add_method + */ + void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor); + + /** + * Create a new TNCCS protocol instance. + * + * @param type type of the TNCCS protocol + * @param is_server TRUE if TNC Server, FALSE if TNC Client + * @return TNCCS protocol instance, NULL if no constructor found + */ + tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type, + bool is_server); + + /** + * Destroy a tnccs_manager instance. + */ + void (*destroy)(tnccs_manager_t *this); +}; + +/** + * Create a tnccs_manager instance. + */ +tnccs_manager_t *tnccs_manager_create(); + +#endif /** TNCCS_MANAGER_H_ @}*/ diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 46f23f4d6..f520d5669 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -217,7 +217,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -256,8 +262,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libfast/request.c b/src/libfast/request.c index a3db70e82..b606d3e72 100644 --- a/src/libfast/request.c +++ b/src/libfast/request.c @@ -120,7 +120,11 @@ static char *getenv_cb(void *null, const char *key) private_request_t *this = (private_request_t*)thread_this->get(thread_this); value = FCGX_GetParam(key, this->req.envp); +<<<<<<< HEAD + return value ? strdup(value) : NULL; +======= return strdupnull(value); +>>>>>>> upstream/4.5.1 } /** @@ -204,6 +208,8 @@ static char* get_query_data(private_request_t *this, char *name) } /** +<<<<<<< HEAD +======= * Implementation of request_t.get_env_var. */ static char* get_env_var(private_request_t *this, char *name) @@ -212,6 +218,7 @@ static char* get_env_var(private_request_t *this, char *name) } /** +>>>>>>> upstream/4.5.1 * Implementation of request_t.read_data. */ static int read_data(private_request_t *this, char *buf, int len) @@ -423,7 +430,10 @@ request_t *request_create(int fd, bool debug) this->public.add_cookie = (void(*)(request_t*, char *name, char *value))add_cookie; this->public.get_cookie = (char*(*)(request_t*,char*))get_cookie; this->public.get_query_data = (char*(*)(request_t*, char *name))get_query_data; +<<<<<<< HEAD +======= this->public.get_env_var = (char*(*)(request_t*, char *name))get_env_var; +>>>>>>> upstream/4.5.1 this->public.read_data = (int(*)(request_t*, char*, int))read_data; this->public.session_closed = (bool(*)(request_t*))session_closed; this->public.close_session = (void(*)(request_t*))close_session; diff --git a/src/libfast/request.h b/src/libfast/request.h index c9c1f13e2..48a82c3be 100644 --- a/src/libfast/request.h +++ b/src/libfast/request.h @@ -86,6 +86,8 @@ struct request_t { char* (*get_query_data)(request_t *this, char *name); /** +<<<<<<< HEAD +======= * Get an arbitrary environment variable. * * @param name name of the environment variable @@ -94,6 +96,7 @@ struct request_t { char* (*get_env_var)(request_t *this, char *name); /** +>>>>>>> upstream/4.5.1 * Read raw POST/PUT data from HTTP request. * * @param buf buffer to read data into diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am index 09f5fe2cd..d4571ccc7 100644 --- a/src/libfreeswan/Makefile.am +++ b/src/libfreeswan/Makefile.am @@ -1,10 +1,18 @@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ +<<<<<<< HEAD + atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ + goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ + keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ + pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ + pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ +======= atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ pfkey_v2_build.c pfkey_v2_debug.c \ pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ +>>>>>>> upstream/4.5.1 satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ ultoa.c ultot.c @@ -14,7 +22,12 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/pluto +<<<<<<< HEAD +dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ + keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ +======= dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ +>>>>>>> upstream/4.5.1 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in index 88ceab557..693ead287 100644 --- a/src/libfreeswan/Makefile.in +++ b/src/libfreeswan/Makefile.in @@ -58,6 +58,21 @@ libfreeswan_a_AR = $(AR) $(ARFLAGS) libfreeswan_a_LIBADD = am_libfreeswan_a_OBJECTS = addrtoa.$(OBJEXT) addrtot.$(OBJEXT) \ addrtypeof.$(OBJEXT) anyaddr.$(OBJEXT) atoaddr.$(OBJEXT) \ +<<<<<<< HEAD + atoasr.$(OBJEXT) atosa.$(OBJEXT) atosubnet.$(OBJEXT) \ + atoul.$(OBJEXT) copyright.$(OBJEXT) datatot.$(OBJEXT) \ + goodmask.$(OBJEXT) initaddr.$(OBJEXT) initsaid.$(OBJEXT) \ + initsubnet.$(OBJEXT) keyblobtoid.$(OBJEXT) \ + pfkey_v2_build.$(OBJEXT) pfkey_v2_debug.$(OBJEXT) \ + pfkey_v2_ext_bits.$(OBJEXT) pfkey_v2_parse.$(OBJEXT) \ + portof.$(OBJEXT) prng.$(OBJEXT) rangetoa.$(OBJEXT) \ + rangetosubnet.$(OBJEXT) sameaddr.$(OBJEXT) satoa.$(OBJEXT) \ + satot.$(OBJEXT) subnetof.$(OBJEXT) subnettoa.$(OBJEXT) \ + subnettot.$(OBJEXT) subnettypeof.$(OBJEXT) ttoaddr.$(OBJEXT) \ + ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) ttosa.$(OBJEXT) \ + ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) ultoa.$(OBJEXT) \ + ultot.$(OBJEXT) +======= atoasr.$(OBJEXT) atosubnet.$(OBJEXT) atoul.$(OBJEXT) \ copyright.$(OBJEXT) datatot.$(OBJEXT) goodmask.$(OBJEXT) \ initaddr.$(OBJEXT) initsaid.$(OBJEXT) initsubnet.$(OBJEXT) \ @@ -69,6 +84,7 @@ am_libfreeswan_a_OBJECTS = addrtoa.$(OBJEXT) addrtot.$(OBJEXT) \ ttoaddr.$(OBJEXT) ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) \ ttosa.$(OBJEXT) ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) \ ultoa.$(OBJEXT) ultot.$(OBJEXT) +>>>>>>> upstream/4.5.1 libfreeswan_a_OBJECTS = $(am_libfreeswan_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -232,7 +248,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -271,8 +293,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -285,11 +310,19 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ +<<<<<<< HEAD + atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ + goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ + keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ + pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ + pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ +======= atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ pfkey_v2_build.c pfkey_v2_debug.c \ pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ +>>>>>>> upstream/4.5.1 satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ ultoa.c ultot.c @@ -299,8 +332,13 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/pluto +<<<<<<< HEAD +dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ + keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ +======= dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ +>>>>>>> upstream/4.5.1 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 all: all-am @@ -357,6 +395,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anyaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoasr.Po@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atosa.Po@am__quote@ +======= +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atosubnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoul.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copyright.Po@am__quote@ @@ -365,14 +407,26 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsaid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsubnet.Po@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyblobtoid.Po@am__quote@ +======= +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_build.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_debug.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_ext_bits.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_parse.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portof.Po@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prng.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetoa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetosubnet.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sameaddr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/satoa.Po@am__quote@ +======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetoa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetosubnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sameaddr.Po@am__quote@ +>>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/satot.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnetof.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnettoa.Po@am__quote@ diff --git a/src/libfreeswan/atosa.3 b/src/libfreeswan/atosa.3 new file mode 100644 index 000000000..f57fcf1e9 --- /dev/null +++ b/src/libfreeswan/atosa.3 @@ -0,0 +1,217 @@ +.TH IPSEC_ATOSA 3 "11 June 2001" +.SH NAME +ipsec atosa, satoa \- convert IPsec Security Association IDs to and from ASCII +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "const char *atosa(const char *src, size_t srclen," +.ti +1c +.B "struct sa_id *sa); +.br +.B "size_t satoa(struct sa_id sa, int format," +.ti +1c +.B "char *dst, size_t dstlen);" +.sp +.B "struct sa_id {" +.ti +1c +.B "struct in_addr dst;" +.ti +1c +.B "ipsec_spi_t spi;" +.ti +1c +.B "int proto;" +.br +.B "};" +.SH DESCRIPTION +These functions are obsolete; see +.IR ipsec_ttosa (3) +for their replacements. +.PP +.I Atosa +converts an ASCII Security Association (SA) specifier into an +.B sa_id +structure (containing +a destination-host address +in network byte order, +an SPI number in network byte order, and +a protocol code). +.I Satoa +does the reverse conversion, back to an ASCII SA specifier. +.PP +An SA is specified in ASCII with a mail-like syntax, e.g. +.BR esp507@1.2.3.4 . +An SA specifier contains +a protocol prefix (currently +.BR ah , +.BR esp , +or +.BR tun ), +an unsigned integer SPI number, +and an IP address. +The SPI number can be decimal or hexadecimal +(with +.B 0x +prefix), as accepted by +.IR ipsec_atoul (3). +The IP address can be any form accepted by +.IR ipsec_atoaddr (3), +e.g. dotted-decimal address or DNS name. +.PP +As a special case, the SA specifier +.B %passthrough +signifies the special SA used to indicate that packets should be +passed through unaltered. +(At present, this is a synonym for +.BR tun0x0@0.0.0.0 , +but that is subject to change without notice.) +This form is known to both +.I atosa +and +.IR satoa , +so the internal form of +.B %passthrough +is never visible. +.PP +The +.B <freeswan.h> +header file supplies the +.B sa_id +structure, as well as a data type +.B ipsec_spi_t +which is an unsigned 32-bit integer. +(There is no consistency between kernel and user on what such a type +is called, hence the header hides the differences.) +.PP +The protocol code uses the same numbers that IP does. +For user convenience, given the difficulty in acquiring the exact set of +protocol names used by the kernel, +.B <freeswan.h> +defines the names +.BR SA_ESP , +.BR SA_AH , +and +.B SA_IPIP +to have the same values as the kernel names +.BR IPPROTO_ESP , +.BR IPPROTO_AH , +and +.BR IPPROTO_IPIP . +.PP +The +.I srclen +parameter of +.I atosa +specifies the length of the ASCII string pointed to by +.IR src ; +it is an error for there to be anything else +(e.g., a terminating NUL) within that length. +As a convenience for cases where an entire NUL-terminated string is +to be converted, +a +.I srclen +value of +.B 0 +is taken to mean +.BR strlen(src) . +.PP +The +.I dstlen +parameter of +.I satoa +specifies the size of the +.I dst +parameter; +under no circumstances are more than +.I dstlen +bytes written to +.IR dst . +A result which will not fit is truncated. +.I Dstlen +can be zero, in which case +.I dst +need not be valid and no result is written, +but the return value is unaffected; +in all other cases, the (possibly truncated) result is NUL-terminated. +The +.I freeswan.h +header file defines a constant, +.BR SATOA_BUF , +which is the size of a buffer just large enough for worst-case results. +.PP +The +.I format +parameter of +.I satoa +specifies what format is to be used for the conversion. +The value +.B 0 +(not the ASCII character +.BR '0' , +but a zero value) +specifies a reasonable default +(currently +lowercase protocol prefix, lowercase hexadecimal SPI, dotted-decimal address). +The value +.B d +causes the SPI to be generated in decimal instead. +.PP +.I Atosa +returns +.B NULL +for success and +a pointer to a string-literal error message for failure; +see DIAGNOSTICS. +.I Satoa +returns +.B 0 +for a failure, and otherwise +always returns the size of buffer which would +be needed to +accommodate the full conversion result, including terminating NUL; +it is the caller's responsibility to check this against the size of +the provided buffer to determine whether truncation has occurred. +.SH SEE ALSO +ipsec_atoul(3), ipsec_atoaddr(3), inet(3) +.SH DIAGNOSTICS +Fatal errors in +.I atosa +are: +empty input; +input too small to be a legal SA specifier; +no +.B @ +in input; +unknown protocol prefix; +conversion error in +.I atoul +or +.IR atoaddr . +.PP +Fatal errors in +.I satoa +are: +unknown format; unknown protocol code. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. +.SH BUGS +The +.B tun +protocol code is a FreeS/WANism which may eventually disappear. +.PP +The restriction of ASCII-to-binary error reports to literal strings +(so that callers don't need to worry about freeing them or copying them) +does limit the precision of error reporting. +.PP +The ASCII-to-binary error-reporting convention lends itself +to slightly obscure code, +because many readers will not think of NULL as signifying success. +A good way to make it clearer is to write something like: +.PP +.RS +.nf +.B "const char *error;" +.sp +.B "error = atoaddr( /* ... */ );" +.B "if (error != NULL) {" +.B " /* something went wrong */" +.fi +.RE diff --git a/src/libfreeswan/atosa.c b/src/libfreeswan/atosa.c new file mode 100644 index 000000000..7339b4c3e --- /dev/null +++ b/src/libfreeswan/atosa.c @@ -0,0 +1,198 @@ +/* + * convert from ASCII form of SA ID to binary + * Copyright (C) 1998, 1999 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +static struct satype { + char *prefix; + size_t prelen; /* strlen(prefix) */ + int proto; +} satypes[] = { + { "ah", 2, SA_AH }, + { "esp", 3, SA_ESP }, + { "tun", 3, SA_IPIP }, + { "comp", 4, SA_COMP }, + { NULL, 0, 0, } +}; + +/* + - atosa - convert ASCII "ah507@10.0.0.1" to SA identifier + */ +const char * /* NULL for success, else string literal */ +atosa(src, srclen, sa) +const char *src; +size_t srclen; /* 0 means "apply strlen" */ +struct sa_id *sa; +{ + const char *at; + const char *addr; + const char *spi = NULL; + struct satype *sat; + unsigned long ul; + const char *oops; +# define MINLEN 5 /* ah0@0 is as short as it can get */ + static char ptname[] = PASSTHROUGHNAME; +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */ + + if (srclen == 0) + srclen = strlen(src); + if (srclen == 0) + return "empty string"; + if (srclen < MINLEN) + return "string too short to be SA specifier"; + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) { + src = PASSTHROUGHIS; + srclen = strlen(src); + } + + at = memchr(src, '@', srclen); + if (at == NULL) + return "no @ in SA specifier"; + + for (sat = satypes; sat->prefix != NULL; sat++) + if (sat->prelen < srclen && + strncmp(src, sat->prefix, sat->prelen) == 0) { + sa->proto = sat->proto; + spi = src + sat->prelen; + break; /* NOTE BREAK OUT */ + } + if (sat->prefix == NULL) + return "SA specifier lacks valid protocol prefix"; + + if (spi >= at) + return "no SPI in SA specifier"; + oops = atoul(spi, at - spi, 13, &ul); + if (oops != NULL) + return oops; + sa->spi = htonl(ul); + + addr = at + 1; + oops = atoaddr(addr, srclen - (addr - src), &sa->dst); + if (oops != NULL) + return oops; + + return NULL; +} + + + +#ifdef ATOSA_MAIN + +#include <stdio.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +void regress(void); + +int +main(int argc, char *argv[]) +{ + struct sa_id sa; + char buf[100]; + const char *oops; + size_t n; + + if (argc < 2) { + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); + exit(2); + } + + if (strcmp(argv[1], "-r") == 0) { + regress(); + fprintf(stderr, "regress() returned?!?\n"); + exit(1); + } + + oops = atosa(argv[1], 0, &sa); + if (oops != NULL) { + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); + exit(1); + } + n = satoa(sa, 0, buf, sizeof(buf)); + if (n > sizeof(buf)) { + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); + fprintf(stderr, "%lu@", (long unsigned int)sa.spi); + fprintf(stderr, "%s", inet_ntoa(sa.dst)); + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", + (long)n, (long)sizeof(buf)); + exit(1); + } + printf("%s\n", buf); + + exit(0); +} + +struct rtab { + char *input; + char *output; /* NULL means error expected */ +} rtab[] = { + {"esp257@1.2.3.0", "esp257@1.2.3.0"}, + {"ah0x20@1.2.3.4", "ah32@1.2.3.4"}, + {"tun011@111.2.3.99", "tun11@111.2.3.99"}, + {"", NULL}, + {"_", NULL}, + {"ah2.2", NULL}, + {"goo2@1.2.3.4", NULL}, + {"esp9@1.2.3.4", "esp9@1.2.3.4"}, + {"espp9@1.2.3.4", NULL}, + {"es9@1.2.3.4", NULL}, + {"ah@1.2.3.4", NULL}, + {"esp7x7@1.2.3.4", NULL}, + {"esp77@1.0x2.3.4", NULL}, + {PASSTHROUGHNAME, PASSTHROUGHNAME}, + {NULL, NULL} +}; + +void +regress(void) +{ + struct rtab *r; + int status = 0; + struct sa_id sa; + char in[100]; + char buf[100]; + const char *oops; + size_t n; + + for (r = rtab; r->input != NULL; r++) { + strcpy(in, r->input); + oops = atosa(in, 0, &sa); + if (oops != NULL && r->output == NULL) + {} /* okay, error expected */ + else if (oops != NULL) { + printf("`%s' atosa failed: %s\n", r->input, oops); + status = 1; + } else if (r->output == NULL) { + printf("`%s' atosa succeeded unexpectedly\n", + r->input); + status = 1; + } else { + n = satoa(sa, 'd', buf, sizeof(buf)); + if (n > sizeof(buf)) { + printf("`%s' satoa failed: need %ld\n", + r->input, (long)n); + status = 1; + } else if (strcmp(r->output, buf) != 0) { + printf("`%s' gave `%s', expected `%s'\n", + r->input, buf, r->output); + status = 1; + } + } + } + exit(status); +} + +#endif /* ATOSA_MAIN */ diff --git a/src/libfreeswan/copyright.c b/src/libfreeswan/copyright.c index e55e849f7..ff4575add 100644 --- a/src/libfreeswan/copyright.c +++ b/src/libfreeswan/copyright.c @@ -27,6 +27,15 @@ static const char *co[] = { " Christoph Gysin, Andreas Hess, Patric Lichtsteiner, Michael Meier,", " Andreas Schleiss, Ariane Seiler, Mario Strasser, Lukas Suter,", " Roger Wegmann, Simon Zwahlen,", +<<<<<<< HEAD + " Zuercher Hochschule Winterthur (Switzerland).", + "", + " Philip Boetschi, Tobias Brunner, Adrian Doerig, Andreas Eigenmann,", + " Fabian Hartmann, Noah Heusser, Jan Hutter, Thomas Kallenberg,", + " Daniel Roethlisberger, Joel Stillhart, Martin Willi, Daniel Wydler,", + " Andreas Steffen,", + " Hochschule fuer Technik Rapperswil (Switzerland).", +======= " ZHW Zuercher Hochschule Winterthur (Switzerland).", "", " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,", @@ -34,6 +43,7 @@ static const char *co[] = { " Thomas Kallenberg, Daniel Roethlisberger, Joel Stillhart, Martin Willi,", " Daniel Wydler, Andreas Steffen,", " HSR Hochschule fuer Technik Rapperswil (Switzerland).", +>>>>>>> upstream/4.5.1 "", "This program is free software; you can redistribute it and/or modify it", "under the terms of the GNU General Public License as published by the", diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index 724165bde..94a8a5266 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -158,6 +158,14 @@ err_t ttodatav(const char *src, size_t srclen, int base, size_t datatot(const char *src, size_t srclen, int format, char *buf, size_t buflen); +<<<<<<< HEAD +size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst, + size_t dstlen); +size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, + size_t mlen, char *dst, size_t dstlen); +#define KEYID_BUF 10 /* up to 9 text digits plus NUL */ +======= +>>>>>>> upstream/4.5.1 err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, bool *has_port_wildcard); @@ -201,6 +209,15 @@ void setportof(int port, ip_address *dst); struct sockaddr *sockaddrof(ip_address *src); size_t sockaddrlenof(const ip_address *src); +<<<<<<< HEAD +/* PRNG */ +void prng_init(struct prng *prng, const unsigned char *key, size_t keylen); +void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen); +unsigned long prng_count(struct prng *prng); +void prng_final(struct prng *prng); + +======= +>>>>>>> upstream/4.5.1 /* odds and ends */ const char **ipsec_copyright_notice(void); @@ -283,6 +300,27 @@ rangetoa( ); #define RANGETOA_BUF 34 /* large enough for worst case result */ +<<<<<<< HEAD +/* data types for SA conversion functions */ + +/* SAs */ +const char * /* NULL for success, else string literal */ +atosa( + const char *src, + size_t srclen, /* 0 means strlen(src) */ + struct sa_id *sa +); +size_t /* space needed for full conversion */ +satoa( + struct sa_id sa, + int format, /* character; 0 means default */ + char *dst, + size_t dstlen +); +#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF) + +======= +>>>>>>> upstream/4.5.1 /* generic data, e.g. keys */ const char * /* NULL for success, else string literal */ atobytes( diff --git a/src/libfreeswan/keyblobtoid.3 b/src/libfreeswan/keyblobtoid.3 new file mode 100644 index 000000000..8b5bfb0a2 --- /dev/null +++ b/src/libfreeswan/keyblobtoid.3 @@ -0,0 +1,102 @@ +.TH IPSEC_KEYBLOBTOID 3 "25 March 2002" +.SH NAME +ipsec keyblobtoid, splitkeytoid \- generate key IDs from RSA keys +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "size_t keyblobtoid(const unsigned char *blob," +.ti +1c +.B "size_t bloblen, char *dst, size_t dstlen);" +.br +.B "size_t splitkeytoid(const unsigned char *e, size_t elen," +.ti +1c +.B "const unsigned char *m, size_t mlen, char *dst, +.ti +1c +.B "size_t dstlen);" +.SH DESCRIPTION +.I Keyblobtoid +and +.I splitkeytoid +generate +key IDs +from RSA keys, +for use in messages and reporting, +writing the result to +.IR dst . +A +.I key ID +is a short ASCII string identifying a key; +currently it is just the first nine characters of the base64 +encoding of the RFC 2537/3110 ``byte blob'' representation of the key. +(Beware that no finite key ID can be collision-proof: +there is always some small chance of two random keys having the +same ID.) +.PP +.I Keyblobtoid +generates a key ID from a key which is already in the form of an +RFC 2537/3110 binary key +.I blob +(encoded exponent length, exponent, modulus). +.PP +.I Splitkeytoid +generates a key ID from a key given in the form of a separate +(binary) exponent +.I e +and modulus +.IR m . +.PP +The +.I dstlen +parameter of either +specifies the size of the +.I dst +parameter; +under no circumstances are more than +.I dstlen +bytes written to +.IR dst . +A result which will not fit is truncated. +.I Dstlen +can be zero, in which case +.I dst +need not be valid and no result is written, +but the return value is unaffected; +in all other cases, the (possibly truncated) result is NUL-terminated. +The +.I freeswan.h +header file defines a constant +.B KEYID_BUF +which is the size of a buffer large enough for worst-case results. +.PP +Both functions return +.B 0 +for a failure, and otherwise +always return the size of buffer which would +be needed to +accommodate the full conversion result, including terminating NUL; +it is the caller's responsibility to check this against the size of +the provided buffer to determine whether truncation has occurred. +.P +With keys generated by +.IR ipsec_rsasigkey (3), +the first two base64 digits are always the same, +and the third carries only about one bit of information. +It's worse with keys using longer fixed exponents, +e.g. the 24-bit exponent that's common in X.509 certificates. +However, being able to relate key IDs to the full +base64 text form of keys by eye is sufficiently useful that this +waste of space seems justifiable. +The choice of nine digits is a compromise between bulk and +probability of collision. +.SH SEE ALSO +RFC 3110, +\fIRSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)\fR, +Eastlake, 2001 +(superseding the older but better-known RFC 2537). +.SH DIAGNOSTICS +Fatal errors are: +key too short to supply enough bits to construct a complete key ID +(almost certainly indicating a garbage key); +exponent too long for its length to be representable. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/keyblobtoid.c b/src/libfreeswan/keyblobtoid.c new file mode 100644 index 000000000..89ab5fced --- /dev/null +++ b/src/libfreeswan/keyblobtoid.c @@ -0,0 +1,146 @@ +/* + * generate printable key IDs + * Copyright (C) 2002 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +/* + - keyblobtoid - generate a printable key ID from an RFC 2537/3110 key blob + * Current algorithm is just to use first nine base64 digits. + */ +size_t +keyblobtoid(src, srclen, dst, dstlen) +const unsigned char *src; +size_t srclen; +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + char buf[KEYID_BUF]; + size_t ret; +# define NDIG 9 + + if (srclen < (NDIG*6 + 7)/8) { + strcpy(buf, "?len= ?"); + buf[5] = '0' + srclen; + ret = 0; + } else { + (void) datatot(src, srclen, 64, buf, NDIG+1); + ret = NDIG+1; + } + + if (dstlen > 0) { + if (strlen(buf)+1 > dstlen) + *(buf + dstlen - 1) = '\0'; + strcpy(dst, buf); + } + return ret; +} + +/* + - splitkeytoid - generate a printable key ID from exponent/modulus pair + * Just constructs the beginnings of a key blob and calls keyblobtoid(). + */ +size_t +splitkeytoid(e, elen, m, mlen, dst, dstlen) +const unsigned char *e; +size_t elen; +const unsigned char *m; +size_t mlen; +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + unsigned char buf[KEYID_BUF]; /* ample room */ + unsigned char *bufend = buf + sizeof(buf); + unsigned char *p; + size_t n; + + p = buf; + if (elen <= 255) + *p++ = elen; + else if ((elen &~ 0xffff) == 0) { + *p++ = 0; + *p++ = (elen>>8) & 0xff; + *p++ = elen & 0xff; + } else + return 0; /* unrepresentable exponent length */ + + n = bufend - p; + if (elen < n) + n = elen; + memcpy(p, e, n); + p += n; + + n = bufend - p; + if (n > 0) { + if (mlen < n) + n = mlen; + memcpy(p, m, n); + p += n; + } + + return keyblobtoid(buf, p - buf, dst, dstlen); +} + + + +#ifdef KEYBLOBTOID_MAIN + +#include <stdio.h> + +void regress(); + +int +main(argc, argv) +int argc; +char *argv[]; +{ + typedef unsigned char uc; + uc hexblob[] = "\x01\x03\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52"; + uc hexe[] = "\x03"; + uc hexm[] = "\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52\xef\x85"; + char b64nine[] = "AQOF8tZ2m"; + char b64six[] = "AQOF8t"; + char buf[100]; + size_t n; + char *b = b64nine; + size_t bl = strlen(b) + 1; + int st = 0; + + n = keyblobtoid(hexblob, strlen(hexblob), buf, sizeof(buf)); + if (n != bl) { + fprintf(stderr, "%s: keyblobtoid returned %d not %d\n", + argv[0], n, bl); + st = 1; + } + if (strcmp(buf, b) != 0) { + fprintf(stderr, "%s: keyblobtoid generated `%s' not `%s'\n", + argv[0], buf, b); + st = 1; + } + n = splitkeytoid(hexe, strlen(hexe), hexm, strlen(hexm), buf, + sizeof(buf)); + if (n != bl) { + fprintf(stderr, "%s: splitkeytoid returned %d not %d\n", + argv[0], n, bl); + st = 1; + } + if (strcmp(buf, b) != 0) { + fprintf(stderr, "%s: splitkeytoid generated `%s' not `%s'\n", + argv[0], buf, b); + st = 1; + } + exit(st); +} + +#endif /* KEYBLOBTOID_MAIN */ diff --git a/src/libfreeswan/prng.3 b/src/libfreeswan/prng.3 new file mode 100644 index 000000000..48c6ceed0 --- /dev/null +++ b/src/libfreeswan/prng.3 @@ -0,0 +1,120 @@ +.TH IPSEC_PRNG 3 "1 April 2002" +.SH NAME +ipsec prng_init \- initialize IPsec pseudorandom-number generator +.br +ipsec prng_bytes \- get bytes from IPsec pseudorandom-number generator +.br +ipsec prng_final \- close down IPsec pseudorandom-number generator +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "void prng_init(struct prng *prng," +.ti +1c +.B "const unsigned char *key, size_t keylen);" +.br +.B "void prng_bytes(struct prng *prng, char *dst," +.ti +1c +.B "size_t dstlen);" +.br +.B "unsigned long prng_count(struct prng *prng);" +.br +.B "void prng_final(struct prng *prng);" +.SH DESCRIPTION +.I Prng_init +initializes a crypto-quality pseudo-random-number generator from a key; +.I prng_bytes +obtains pseudo-random bytes from it; +.I prng_count +reports the number of bytes extracted from it to date; +.I prng_final +closes it down. +It is the user's responsibility to initialize a PRNG before using it, +and not to use it again after it is closed down. +.PP +.I Prng_init +initializes, +or re-initializes, +the specified +.I prng +from the +.IR key , +whose length is given by +.IR keylen . +The user must allocate the +.B "struct prng" +pointed to by +.IR prng . +There is no particular constraint on the length of the key, +although a key longer than 256 bytes is unnecessary because +only the first 256 would be used. +Initialization requires on the order of 3000 integer operations, +independent of key length. +.PP +.I Prng_bytes +obtains +.I dstlen +pseudo-random bytes from the PRNG and puts them in +.IR buf . +This is quite fast, +on the order of 10 integer operations per byte. +.PP +.I Prng_count +reports the number of bytes obtained from the PRNG +since it was (last) initialized. +.PP +.I Prng_final +closes down a PRNG by +zeroing its internal memory, +obliterating all trace of the state used to generate its previous output. +This requires on the order of 250 integer operations. +.PP +The +.B <freeswan.h> +header file supplies the definition of the +.B prng +structure. +Examination of its innards is discouraged, as they may change. +.PP +The PRNG algorithm +used by these functions is currently identical to that of RC4(TM). +This algorithm is cryptographically strong, +sufficiently unpredictable that even a hostile observer will +have difficulty determining the next byte of output from past history, +provided it is initialized from a reasonably large key composed of +highly random bytes (see +.IR random (4)). +The usual run of software pseudo-random-number generators +(e.g. +.IR random (3)) +are +.I not +cryptographically strong. +.PP +The well-known attacks against RC4(TM), +e.g. as found in 802.11b's WEP encryption system, +apply only if multiple PRNGs are initialized with closely-related keys +(e.g., using a counter appended to a base key). +If such keys are used, the first few hundred pseudo-random bytes +from each PRNG should be discarded, +to give the PRNGs a chance to randomize their innards properly. +No useful attacks are known if the key is well randomized to begin with. +.SH SEE ALSO +random(3), random(4) +.br +Bruce Schneier, +\fIApplied Cryptography\fR, 2nd ed., 1996, ISBN 0-471-11709-9, +pp. 397-8. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. +.SH BUGS +If an attempt is made to obtain more than 4e9 bytes +between initializations, +the PRNG will continue to work but +.IR prng_count 's +output will stick at +.BR 4000000000 . +Fixing this would require a longer integer type and does +not seem worth the trouble, +since you should probably re-initialize before then anyway... +.PP +``RC4'' is a trademark of RSA Data Security, Inc. diff --git a/src/libfreeswan/prng.c b/src/libfreeswan/prng.c new file mode 100644 index 000000000..347f13f89 --- /dev/null +++ b/src/libfreeswan/prng.c @@ -0,0 +1,200 @@ +/* + * crypto-class pseudorandom number generator + * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397 + * Copyright (C) 2002 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +/* + - prng_init - initialize PRNG from a key + */ +void +prng_init(prng, key, keylen) +struct prng *prng; +const unsigned char *key; +size_t keylen; +{ + unsigned char k[256]; + int i, j; + unsigned const char *p; + unsigned const char *keyend = key + keylen; + unsigned char t; + + for (i = 0; i <= 255; i++) + prng->sbox[i] = i; + p = key; + for (i = 0; i <= 255; i++) { + k[i] = *p++; + if (p >= keyend) + p = key; + } + j = 0; + for (i = 0; i <= 255; i++) { + j = (j + prng->sbox[i] + k[i]) & 0xff; + t = prng->sbox[i]; + prng->sbox[i] = prng->sbox[j]; + prng->sbox[j] = t; + k[i] = 0; /* clear out key memory */ + } + prng->i = 0; + prng->j = 0; + prng->count = 0; +} + +/* + - prng_bytes - get some pseudorandom bytes from PRNG + */ +void +prng_bytes(prng, dst, dstlen) +struct prng *prng; +unsigned char *dst; +size_t dstlen; +{ + int i, j, t; + unsigned char *p = dst; + size_t remain = dstlen; +# define MAX 4000000000ul + + while (remain > 0) { + i = (prng->i + 1) & 0xff; + prng->i = i; + j = (prng->j + prng->sbox[i]) & 0xff; + prng->j = j; + t = prng->sbox[i]; + prng->sbox[i] = prng->sbox[j]; + prng->sbox[j] = t; + t = (t + prng->sbox[i]) & 0xff; + *p++ = prng->sbox[t]; + remain--; + } + if (prng->count < MAX - dstlen) + prng->count += dstlen; + else + prng->count = MAX; +} + +/* + - prnt_count - how many bytes have been extracted from PRNG so far? + */ +unsigned long +prng_count(prng) +struct prng *prng; +{ + return prng->count; +} + +/* + - prng_final - clear out PRNG to ensure nothing left in memory + */ +void +prng_final(prng) +struct prng *prng; +{ + int i; + + for (i = 0; i <= 255; i++) + prng->sbox[i] = 0; + prng->i = 0; + prng->j = 0; + prng->count = 0; /* just for good measure */ +} + + + +#ifdef PRNG_MAIN + +#include <stdio.h> + +void regress(); + +int +main(argc, argv) +int argc; +char *argv[]; +{ + struct prng pr; + unsigned char buf[100]; + unsigned char *p; + size_t n; + + if (argc < 2) { + fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]); + exit(2); + } + + if (strcmp(argv[1], "-r") == 0) { + regress(); + fprintf(stderr, "regress() returned?!?\n"); + exit(1); + } + + prng_init(&pr, argv[1], strlen(argv[1])); + prng_bytes(&pr, buf, 32); + printf("0x"); + for (p = buf, n = 32; n > 0; p++, n--) + printf("%02x", *p); + printf("\n%lu bytes\n", prng_count(&pr)); + prng_final(&pr); + exit(0); +} + +void +regress() +{ + struct prng pr; + unsigned char buf[100]; + unsigned char *p; + size_t n; + /* somewhat non-random sample key */ + unsigned char key[] = "here we go gathering nuts in May"; + /* first thirty bytes of output from that key */ + unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c" + "\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71" + "\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28"; + int nzero, none; + int show = 0; + + prng_init(&pr, key, strlen(key)); + prng_bytes(&pr, buf, sizeof(buf)); + for (p = buf, n = sizeof(buf); n > 0; p++, n--) { + if (*p == 0) + nzero++; + if (*p == 255) + none++; + } + if (nzero > 3 || none > 3) { + fprintf(stderr, "suspiciously non-random output!\n"); + show = 1; + } + if (memcmp(buf, good, strlen(good)) != 0) { + fprintf(stderr, "incorrect output!\n"); + show = 1; + } + if (show) { + fprintf(stderr, "0x"); + for (p = buf, n = sizeof(buf); n > 0; p++, n--) + fprintf(stderr, "%02x", *p); + fprintf(stderr, "\n"); + exit(1); + } + if (prng_count(&pr) != sizeof(buf)) { + fprintf(stderr, "got %u bytes, but count is %lu\n", + sizeof(buf), prng_count(&pr)); + exit(1); + } + prng_final(&pr); + exit(0); +} + +#endif /* PRNG_MAIN */ diff --git a/src/libfreeswan/satoa.c b/src/libfreeswan/satoa.c new file mode 100644 index 000000000..09a152727 --- /dev/null +++ b/src/libfreeswan/satoa.c @@ -0,0 +1,100 @@ +/* + * convert from binary form of SA ID to ASCII + * Copyright (C) 1998, 1999, 2001 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +static struct typename { + char type; + char *name; +} typenames[] = { + { SA_AH, "ah" }, + { SA_ESP, "esp" }, + { SA_IPIP, "tun" }, + { SA_COMP, "comp" }, + { SA_INT, "int" }, + { 0, NULL } +}; + +/* + - satoa - convert SA to ASCII "ah507@1.2.3.4" + */ +size_t /* space needed for full conversion */ +satoa(sa, format, dst, dstlen) +struct sa_id sa; +int format; /* character */ +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + size_t len = 0; /* 0 means not handled yet */ + int base; + struct typename *tn; + char buf[30+ADDRTOA_BUF]; + + switch (format) { + case 0: + base = 16; /* temporarily at least */ + break; + case 'd': + base = 10; + break; + default: + return 0; + break; + } + + for (tn = typenames; tn->name != NULL; tn++) + if (sa.proto == tn->type) + break; + if (tn->name == NULL) + return 0; + + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 && + sa.spi == PASSTHROUGHSPI && + sa.dst.s_addr == PASSTHROUGHDST) { + strcpy(buf, PASSTHROUGHNAME); + len = strlen(buf); + } else if (sa.proto == SA_INT && sa.dst.s_addr == 0) { + char *p; + + switch (ntohl(sa.spi)) { + case SPI_PASS: p = "%pass"; break; + case SPI_DROP: p = "%drop"; break; + case SPI_REJECT: p = "%reject"; break; + case SPI_HOLD: p = "%hold"; break; + case SPI_TRAP: p = "%trap"; break; + case SPI_TRAPSUBNET: p = "%trapsubnet"; break; + default: p = NULL; break; + } + if (p != NULL) { + strcpy(buf, p); + len = strlen(buf); + } + } + + if (len == 0) { + strcpy(buf, tn->name); + len = strlen(buf); + len += ultoa(ntohl(sa.spi), base, buf+len, sizeof(buf)-len); + *(buf+len-1) = '@'; + len += addrtoa(sa.dst, 0, buf+len, sizeof(buf)-len); + } + + if (dst != NULL) { + if (len > dstlen) + *(buf+dstlen-1) = '\0'; + strcpy(dst, buf); + } + return len; +} diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in index 8b1e7384f..4f65ac93f 100644 --- a/src/libhydra/Makefile.in +++ b/src/libhydra/Makefile.in @@ -271,7 +271,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -310,8 +316,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 4fd5a7535..894bfb3bb 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -78,8 +78,13 @@ METHOD(kernel_interface_t, get_cpi, status_t, METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, +<<<<<<< HEAD + u_int32_t spi, u_int8_t protocol, u_int32_t reqid, + mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) @@ -89,8 +94,13 @@ METHOD(kernel_interface_t, add_sa, status_t, return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, +<<<<<<< HEAD + mark, lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, + cpi, encap, inbound, src_ts, dst_ts); +======= mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, encap, inbound, src_ts, dst_ts); +>>>>>>> upstream/4.5.1 } METHOD(kernel_interface_t, update_sa, status_t, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index ec73fa1f7..200628f8c 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -91,7 +91,10 @@ struct kernel_interface_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark optional mark for this SA +<<<<<<< HEAD +======= * @param tfc Traffic Flow Confidentiality padding for this SA +>>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -109,7 +112,11 @@ struct kernel_interface_t { status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD + lifetime_cfg_t *lifetime, +======= u_int32_t tfc, lifetime_cfg_t *lifetime, +>>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 3e2d8b9ce..7145dda8e 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -204,7 +204,10 @@ struct kernel_ipsec_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark mark for this SA +<<<<<<< HEAD +======= * @param tfc Traffic Flow Confidentiality padding for this SA +>>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -222,7 +225,11 @@ struct kernel_ipsec_t { status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, +<<<<<<< HEAD + mark_t mark, lifetime_cfg_t *lifetime, +======= mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, +>>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index 2da06a89c..45ecb9924 100644 --- a/src/libhydra/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c index 0f66b680a..1edb92c1f 100644 --- a/src/libhydra/plugins/attr/attr_plugin.c +++ b/src/libhydra/plugins/attr/attr_plugin.c @@ -36,8 +36,15 @@ struct private_attr_plugin_t { attr_provider_t *provider; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_attr_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_attr_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider); this->provider->destroy(this->provider); @@ -49,6 +56,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *attr_plugin_create() { +<<<<<<< HEAD + private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->provider = attr_provider_create(); +======= private_attr_plugin_t *this; INIT(this, @@ -59,6 +73,7 @@ plugin_t *attr_plugin_create() }, .provider = attr_provider_create(), ); +>>>>>>> upstream/4.5.1 hydra->attributes->add_provider(hydra->attributes, &this->provider->provider); return &this->public.plugin; diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index 26e7a3038..729738d60 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -232,7 +232,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -271,8 +277,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c index ca9de023e..e47f9f03a 100644 --- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c @@ -43,8 +43,15 @@ struct private_attr_sql_plugin_t { }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_attr_sql_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_attr_sql_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->attribute->destroy(this->attribute); @@ -57,17 +64,31 @@ METHOD(plugin_t, destroy, void, */ plugin_t *attr_sql_plugin_create() { +<<<<<<< HEAD + char *uri; + private_attr_sql_plugin_t *this; + + uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); +======= private_attr_sql_plugin_t *this; char *uri; uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); +>>>>>>> upstream/4.5.1 if (!uri) { DBG1(DBG_CFG, "attr-sql plugin: database URI not set"); return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_attr_sql_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->db = lib->db->create(lib->db, uri); +======= INIT(this, .public = { .plugin = { @@ -77,6 +98,7 @@ plugin_t *attr_sql_plugin_create() .db = lib->db->create(lib->db, uri), ); +>>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "attr-sql plugin failed to connect to database"); diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in index 7d2464456..e4de26b60 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.in +++ b/src/libhydra/plugins/kernel_klips/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index cf9a3e1fd..f98dfcec5 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1668,7 +1668,11 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, +<<<<<<< HEAD + u_int8_t protocol, u_int32_t reqid, mark_t mark, +======= u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, +>>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c index 3c312ca2b..cbfc59a10 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c @@ -32,8 +32,15 @@ struct private_kernel_klips_plugin_t { kernel_klips_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_kernel_klips_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_kernel_klips_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); @@ -45,6 +52,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_klips_plugin_create() { +<<<<<<< HEAD + private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_kernel_klips_plugin_t *this; INIT(this, @@ -54,6 +67,7 @@ plugin_t *kernel_klips_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index c7404fe06..d293347cf 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -224,7 +224,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,8 +269,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 4dc80785c..bd3f4a122 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -58,8 +58,13 @@ #endif /*IPV6_XFRM_POLICY*/ /** default priority of installed policies */ +<<<<<<< HEAD +#define PRIO_LOW 3000 +#define PRIO_HIGH 2000 +======= #define PRIO_LOW 1024 #define PRIO_HIGH 512 +>>>>>>> upstream/4.5.1 /** * map the limit for bytes and packets to XFRM_INF per default @@ -866,7 +871,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, +<<<<<<< HEAD + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +======= u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, +>>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts, traffic_selector_t* dst_ts) @@ -882,7 +891,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t, if (ipcomp != IPCOMP_NONE && cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; +<<<<<<< HEAD + add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, +======= add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc, +>>>>>>> upstream/4.5.1 &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, mode, ipcomp, 0, FALSE, inbound, NULL, NULL); ipcomp = IPCOMP_NONE; @@ -920,7 +933,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->flags |= XFRM_STATE_AF_UNSPEC; break; case MODE_BEET: +<<<<<<< HEAD +======= case MODE_TRANSPORT: +>>>>>>> upstream/4.5.1 if(src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); @@ -1154,6 +1170,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } +<<<<<<< HEAD +======= if (tfc) { u_int32_t *tfcpad; @@ -1172,6 +1190,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } +>>>>>>> upstream/4.5.1 if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { if (mark.value) @@ -1706,6 +1725,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); policy_info->sel = policy->sel; policy_info->dir = policy->direction; +<<<<<<< HEAD + /* calculate priority based on source selector size, small size = high prio */ + policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; + policy_info->priority -= policy->sel.prefixlen_s * 10; + policy_info->priority -= policy->sel.proto ? 2 : 0; + policy_info->priority -= policy->sel.sport_mask ? 1 : 0; +======= /* calculate priority based on selector size, small size = high prio */ policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; @@ -1716,6 +1742,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy->sel.dport_mask ? 0 : 2; policy_info->priority += policy->sel.proto ? 0 : 1; +>>>>>>> upstream/4.5.1 policy_info->action = type != POLICY_DROP ? XFRM_POLICY_ALLOW : XFRM_POLICY_BLOCK; policy_info->share = XFRM_SHARE_ANY; @@ -1837,8 +1864,11 @@ METHOD(kernel_ipsec_t, add_policy, status_t, if (route->if_name) { +<<<<<<< HEAD +======= DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", src_ts, route->gateway, route->src_ip, route->if_name); +>>>>>>> upstream/4.5.1 switch (hydra->kernel_interface->add_route( hydra->kernel_interface, route->dst_net, route->prefixlen, route->gateway, diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c index 9fc1a03f5..b75a2be80 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -33,8 +33,15 @@ struct private_kernel_netlink_plugin_t { kernel_netlink_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_kernel_netlink_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_kernel_netlink_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); @@ -48,6 +55,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_netlink_plugin_create() { +<<<<<<< HEAD + private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_kernel_netlink_plugin_t *this; INIT(this, @@ -57,6 +70,7 @@ plugin_t *kernel_netlink_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); hydra->kernel_interface->add_net_interface(hydra->kernel_interface, diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in index 40363f319..3f2976959 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.in +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 681811528..69d0da6e5 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -99,8 +99,13 @@ #endif /** default priority of installed policies */ +<<<<<<< HEAD +#define PRIO_LOW 3000 +#define PRIO_HIGH 2000 +======= #define PRIO_LOW 1024 #define PRIO_HIGH 512 +>>>>>>> upstream/4.5.1 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ @@ -1206,7 +1211,11 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, +<<<<<<< HEAD + u_int8_t protocol, u_int32_t reqid, mark_t mark, +======= u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, +>>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, @@ -1651,6 +1660,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; #ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY +<<<<<<< HEAD + /* calculate priority based on source selector size, small size = high prio */ + pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; + pol->sadb_x_policy_priority -= policy->src.mask * 10; + pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; + pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; +======= /* calculate priority based on selector size, small size = high prio */ pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; pol->sadb_x_policy_priority -= policy->src.mask; @@ -1659,6 +1675,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, pol->sadb_x_policy_priority += policy->src.net->get_port(policy->src.net) || policy->dst.net->get_port(policy->dst.net) ? 0 : 2; pol->sadb_x_policy_priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1; +>>>>>>> upstream/4.5.1 #endif /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 9e7a7904d..e2ed954fb 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -32,8 +32,15 @@ struct private_kernel_pfkey_plugin_t { kernel_pfkey_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_kernel_pfkey_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_kernel_pfkey_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); @@ -45,6 +52,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_pfkey_plugin_create() { +<<<<<<< HEAD + private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_kernel_pfkey_plugin_t *this; INIT(this, @@ -54,6 +67,7 @@ plugin_t *kernel_pfkey_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in index 4db374b75..24f8ffc4e 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.in +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c index a4cb53edd..bae3a2ac6 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -32,8 +32,15 @@ struct private_kernel_pfroute_plugin_t { kernel_pfroute_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_kernel_pfroute_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_kernel_pfroute_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); @@ -45,6 +52,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_pfroute_plugin_create() { +<<<<<<< HEAD + private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_kernel_pfroute_plugin_t *this; INIT(this, @@ -54,6 +67,7 @@ plugin_t *kernel_pfroute_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 hydra->kernel_interface->add_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in index e6c5fb712..646d1dba9 100644 --- a/src/libhydra/plugins/resolve/Makefile.in +++ b/src/libhydra/plugins/resolve/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c index ad18c7060..c60521cd1 100644 --- a/src/libhydra/plugins/resolve/resolve_plugin.c +++ b/src/libhydra/plugins/resolve/resolve_plugin.c @@ -36,8 +36,15 @@ struct private_resolve_plugin_t { resolve_handler_t *handler; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_resolve_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_resolve_plugin_t *this) +>>>>>>> upstream/4.5.1 { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->handler->destroy(this->handler); @@ -49,6 +56,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *resolve_plugin_create() { +<<<<<<< HEAD + private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + this->handler = resolve_handler_create(); +======= private_resolve_plugin_t *this; INIT(this, @@ -59,6 +72,7 @@ plugin_t *resolve_plugin_create() }, .handler = resolve_handler_create(), ); +>>>>>>> upstream/4.5.1 hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); return &this->public.plugin; diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index ef7a6ee38..3191ade0f 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -192,7 +192,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -231,8 +237,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 6a29d8eea..894d3ae65 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -30,7 +30,12 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ +<<<<<<< HEAD +credentials/certificates/x509.h credentials/certificates/x509.c \ +credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -135,6 +140,8 @@ else SUBDIRS = . endif +<<<<<<< HEAD +======= if USE_AF_ALG SUBDIRS += plugins/af_alg if MONOLITHIC @@ -142,6 +149,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_AES SUBDIRS += plugins/aes if MONOLITHIC @@ -233,6 +241,8 @@ if MONOLITHIC endif endif +<<<<<<< HEAD +======= if USE_CONSTRAINTS SUBDIRS += plugins/constraints if MONOLITHIC @@ -240,6 +250,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_PUBKEY SUBDIRS += plugins/pubkey if MONOLITHIC @@ -282,6 +293,8 @@ if MONOLITHIC endif endif +<<<<<<< HEAD +======= if USE_SOUP SUBDIRS += plugins/soup if MONOLITHIC @@ -289,6 +302,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_LDAP SUBDIRS += plugins/ldap if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 76b4f70c6..af1e5bf3d 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -44,6 +44,72 @@ host_triplet = @host@ @USE_INTEGRITY_TEST_TRUE@ integrity_checker.c integrity_checker.h @USE_VSTR_TRUE@am__append_6 = -lvstr +<<<<<<< HEAD +@USE_AES_TRUE@am__append_7 = plugins/aes +@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la +@USE_DES_TRUE@am__append_9 = plugins/des +@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la +@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish +@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la +@USE_MD4_TRUE@am__append_13 = plugins/md4 +@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la +@USE_MD5_TRUE@am__append_15 = plugins/md5 +@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la +@USE_SHA1_TRUE@am__append_17 = plugins/sha1 +@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la +@USE_SHA2_TRUE@am__append_19 = plugins/sha2 +@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la +@USE_GMP_TRUE@am__append_21 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la +@USE_RANDOM_TRUE@am__append_23 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la +@USE_HMAC_TRUE@am__append_25 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la +@USE_XCBC_TRUE@am__append_27 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_29 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_31 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_32 = plugins/revocation/libstrongswan-revocation.la +@USE_PUBKEY_TRUE@am__append_33 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_34 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_35 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_36 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PGP_TRUE@am__append_37 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_38 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_39 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_40 = plugins/dnskey/libstrongswan-dnskey.la +@USE_PEM_TRUE@am__append_41 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_42 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_43 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_44 = plugins/curl/libstrongswan-curl.la +@USE_LDAP_TRUE@am__append_45 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_46 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_47 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_48 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_49 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_50 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_51 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_52 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_53 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_54 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_55 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_56 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_57 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_58 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_59 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_60 = plugins/agent/libstrongswan-agent.la +@USE_PKCS11_TRUE@am__append_61 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_62 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CTR_TRUE@am__append_63 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_64 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_65 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_66 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_67 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_68 = plugins/gcm/libstrongswan-gcm.la +@USE_TEST_VECTORS_TRUE@am__append_69 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_70 = plugins/test_vectors/libstrongswan-test-vectors.la +======= @USE_AF_ALG_TRUE@am__append_7 = plugins/af_alg @MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_8 = plugins/af_alg/libstrongswan-af-alg.la @USE_AES_TRUE@am__append_9 = plugins/aes @@ -114,6 +180,7 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_74 = plugins/gcm/libstrongswan-gcm.la @USE_TEST_VECTORS_TRUE@am__append_75 = plugins/test_vectors @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_76 = plugins/test_vectors/libstrongswan-test-vectors.la +>>>>>>> upstream/4.5.1 subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -168,8 +235,12 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ +<<<<<<< HEAD + $(am__append_66) $(am__append_68) $(am__append_70) +======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) +>>>>>>> upstream/4.5.1 am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ @@ -194,7 +265,12 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ +<<<<<<< HEAD + credentials/certificates/x509.h \ + credentials/certificates/x509.c credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -244,7 +320,11 @@ am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \ credential_factory.lo builder.lo cred_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ +<<<<<<< HEAD + x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ +======= crl.lo ocsp_response.lo ietf_attributes.lo \ +>>>>>>> upstream/4.5.1 credential_manager.lo auth_cfg_wrapper.lo \ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \ callback_cred.lo auth_cfg.lo database_factory.lo \ @@ -284,6 +364,16 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags +<<<<<<< HEAD +DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ + plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \ + plugins/random plugins/hmac plugins/xcbc plugins/x509 \ + plugins/revocation plugins/pubkey plugins/pkcs1 plugins/pgp \ + plugins/dnskey plugins/pem plugins/curl plugins/ldap \ + plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ + plugins/gcrypt plugins/fips_prf plugins/agent plugins/pkcs11 \ + plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors +======= DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/md4 plugins/md5 plugins/sha1 \ plugins/sha2 plugins/gmp plugins/random plugins/hmac \ @@ -294,6 +384,7 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ plugins/pkcs11 plugins/ctr plugins/ccm plugins/gcm \ plugins/test_vectors +>>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -439,7 +530,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -478,8 +575,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -515,7 +615,12 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ +<<<<<<< HEAD + credentials/certificates/x509.h \ + credentials/certificates/x509.c credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -566,8 +671,12 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ +<<<<<<< HEAD + $(am__append_66) $(am__append_68) $(am__append_70) +======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) +>>>>>>> upstream/4.5.1 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ @@ -600,9 +709,13 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ +<<<<<<< HEAD +@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) +======= @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_FALSE@ $(am__append_75) +>>>>>>> upstream/4.5.1 # build plugins with their own Makefile ####################################### @@ -621,9 +734,13 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ +<<<<<<< HEAD +@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) +======= @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_TRUE@ $(am__append_75) +>>>>>>> upstream/4.5.1 all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -761,6 +878,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ +======= +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -944,6 +1065,16 @@ certificate.lo: credentials/certificates/certificate.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c +<<<<<<< HEAD +x509.lo: credentials/certificates/x509.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c + +======= +>>>>>>> upstream/4.5.1 crl.lo: credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index f80c2b93b..7f198f9aa 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -126,6 +126,8 @@ chunk_t asn1_build_known_oid(int n) /* * Defined in header. */ +<<<<<<< HEAD +======= chunk_t asn1_oid_from_string(char *str) { enumerator_t *enumerator; @@ -220,6 +222,7 @@ char *asn1_oid_to_string(chunk_t oid) /* * Defined in header. */ +>>>>>>> upstream/4.5.1 size_t asn1_length(chunk_t *blob) { u_char n; diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 05a060827..70411c999 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -115,6 +115,8 @@ int asn1_known_oid(chunk_t object); chunk_t asn1_build_known_oid(int n); /** +<<<<<<< HEAD +======= * Convert human readable OID to ASN.1 DER encoding, without OID header. * * @param str OID string (e.g. 1.2.345.67.8) @@ -131,6 +133,7 @@ chunk_t asn1_oid_from_string(char *str); char* asn1_oid_to_string(chunk_t oid); /** +>>>>>>> upstream/4.5.1 * Returns the length of an ASN.1 object * The blob pointer is advanced past the tag length fields * diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index 2a7a38a52..fe02690d9 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -78,8 +78,15 @@ struct private_asn1_parser_t { chunk_t blobs[ASN1_MAX_LEVEL + 2]; }; +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.iterate + */ +static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) +======= METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) +>>>>>>> upstream/4.5.1 { chunk_t *blob, *blob1; u_char *start_ptr; @@ -232,33 +239,68 @@ end: return this->success; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.get_level + */ +static u_int get_level(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, get_level, u_int, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { return this->level0 + this->objects[this->line].level; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.set_top_level + */ +static void set_top_level(private_asn1_parser_t *this, u_int level0) +======= METHOD(asn1_parser_t, set_top_level, void, private_asn1_parser_t *this, u_int level0) +>>>>>>> upstream/4.5.1 { this->level0 = level0; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.set_flags + */ +static void set_flags(private_asn1_parser_t *this, bool implicit, bool private) +======= METHOD(asn1_parser_t, set_flags, void, private_asn1_parser_t *this, bool implicit, bool private) +>>>>>>> upstream/4.5.1 { this->implicit = implicit; this->private = private; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.success + */ +static bool success(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, success, bool, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { return this->success; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.destroy + */ +static void destroy(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, destroy, void, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -268,6 +310,22 @@ METHOD(asn1_parser_t, destroy, void, */ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) { +<<<<<<< HEAD + private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t); + + memset(this, '\0', sizeof(private_asn1_parser_t)); + this->objects = objects; + this->blobs[0] = blob; + this->line = -1; + this->success = TRUE; + + this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate; + this->public.get_level = (u_int (*)(asn1_parser_t*))get_level; + this->public.set_top_level = (void (*)(asn1_parser_t*, u_int))set_top_level; + this->public.set_flags = (void (*)(asn1_parser_t*, bool, bool))set_flags; + this->public.success = (bool (*)(asn1_parser_t*))success; + this->public.destroy = (void (*)(asn1_parser_t*))destroy; +======= private_asn1_parser_t *this; INIT(this, @@ -284,6 +342,7 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) .line = -1, .success = TRUE, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 57a00a39e..b823d6189 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,6 +10,364 @@ #include "oid.h" const oid_t oid_names[] = { +<<<<<<< HEAD + {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ + { 0x82, 0, 1, 1, "" }, /* 1 */ + { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ + { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ + { 0x0A, 0, 1, 4, "" }, /* 4 */ + { 0x07, 0, 1, 5, "" }, /* 5 */ + { 0x14, 0, 0, 6, "ND" }, /* 6 */ + {0x09, 18, 1, 0, "data" }, /* 7 */ + { 0x92, 0, 1, 1, "" }, /* 8 */ + { 0x26, 0, 1, 2, "" }, /* 9 */ + { 0x89, 0, 1, 3, "" }, /* 10 */ + { 0x93, 0, 1, 4, "" }, /* 11 */ + { 0xF2, 0, 1, 5, "" }, /* 12 */ + { 0x2C, 0, 1, 6, "" }, /* 13 */ + { 0x64, 0, 1, 7, "pilot" }, /* 14 */ + { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ + { 0x01, 17, 0, 9, "UID" }, /* 16 */ + { 0x19, 0, 0, 9, "DC" }, /* 17 */ + {0x55, 64, 1, 0, "X.500" }, /* 18 */ + { 0x04, 36, 1, 1, "X.509" }, /* 19 */ + { 0x03, 21, 0, 2, "CN" }, /* 20 */ + { 0x04, 22, 0, 2, "S" }, /* 21 */ + { 0x05, 23, 0, 2, "SN" }, /* 22 */ + { 0x06, 24, 0, 2, "C" }, /* 23 */ + { 0x07, 25, 0, 2, "L" }, /* 24 */ + { 0x08, 26, 0, 2, "ST" }, /* 25 */ + { 0x0A, 27, 0, 2, "O" }, /* 26 */ + { 0x0B, 28, 0, 2, "OU" }, /* 27 */ + { 0x0C, 29, 0, 2, "T" }, /* 28 */ + { 0x0D, 30, 0, 2, "D" }, /* 29 */ + { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ + { 0x29, 32, 0, 2, "N" }, /* 31 */ + { 0x2A, 33, 0, 2, "G" }, /* 32 */ + { 0x2B, 34, 0, 2, "I" }, /* 33 */ + { 0x2D, 35, 0, 2, "ID" }, /* 34 */ + { 0x48, 0, 0, 2, "role" }, /* 35 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */ + { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */ + { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */ + { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */ + { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */ + { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */ + { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */ + { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ + { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ + { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ + { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ + { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ + { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ + { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ + { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ + { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ + { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ + { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ + { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ + { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ + { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ + { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ + { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ + { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ + { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ + {0x2A, 161, 1, 0, "" }, /* 64 */ + { 0x83, 77, 1, 1, "" }, /* 65 */ + { 0x08, 0, 1, 2, "jp" }, /* 66 */ + { 0x8C, 0, 1, 3, "" }, /* 67 */ + { 0x9A, 0, 1, 4, "" }, /* 68 */ + { 0x4B, 0, 1, 5, "" }, /* 69 */ + { 0x3D, 0, 1, 6, "" }, /* 70 */ + { 0x01, 0, 1, 7, "security" }, /* 71 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ + { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ + { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ + { 0x86, 0, 1, 1, "" }, /* 77 */ + { 0x48, 0, 1, 2, "us" }, /* 78 */ + { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0xF6, 85, 1, 4, "" }, /* 80 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ + { 0xF7, 0, 1, 4, "" }, /* 85 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ + { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ + { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ + { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ + { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ + { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ + { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ + { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ + { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ + { 0x01, 99, 0, 8, "data" }, /* 98 */ + { 0x02, 100, 0, 8, "signedData" }, /* 99 */ + { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ + { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ + { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ + { 0x01, 106, 0, 8, "E" }, /* 105 */ + { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ + { 0x03, 108, 0, 8, "contentType" }, /* 107 */ + { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ + { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ + { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ + { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ + { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ + { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ + { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ + { 0x02, 117, 0, 7, "md2" }, /* 116 */ + { 0x05, 0, 0, 7, "md5" }, /* 117 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ + { 0xCE, 0, 1, 3, "" }, /* 120 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ + { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ + { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ + { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ + { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ + { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ + { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ + { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ + { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ + { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ + { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ + { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ + { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ + { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ + { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ + { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ + { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ + { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ + { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ + { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ + { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ + { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ + { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ + { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ + { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ + { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ + { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ + { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ + { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ + { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ + { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ + { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ + { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ + {0x2B, 309, 1, 0, "" }, /* 161 */ + { 0x06, 223, 1, 1, "dod" }, /* 162 */ + { 0x01, 0, 1, 2, "internet" }, /* 163 */ + { 0x04, 183, 1, 3, "private" }, /* 164 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ + { 0x82, 176, 1, 5, "" }, /* 166 */ + { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ + { 0x0A, 172, 1, 7, "" }, /* 168 */ + { 0x03, 0, 1, 8, "" }, /* 169 */ + { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ + { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ + { 0x89, 0, 1, 5, "" }, /* 176 */ + { 0x31, 0, 1, 6, "" }, /* 177 */ + { 0x01, 0, 1, 7, "" }, /* 178 */ + { 0x01, 0, 1, 8, "" }, /* 179 */ + { 0x02, 0, 1, 9, "" }, /* 180 */ + { 0x02, 182, 0, 10, "" }, /* 181 */ + { 0x4B, 0, 0, 10, "TCGID" }, /* 182 */ + { 0x05, 0, 1, 3, "security" }, /* 183 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 184 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 185 */ + { 0x01, 190, 1, 6, "id-pe" }, /* 186 */ + { 0x01, 188, 0, 7, "authorityInfoAccess" }, /* 187 */ + { 0x03, 189, 0, 7, "qcStatements" }, /* 188 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 189 */ + { 0x02, 193, 1, 6, "id-qt" }, /* 190 */ + { 0x01, 192, 0, 7, "cps" }, /* 191 */ + { 0x02, 0, 0, 7, "unotice" }, /* 192 */ + { 0x03, 203, 1, 6, "id-kp" }, /* 193 */ + { 0x01, 195, 0, 7, "serverAuth" }, /* 194 */ + { 0x02, 196, 0, 7, "clientAuth" }, /* 195 */ + { 0x03, 197, 0, 7, "codeSigning" }, /* 196 */ + { 0x04, 198, 0, 7, "emailProtection" }, /* 197 */ + { 0x05, 199, 0, 7, "ipsecEndSystem" }, /* 198 */ + { 0x06, 200, 0, 7, "ipsecTunnel" }, /* 199 */ + { 0x07, 201, 0, 7, "ipsecUser" }, /* 200 */ + { 0x08, 202, 0, 7, "timeStamping" }, /* 201 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 202 */ + { 0x08, 205, 1, 6, "id-otherNames" }, /* 203 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 204 */ + { 0x0A, 210, 1, 6, "id-aca" }, /* 205 */ + { 0x01, 207, 0, 7, "authenticationInfo" }, /* 206 */ + { 0x02, 208, 0, 7, "accessIdentity" }, /* 207 */ + { 0x03, 209, 0, 7, "chargingIdentity" }, /* 208 */ + { 0x04, 0, 0, 7, "group" }, /* 209 */ + { 0x0B, 211, 0, 6, "subjectInfoAccess" }, /* 210 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 211 */ + { 0x01, 220, 1, 7, "ocsp" }, /* 212 */ + { 0x01, 214, 0, 8, "basic" }, /* 213 */ + { 0x02, 215, 0, 8, "nonce" }, /* 214 */ + { 0x03, 216, 0, 8, "crl" }, /* 215 */ + { 0x04, 217, 0, 8, "response" }, /* 216 */ + { 0x05, 218, 0, 8, "noCheck" }, /* 217 */ + { 0x06, 219, 0, 8, "archiveCutoff" }, /* 218 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 219 */ + { 0x02, 221, 0, 7, "caIssuers" }, /* 220 */ + { 0x03, 222, 0, 7, "timeStamping" }, /* 221 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 222 */ + { 0x0E, 229, 1, 1, "oiw" }, /* 223 */ + { 0x03, 0, 1, 2, "secsig" }, /* 224 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 225 */ + { 0x07, 227, 0, 4, "des-cbc" }, /* 226 */ + { 0x1A, 228, 0, 4, "sha-1" }, /* 227 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 228 */ + { 0x24, 275, 1, 1, "TeleTrusT" }, /* 229 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 230 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 231 */ + { 0x01, 236, 1, 4, "rsaSignature" }, /* 232 */ + { 0x02, 234, 0, 5, "rsaSigWithripemd160" }, /* 233 */ + { 0x03, 235, 0, 5, "rsaSigWithripemd128" }, /* 234 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 235 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 236 */ + { 0x01, 238, 0, 5, "ecSignWithsha1" }, /* 237 */ + { 0x02, 239, 0, 5, "ecSignWithripemd160" }, /* 238 */ + { 0x03, 240, 0, 5, "ecSignWithmd2" }, /* 239 */ + { 0x04, 241, 0, 5, "ecSignWithmd5" }, /* 240 */ + { 0x05, 258, 1, 5, "ttt-ecg" }, /* 241 */ + { 0x01, 246, 1, 6, "fieldType" }, /* 242 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 243 */ + { 0x01, 0, 1, 8, "basisType" }, /* 244 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 245 */ + { 0x02, 248, 1, 6, "keyType" }, /* 246 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 247 */ + { 0x03, 249, 0, 6, "curve" }, /* 248 */ + { 0x04, 256, 1, 6, "signatures" }, /* 249 */ + { 0x01, 251, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 250 */ + { 0x02, 252, 0, 7, "ecgdsa-with-SHA1" }, /* 251 */ + { 0x03, 253, 0, 7, "ecgdsa-with-SHA224" }, /* 252 */ + { 0x04, 254, 0, 7, "ecgdsa-with-SHA256" }, /* 253 */ + { 0x05, 255, 0, 7, "ecgdsa-with-SHA384" }, /* 254 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 255 */ + { 0x05, 0, 1, 6, "module" }, /* 256 */ + { 0x01, 0, 0, 7, "1" }, /* 257 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 258 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 259 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 260 */ + { 0x01, 262, 0, 8, "brainpoolP160r1" }, /* 261 */ + { 0x02, 263, 0, 8, "brainpoolP160t1" }, /* 262 */ + { 0x03, 264, 0, 8, "brainpoolP192r1" }, /* 263 */ + { 0x04, 265, 0, 8, "brainpoolP192t1" }, /* 264 */ + { 0x05, 266, 0, 8, "brainpoolP224r1" }, /* 265 */ + { 0x06, 267, 0, 8, "brainpoolP224t1" }, /* 266 */ + { 0x07, 268, 0, 8, "brainpoolP256r1" }, /* 267 */ + { 0x08, 269, 0, 8, "brainpoolP256t1" }, /* 268 */ + { 0x09, 270, 0, 8, "brainpoolP320r1" }, /* 269 */ + { 0x0A, 271, 0, 8, "brainpoolP320t1" }, /* 270 */ + { 0x0B, 272, 0, 8, "brainpoolP384r1" }, /* 271 */ + { 0x0C, 273, 0, 8, "brainpoolP384t1" }, /* 272 */ + { 0x0D, 274, 0, 8, "brainpoolP512r1" }, /* 273 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 274 */ + { 0x81, 0, 1, 1, "" }, /* 275 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 276 */ + { 0x00, 0, 1, 3, "curve" }, /* 277 */ + { 0x01, 279, 0, 4, "sect163k1" }, /* 278 */ + { 0x02, 280, 0, 4, "sect163r1" }, /* 279 */ + { 0x03, 281, 0, 4, "sect239k1" }, /* 280 */ + { 0x04, 282, 0, 4, "sect113r1" }, /* 281 */ + { 0x05, 283, 0, 4, "sect113r2" }, /* 282 */ + { 0x06, 284, 0, 4, "secp112r1" }, /* 283 */ + { 0x07, 285, 0, 4, "secp112r2" }, /* 284 */ + { 0x08, 286, 0, 4, "secp160r1" }, /* 285 */ + { 0x09, 287, 0, 4, "secp160k1" }, /* 286 */ + { 0x0A, 288, 0, 4, "secp256k1" }, /* 287 */ + { 0x0F, 289, 0, 4, "sect163r2" }, /* 288 */ + { 0x10, 290, 0, 4, "sect283k1" }, /* 289 */ + { 0x11, 291, 0, 4, "sect283r1" }, /* 290 */ + { 0x16, 292, 0, 4, "sect131r1" }, /* 291 */ + { 0x17, 293, 0, 4, "sect131r2" }, /* 292 */ + { 0x18, 294, 0, 4, "sect193r1" }, /* 293 */ + { 0x19, 295, 0, 4, "sect193r2" }, /* 294 */ + { 0x1A, 296, 0, 4, "sect233k1" }, /* 295 */ + { 0x1B, 297, 0, 4, "sect233r1" }, /* 296 */ + { 0x1C, 298, 0, 4, "secp128r1" }, /* 297 */ + { 0x1D, 299, 0, 4, "secp128r2" }, /* 298 */ + { 0x1E, 300, 0, 4, "secp160r2" }, /* 299 */ + { 0x1F, 301, 0, 4, "secp192k1" }, /* 300 */ + { 0x20, 302, 0, 4, "secp224k1" }, /* 301 */ + { 0x21, 303, 0, 4, "secp224r1" }, /* 302 */ + { 0x22, 304, 0, 4, "secp384r1" }, /* 303 */ + { 0x23, 305, 0, 4, "secp521r1" }, /* 304 */ + { 0x24, 306, 0, 4, "sect409k1" }, /* 305 */ + { 0x25, 307, 0, 4, "sect409r1" }, /* 306 */ + { 0x26, 308, 0, 4, "sect571k1" }, /* 307 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 308 */ + {0x60, 0, 1, 0, "" }, /* 309 */ + { 0x86, 0, 1, 1, "" }, /* 310 */ + { 0x48, 0, 1, 2, "" }, /* 311 */ + { 0x01, 0, 1, 3, "organization" }, /* 312 */ + { 0x65, 331, 1, 4, "gov" }, /* 313 */ + { 0x03, 0, 1, 5, "csor" }, /* 314 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 315 */ + { 0x01, 326, 1, 7, "aes" }, /* 316 */ + { 0x02, 318, 0, 8, "id-aes128-CBC" }, /* 317 */ + { 0x06, 319, 0, 8, "id-aes128-GCM" }, /* 318 */ + { 0x07, 320, 0, 8, "id-aes128-CCM" }, /* 319 */ + { 0x16, 321, 0, 8, "id-aes192-CBC" }, /* 320 */ + { 0x1A, 322, 0, 8, "id-aes192-GCM" }, /* 321 */ + { 0x1B, 323, 0, 8, "id-aes192-CCM" }, /* 322 */ + { 0x2A, 324, 0, 8, "id-aes256-CBC" }, /* 323 */ + { 0x2E, 325, 0, 8, "id-aes256-GCM" }, /* 324 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 325 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 326 */ + { 0x01, 328, 0, 8, "id-SHA-256" }, /* 327 */ + { 0x02, 329, 0, 8, "id-SHA-384" }, /* 328 */ + { 0x03, 330, 0, 8, "id-SHA-512" }, /* 329 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 330 */ + { 0x86, 0, 1, 4, "" }, /* 331 */ + { 0xf8, 0, 1, 5, "" }, /* 332 */ + { 0x42, 345, 1, 6, "netscape" }, /* 333 */ + { 0x01, 340, 1, 7, "" }, /* 334 */ + { 0x01, 336, 0, 8, "nsCertType" }, /* 335 */ + { 0x03, 337, 0, 8, "nsRevocationUrl" }, /* 336 */ + { 0x04, 338, 0, 8, "nsCaRevocationUrl" }, /* 337 */ + { 0x08, 339, 0, 8, "nsCaPolicyUrl" }, /* 338 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 339 */ + { 0x03, 343, 1, 7, "directory" }, /* 340 */ + { 0x01, 0, 1, 8, "" }, /* 341 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 342 */ + { 0x04, 0, 1, 7, "policy" }, /* 343 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 344 */ + { 0x45, 0, 1, 6, "verisign" }, /* 345 */ + { 0x01, 0, 1, 7, "pki" }, /* 346 */ + { 0x09, 0, 1, 8, "attributes" }, /* 347 */ + { 0x02, 349, 0, 9, "messageType" }, /* 348 */ + { 0x03, 350, 0, 9, "pkiStatus" }, /* 349 */ + { 0x04, 351, 0, 9, "failInfo" }, /* 350 */ + { 0x05, 352, 0, 9, "senderNonce" }, /* 351 */ + { 0x06, 353, 0, 9, "recipientNonce" }, /* 352 */ + { 0x07, 354, 0, 9, "transID" }, /* 353 */ + { 0x08, 355, 0, 9, "extensionReq" }, /* 354 */ + { 0x08, 0, 0, 9, "extensionReq" } /* 355 */ +======= {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ { 0x82, 0, 1, 1, "" }, /* 1 */ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ @@ -369,4 +727,5 @@ const oid_t oid_names[] = { { 0x07, 357, 0, 9, "transID" }, /* 356 */ { 0x08, 358, 0, 9, "extensionReq" }, /* 357 */ { 0x08, 0, 0, 9, "extensionReq" } /* 358 */ +>>>>>>> upstream/4.5.1 }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index b6ee9a10d..e9de81ccf 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -49,11 +49,16 @@ extern const oid_t oid_names[]; #define OID_DELTA_CRL_INDICATOR 48 #define OID_NAME_CONSTRAINTS 51 #define OID_CRL_DISTRIBUTION_POINTS 52 +<<<<<<< HEAD +#define OID_ANY_POLICY 54 +#define OID_AUTHORITY_KEY_ID 56 +======= #define OID_CERTIFICATE_POLICIES 53 #define OID_ANY_POLICY 54 #define OID_POLICY_MAPPINGS 55 #define OID_AUTHORITY_KEY_ID 56 #define OID_POLICY_CONSTRAINTS 57 +>>>>>>> upstream/4.5.1 #define OID_EXTENDED_KEY_USAGE 58 #define OID_FRESHEST_CRL 60 #define OID_INHIBIT_ANY_POLICY 61 @@ -120,6 +125,95 @@ extern const oid_t oid_names[]; #define OID_ECDSA_WITH_SHA384 159 #define OID_ECDSA_WITH_SHA512 160 #define OID_USER_PRINCIPAL_NAME 175 +<<<<<<< HEAD +#define OID_TCGID 182 +#define OID_AUTHORITY_INFO_ACCESS 187 +#define OID_IP_ADDR_BLOCKS 189 +#define OID_SERVER_AUTH 194 +#define OID_CLIENT_AUTH 195 +#define OID_OCSP_SIGNING 202 +#define OID_XMPP_ADDR 204 +#define OID_AUTHENTICATION_INFO 206 +#define OID_ACCESS_IDENTITY 207 +#define OID_CHARGING_IDENTITY 208 +#define OID_GROUP 209 +#define OID_OCSP 212 +#define OID_BASIC 213 +#define OID_NONCE 214 +#define OID_CRL 215 +#define OID_RESPONSE 216 +#define OID_NO_CHECK 217 +#define OID_ARCHIVE_CUTOFF 218 +#define OID_SERVICE_LOCATOR 219 +#define OID_CA_ISSUERS 220 +#define OID_DES_CBC 226 +#define OID_SHA1 227 +#define OID_SHA1_WITH_RSA_OIW 228 +#define OID_ECGDSA_PUBKEY 247 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 250 +#define OID_ECGDSA_SIG_WITH_SHA1 251 +#define OID_ECGDSA_SIG_WITH_SHA224 252 +#define OID_ECGDSA_SIG_WITH_SHA256 253 +#define OID_ECGDSA_SIG_WITH_SHA384 254 +#define OID_ECGDSA_SIG_WITH_SHA512 255 +#define OID_SECT163K1 278 +#define OID_SECT163R1 279 +#define OID_SECT239K1 280 +#define OID_SECT113R1 281 +#define OID_SECT113R2 282 +#define OID_SECT112R1 283 +#define OID_SECT112R2 284 +#define OID_SECT160R1 285 +#define OID_SECT160K1 286 +#define OID_SECT256K1 287 +#define OID_SECT163R2 288 +#define OID_SECT283K1 289 +#define OID_SECT283R1 290 +#define OID_SECT131R1 291 +#define OID_SECT131R2 292 +#define OID_SECT193R1 293 +#define OID_SECT193R2 294 +#define OID_SECT233K1 295 +#define OID_SECT233R1 296 +#define OID_SECT128R1 297 +#define OID_SECT128R2 298 +#define OID_SECT160R2 299 +#define OID_SECT192K1 300 +#define OID_SECT224K1 301 +#define OID_SECT224R1 302 +#define OID_SECT384R1 303 +#define OID_SECT521R1 304 +#define OID_SECT409K1 305 +#define OID_SECT409R1 306 +#define OID_SECT571K1 307 +#define OID_SECT571R1 308 +#define OID_AES128_CBC 317 +#define OID_AES128_GCM 318 +#define OID_AES128_CCM 319 +#define OID_AES192_CBC 320 +#define OID_AES192_GCM 321 +#define OID_AES192_CCM 322 +#define OID_AES256_CBC 323 +#define OID_AES256_GCM 324 +#define OID_AES256_CCM 325 +#define OID_SHA256 327 +#define OID_SHA384 328 +#define OID_SHA512 329 +#define OID_SHA224 330 +#define OID_NS_REVOCATION_URL 336 +#define OID_NS_CA_REVOCATION_URL 337 +#define OID_NS_CA_POLICY_URL 338 +#define OID_NS_COMMENT 339 +#define OID_EMPLOYEE_NUMBER 342 +#define OID_PKI_MESSAGE_TYPE 348 +#define OID_PKI_STATUS 349 +#define OID_PKI_FAIL_INFO 350 +#define OID_PKI_SENDER_NONCE 351 +#define OID_PKI_RECIPIENT_NONCE 352 +#define OID_PKI_TRANS_ID 353 + +#define OID_MAX 356 +======= #define OID_STRONGSWAN 178 #define OID_TCGID 185 #define OID_AUTHORITY_INFO_ACCESS 190 @@ -210,5 +304,6 @@ extern const oid_t oid_names[]; #define OID_PKI_TRANS_ID 356 #define OID_MAX 359 +>>>>>>> upstream/4.5.1 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index e2931c7dd..bf37dd624 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -51,11 +51,19 @@ 0x1D "certificateIssuer" 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS +<<<<<<< HEAD + 0x20 "certificatePolicies" + 0x00 "anyPolicy" OID_ANY_POLICY + 0x21 "policyMappings" + 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID + 0x24 "policyConstraints" +======= 0x20 "certificatePolicies" OID_CERTIFICATE_POLICIES 0x00 "anyPolicy" OID_ANY_POLICY 0x21 "policyMappings" OID_POLICY_MAPPINGS 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID 0x24 "policyConstraints" OID_POLICY_CONSTRAINTS +>>>>>>> upstream/4.5.1 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE 0x00 "anyExtendedKeyUsage" 0x2E "freshestCRL" OID_FRESHEST_CRL @@ -124,7 +132,11 @@ 0x01 "id-ecPublicKey" OID_EC_PUBLICKEY 0x03 "ellipticCurve" 0x00 "c-TwoCurve" +<<<<<<< HEAD + 0x01 "c2pnb163v1" OID_C2PNB163V1 +======= 0x01 "c2pnb163v1" OID_C2PNB163V1 +>>>>>>> upstream/4.5.1 0x02 "c2pnb163v2" OID_C2PNB163V2 0x03 "c2pnb163v3" OID_C2PNB163V3 0x04 "c2pnb176w1" OID_C2PNB176W1 @@ -174,16 +186,23 @@ 0x02 "msCertificateTypeExtension" 0x02 "msSmartcardLogon" 0x03 "msUPN" OID_USER_PRINCIPAL_NAME +<<<<<<< HEAD +======= 0xA0 "" 0x2A "ITA" 0x01 "strongSwan" OID_STRONGSWAN +>>>>>>> upstream/4.5.1 0x89 "" 0x31 "" 0x01 "" 0x01 "" 0x02 "" 0x02 "" +<<<<<<< HEAD + 0x4B "TCGID" OID_TCGID +======= 0x4B "TCGID" OID_TCGID +>>>>>>> upstream/4.5.1 0x05 "security" 0x05 "mechanisms" 0x07 "id-pkix" @@ -192,8 +211,13 @@ 0x03 "qcStatements" 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS 0x02 "id-qt" +<<<<<<< HEAD + 0x01 "cps" + 0x02 "unotice" +======= 0x01 "cps" OID_POLICY_QUALIFIER_CPS 0x02 "unotice" OID_POLICY_QUALIFIER_UNOTICE +>>>>>>> upstream/4.5.1 0x03 "id-kp" 0x01 "serverAuth" OID_SERVER_AUTH 0x02 "clientAuth" OID_CLIENT_AUTH diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 23a3f62d9..9c7df81a6 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,13 +131,19 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -149,8 +155,11 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 break; } } @@ -176,8 +185,11 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -188,12 +200,18 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -245,8 +263,11 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -258,12 +279,18 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 default: return NULL; } @@ -286,8 +313,11 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -298,12 +328,18 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -374,6 +410,40 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { +<<<<<<< HEAD + cert_validation_t validated, required; + + required = (uintptr_t)value; + validated = (uintptr_t)get(this, t1); + switch (required) + { + case VALIDATION_FAILED: + /* no constraint */ + break; + case VALIDATION_SKIPPED: + if (validated == VALIDATION_SKIPPED) + { + break; + } + /* FALL */ + case VALIDATION_GOOD: + if (validated == VALIDATION_GOOD) + { + break; + } + /* FALL */ + default: + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint check failed: %N is %N, " + "but requires at least %N", auth_rule_names, + t1, cert_validation_names, validated, + cert_validation_names, required); + } + break; + } +======= uintptr_t validated; e2 = create_enumerator(this); @@ -413,6 +483,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } } e2->destroy(e2); +>>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -496,6 +567,8 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: { @@ -561,11 +634,15 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -612,7 +689,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -624,8 +704,11 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -640,7 +723,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -693,8 +779,11 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -708,7 +797,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -739,7 +831,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -822,13 +917,19 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -840,8 +941,11 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 489ce1134..659a7c9ef 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -90,12 +90,15 @@ enum auth_rule_t { * The group membership constraint is fulfilled if the subject is member of * one group defined in the constraints. */ AUTH_RULE_GROUP, +<<<<<<< HEAD +======= /** required RSA public key strength, u_int in bits */ AUTH_RULE_RSA_STRENGTH, /** required ECDSA public key strength, u_int in bits */ AUTH_RULE_ECDSA_STRENGTH, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, +>>>>>>> upstream/4.5.1 /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, @@ -105,8 +108,11 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, +<<<<<<< HEAD +======= /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, +>>>>>>> upstream/4.5.1 }; /** diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index f9a277a2c..4d3a78eab 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -43,6 +43,10 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", +<<<<<<< HEAD + "BUILD_X509_FLAG", + "BUILD_REVOKED_ENUMERATOR", +======= "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -53,6 +57,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_BASE_CRL", +>>>>>>> upstream/4.5.1 "BUILD_CHALLENGE_PWD", "BUILD_PKCS11_MODULE", "BUILD_PKCS11_SLOT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 325b668cd..fc93a6007 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -87,12 +87,18 @@ enum builder_part_t { BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, +<<<<<<< HEAD + /** CRL distribution point URIs, linked_list_t* containing char* */ +======= /** CRL distribution point URIs, x509_cdp_t* */ +>>>>>>> upstream/4.5.1 BUILD_CRL_DISTRIBUTION_POINTS, /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, +<<<<<<< HEAD +======= /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -107,12 +113,16 @@ enum builder_part_t { BUILD_POLICY_INHIBIT_MAPPING, /** inhibitAnyPolicy constraint, int */ BUILD_POLICY_INHIBIT_ANY, +>>>>>>> upstream/4.5.1 /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ BUILD_REVOKED_ENUMERATOR, +<<<<<<< HEAD +======= /** Base CRL serial for a delta CRL, chunk_t, */ BUILD_BASE_CRL, +>>>>>>> upstream/4.5.1 /** PKCS#10 challenge password */ BUILD_CHALLENGE_PWD, /** friendly name of a PKCS#11 module, null terminated char* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index 733d9d612..f329281d3 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -40,6 +40,14 @@ struct cert_validator_t { * @param subject subject certificate to check * @param issuer issuer of subject * @param online wheter to do online revocation checking +<<<<<<< HEAD + * @param pathlen the current length of the path up to the root CA + * @param auth container for resulting authentication info + */ + bool (*validate)(cert_validator_t *this, certificate_t *subject, + certificate_t *issuer, bool online, int pathlen, + auth_cfg_t *auth); +======= * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info @@ -47,6 +55,7 @@ struct cert_validator_t { bool (*validate)(cert_validator_t *this, certificate_t *subject, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth); +>>>>>>> upstream/4.5.1 }; #endif /** CERT_VALIDATOR_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 2f3497474..11ad7f2f3 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -72,6 +72,8 @@ struct crl_t { chunk_t (*get_authKeyIdentifier)(crl_t *this); /** +<<<<<<< HEAD +======= * Is this CRL a delta CRL? * * @param base_crl gets to baseCrlNumber, if this is a delta CRL @@ -87,6 +89,7 @@ struct crl_t { enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over all revoked certificates. * * The enumerator takes 3 pointer arguments: diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c new file mode 100644 index 000000000..66dc192c1 --- /dev/null +++ b/src/libstrongswan/credentials/certificates/x509.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "x509.h" + +ENUM(x509_flag_names, X509_NONE, X509_IP_ADDR_BLOCKS, + "X509_NONE", + "X509_CA", + "X509_AA", + "X509_OCSP_SIGNER", + "X509_SERVER_AUTH", + "X509_CLIENT_AUTH", + "X509_SELF_SIGNED", + "X509_IP_ADDR_BLOCKS", +); + diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index fec02dbad..3ab26c8c5 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,6 +24,12 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> +<<<<<<< HEAD +#define X509_NO_PATH_LEN_CONSTRAINT -1 + +typedef struct x509_t x509_t; +typedef enum x509_flag_t x509_flag_t; +======= /* constraints are currently restricted to the range 0..127 */ #define X509_NO_CONSTRAINT 255 @@ -33,6 +39,7 @@ typedef struct x509_policy_mapping_t x509_policy_mapping_t; typedef struct x509_cdp_t x509_cdp_t; typedef enum x509_flag_t x509_flag_t; typedef enum x509_constraint_t x509_constraint_t; +>>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -54,6 +61,14 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), +<<<<<<< HEAD +}; + +/** + * enum names for x509 flags + */ +extern enum_name_t *x509_flag_names; +======= /** cert has CRL sign key usage */ X509_CRL_SIGN = (1<<7), }; @@ -103,6 +118,7 @@ struct x509_cdp_t { /** CRL issuer */ identification_t *issuer; }; +>>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -146,12 +162,20 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** +<<<<<<< HEAD + * Get an optional path length constraint. + * + * @return pathLenConstraint, -1 if no constraint exists + */ + int (*get_pathLenConstraint)(x509_t *this); +======= * Get a numerical X.509 constraint. * * @param type type of constraint to get * @return constraint, X509_NO_CONSTRAINT if none found */ u_int (*get_constraint)(x509_t *this, x509_constraint_t type); +>>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -161,9 +185,15 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** +<<<<<<< HEAD + * Create an enumerator over all CRL URIs. + * + * @return enumerator over URIs as char* +======= * Create an enumerator over all CRL URIs and CRL Issuers. * * @return enumerator over x509_cdp_t +>>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -180,6 +210,8 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); +<<<<<<< HEAD +======= /** * Create an enumerator over name constraints. @@ -204,6 +236,7 @@ struct x509_t { enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); +>>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 27b97eab3..3e54368ff 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,8 +452,13 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, +<<<<<<< HEAD + certificate_t *subject, certificate_t *issuer, + bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -471,12 +476,36 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } +<<<<<<< HEAD + if (issuer->get_type(issuer) == CERT_X509 && + subject->get_type(subject) == CERT_X509) + { + int pathlen_constraint; + x509_t *x509; + + /* check path length constraint */ + x509 = (x509_t*)issuer; + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + pathlen > pathlen_constraint) + { + DBG1(DBG_CFG, "path length of %d violates constraint of %d", + pathlen, pathlen_constraint); + return FALSE; + } + } +======= +>>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, +<<<<<<< HEAD + online, pathlen, auth)) +======= online, pathlen, trusted, auth)) +>>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -534,6 +563,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** +<<<<<<< HEAD +======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -565,6 +596,7 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** +>>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -576,9 +608,13 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); +<<<<<<< HEAD + current = subject->get_ref(subject); +======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); +>>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -623,17 +659,25 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } +<<<<<<< HEAD + if (!check_certificate(this, current, issuer, online, pathlen, + current == subject ? auth : NULL)) +======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) +>>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } +<<<<<<< HEAD +======= if (issuer) { get_key_strength(issuer, auth); } +>>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -657,6 +701,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** +<<<<<<< HEAD +======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -665,6 +711,7 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** +>>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -684,8 +731,11 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; +<<<<<<< HEAD +======= /** list of failed candidates */ linked_list_t *failed; +>>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -713,6 +763,13 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { +<<<<<<< HEAD + this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, + this->pretrusted->get_ref(this->pretrusted)); + DBG1(DBG_CFG, " using trusted certificate \"%Y\"", + this->pretrusted->get_subject(this->pretrusted)); + *cert = this->pretrusted; +======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -721,6 +778,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } +>>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -738,12 +796,15 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } +<<<<<<< HEAD +======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -756,7 +817,10 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } +<<<<<<< HEAD +======= this->failed->insert_last(this->failed, current->get_ref(current)); +>>>>>>> upstream/4.5.1 } return FALSE; } @@ -767,7 +831,10 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); +<<<<<<< HEAD +======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); +>>>>>>> upstream/4.5.1 free(this); } @@ -786,7 +853,10 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, +<<<<<<< HEAD +======= .failed = linked_list_create(), +>>>>>>> upstream/4.5.1 ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 225fabe31..046ccfd12 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,8 +132,12 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && +<<<<<<< HEAD + rule != AUTH_HELPER_IM_CERT) +======= rule != AUTH_HELPER_IM_CERT && rule != AUTH_HELPER_REVOCATION_CERT) +>>>>>>> upstream/4.5.1 { /* handle only HELPER certificates */ continue; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index e023e8443..5a2385b72 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,6 +1,9 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperwsil +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -56,11 +59,14 @@ struct private_mem_cred_t { * List of shared keys, as shared_entry_t */ linked_list_t *shared; +<<<<<<< HEAD +======= /** * List of CDPs, as cdp_t */ linked_list_t *cdps; +>>>>>>> upstream/4.5.1 }; /** @@ -151,6 +157,23 @@ static bool certificate_equals(certificate_t *item, certificate_t *cert) return item->equals(item, cert); } +<<<<<<< HEAD +METHOD(mem_cred_t, add_cert, void, + private_mem_cred_t *this, bool trusted, certificate_t *cert) +{ + this->lock->write_lock(this->lock); + if (this->untrusted->find_last(this->untrusted, + (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS) + { + if (trusted) + { + this->trusted->insert_last(this->trusted, cert->get_ref(cert)); + } + this->untrusted->insert_last(this->untrusted, cert->get_ref(cert)); + } + cert->destroy(cert); + this->lock->unlock(this->lock); +======= /** * Add a certificate the the cache. Returns a reference to "cert" or a * previously cached certificate that equals "cert". @@ -249,6 +272,7 @@ METHOD(mem_cred_t, add_crl, bool, } this->lock->unlock(this->lock); return new; +>>>>>>> upstream/4.5.1 } /** @@ -308,7 +332,11 @@ METHOD(mem_cred_t, add_key, void, private_mem_cred_t *this, private_key_t *key) { this->lock->write_lock(this->lock); +<<<<<<< HEAD + this->keys->insert_last(this->keys, key); +======= this->keys->insert_first(this->keys, key); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -432,6 +460,20 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } +<<<<<<< HEAD +METHOD(mem_cred_t, add_shared, void, + private_mem_cred_t *this, shared_key_t *shared, ...) +{ + shared_entry_t *entry; + identification_t *id; + va_list args; + + INIT(entry, + .shared = shared, + .owners = linked_list_create(), + ); + +======= METHOD(mem_cred_t, add_shared_list, void, private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) { @@ -454,18 +496,27 @@ METHOD(mem_cred_t, add_shared, void, linked_list_t *owners = linked_list_create(); va_list args; +>>>>>>> upstream/4.5.1 va_start(args, shared); do { id = va_arg(args, identification_t*); if (id) { +<<<<<<< HEAD + entry->owners->insert_last(entry->owners, id); +======= owners->insert_first(owners, id); +>>>>>>> upstream/4.5.1 } } while (id); va_end(args); +<<<<<<< HEAD + this->lock->write_lock(this->lock); + this->shared->insert_last(this->shared, entry); +======= add_shared_list(this, shared, owners); } @@ -563,6 +614,7 @@ METHOD(mem_cred_t, clear_secrets, void, this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -574,6 +626,15 @@ METHOD(mem_cred_t, clear_, void, offsetof(certificate_t, destroy)); this->untrusted->destroy_offset(this->untrusted, offsetof(certificate_t, destroy)); +<<<<<<< HEAD + this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); + this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); + this->trusted = linked_list_create(); + this->untrusted = linked_list_create(); + this->keys = linked_list_create(); + this->shared = linked_list_create(); + this->lock->unlock(this->lock); +======= this->cdps->destroy_function(this->cdps, (void*)cdp_destroy); this->trusted = linked_list_create(); this->untrusted = linked_list_create(); @@ -581,6 +642,7 @@ METHOD(mem_cred_t, clear_, void, this->lock->unlock(this->lock); clear_secrets(this); +>>>>>>> upstream/4.5.1 } METHOD(mem_cred_t, destroy, void, @@ -591,7 +653,10 @@ METHOD(mem_cred_t, destroy, void, this->untrusted->destroy(this->untrusted); this->keys->destroy(this->keys); this->shared->destroy(this->shared); +<<<<<<< HEAD +======= this->cdps->destroy(this->cdps); +>>>>>>> upstream/4.5.1 this->lock->destroy(this->lock); free(this); } @@ -609,6 +674,15 @@ mem_cred_t *mem_cred_create() .create_shared_enumerator = _create_shared_enumerator, .create_private_enumerator = _create_private_enumerator, .create_cert_enumerator = _create_cert_enumerator, +<<<<<<< HEAD + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .add_cert = _add_cert, + .add_key = _add_key, + .add_shared = _add_shared, + .clear = _clear_, +======= .create_cdp_enumerator = _create_cdp_enumerator, .cache_cert = (void*)nop, }, @@ -621,13 +695,17 @@ mem_cred_t *mem_cred_create() .add_cdp = _add_cdp, .clear = _clear_, .clear_secrets = _clear_secrets, +>>>>>>> upstream/4.5.1 .destroy = _destroy, }, .trusted = linked_list_create(), .untrusted = linked_list_create(), .keys = linked_list_create(), .shared = linked_list_create(), +<<<<<<< HEAD +======= .cdps = linked_list_create(), +>>>>>>> upstream/4.5.1 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index eb46b065b..274e07566 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,6 +1,9 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperswil +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -26,8 +29,11 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> +<<<<<<< HEAD +======= #include <credentials/certificates/crl.h> #include <utils/linked_list.h> +>>>>>>> upstream/4.5.1 /** * Generic in-memory credential set. @@ -48,6 +54,8 @@ struct mem_cred_t { void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert); /** +<<<<<<< HEAD +======= * Add a certificate to the credential set, returning a reference to it or * to a cached duplicate. * @@ -68,6 +76,7 @@ struct mem_cred_t { bool (*add_crl)(mem_cred_t *this, crl_t *crl); /** +>>>>>>> upstream/4.5.1 * Add a private key to the credential set. * * @param key key, reference gets owned by set @@ -78,11 +87,17 @@ struct mem_cred_t { * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set +<<<<<<< HEAD + * @param ... NULL terminated list of owners identification_t* +======= * @param ... NULL terminated list of owners (identification_t*) +>>>>>>> upstream/4.5.1 */ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...); /** +<<<<<<< HEAD +======= * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -101,17 +116,21 @@ struct mem_cred_t { identification_t *id, char *uri); /** +>>>>>>> upstream/4.5.1 * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); /** +<<<<<<< HEAD +======= * Clear the secrets (private and shared keys, not the certificates) from * the credential set. */ void (*clear_secrets)(mem_cred_t *this); /** +>>>>>>> upstream/4.5.1 * Destroy a mem_cred_t. */ void (*destroy)(mem_cred_t *this); diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 2d13896d6..96b4630f7 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -20,6 +20,15 @@ #include <utils/linked_list.h> #include <crypto/crypto_tester.h> +<<<<<<< HEAD +typedef struct entry_t entry_t; +struct entry_t { + /* algorithm */ + u_int algo; + /* benchmarked speed */ + u_int speed; + /* constructor */ +======= const char *default_plugin_name = "default"; typedef struct entry_t entry_t; @@ -43,6 +52,7 @@ struct entry_t { /** * constructor */ +>>>>>>> upstream/4.5.1 union { crypter_constructor_t create_crypter; aead_constructor_t create_aead; @@ -144,8 +154,12 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, +<<<<<<< HEAD + entry->create_crypter, NULL)) +======= entry->create_crypter, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -177,8 +191,12 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, +<<<<<<< HEAD + entry->create_aead, NULL)) +======= entry->create_aead, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -209,8 +227,12 @@ METHOD(crypto_factory_t, create_signer, signer_t*, { if (this->test_on_create && !this->tester->test_signer(this->tester, algo, +<<<<<<< HEAD + entry->create_signer, NULL)) +======= entry->create_signer, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -242,8 +264,12 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, { if (this->test_on_create && algo != HASH_PREFERRED && !this->tester->test_hasher(this->tester, algo, +<<<<<<< HEAD + entry->create_hasher, NULL)) +======= entry->create_hasher, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -274,8 +300,12 @@ METHOD(crypto_factory_t, create_prf, prf_t*, { if (this->test_on_create && !this->tester->test_prf(this->tester, algo, +<<<<<<< HEAD + entry->create_prf, NULL)) +======= entry->create_prf, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -307,8 +337,12 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, +<<<<<<< HEAD + entry->create_rng, NULL)) +======= entry->create_rng, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -372,8 +406,12 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, * Insert an algorithm entry to a list */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, +<<<<<<< HEAD + int algo, u_int speed, void *create) +======= int algo, const char *plugin_name, u_int speed, void *create) +>>>>>>> upstream/4.5.1 { entry_t *entry, *current; linked_list_t *tmp; @@ -381,7 +419,10 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, INIT(entry, .algo = algo, +<<<<<<< HEAD +======= .plugin_name = plugin_name, +>>>>>>> upstream/4.5.1 .speed = speed, ); entry->create = create; @@ -415,16 +456,27 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, } METHOD(crypto_factory_t, add_crypter, void, +<<<<<<< HEAD + private_crypto_factory_t *this, encryption_algorithm_t algo, + crypter_constructor_t create) +======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, crypter_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_crypter(this->tester, algo, 0, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->crypters, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->crypters, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -449,16 +501,27 @@ METHOD(crypto_factory_t, remove_crypter, void, } METHOD(crypto_factory_t, add_aead, void, +<<<<<<< HEAD + private_crypto_factory_t *this, encryption_algorithm_t algo, + aead_constructor_t create) +======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, aead_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_aead(this->tester, algo, 0, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->aeads, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -483,16 +546,27 @@ METHOD(crypto_factory_t, remove_aead, void, } METHOD(crypto_factory_t, add_signer, void, +<<<<<<< HEAD + private_crypto_factory_t *this, integrity_algorithm_t algo, + signer_constructor_t create) +======= private_crypto_factory_t *this, integrity_algorithm_t algo, const char *plugin_name, signer_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_signer(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->signers, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->signers, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -517,16 +591,27 @@ METHOD(crypto_factory_t, remove_signer, void, } METHOD(crypto_factory_t, add_hasher, void, +<<<<<<< HEAD + private_crypto_factory_t *this, hash_algorithm_t algo, + hasher_constructor_t create) +======= private_crypto_factory_t *this, hash_algorithm_t algo, const char *plugin_name, hasher_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_hasher(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->hashers, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->hashers, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -551,16 +636,27 @@ METHOD(crypto_factory_t, remove_hasher, void, } METHOD(crypto_factory_t, add_prf, void, +<<<<<<< HEAD + private_crypto_factory_t *this, pseudo_random_function_t algo, + prf_constructor_t create) +======= private_crypto_factory_t *this, pseudo_random_function_t algo, const char *plugin_name, prf_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_prf(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->prfs, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->prfs, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -586,15 +682,25 @@ METHOD(crypto_factory_t, remove_prf, void, METHOD(crypto_factory_t, add_rng, void, private_crypto_factory_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create) +======= const char *plugin_name, rng_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_rng(this->tester, quality, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->rngs, quality, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->rngs, quality, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -619,10 +725,17 @@ METHOD(crypto_factory_t, remove_rng, void, } METHOD(crypto_factory_t, add_dh, void, +<<<<<<< HEAD + private_crypto_factory_t *this, diffie_hellman_group_t group, + dh_constructor_t create) +{ + add_entry(this, this->dhs, group, 0, create); +======= private_crypto_factory_t *this, diffie_hellman_group_t group, const char *plugin_name, dh_constructor_t create) { add_entry(this, this->dhs, group, plugin_name, 0, create); +>>>>>>> upstream/4.5.1 } METHOD(crypto_factory_t, remove_dh, void, @@ -684,11 +797,17 @@ static enumerator_t *create_enumerator(private_crypto_factory_t *this, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -707,11 +826,17 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -724,11 +849,17 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -741,11 +872,17 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo) +{ + *algo = (*entry)->algo; +======= static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -758,11 +895,17 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group) +{ + *group = (*entry)->algo; +======= static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, void *i2, const char **plugin_name) { *group = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -772,6 +915,8 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } +<<<<<<< HEAD +======= /** * Filter function to enumerate algorithm, not entry */ @@ -788,6 +933,7 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, { return create_enumerator(this, this->rngs, rng_filter); } +>>>>>>> upstream/4.5.1 METHOD(crypto_factory_t, add_test_vector, void, private_crypto_factory_t *this, transform_type_t type, void *vector) { @@ -862,7 +1008,10 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_dh_enumerator = _create_dh_enumerator, +<<<<<<< HEAD +======= .create_rng_enumerator = _create_rng_enumerator, +>>>>>>> upstream/4.5.1 .add_test_vector = _add_test_vector, .destroy = _destroy, }, diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 8e5db6355..61c46b59c 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -33,8 +33,11 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/diffie_hellman.h> #include <crypto/transform.h> +<<<<<<< HEAD +======= #define CRYPTO_MAX_ALG_LINE 120 /* characters */ +>>>>>>> upstream/4.5.1 /** * Constructor function for crypters */ @@ -146,12 +149,19 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, +<<<<<<< HEAD + crypter_constructor_t create); +======= const char *plugin_name, crypter_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a crypter constructor. @@ -171,23 +181,37 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo, +<<<<<<< HEAD + aead_constructor_t create); +======= const char *plugin_name, aead_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Register a signer constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, +<<<<<<< HEAD + signer_constructor_t create); +======= const char *plugin_name, signer_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a signer constructor. @@ -203,12 +227,19 @@ struct crypto_factory_t { * create_hasher(HASH_PREFERRED). * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, +<<<<<<< HEAD + hasher_constructor_t create); +======= const char *plugin_name, hasher_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a hasher constructor. @@ -221,12 +252,19 @@ struct crypto_factory_t { * Register a prf constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, +<<<<<<< HEAD + prf_constructor_t create); +======= const char *plugin_name, prf_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a prf constructor. @@ -239,11 +277,17 @@ struct crypto_factory_t { * Register a source of randomness. * * @param quality quality of randomness this RNG serves +<<<<<<< HEAD + * @param create constructor function for such a quality + */ + void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); +======= * @param plugin_name plugin that registered this algorithm * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a source of randomness. @@ -256,12 +300,19 @@ struct crypto_factory_t { * Register a diffie hellman constructor. * * @param group dh group to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, +<<<<<<< HEAD + dh_constructor_t create); +======= const char *plugin_name, dh_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a diffie hellman constructor. @@ -313,6 +364,8 @@ struct crypto_factory_t { enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); /** +<<<<<<< HEAD +======= * Create an enumerator over all registered random generators. * * @return enumerator over rng_quality_t @@ -320,6 +373,7 @@ struct crypto_factory_t { enumerator_t* (*create_rng_enumerator)(crypto_factory_t *this); /** +>>>>>>> upstream/4.5.1 * Add a test vector to the crypto factory. * * @param type type of the test vector diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 276f4329a..d4a8728e2 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -165,7 +165,11 @@ static u_int bench_crypter(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_crypter, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, +<<<<<<< HEAD + crypter_constructor_t create, u_int *speed) +======= crypter_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; crypter_test_vector_t *vector; @@ -188,11 +192,15 @@ METHOD(crypto_tester_t, test_crypter, bool, } crypter = create(alg, vector->key_size); if (!crypter) +<<<<<<< HEAD + { /* key size not supported... */ +======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; +>>>>>>> upstream/4.5.1 continue; } @@ -235,14 +243,25 @@ METHOD(crypto_tester_t, test_crypter, bool, crypter->destroy(crypter); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + encryption_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + encryption_algorithm_names, alg); + return !this->required; +======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", @@ -256,12 +275,22 @@ METHOD(crypto_tester_t, test_crypter, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } +>>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_crypter(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + encryption_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + encryption_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, tested, plugin_name, *speed); } @@ -269,6 +298,7 @@ METHOD(crypto_tester_t, test_crypter, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -324,7 +354,11 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, +<<<<<<< HEAD + aead_constructor_t create, u_int *speed) +======= aead_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -348,11 +382,15 @@ METHOD(crypto_tester_t, test_aead, bool, } aead = create(alg, vector->key_size); if (!aead) +<<<<<<< HEAD + { /* key size not supported... */ +======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; +>>>>>>> upstream/4.5.1 continue; } @@ -405,14 +443,25 @@ METHOD(crypto_tester_t, test_aead, bool, aead->destroy(aead); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + encryption_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + encryption_algorithm_names, alg); + return !this->required; +======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", @@ -426,12 +475,22 @@ METHOD(crypto_tester_t, test_aead, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } +>>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_aead(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + encryption_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + encryption_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, plugin_name, tested, *speed); } @@ -439,6 +498,7 @@ METHOD(crypto_tester_t, test_aead, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -486,7 +546,11 @@ static u_int bench_signer(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_signer, bool, private_crypto_tester_t *this, integrity_algorithm_t alg, +<<<<<<< HEAD + signer_constructor_t create, u_int *speed) +======= signer_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; signer_test_vector_t *vector; @@ -508,8 +572,13 @@ METHOD(crypto_tester_t, test_signer, bool, signer = create(alg); if (!signer) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + integrity_algorithm_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", integrity_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -564,17 +633,28 @@ METHOD(crypto_tester_t, test_signer, bool, signer->destroy(signer); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + integrity_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", integrity_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + integrity_algorithm_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -582,6 +662,15 @@ METHOD(crypto_tester_t, test_signer, bool, if (speed) { *speed = bench_signer(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + integrity_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + integrity_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", integrity_algorithm_names, alg, plugin_name, tested, *speed); } @@ -589,6 +678,7 @@ METHOD(crypto_tester_t, test_signer, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", integrity_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -630,7 +720,11 @@ static u_int bench_hasher(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_hasher, bool, private_crypto_tester_t *this, hash_algorithm_t alg, +<<<<<<< HEAD + hasher_constructor_t create, u_int *speed) +======= hasher_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; hasher_test_vector_t *vector; @@ -652,8 +746,13 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher = create(alg); if (!hasher) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + hash_algorithm_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", hash_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -695,17 +794,28 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher->destroy(hasher); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + hash_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", hash_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + hash_algorithm_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -713,6 +823,15 @@ METHOD(crypto_tester_t, test_hasher, bool, if (speed) { *speed = bench_hasher(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + hash_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + hash_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", hash_algorithm_names, alg, plugin_name, tested, *speed); } @@ -720,6 +839,7 @@ METHOD(crypto_tester_t, test_hasher, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", hash_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -761,7 +881,11 @@ static u_int bench_prf(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_prf, bool, private_crypto_tester_t *this, pseudo_random_function_t alg, +<<<<<<< HEAD + prf_constructor_t create, u_int *speed) +======= prf_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; prf_test_vector_t *vector; @@ -783,8 +907,13 @@ METHOD(crypto_tester_t, test_prf, bool, prf = create(alg); if (!prf) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + pseudo_random_function_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", pseudo_random_function_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -837,17 +966,28 @@ METHOD(crypto_tester_t, test_prf, bool, prf->destroy(prf); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + pseudo_random_function_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", pseudo_random_function_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + pseudo_random_function_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -855,6 +995,15 @@ METHOD(crypto_tester_t, test_prf, bool, if (speed) { *speed = bench_prf(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + pseudo_random_function_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + pseudo_random_function_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", pseudo_random_function_names, alg, plugin_name, tested, *speed); } @@ -862,6 +1011,7 @@ METHOD(crypto_tester_t, test_prf, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", pseudo_random_function_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -900,7 +1050,11 @@ static u_int bench_rng(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_rng, bool, private_crypto_tester_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create, u_int *speed) +======= rng_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; rng_test_vector_t *vector; @@ -909,8 +1063,13 @@ METHOD(crypto_tester_t, test_rng, bool, if (!this->rng_true && quality == RNG_TRUE) { +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "enabled %N[%s]: skipping test (disabled by config)", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 return TRUE; } @@ -929,8 +1088,13 @@ METHOD(crypto_tester_t, test_rng, bool, rng = create(quality); if (!rng) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -959,17 +1123,28 @@ METHOD(crypto_tester_t, test_rng, bool, rng->destroy(rng); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + rng_quality_names, quality, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", rng_quality_names, quality, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? ", disabled" : "enabled ", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -977,6 +1152,15 @@ METHOD(crypto_tester_t, test_rng, bool, if (speed) { *speed = bench_rng(this, quality, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + rng_quality_names, quality, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + rng_quality_names, quality, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", rng_quality_names, quality, plugin_name, tested, *speed); } @@ -984,6 +1168,7 @@ METHOD(crypto_tester_t, test_rng, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", rng_quality_names, quality, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 019c87c39..1354bec52 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -143,7 +143,11 @@ struct crypto_tester_t { */ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create, +<<<<<<< HEAD + u_int *speed); +======= u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test an aead algorithm, optionally using a specified key size. @@ -156,7 +160,11 @@ struct crypto_tester_t { */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, aead_constructor_t create, +<<<<<<< HEAD + u_int *speed); +======= u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a signer algorithm. * @@ -166,8 +174,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg, +<<<<<<< HEAD + signer_constructor_t create, u_int *speed); +======= signer_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a hasher algorithm. * @@ -177,8 +189,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg, +<<<<<<< HEAD + hasher_constructor_t create, u_int *speed); +======= hasher_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a PRF algorithm. * @@ -188,8 +204,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, +<<<<<<< HEAD + prf_constructor_t create, u_int *speed); +======= prf_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a RNG implementation. * @@ -199,8 +219,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create, u_int *speed); +======= rng_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Add a test vector to test a crypter. * diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index e98a3a211..cb28d4e2d 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -82,7 +82,11 @@ extern enum_name_t *eap_type_short_names; * Lookup the EAP method type from a string. * * @param name EAP method name (such as "md5", "aka") +<<<<<<< HEAD + * @return method type, 0 if unkown +======= * @return method type, 0 if unknown +>>>>>>> upstream/4.5.1 */ eap_type_t eap_type_from_string(char *name); diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c index 5c811bd17..df6a73a81 100644 --- a/src/libstrongswan/enum.c +++ b/src/libstrongswan/enum.c @@ -43,7 +43,11 @@ int enum_from_name(enum_name_t *e, char *name) { do { +<<<<<<< HEAD + int i, count = e->last - e->first; +======= int i, count = e->last - e->first + 1; +>>>>>>> upstream/4.5.1 for (i = 0; i < count; i++) { diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index b007c8b08..2c5f5f688 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -92,7 +92,11 @@ static status_t fetch(private_fetcher_manager_t *this, va_start(args, response); while (good) { +<<<<<<< HEAD + opt = va_arg(args, fetcher_option_t); +======= opt = va_arg(args, int); +>>>>>>> upstream/4.5.1 switch (opt) { case FETCH_REQUEST_DATA: @@ -109,7 +113,11 @@ static status_t fetch(private_fetcher_manager_t *this, good = fetcher->set_option(fetcher, opt, va_arg(args, u_int)); continue; case FETCH_END: +<<<<<<< HEAD + break;; +======= break; +>>>>>>> upstream/4.5.1 } break; } diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index e962aba70..7060f9ea0 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -57,8 +57,16 @@ struct private_integrity_checker_t { int checksum_count; }; +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.build_file + */ +static u_int32_t build_file(private_integrity_checker_t *this, char *file, + size_t *len) +======= METHOD(integrity_checker_t, build_file, u_int32_t, private_integrity_checker_t *this, char *file, size_t *len) +>>>>>>> upstream/4.5.1 { u_int32_t checksum; chunk_t contents; @@ -133,8 +141,16 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.build_segment + */ +static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, + size_t *len) +======= METHOD(integrity_checker_t, build_segment, u_int32_t, private_integrity_checker_t *this, void *sym, size_t *len) +>>>>>>> upstream/4.5.1 { chunk_t segment; Dl_info dli; @@ -174,8 +190,16 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, return NULL; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check_file + */ +static bool check_file(private_integrity_checker_t *this, + char *name, char *file) +======= METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) +>>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -208,8 +232,16 @@ METHOD(integrity_checker_t, check_file, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check_segment + */ +static bool check_segment(private_integrity_checker_t *this, + char *name, void *sym) +======= METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) +>>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -242,8 +274,15 @@ METHOD(integrity_checker_t, check_segment, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check + */ +static bool check(private_integrity_checker_t *this, char *name, void *sym) +======= METHOD(integrity_checker_t, check, bool, private_integrity_checker_t *this, char *name, void *sym) +>>>>>>> upstream/4.5.1 { Dl_info dli; @@ -263,8 +302,15 @@ METHOD(integrity_checker_t, check, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.destroy. + */ +static void destroy(private_integrity_checker_t *this) +======= METHOD(integrity_checker_t, destroy, void, private_integrity_checker_t *this) +>>>>>>> upstream/4.5.1 { if (this->handle) { @@ -278,6 +324,19 @@ METHOD(integrity_checker_t, destroy, void, */ integrity_checker_t *integrity_checker_create(char *checksum_library) { +<<<<<<< HEAD + private_integrity_checker_t *this = malloc_thing(private_integrity_checker_t); + + this->public.check_file = (bool(*)(integrity_checker_t*, char *name, char *file))check_file; + this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file, size_t *len))build_file; + this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; + this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym, size_t *len))build_segment; + this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; + this->public.destroy = (void(*)(integrity_checker_t*))destroy; + + this->checksum_count = 0; + this->handle = NULL; +======= private_integrity_checker_t *this; INIT(this, @@ -291,6 +350,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) }, ); +>>>>>>> upstream/4.5.1 if (checksum_library) { this->handle = dlopen(checksum_library, RTLD_LAZY); diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 9835cd5b9..6e4aeb9d6 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 1c060b6c8..b859d3167 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "aes_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "aes"; +>>>>>>> upstream/4.5.1 typedef struct private_aes_plugin_t private_aes_plugin_t; /** @@ -56,7 +59,11 @@ plugin_t *aes_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)aes_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 1a3533f03..fa255ad23 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 251722f60..14f25d015 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 5232eca28..03f46a63a 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -19,8 +19,11 @@ #include <library.h> #include "blowfish_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "blowfish"; +>>>>>>> upstream/4.5.1 typedef struct private_blowfish_plugin_t private_blowfish_plugin_t; /** @@ -57,7 +60,11 @@ plugin_t *blowfish_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, +======= lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)blowfish_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 371e5b2f4..504d1938a 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c index a4c89b548..15c548e64 100644 --- a/src/libstrongswan/plugins/ccm/ccm_plugin.c +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -19,8 +19,11 @@ #include "ccm_aead.h" +<<<<<<< HEAD +======= static const char *plugin_name = "ccm"; +>>>>>>> upstream/4.5.1 typedef struct private_ccm_plugin_t private_ccm_plugin_t; /** @@ -49,12 +52,29 @@ METHOD(plugin_t, destroy, void, plugin_t *ccm_plugin_create() { private_ccm_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public.plugin.destroy = _destroy, ); +<<<<<<< HEAD + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { @@ -77,6 +97,7 @@ plugin_t *ccm_plugin_create() lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, plugin_name, (aead_constructor_t)ccm_aead_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 2f6be07e2..ecee15d56 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c index 9f1bf957f..dc6cba562 100644 --- a/src/libstrongswan/plugins/ctr/ctr_plugin.c +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -19,8 +19,11 @@ #include "ctr_ipsec_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "ctr"; +>>>>>>> upstream/4.5.1 typedef struct private_ctr_plugin_t private_ctr_plugin_t; /** @@ -49,7 +52,10 @@ METHOD(plugin_t, destroy, void, plugin_t *ctr_plugin_create() { private_ctr_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -59,6 +65,13 @@ plugin_t *ctr_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { @@ -73,5 +86,6 @@ plugin_t *ctr_plugin_create() lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, (crypter_constructor_t)ctr_ipsec_crypter_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index e61c73041..f2192399c 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 82e24e810..e58188098 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -104,7 +104,10 @@ METHOD(fetcher_t, fetch, status_t, METHOD(fetcher_t, set_option, bool, private_curl_fetcher_t *this, fetcher_option_t option, ...) { +<<<<<<< HEAD +======= bool supported = TRUE; +>>>>>>> upstream/4.5.1 va_list args; va_start(args, option); @@ -116,7 +119,11 @@ METHOD(fetcher_t, set_option, bool, curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr); curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_REQUEST_TYPE: { @@ -125,25 +132,44 @@ METHOD(fetcher_t, set_option, bool, snprintf(header, BUF_LEN, "Content-Type: %s", request_type); this->headers = curl_slist_append(this->headers, header); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_REQUEST_HEADER: { char *header = va_arg(args, char*); this->headers = curl_slist_append(this->headers, header); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_HTTP_VERSION_1_0: { curl_easy_setopt(this->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_TIMEOUT: { curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, va_arg(args, u_int)); +<<<<<<< HEAD + return TRUE; + } + default: + return FALSE; + } +======= break; } default: @@ -152,6 +178,7 @@ METHOD(fetcher_t, set_option, bool, } va_end(args); return supported; +>>>>>>> upstream/4.5.1 } METHOD(fetcher_t, destroy, void, diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 387da03aa..41026f407 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -34,8 +34,15 @@ struct private_curl_plugin_t { curl_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of curl_plugin_t.curltroy + */ +static void destroy(private_curl_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create); @@ -49,6 +56,11 @@ METHOD(plugin_t, destroy, void, plugin_t *curl_plugin_create() { CURLcode res; +<<<<<<< HEAD + private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_curl_plugin_t *this; INIT(this, @@ -58,6 +70,7 @@ plugin_t *curl_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index e45988ca9..9f49f45f4 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index d420d789e..14c5420ea 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "des_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "des"; +>>>>>>> upstream/4.5.1 typedef struct private_des_plugin_t private_des_plugin_t; /** @@ -56,11 +59,19 @@ plugin_t *des_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)des_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)des_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, +======= lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)des_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index d1dce4679..262d64565 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index d11b149df..75743ae2e 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -31,8 +31,15 @@ struct private_dnskey_plugin_t { dnskey_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of dnskey_plugin_t.dnskeytroy + */ +static void destroy(private_dnskey_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_dnskey_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)dnskey_public_key_load); @@ -44,6 +51,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *dnskey_plugin_create() { +<<<<<<< HEAD + private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_dnskey_plugin_t *this; INIT(this, @@ -53,6 +66,7 @@ plugin_t *dnskey_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)dnskey_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index ab1ed6d00..6bd31f0e1 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index ee71f6efd..27a3b9cc6 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -106,8 +106,12 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ +<<<<<<< HEAD +static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) +======= METHOD(prf_t, get_bytes, void, private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) +>>>>>>> upstream/4.5.1 { int i; u_int8_t xval[this->b]; @@ -140,6 +144,19 @@ METHOD(prf_t, get_bytes, void, /* 3.3 done already, mod q not used */ } +<<<<<<< HEAD +/** + * Implementation of prf_t.get_block_size. + */ +static size_t get_block_size(private_fips_prf_t *this) +{ + return 2 * this->b; +} +/** + * Implementation of prf_t.allocate_bytes. + */ +static void allocate_bytes(private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) +======= METHOD(prf_t, get_block_size, size_t, private_fips_prf_t *this) { @@ -147,19 +164,34 @@ METHOD(prf_t, get_block_size, size_t, } METHOD(prf_t, allocate_bytes, void, private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) +>>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(get_block_size(this)); get_bytes(this, seed, chunk->ptr); } +<<<<<<< HEAD +/** + * Implementation of prf_t.get_key_size. + */ +static size_t get_key_size(private_fips_prf_t *this) +======= METHOD(prf_t, get_key_size, size_t, private_fips_prf_t *this) +>>>>>>> upstream/4.5.1 { return this->b; } +<<<<<<< HEAD +/** + * Implementation of prf_t.set_key. + */ +static void set_key(private_fips_prf_t *this, chunk_t key) +======= METHOD(prf_t, set_key, void, private_fips_prf_t *this, chunk_t key) +>>>>>>> upstream/4.5.1 { /* save key as "key mod 2^b" */ chunk_mod(this->b, key, this->key); @@ -191,8 +223,15 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) this->keyed_prf->get_bytes(this->keyed_prf, c, res); } +<<<<<<< HEAD +/** + * Implementation of prf_t.destroy. + */ +static void destroy(private_fips_prf_t *this) +======= METHOD(prf_t, destroy, void, private_fips_prf_t *this) +>>>>>>> upstream/4.5.1 { this->keyed_prf->destroy(this->keyed_prf); free(this->key); @@ -204,6 +243,16 @@ METHOD(prf_t, destroy, void, */ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { +<<<<<<< HEAD + private_fips_prf_t *this = malloc_thing(private_fips_prf_t); + + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; + this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; + this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; + this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; + this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; + this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; +======= private_fips_prf_t *this; INIT(this, @@ -218,6 +267,7 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) }, }, ); +>>>>>>> upstream/4.5.1 switch (algo) { diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 3cce6ad91..202d6653a 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "fips_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "fips-prf"; +>>>>>>> upstream/4.5.1 typedef struct private_fips_prf_plugin_t private_fips_prf_plugin_t; /** @@ -33,8 +36,15 @@ struct private_fips_prf_plugin_t { fips_prf_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of fips_prf_plugin_t.destroy + */ +static void destroy(private_fips_prf_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_fips_prf_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_prf(lib->crypto, (prf_constructor_t)fips_prf_create); @@ -46,6 +56,14 @@ METHOD(plugin_t, destroy, void, */ plugin_t *fips_prf_plugin_create() { +<<<<<<< HEAD + private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, + (prf_constructor_t)fips_prf_create); +======= private_fips_prf_plugin_t *this; prf_t *prf; @@ -64,6 +82,7 @@ plugin_t *fips_prf_plugin_create() lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, plugin_name, (prf_constructor_t)fips_prf_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 9e0b49776..7f5a59abd 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c index a438fb073..984026778 100644 --- a/src/libstrongswan/plugins/gcm/gcm_plugin.c +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -19,8 +19,11 @@ #include "gcm_aead.h" +<<<<<<< HEAD +======= static const char *plugin_name = "gcm"; +>>>>>>> upstream/4.5.1 typedef struct private_gcm_plugin_t private_gcm_plugin_t; /** @@ -49,12 +52,23 @@ METHOD(plugin_t, destroy, void, plugin_t *gcm_plugin_create() { private_gcm_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public.plugin.destroy = _destroy, ); +<<<<<<< HEAD + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, + (aead_constructor_t)gcm_aead_create); +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { @@ -66,6 +80,7 @@ plugin_t *gcm_plugin_create() lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, plugin_name, (aead_constructor_t)gcm_aead_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 1bcada7dc..bb4e29b3b 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index a53fed448..c709d497f 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -29,8 +29,11 @@ #include <errno.h> #include <gcrypt.h> +<<<<<<< HEAD +======= static const char *plugin_name = "gcrypt"; +>>>>>>> upstream/4.5.1 typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t; /** @@ -150,6 +153,81 @@ plugin_t *gcrypt_plugin_create() ); /* hashers */ +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD4, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, + (hasher_constructor_t)gcrypt_hasher_create); + + /* crypters */ + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#ifdef HAVE_GCRY_CIPHER_CAMELLIA + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ + lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + + /* random numbers */ + lib->crypto->add_rng(lib->crypto, RNG_WEAK, + (rng_constructor_t)gcrypt_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)gcrypt_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_TRUE, + (rng_constructor_t)gcrypt_rng_create); + + /* diffie hellman groups, using modp */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, (hasher_constructor_t)gcrypt_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, @@ -223,6 +301,7 @@ plugin_t *gcrypt_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)gcrypt_dh_create_custom); /* RSA */ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index f73bfb406..dde840936 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index e9bfbcc28..798602e84 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -20,8 +20,11 @@ #include "gmp_rsa_private_key.h" #include "gmp_rsa_public_key.h" +<<<<<<< HEAD +======= static const char *plugin_name = "gmp"; +>>>>>>> upstream/4.5.1 typedef struct private_gmp_plugin_t private_gmp_plugin_t; /** @@ -66,6 +69,32 @@ plugin_t *gmp_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, @@ -90,6 +119,7 @@ plugin_t *gmp_plugin_create() (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 72cc23b72..e8355ab21 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 76d6157ae..c15a29b1c 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -19,8 +19,11 @@ #include "hmac_signer.h" #include "hmac_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "hmac"; +>>>>>>> upstream/4.5.1 typedef struct private_hmac_plugin_t private_hmac_plugin_t; /** @@ -50,7 +53,10 @@ METHOD(plugin_t, destroy, void, plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this; +<<<<<<< HEAD +======= hasher_t *hasher; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -60,6 +66,39 @@ plugin_t *hmac_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, + (prf_constructor_t)hmac_prf_create); + + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, + (signer_constructor_t)hmac_signer_create); +======= hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { @@ -116,6 +155,7 @@ plugin_t *hmac_plugin_create() lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, plugin_name, (signer_constructor_t)hmac_signer_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 7235784e2..7dd7e92f0 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index e6c592217..57c367ca1 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -100,8 +100,13 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } +<<<<<<< HEAD +static status_t fetch(private_ldap_fetcher_t *this, char *url, + chunk_t *result, va_list args) +======= METHOD(fetcher_t, fetch, status_t, private_ldap_fetcher_t *this, char *url, chunk_t *result) +>>>>>>> upstream/4.5.1 { LDAP *ldap; LDAPURLDesc *lurl; @@ -166,8 +171,15 @@ METHOD(fetcher_t, fetch, status_t, } +<<<<<<< HEAD +/** + * Implementation of fetcher_t.set_option. + */ +static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) +======= METHOD(fetcher_t, set_option, bool, private_ldap_fetcher_t *this, fetcher_option_t option, ...) +>>>>>>> upstream/4.5.1 { va_list args; @@ -184,8 +196,15 @@ METHOD(fetcher_t, set_option, bool, } } +<<<<<<< HEAD +/** + * Implements ldap_fetcher_t.destroy + */ +static void destroy(private_ldap_fetcher_t *this) +======= METHOD(fetcher_t, destroy, void, private_ldap_fetcher_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -195,6 +214,15 @@ METHOD(fetcher_t, destroy, void, */ ldap_fetcher_t *ldap_fetcher_create() { +<<<<<<< HEAD + private_ldap_fetcher_t *this = malloc_thing(private_ldap_fetcher_t); + + this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; + this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; + this->public.interface.destroy = (void (*)(fetcher_t*))destroy; + + this->timeout = DEFAULT_TIMEOUT; +======= private_ldap_fetcher_t *this; INIT(this, @@ -207,6 +235,7 @@ ldap_fetcher_t *ldap_fetcher_create() }, .timeout = DEFAULT_TIMEOUT, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 3682ddd1f..434a023ce 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -31,8 +31,15 @@ struct private_ldap_plugin_t { ldap_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of ldap_plugin_t.destroy + */ +static void destroy(private_ldap_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_ldap_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *ldap_plugin_create() { +<<<<<<< HEAD + private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_ldap_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *ldap_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index ea1a7a69a..4f69538a8 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index cea1a61f3..cdb0fe914 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "md4_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "md4"; +>>>>>>> upstream/4.5.1 typedef struct private_md4_plugin_t private_md4_plugin_t; /** @@ -33,8 +36,15 @@ struct private_md4_plugin_t { md4_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of md4_plugin_t.destroy + */ +static void destroy(private_md4_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_md4_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md4_hasher_create); @@ -46,6 +56,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md4_plugin_create() { +<<<<<<< HEAD + private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_MD4, +======= private_md4_plugin_t *this; INIT(this, @@ -57,6 +74,7 @@ plugin_t *md4_plugin_create() ); lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)md4_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 05f101564..c0ffec7ad 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index d11173817..015274ddf 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "md5_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "md5"; +>>>>>>> upstream/4.5.1 typedef struct private_md5_plugin_t private_md5_plugin_t; /** @@ -33,8 +36,15 @@ struct private_md5_plugin_t { md5_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of md5_plugin_t.destroy + */ +static void destroy(private_md5_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_md5_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md5_hasher_create); @@ -46,6 +56,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md5_plugin_create() { +<<<<<<< HEAD + private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_MD5, +======= private_md5_plugin_t *this; INIT(this, @@ -57,6 +74,7 @@ plugin_t *md5_plugin_create() ); lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)md5_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 4880415b3..7a6c57dd1 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 5fbfa0f28..0b9f8285d 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -474,8 +474,15 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of database_t.query. + */ +static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) +======= METHOD(database_t, query, enumerator_t*, private_mysql_database_t *this, char *sql, ...) +>>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -561,8 +568,15 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } +<<<<<<< HEAD +/** + * Implementation of database_t.execute. + */ +static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) +======= METHOD(database_t, execute, int, private_mysql_database_t *this, int *rowid, char *sql, ...) +>>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -590,14 +604,28 @@ METHOD(database_t, execute, int, return affected; } +<<<<<<< HEAD +/** + * Implementation of database_t.get_driver + */ +static db_driver_t get_driver(private_mysql_database_t *this) +======= METHOD(database_t, get_driver,db_driver_t, private_mysql_database_t *this) +>>>>>>> upstream/4.5.1 { return DB_MYSQL; } +<<<<<<< HEAD +/** + * Implementation of database_t.destroy + */ +static void destroy(private_mysql_database_t *this) +======= METHOD(database_t, destroy, void, private_mysql_database_t *this) +>>>>>>> upstream/4.5.1 { this->pool->destroy_function(this->pool, (void*)conn_destroy); this->mutex->destroy(this->mutex); @@ -669,6 +697,14 @@ mysql_database_t *mysql_database_create(char *uri) return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_mysql_database_t); + + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; + this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; + this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; + this->public.db.destroy = (void(*)(database_t*))destroy; +======= INIT(this, .public = { .db = { @@ -679,6 +715,7 @@ mysql_database_t *mysql_database_create(char *uri) }, }, ); +>>>>>>> upstream/4.5.1 if (!parse_uri(this, uri)) { diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 65d8681cb..738bbeddb 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -32,8 +32,15 @@ struct private_mysql_plugin_t { mysql_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_mysql_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_mysql_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)mysql_database_create); @@ -54,6 +61,10 @@ plugin_t *mysql_plugin_create() return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_mysql_plugin_t); + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= INIT(this, .public = { .plugin = { @@ -61,6 +72,7 @@ plugin_t *mysql_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index b43be29f1..4048bbd02 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 58401faa5..7708af958 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -382,8 +382,11 @@ static private_openssl_crl_t *create_empty() }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD +======= .is_delta_crl = (void*)return_false, .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty, +>>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, @@ -460,6 +463,9 @@ static bool parse_extensions(private_openssl_crl_t *this) ok = parse_crlNumber_ext(this, ext); break; default: +<<<<<<< HEAD + ok = TRUE; +======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -468,6 +474,7 @@ static bool parse_extensions(private_openssl_crl_t *this) DBG1(DBG_LIB, "found unsupported critical X.509 " "CRL extension"); } +>>>>>>> upstream/4.5.1 break; } if (!ok) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 0050572ee..cf48b4c15 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -41,8 +41,11 @@ #include "openssl_x509.h" #include "openssl_crl.h" +<<<<<<< HEAD +======= static const char *plugin_name = "openssl"; +>>>>>>> upstream/4.5.1 typedef struct private_openssl_plugin_t private_openssl_plugin_t; /** @@ -274,6 +277,87 @@ plugin_t *openssl_plugin_create() } /* crypter */ +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_RC5, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_NULL, + (crypter_constructor_t)openssl_crypter_create); + + /* hasher */ + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD2, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD4, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, + (hasher_constructor_t)openssl_hasher_create); + + /* prf */ + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, + (prf_constructor_t)openssl_sha1_prf_create); + + /* (ec) diffie hellman */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); +#ifndef OPENSSL_NO_EC + lib->crypto->add_dh(lib->crypto, ECP_256_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_384_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_521_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); +#endif /* OPENSSL_NO_EC */ + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, @@ -353,6 +437,7 @@ plugin_t *openssl_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index f7495b2ae..7c7f2aa06 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -84,7 +84,11 @@ struct private_openssl_x509_t { /** * Pathlen constraint */ +<<<<<<< HEAD + int pathlen; +======= u_char pathlen; +>>>>>>> upstream/4.5.1 /** * certificate subject @@ -137,7 +141,11 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** +<<<<<<< HEAD + * List of CRL URIs +======= * List of CRL URIs, as x509_cdp_t +>>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -153,6 +161,8 @@ struct private_openssl_x509_t { }; /** +<<<<<<< HEAD +======= * Destroy a CRL URI struct */ static void crl_uri_destroy(x509_cdp_t *this) @@ -163,6 +173,7 @@ static void crl_uri_destroy(x509_cdp_t *this) } /** +>>>>>>> upstream/4.5.1 * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -250,6 +261,12 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t, return chunk_empty; } +<<<<<<< HEAD +METHOD(x509_t, get_pathLenConstraint, int, + private_openssl_x509_t *this) +{ + return this->pathlen; +======= METHOD(x509_t, get_constraint, u_int, private_openssl_x509_t *this, x509_constraint_t type) { @@ -260,6 +277,7 @@ METHOD(x509_t, get_constraint, u_int, default: return X509_NO_CONSTRAINT; } +>>>>>>> upstream/4.5.1 } METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, @@ -280,6 +298,16 @@ METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, return this->ocsp_uris->create_enumerator(this->ocsp_uris); } +<<<<<<< HEAD +METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, + private_openssl_x509_t *this) +{ + /* TODO */ + return enumerator_create_empty(); +} + +======= +>>>>>>> upstream/4.5.1 METHOD(certificate_t, get_type, certificate_type_t, private_openssl_x509_t *this) { @@ -492,7 +520,11 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); +<<<<<<< HEAD + this->crl_uris->destroy_function(this->crl_uris, free); +======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); +>>>>>>> upstream/4.5.1 this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -526,6 +558,13 @@ static private_openssl_x509_t *create_empty() .get_serial = _get_serial, .get_subjectKeyIdentifier = _get_subjectKeyIdentifier, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD + .get_pathLenConstraint = _get_pathLenConstraint, + .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, + .create_crl_uri_enumerator = _create_crl_uri_enumerator, + .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator, + .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator, +======= .get_constraint = _get_constraint, .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, .create_crl_uri_enumerator = _create_crl_uri_enumerator, @@ -534,13 +573,18 @@ static private_openssl_x509_t *create_empty() .create_name_constraint_enumerator = (void*)enumerator_create_empty, .create_cert_policy_enumerator = (void*)enumerator_create_empty, .create_policy_mapping_enumerator = (void*)enumerator_create_empty, +>>>>>>> upstream/4.5.1 }, }, .subjectAltNames = linked_list_create(), .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), +<<<<<<< HEAD + .pathlen = X509_NO_PATH_LEN_CONSTRAINT, +======= .pathlen = X509_NO_CONSTRAINT, +>>>>>>> upstream/4.5.1 .ref = 1, ); @@ -586,7 +630,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, X509_EXTENSION *ext) { BASIC_CONSTRAINTS *constraints; +<<<<<<< HEAD +======= long pathlen; +>>>>>>> upstream/4.5.1 constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext); if (constraints) @@ -597,10 +644,14 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { +<<<<<<< HEAD + this->pathlen = ASN1_INTEGER_get(constraints->pathlen); +======= pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 } BASIC_CONSTRAINTS_free(constraints); return TRUE; @@ -616,10 +667,16 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { CRL_DIST_POINTS *cdps; DIST_POINT *cdp; +<<<<<<< HEAD + identification_t *id; + char *uri; + int i, j, point_num, name_num; +======= identification_t *id, *issuer; x509_cdp_t *entry; char *uri; int i, j, k, point_num, name_num, issuer_num; +>>>>>>> upstream/4.5.1 cdps = X509V3_EXT_d2i(ext); if (!cdps) @@ -644,6 +701,9 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { +<<<<<<< HEAD + this->crl_uris->insert_first(this->crl_uris, uri); +======= if (cdp->CRLissuer) { issuer_num = sk_GENERAL_NAME_num(cdp->CRLissuer); @@ -670,12 +730,16 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, ); this->crl_uris->insert_last(this->crl_uris, entry); } +>>>>>>> upstream/4.5.1 } id->destroy(id); } } } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 DIST_POINT_free(cdp); } } @@ -808,6 +872,9 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: +<<<<<<< HEAD + ok = TRUE; +======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -815,6 +882,7 @@ static bool parse_extensions(private_openssl_x509_t *this) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); } +>>>>>>> upstream/4.5.1 break; } if (!ok) @@ -872,6 +940,8 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } +<<<<<<< HEAD +======= if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) { DBG1(DBG_LIB, "unsupported x509 version: %d", @@ -879,6 +949,7 @@ static bool parse_certificate(private_openssl_x509_t *this) return FALSE; } +>>>>>>> upstream/4.5.1 this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); @@ -922,7 +993,11 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { +<<<<<<< HEAD + return TRUE; +======= return FALSE; +>>>>>>> upstream/4.5.1 } parse_extKeyUsage(this); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 7c89d0abd..24c7441d7 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index 695823acf..a78f2076b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -23,8 +23,11 @@ #include <library.h> #include <debug.h> +<<<<<<< HEAD +======= static const char *plugin_name = "padlock"; +>>>>>>> upstream/4.5.1 typedef struct private_padlock_plugin_t private_padlock_plugin_t; typedef enum padlock_feature_t padlock_feature_t; @@ -163,21 +166,37 @@ plugin_t *padlock_plugin_create() if (this->features & PADLOCK_RNG_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_rng(lib->crypto, RNG_TRUE, + (rng_constructor_t)padlock_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)padlock_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_WEAK, +======= lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, (rng_constructor_t)padlock_rng_create); lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, (rng_constructor_t)padlock_rng_create); lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, +>>>>>>> upstream/4.5.1 (rng_constructor_t)padlock_rng_create); } if (this->features & PADLOCK_ACE2_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)padlock_aes_crypter_create); } if (this->features & PADLOCK_PHE_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, +======= lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)padlock_sha1_hasher_create); } return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 60740eb35..5a2469145 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 9c8237e4d..2a69e4ea6 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -111,7 +111,11 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding, } /* compute and allocate maximum size of PEM object */ +<<<<<<< HEAD + pem_chars = 4*(asn1.len + 2)/3; +======= pem_chars = 4 * ((asn1.len + 2) / 3); +>>>>>>> upstream/4.5.1 pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE; *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines); pos = encoding->ptr; diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index f2415a318..0e6a4788c 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -33,8 +33,15 @@ struct private_pem_plugin_t { pem_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pem_plugin_t.pemtroy + */ +static void destroy(private_pem_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pem_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pem_private_key_load); @@ -50,6 +57,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pem_plugin_create() { +<<<<<<< HEAD + private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pem_plugin_t *this; INIT(this, @@ -59,6 +71,7 @@ plugin_t *pem_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 /* register private key PEM decoding builders */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index ab14f8ced..336e293be 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index eaf0a1088..762eb061f 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -33,8 +33,15 @@ struct private_pgp_plugin_t { pgp_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pgp_plugin_t.pgptroy + */ +static void destroy(private_pgp_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pgp_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pgp_public_key_load); @@ -54,6 +61,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pgp_plugin_create() { +<<<<<<< HEAD + private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_pgp_plugin_t *this; INIT(this, @@ -63,6 +76,7 @@ plugin_t *pgp_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, @@ -71,8 +85,15 @@ plugin_t *pgp_plugin_create() (builder_function_t)pgp_private_key_load); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_private_key_load); +<<<<<<< HEAD + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, + (builder_function_t)pgp_cert_load); + +======= lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pgp_cert_load); +>>>>>>> upstream/4.5.1 lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 8ed4a08e9..2169d022c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index 33732f8a4..d91de0e7f 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -32,8 +32,15 @@ struct private_pkcs1_plugin_t { pkcs1_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pkcs1_plugin_t.pkcs1troy + */ +static void destroy(private_pkcs1_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pkcs1_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pkcs1_public_key_load); @@ -50,6 +57,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pkcs1_plugin_create() { +<<<<<<< HEAD + private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pkcs1_plugin_t *this; INIT(this, @@ -59,6 +71,7 @@ plugin_t *pkcs1_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pkcs1_public_key_load); diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 6c03b0497..8d6bad565 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index a81ec1147..6783699e5 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -55,6 +55,16 @@ struct private_pkcs11_creds_t { * Find certificates, optionally trusted */ static void find_certificates(private_pkcs11_creds_t *this, +<<<<<<< HEAD + CK_SESSION_HANDLE session, CK_BBOOL trusted) +{ + CK_OBJECT_CLASS class = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE type = CKC_X_509; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, + {CKA_TRUSTED, &trusted, sizeof(trusted)}, +======= CK_SESSION_HANDLE session) { CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -63,12 +73,16 @@ static void find_certificates(private_pkcs11_creds_t *this, CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, +>>>>>>> upstream/4.5.1 }; CK_OBJECT_HANDLE object; CK_ATTRIBUTE attr[] = { {CKA_VALUE, NULL, 0}, {CKA_LABEL, NULL, 0}, +<<<<<<< HEAD +======= {CKA_TRUSTED, &trusted, sizeof(trusted)} +>>>>>>> upstream/4.5.1 }; enumerator_t *enumerator; linked_list_t *raw; @@ -76,6 +90,13 @@ static void find_certificates(private_pkcs11_creds_t *this, struct { chunk_t value; chunk_t label; +<<<<<<< HEAD + } *entry; + + raw = linked_list_create(); + enumerator = this->lib->create_object_enumerator(this->lib, + session, tmpl, countof(tmpl), attr, countof(attr)); +======= bool trusted; } *entry; int count = countof(attr); @@ -89,6 +110,7 @@ static void find_certificates(private_pkcs11_creds_t *this, } enumerator = this->lib->create_object_enumerator(this->lib, session, tmpl, countof(tmpl), attr, count); +>>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, &object)) { entry = malloc(sizeof(*entry)); @@ -96,7 +118,10 @@ static void find_certificates(private_pkcs11_creds_t *this, chunk_create(attr[0].pValue, attr[0].ulValueLen)); entry->label = chunk_clone( chunk_create(attr[1].pValue, attr[1].ulValueLen)); +<<<<<<< HEAD +======= entry->trusted = trusted; +>>>>>>> upstream/4.5.1 raw->insert_last(raw, entry); } enumerator->destroy(enumerator); @@ -109,10 +134,17 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", +<<<<<<< HEAD + trusted ? "" : "un", entry->label.len, entry->label.ptr); + /* trusted certificates are also returned as untrusted */ + this->untrusted->insert_last(this->untrusted, cert); + if (trusted) +======= entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) +>>>>>>> upstream/4.5.1 { this->trusted->insert_last(this->trusted, cert->get_ref(cert)); } @@ -145,7 +177,12 @@ static bool load_certificates(private_pkcs11_creds_t *this) return FALSE; } +<<<<<<< HEAD + find_certificates(this, session, CK_TRUE); + find_certificates(this, session, CK_FALSE); +======= find_certificates(this, session); +>>>>>>> upstream/4.5.1 this->lib->f->C_CloseSession(session); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6f7926808..6d819da34 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -466,11 +466,14 @@ struct private_pkcs11_library_t { * Name as passed to the constructor */ char *name; +<<<<<<< HEAD +======= /** * Supported feature set */ pkcs11_feature_t features; +>>>>>>> upstream/4.5.1 }; METHOD(pkcs11_library_t, get_name, char*, @@ -479,12 +482,15 @@ METHOD(pkcs11_library_t, get_name, char*, return this->name; } +<<<<<<< HEAD +======= METHOD(pkcs11_library_t, get_features, pkcs11_feature_t, private_pkcs11_library_t *this) { return this->features; } +>>>>>>> upstream/4.5.1 /** * Object enumerator */ @@ -777,6 +783,11 @@ static CK_RV UnlockMutex(CK_VOID_PTR data) } /** +<<<<<<< HEAD + * Initialize a PKCS#11 library + */ +static bool initialize(private_pkcs11_library_t *this, char *name, char *file) +======= * Check if the library has at least a given cryptoki version */ static bool has_version(CK_INFO *info, int major, int minor) @@ -803,19 +814,27 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) */ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, bool os_locking) +>>>>>>> upstream/4.5.1 { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; CK_RV rv; +<<<<<<< HEAD + CK_C_INITIALIZE_ARGS args = { +======= static CK_C_INITIALIZE_ARGS args = { +>>>>>>> upstream/4.5.1 .CreateMutex = CreateMutex, .DestroyMutex = DestroyMutex, .LockMutex = LockMutex, .UnlockMutex = UnlockMutex, }; +<<<<<<< HEAD +======= static CK_C_INITIALIZE_ARGS args_os = { .flags = CKF_OS_LOCKING_OK, }; +>>>>>>> upstream/4.5.1 pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); if (!pC_GetFunctionList) @@ -830,6 +849,16 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, name, ck_rv_names, rv); return FALSE; } +<<<<<<< HEAD + + rv = this->public.f->C_Initialize(&args); + if (rv == CKR_CANT_LOCK) + { /* try OS locking */ + memset(&args, 0, sizeof(args)); + args.flags = CKF_OS_LOCKING_OK; + rv = this->public.f->C_Initialize(&args); + } +======= if (os_locking) { rv = CKR_CANT_LOCK; @@ -843,6 +872,7 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, os_locking = TRUE; rv = this->public.f->C_Initialize(&args_os); } +>>>>>>> upstream/4.5.1 if (rv != CKR_OK) { DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", @@ -868,26 +898,40 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, DBG1(DBG_CFG, " %s: %s v%d.%d", info.manufacturerID, info.libraryDescription, info.libraryVersion.major, info.libraryVersion.minor); +<<<<<<< HEAD + if (args.flags & CKF_OS_LOCKING_OK) + { + DBG1(DBG_CFG, " uses OS locking functions"); + } +======= if (os_locking) { DBG1(DBG_CFG, " uses OS locking functions"); } check_features(this, &info); +>>>>>>> upstream/4.5.1 return TRUE; } /** * See header */ +<<<<<<< HEAD +pkcs11_library_t *pkcs11_library_create(char *name, char *file) +======= pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) +>>>>>>> upstream/4.5.1 { private_pkcs11_library_t *this; INIT(this, .public = { .get_name = _get_name, +<<<<<<< HEAD +======= .get_features = _get_features, +>>>>>>> upstream/4.5.1 .create_object_enumerator = _create_object_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, .destroy = _destroy, @@ -903,7 +947,11 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) return NULL; } +<<<<<<< HEAD + if (!initialize(this, name, file)) +======= if (!initialize(this, name, file, os_locking)) +>>>>>>> upstream/4.5.1 { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index abe023448..384258089 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -21,7 +21,10 @@ #ifndef PKCS11_LIBRARY_H_ #define PKCS11_LIBRARY_H_ +<<<<<<< HEAD +======= typedef enum pkcs11_feature_t pkcs11_feature_t; +>>>>>>> upstream/4.5.1 typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" @@ -30,6 +33,8 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include <utils/enumerator.h> /** +<<<<<<< HEAD +======= * Optional PKCS#11 features some libraries support, some not */ enum pkcs11_feature_t { @@ -40,6 +45,7 @@ enum pkcs11_feature_t { }; /** +>>>>>>> upstream/4.5.1 * A loaded and initialized PKCS#11 library. */ struct pkcs11_library_t { @@ -57,6 +63,8 @@ struct pkcs11_library_t { char* (*get_name)(pkcs11_library_t *this); /** +<<<<<<< HEAD +======= * Get the feature set supported by this library. * * @return ORed set of features supported @@ -64,6 +72,7 @@ struct pkcs11_library_t { pkcs11_feature_t (*get_features)(pkcs11_library_t *this); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over CK_OBJECT_HANDLE using a search template. * * An optional attribute array is automatically filled in with the @@ -121,9 +130,15 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() +<<<<<<< HEAD + * @return library abstraction + */ +pkcs11_library_t *pkcs11_library_create(char *name, char *file); +======= * @param os_lock enforce OS Locking for this library * @return library abstraction */ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); +>>>>>>> upstream/4.5.1 #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 9308e9c25..b7ca3538c 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -373,10 +373,14 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, free(entry); continue; } +<<<<<<< HEAD + entry->lib = pkcs11_library_create(module, entry->path); +======= entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.modules.%s.os_locking", FALSE, module)); +>>>>>>> upstream/4.5.1 if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 071d2f782..b02873870 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -26,8 +26,11 @@ #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "pkcs11"; +>>>>>>> upstream/4.5.1 typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; /** @@ -148,6 +151,19 @@ plugin_t *pkcs11_plugin_create() if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_MD2, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, +======= lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, (hasher_constructor_t)pkcs11_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, @@ -159,6 +175,7 @@ plugin_t *pkcs11_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, (hasher_constructor_t)pkcs11_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)pkcs11_hasher_create); } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index b4cc7a805..6d2c93c98 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -401,6 +401,20 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) }; CK_OBJECT_HANDLE object; CK_KEY_TYPE type; +<<<<<<< HEAD + CK_BBOOL reauth; + CK_ATTRIBUTE attr[] = { + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, + {CKA_MODULUS, NULL, 0}, + {CKA_PUBLIC_EXPONENT, NULL, 0}, + }; + enumerator_t *enumerator; + chunk_t modulus, pubexp; + + enumerator = this->lib->create_object_enumerator(this->lib, + this->session, tmpl, countof(tmpl), attr, countof(attr)); +======= CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, @@ -419,18 +433,28 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } enumerator = this->lib->create_object_enumerator(this->lib, this->session, tmpl, countof(tmpl), attr, count); +>>>>>>> upstream/4.5.1 if (enumerator->enumerate(enumerator, &object)) { switch (type) { case CKK_RSA: +<<<<<<< HEAD + if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) +======= if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); break; } +<<<<<<< HEAD + modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); + pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); +======= modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); +>>>>>>> upstream/4.5.1 this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, modulus, BUILD_RSA_PUB_EXP, pubexp, BUILD_END); diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 473db5ccf..4429d9436 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -50,6 +50,17 @@ struct private_plugin_loader_t { linked_list_t *names; }; +<<<<<<< HEAD +#ifdef MONOLITHIC +/** + * load a single plugin in monolithic mode + */ +static plugin_t* load_plugin(private_plugin_loader_t *this, + char *path, char *name) +{ + char create[128]; + plugin_t *plugin; +======= /** * create a plugin * returns: NOT_FOUND, if the constructor was not found @@ -59,11 +70,36 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, char *name, bool integrity, plugin_t **plugin) { char create[128]; +>>>>>>> upstream/4.5.1 plugin_constructor_t constructor; if (snprintf(create, sizeof(create), "%s_plugin_create", name) >= sizeof(create)) { +<<<<<<< HEAD + return NULL; + } + translate(create, "-", "_"); + constructor = dlsym(RTLD_DEFAULT, create); + if (constructor == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); + return NULL; + } + plugin = constructor(); + if (plugin == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); + return NULL; + } + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); + + return plugin; +} +#else +======= return FAILED; } translate(create, "-", "_"); @@ -95,12 +131,29 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, return SUCCESS; } +>>>>>>> upstream/4.5.1 /** * load a single plugin */ static plugin_t* load_plugin(private_plugin_loader_t *this, char *path, char *name) { +<<<<<<< HEAD + char create[128]; + char file[PATH_MAX]; + void *handle; + plugin_t *plugin; + plugin_constructor_t constructor; + + if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, + name) >= sizeof(file) || + snprintf(create, sizeof(create), "%s_plugin_create", + name) >= sizeof(create)) + { + return NULL; + } + translate(create, "-", "_"); +======= char file[PATH_MAX]; void *handle; plugin_t *plugin; @@ -121,6 +174,7 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { return NULL; } +>>>>>>> upstream/4.5.1 if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -136,6 +190,42 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); return NULL; } +<<<<<<< HEAD + constructor = dlsym(handle, create); + if (constructor == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); + dlclose(handle); + return NULL; + } + if (lib->integrity) + { + if (!lib->integrity->check_segment(lib->integrity, name, constructor)) + { + DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name); + dlclose(handle); + return NULL; + } + DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", + name); + } + plugin = constructor(); + if (plugin == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); + dlclose(handle); + return NULL; + } + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); + + /* we do not store or free dlopen() handles, leak_detective requires + * the modules to keep loaded until leak report */ + return plugin; +} +#endif +======= if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS) { dlclose(handle); @@ -167,6 +257,7 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) enumerator->destroy(enumerator); return found; } +>>>>>>> upstream/4.5.1 /** * Implementation of plugin_loader_t.load_plugins. @@ -177,10 +268,18 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) char *token; bool critical_failed = FALSE; +<<<<<<< HEAD +#ifndef MONOLITHIC +======= +>>>>>>> upstream/4.5.1 if (path == NULL) { path = PLUGINDIR; } +<<<<<<< HEAD +#endif +======= +>>>>>>> upstream/4.5.1 enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) @@ -196,11 +295,14 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical = TRUE; token[len-1] = '\0'; } +<<<<<<< HEAD +======= if (plugin_loaded(this, token)) { free(token); continue; } +>>>>>>> upstream/4.5.1 plugin = load_plugin(this, path, token); if (plugin) { diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 46349f9ba..bb2564238 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index cc12217a4..3546c9bf9 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -31,8 +31,15 @@ struct private_pubkey_plugin_t { pubkey_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pubkey_plugin_t.pubkeytroy + */ +static void destroy(private_pubkey_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pubkey_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pubkey_cert_wrap); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pubkey_plugin_create() { +<<<<<<< HEAD + private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pubkey_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *pubkey_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pubkey_cert_wrap); diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 21f8aff11..fbdf35170 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index cc5cb0a3c..f70998334 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "random_rng.h" +<<<<<<< HEAD +======= static const char *plugin_name = "random"; +>>>>>>> upstream/4.5.1 typedef struct private_random_plugin_t private_random_plugin_t; /** @@ -33,8 +36,15 @@ struct private_random_plugin_t { random_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of random_plugin_t.gmptroy + */ +static void destroy(private_random_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_random_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_rng(lib->crypto, (rng_constructor_t)random_rng_create); @@ -46,6 +56,15 @@ METHOD(plugin_t, destroy, void, */ plugin_t *random_plugin_create() { +<<<<<<< HEAD + private_random_plugin_t *this = malloc_thing(private_random_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)random_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_TRUE, +======= private_random_plugin_t *this; INIT(this, @@ -59,6 +78,7 @@ plugin_t *random_plugin_create() lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, (rng_constructor_t)random_rng_create); lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, +>>>>>>> upstream/4.5.1 (rng_constructor_t)random_rng_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 1d99a63d5..e4247a3cc 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -55,8 +55,16 @@ struct private_random_rng_t { char *file; }; +<<<<<<< HEAD +/** + * Implementation of random_rng_t.get_bytes. + */ +static void get_bytes(private_random_rng_t *this, size_t bytes, + u_int8_t *buffer) +======= METHOD(rng_t, get_bytes, void, private_random_rng_t *this, size_t bytes, u_int8_t *buffer) +>>>>>>> upstream/4.5.1 { size_t done; ssize_t got; @@ -78,15 +86,30 @@ METHOD(rng_t, get_bytes, void, } } +<<<<<<< HEAD +/** + * Implementation of random_rng_t.allocate_bytes. + */ +static void allocate_bytes(private_random_rng_t *this, size_t bytes, + chunk_t *chunk) +======= METHOD(rng_t, allocate_bytes, void, private_random_rng_t *this, size_t bytes, chunk_t *chunk) +>>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(bytes); get_bytes(this, chunk->len, chunk->ptr); } +<<<<<<< HEAD +/** + * Implementation of random_rng_t.destroy. + */ +static void destroy(private_random_rng_t *this) +======= METHOD(rng_t, destroy, void, private_random_rng_t *this) +>>>>>>> upstream/4.5.1 { close(this->dev); free(this); @@ -97,6 +120,14 @@ METHOD(rng_t, destroy, void, */ random_rng_t *random_rng_create(rng_quality_t quality) { +<<<<<<< HEAD + private_random_rng_t *this = malloc_thing(private_random_rng_t); + + /* public functions */ + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; + this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; + this->public.rng.destroy = (void (*) (rng_t *))destroy; +======= private_random_rng_t *this; INIT(this, @@ -108,6 +139,7 @@ random_rng_t *random_rng_create(rng_quality_t quality) }, }, ); +>>>>>>> upstream/4.5.1 if (quality == RNG_TRUE) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 4ed4b9694..19ec1e719 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index def169275..dc8b849c7 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -93,13 +93,20 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, /** * check the signature of an OCSP response */ +<<<<<<< HEAD +static bool verify_ocsp(ocsp_response_t *response) +======= static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { certificate_t *issuer, *subject; identification_t *responder; ocsp_response_wrapper_t *wrapper; enumerator_t *enumerator; +<<<<<<< HEAD +======= auth_cfg_t *current; +>>>>>>> upstream/4.5.1 bool verified = FALSE; wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); @@ -109,16 +116,23 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) responder = subject->get_issuer(subject); enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, responder, FALSE); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &issuer, NULL)) +======= while (enumerator->enumerate(enumerator, &issuer, ¤t)) +>>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, subject, issuer)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", issuer->get_subject(issuer)); +<<<<<<< HEAD +======= if (auth) { auth->merge(auth, current, FALSE); } +>>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -134,8 +148,12 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) * Get the better of two OCSP responses, and check for usable OCSP info */ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, +<<<<<<< HEAD + x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) +======= x509_t *subject, x509_t *issuer, cert_validation_t *valid, auth_cfg_t *auth, bool cache) +>>>>>>> upstream/4.5.1 { ocsp_response_t *response; time_t revocation, this_update, next_update, valid_until; @@ -145,7 +163,11 @@ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, response = (ocsp_response_t*)cand; /* check ocsp signature */ +<<<<<<< HEAD + if (!verify_ocsp(response)) +======= if (!verify_ocsp(response, auth)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "ocsp response verification failed"); cand->destroy(cand); @@ -226,8 +248,12 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, while (enumerator->enumerate(enumerator, ¤t)) { current->get_ref(current); +<<<<<<< HEAD + best = get_better_ocsp(current, best, subject, issuer, &valid, FALSE); +======= best = get_better_ocsp(current, best, subject, issuer, &valid, auth, FALSE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { DBG1(DBG_CFG, " using cached ocsp response"); @@ -254,7 +280,11 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, +<<<<<<< HEAD + &valid, TRUE); +======= &valid, auth, TRUE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -276,7 +306,11 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, +<<<<<<< HEAD + &valid, TRUE); +======= &valid, auth, TRUE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -330,25 +364,39 @@ static certificate_t* fetch_crl(char *url) /** * check the signature of an CRL */ +<<<<<<< HEAD +static bool verify_crl(certificate_t *crl) +======= static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; +<<<<<<< HEAD + + enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, + KEY_ANY, crl->get_issuer(crl), FALSE); + while (enumerator->enumerate(enumerator, &issuer, NULL)) +======= auth_cfg_t *current; enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, crl->get_issuer(crl), FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) +>>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, crl, issuer)) { DBG1(DBG_CFG, " crl correctly signed by \"%Y\"", issuer->get_subject(issuer)); +<<<<<<< HEAD +======= if (auth) { auth->merge(auth, current, FALSE); } +>>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -362,13 +410,23 @@ static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) * Get the better of two CRLs, and check for usable CRL info */ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, +<<<<<<< HEAD + x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) +======= x509_t *subject, cert_validation_t *valid, auth_cfg_t *auth, bool cache, crl_t *base) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; time_t revocation, valid_until; crl_reason_t reason; chunk_t serial; +<<<<<<< HEAD + crl_t *crl; + + /* check CRL signature */ + if (!verify_crl(cand)) +======= crl_t *crl = (crl_t*)cand; if (base) @@ -391,12 +449,17 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* check CRL signature */ if (!verify_crl(cand, auth)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "crl response verification failed"); cand->destroy(cand); return best; } +<<<<<<< HEAD + crl = (crl_t*)cand; +======= +>>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) { @@ -441,6 +504,81 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, } /** +<<<<<<< HEAD + * validate a x509 certificate using CRL + */ +static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, + auth_cfg_t *auth) +{ + cert_validation_t valid = VALIDATION_SKIPPED; + identification_t *keyid = NULL; + certificate_t *best = NULL; + certificate_t *current; + public_key_t *public; + enumerator_t *enumerator; + chunk_t chunk; + char *uri = NULL; + + /* derive the authorityKeyIdentifier from the issuer's public key */ + current = &issuer->interface; + public = current->get_public_key(current); + if (public && public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) + { + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + + /* find a cached crl by authorityKeyIdentifier */ + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509_CRL, KEY_ANY, keyid, FALSE); + while (enumerator->enumerate(enumerator, ¤t)) + { + current->get_ref(current); + best = get_better_crl(current, best, subject, issuer, + &valid, FALSE); + if (best && valid != VALIDATION_STALE) + { + DBG1(DBG_CFG, " using cached crl"); + break; + } + } + enumerator->destroy(enumerator); + + /* fallback to fetching crls from credential sets cdps */ + if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) + { + enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, + CERT_X509_CRL, keyid); + while (enumerator->enumerate(enumerator, &uri)) + { + current = fetch_crl(uri); + if (current) + { + best = get_better_crl(current, best, subject, issuer, + &valid, TRUE); + if (best && valid != VALIDATION_STALE) + { + break; + } + } + } + enumerator->destroy(enumerator); + } + keyid->destroy(keyid); + } + DESTROY_IF(public); + + /* fallback to fetching crls from cdps from subject's certificate */ + if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) + { + enumerator = subject->create_crl_uri_enumerator(subject); + + while (enumerator->enumerate(enumerator, &uri)) + { + current = fetch_crl(uri); + if (current) + { + best = get_better_crl(current, best, subject, issuer, + &valid, TRUE); +======= * Find or fetch a certificate for a given crlIssuer */ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer, @@ -626,6 +764,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, } best = get_better_crl(current, best, subject, &valid, auth, TRUE, NULL); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -635,6 +774,10 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, enumerator->destroy(enumerator); } +<<<<<<< HEAD + /* an uri was found, but no result. switch validation state to failed */ + if (valid == VALIDATION_SKIPPED && uri) +======= /* look for delta CRLs */ if (best && (valid == VALIDATION_GOOD || valid == VALIDATION_STALE)) { @@ -643,6 +786,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri_found) +>>>>>>> upstream/4.5.1 { valid = VALIDATION_FAILED; } @@ -665,8 +809,12 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, METHOD(cert_validator_t, validate, bool, private_revocation_validator_t *this, certificate_t *subject, +<<<<<<< HEAD + certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509 && @@ -674,8 +822,12 @@ METHOD(cert_validator_t, validate, bool, { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); +<<<<<<< HEAD + switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) +======= switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) +>>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -693,8 +845,12 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "ocsp check failed, fallback to crl"); break; } +<<<<<<< HEAD + switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) +======= switch (check_crl((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) +>>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 3d96f4339..95e4e403d 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index dda2cbc1a..fcb75dfa2 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -19,8 +19,11 @@ #include "sha1_hasher.h" #include "sha1_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "sha1"; +>>>>>>> upstream/4.5.1 typedef struct private_sha1_plugin_t private_sha1_plugin_t; /** @@ -34,8 +37,15 @@ struct private_sha1_plugin_t { sha1_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of sha1_plugin_t.destroy + */ +static void destroy(private_sha1_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sha1_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha1_hasher_create); @@ -49,6 +59,15 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha1_plugin_create() { +<<<<<<< HEAD + private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)sha1_hasher_create); + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, +======= private_sha1_plugin_t *this; INIT(this, @@ -62,6 +81,7 @@ plugin_t *sha1_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, (hasher_constructor_t)sha1_hasher_create); lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, +>>>>>>> upstream/4.5.1 (prf_constructor_t)sha1_prf_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index fcbfa0c44..0dc56ac37 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index a5937dbb2..b47f07b8d 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "sha2_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "sha2"; +>>>>>>> upstream/4.5.1 typedef struct private_sha2_plugin_t private_sha2_plugin_t; /** @@ -33,8 +36,15 @@ struct private_sha2_plugin_t { sha2_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of sha2_plugin_t.destroy + */ +static void destroy(private_sha2_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sha2_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha2_hasher_create); @@ -46,6 +56,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha2_plugin_create() { +<<<<<<< HEAD + private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, +======= private_sha2_plugin_t *this; INIT(this, @@ -63,6 +86,7 @@ plugin_t *sha2_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)sha2_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index ae015d1a8..bf952acc5 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index f9e06199e..e1c51f098 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -213,8 +213,15 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of database_t.query. + */ +static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) +======= METHOD(database_t, query, enumerator_t*, private_sqlite_database_t *this, char *sql, ...) +>>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; va_list args; @@ -246,8 +253,15 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } +<<<<<<< HEAD +/** + * Implementation of database_t.execute. + */ +static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) +======= METHOD(database_t, execute, int, private_sqlite_database_t *this, int *rowid, char *sql, ...) +>>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; int affected = -1; @@ -279,8 +293,15 @@ METHOD(database_t, execute, int, return affected; } +<<<<<<< HEAD +/** + * Implementation of database_t.get_driver + */ +static db_driver_t get_driver(private_sqlite_database_t *this) +======= METHOD(database_t, get_driver, db_driver_t, private_sqlite_database_t *this) +>>>>>>> upstream/4.5.1 { return DB_SQLITE; } @@ -296,8 +317,15 @@ static int busy_handler(private_sqlite_database_t *this, int count) return 1; } +<<<<<<< HEAD +/** + * Implementation of database_t.destroy + */ +static void destroy(private_sqlite_database_t *this) +======= METHOD(database_t, destroy, void, private_sqlite_database_t *this) +>>>>>>> upstream/4.5.1 { sqlite3_close(this->db); this->mutex->destroy(this->mutex); @@ -321,6 +349,16 @@ sqlite_database_t *sqlite_database_create(char *uri) } file = uri + 9; +<<<<<<< HEAD + this = malloc_thing(private_sqlite_database_t); + + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; + this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; + this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; + this->public.db.destroy = (void(*)(database_t*))destroy; + + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); +======= INIT(this, .public = { .db = { @@ -332,12 +370,17 @@ sqlite_database_t *sqlite_database_create(char *uri) }, .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), ); +>>>>>>> upstream/4.5.1 if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s", file, sqlite3_errmsg(this->db)); +<<<<<<< HEAD + destroy(this); +======= _destroy(this); +>>>>>>> upstream/4.5.1 return NULL; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index e0b8e6ce1..e0bdf0634 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -31,8 +31,15 @@ struct private_sqlite_plugin_t { sqlite_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_sqlite_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sqlite_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)sqlite_database_create); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sqlite_plugin_create() { +<<<<<<< HEAD + private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_sqlite_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *sqlite_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 9dccb05e3..651fb8a9f 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -227,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 176bc438d..c021ef67b 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -104,8 +104,15 @@ struct private_test_vectors_plugin_t { test_vectors_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of test_vectors_plugin_t.test_vectorstroy + */ +static void destroy(private_test_vectors_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_test_vectors_plugin_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -115,6 +122,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *test_vectors_plugin_create() { +<<<<<<< HEAD + private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); + int i; + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_test_vectors_plugin_t *this; int i; @@ -125,6 +138,7 @@ plugin_t *test_vectors_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 for (i = 0; i < countof(crypter); i++) { diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 57deab98e..785d6441c 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 526dbe8c6..0eabc8010 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -117,7 +117,11 @@ struct private_x509_cert_t { linked_list_t *subjectAltNames; /** +<<<<<<< HEAD + * List of crlDistributionPoints as allocated char* +======= * List of crlDistributionPoints as x509_cdp_t* +>>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -132,6 +136,8 @@ struct private_x509_cert_t { linked_list_t *ipAddrBlocks; /** +<<<<<<< HEAD +======= * List of permitted name constraints */ linked_list_t *permitted_names; @@ -152,6 +158,7 @@ struct private_x509_cert_t { linked_list_t *policy_mappings; /** +>>>>>>> upstream/4.5.1 * certificate's embedded public key */ public_key_t *public_key; @@ -174,6 +181,9 @@ struct private_x509_cert_t { /** * Path Length Constraint */ +<<<<<<< HEAD + int pathLenConstraint; +======= u_char pathLenConstraint; /** @@ -190,6 +200,7 @@ struct private_x509_cert_t { * inhibitAnyPolicy Constraint */ u_char inhibit_any; +>>>>>>> upstream/4.5.1 /** * x509 constraints and other flags @@ -222,6 +233,8 @@ static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( ); /** +<<<<<<< HEAD +======= * Destroy a CertificateDistributionPoint */ static void crl_uri_destroy(x509_cdp_t *this) @@ -269,6 +282,7 @@ static u_int parse_constraint(chunk_t object) } /** +>>>>>>> upstream/4.5.1 * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { @@ -310,7 +324,19 @@ static void parse_basicConstraints(chunk_t blob, int level0, case BASIC_CONSTRAINTS_PATH_LEN: if (isCA) { +<<<<<<< HEAD + if (object.len == 0) + { + this->pathLenConstraint = 0; + } + else if (object.len == 1) + { + this->pathLenConstraint = *object.ptr; + } + /* we ignore path length constraints > 127 */ +======= this->pathLenConstraint = parse_constraint(object); +>>>>>>> upstream/4.5.1 } break; default: @@ -648,7 +674,11 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, } break; default: +<<<<<<< HEAD + /* unkown accessMethod, ignoring */ +======= /* unknown accessMethod, ignoring */ +>>>>>>> upstream/4.5.1 break; } break; @@ -663,6 +693,8 @@ end: } /** +<<<<<<< HEAD +======= * Extract KeyUsage flags */ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) @@ -717,6 +749,7 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) } /** +>>>>>>> upstream/4.5.1 * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { @@ -728,7 +761,11 @@ static const asn1Object_t extendedKeyUsageObjects[] = { #define EXT_KEY_USAGE_PURPOSE_ID 1 /** +<<<<<<< HEAD + * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned +======= * Extracts extendedKeyUsage OIDs +>>>>>>> upstream/4.5.1 */ static void parse_extendedKeyUsage(chunk_t blob, int level0, private_x509_cert_t *this) @@ -777,11 +814,18 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ +<<<<<<< HEAD + { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ +======= { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ +>>>>>>> upstream/4.5.1 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; +<<<<<<< HEAD +#define CRL_DIST_POINTS_FULLNAME 3 +======= #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 #define CRL_DIST_POINTS_ISSUER 10 @@ -830,10 +874,21 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, id->destroy(id); } } +>>>>>>> upstream/4.5.1 /** * Extracts one or several crlDistributionPoints into a list */ +<<<<<<< HEAD +static void parse_crlDistributionPoints(chunk_t blob, int level0, + private_x509_cert_t *this) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + linked_list_t *list = linked_list_create(); + +======= void x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list) { @@ -844,11 +899,36 @@ void x509_parse_crlDistributionPoints(chunk_t blob, int level0, uris = linked_list_create(); issuers = linked_list_create(); +>>>>>>> upstream/4.5.1 parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) { +<<<<<<< HEAD + if (objectID == CRL_DIST_POINTS_FULLNAME) + { + identification_t *id; + + /* append extracted generalNames to existing chained list */ + x509_parse_generalNames(object, parser->get_level(parser)+1, + TRUE, list); + + while (list->remove_last(list, (void**)&id) == SUCCESS) + { + char *uri; + + if (asprintf(&uri, "%Y", id) > 0) + { + this->crl_uris->insert_last(this->crl_uris, uri); + } + id->destroy(id); + } + } + } + parser->destroy(parser); + list->destroy(list); +======= switch (objectID) { case CRL_DIST_POINTS: @@ -1099,6 +1179,7 @@ static void parse_policyConstraints(chunk_t blob, int level0, } } parser->destroy(parser); +>>>>>>> upstream/4.5.1 } /** @@ -1293,6 +1374,14 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_SIGNATURE 25 /** +<<<<<<< HEAD + * forward declaration + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); + +/** +======= +>>>>>>> upstream/4.5.1 * Parses an X.509v3 certificate */ static bool parse_certificate(private_x509_cert_t *this) @@ -1392,8 +1481,12 @@ static bool parse_certificate(private_x509_cert_t *this) parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: +<<<<<<< HEAD + parse_crlDistributionPoints(object, level, this); +======= x509_parse_crlDistributionPoints(object, level, this->crl_uris); +>>>>>>> upstream/4.5.1 break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, @@ -1403,7 +1496,11 @@ static bool parse_certificate(private_x509_cert_t *this) parse_authorityInfoAccess(object, level, this); break; case OID_KEY_USAGE: +<<<<<<< HEAD + /* TODO parse the flags */ +======= parse_keyUsage(object, this); +>>>>>>> upstream/4.5.1 break; case OID_EXTENDED_KEY_USAGE: parse_extendedKeyUsage(object, level, this); @@ -1411,6 +1508,8 @@ static bool parse_certificate(private_x509_cert_t *this) case OID_IP_ADDR_BLOCKS: parse_ipAddrBlocks(object, level, this); break; +<<<<<<< HEAD +======= case OID_NAME_CONSTRAINTS: parse_nameConstraints(object, level, this); break; @@ -1431,6 +1530,7 @@ static bool parse_certificate(private_x509_cert_t *this) } this->inhibit_any = parse_constraint(object); break; +>>>>>>> upstream/4.5.1 case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: @@ -1443,9 +1543,15 @@ static bool parse_certificate(private_x509_cert_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, +<<<<<<< HEAD + "libstrongswan.plugins.x509.enforce_critical", FALSE)) + { + DBG1(DBG_LIB, "critical %s extension not supported", +======= "libstrongswan.x509.enforce_critical", TRUE)) { DBG1(DBG_LIB, "critical '%s' extension not supported", +>>>>>>> upstream/4.5.1 (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1478,9 +1584,13 @@ end: hasher_t *hasher; /* check if the certificate is self-signed */ +<<<<<<< HEAD + if (issued_by(this, &this->public.interface.interface)) +======= if (this->public.interface.interface.issued_by( &this->public.interface.interface, &this->public.interface.interface)) +>>>>>>> upstream/4.5.1 { this->flags |= X509_SELF_SIGNED; } @@ -1497,26 +1607,54 @@ end: return success; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_type + */ +static certificate_type_t get_type(private_x509_cert_t *this) +======= METHOD(certificate_t, get_type, certificate_type_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return CERT_X509; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_subject + */ +static identification_t* get_subject(private_x509_cert_t *this) +======= METHOD(certificate_t, get_subject, identification_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->subject; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_issuer + */ +static identification_t* get_issuer(private_x509_cert_t *this) +======= METHOD(certificate_t, get_issuer, identification_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->issuer; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject) +======= METHOD(certificate_t, has_subject, id_match_t, private_x509_cert_t *this, identification_t *subject) +>>>>>>> upstream/4.5.1 { identification_t *current; enumerator_t *enumerator; @@ -1557,15 +1695,29 @@ METHOD(certificate_t, has_subject, id_match_t, return best; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.has_issuer. + */ +static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) +======= METHOD(certificate_t, has_issuer, id_match_t, private_x509_cert_t *this, identification_t *issuer) +>>>>>>> upstream/4.5.1 { /* issuerAltNames currently not supported */ return this->issuer->matches(this->issuer, issuer); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.issued_by. + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) +======= METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer) +>>>>>>> upstream/4.5.1 { public_key_t *key; signature_scheme_t scheme; @@ -1612,13 +1764,44 @@ METHOD(certificate_t, issued_by, bool, return valid; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_public_key + */ +static public_key_t* get_public_key(private_x509_cert_t *this) +======= METHOD(certificate_t, get_public_key, public_key_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { this->public_key->get_ref(this->public_key); return this->public_key; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_ref + */ +static private_x509_cert_t* get_ref(private_x509_cert_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of x509_cert_t.get_flags. + */ +static x509_flag_t get_flags(private_x509_cert_t *this) +{ + return this->flags; +} + +/** + * Implementation of x509_cert_t.get_validity. + */ +static bool get_validity(private_x509_cert_t *this, time_t *when, + time_t *not_before, time_t *not_after) +======= METHOD(certificate_t, get_ref, certificate_t*, private_x509_cert_t *this) { @@ -1629,6 +1812,7 @@ METHOD(certificate_t, get_ref, certificate_t*, METHOD(certificate_t, get_validity, bool, private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) +>>>>>>> upstream/4.5.1 { time_t t = when ? *when : time(NULL); @@ -1643,8 +1827,16 @@ METHOD(certificate_t, get_validity, bool, return (t >= this->notBefore && t <= this->notAfter); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_encoding. + */ +static bool get_encoding(private_x509_cert_t *this, cred_encoding_type_t type, + chunk_t *encoding) +======= METHOD(certificate_t, get_encoding, bool, private_x509_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) +>>>>>>> upstream/4.5.1 { if (type == CERT_ASN1_DER) { @@ -1655,8 +1847,15 @@ METHOD(certificate_t, get_encoding, bool, CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_x509_cert_t *this, certificate_t *other) +======= METHOD(certificate_t, equals, bool, private_x509_cert_t *this, certificate_t *other) +>>>>>>> upstream/4.5.1 { chunk_t encoding; bool equal; @@ -1682,6 +1881,12 @@ METHOD(certificate_t, equals, bool, return equal; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_serial. + */ +static chunk_t get_serial(private_x509_cert_t *this) +======= METHOD(x509_t, get_flags, x509_flag_t, private_x509_cert_t *this) { @@ -1690,12 +1895,20 @@ METHOD(x509_t, get_flags, x509_flag_t, METHOD(x509_t, get_serial, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->serialNumber; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_subjectKeyIdentifier. + */ +static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) +======= METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { if (this->subjectKeyIdentifier.ptr) { @@ -1717,12 +1930,33 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, } } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_authKeyIdentifier. + */ +static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) +======= METHOD(x509_t, get_authKeyIdentifier, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->authKeyIdentifier; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_pathLenConstraint. + */ +static int get_pathLenConstraint(private_x509_cert_t *this) +{ + return this->pathLenConstraint; +} + +/** + * Implementation of x509_cert_t.create_subjectAltName_enumerator. + */ +static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, get_constraint, u_int, private_x509_cert_t *this, x509_constraint_t type) { @@ -1743,28 +1977,56 @@ METHOD(x509_t, get_constraint, u_int, METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->subjectAltNames->create_enumerator(this->subjectAltNames); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_ocsp_uri_enumerator. + */ +static enumerator_t* create_ocsp_uri_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->ocsp_uris->create_enumerator(this->ocsp_uris); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_crl_uri_enumerator. + */ +static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->crl_uris->create_enumerator(this->crl_uris); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. + */ +static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.destroy. + */ +static void destroy(private_x509_cert_t *this) +======= METHOD(x509_t, create_name_constraint_enumerator, enumerator_t*, private_x509_cert_t *this, bool perm) { @@ -1789,11 +2051,17 @@ METHOD(x509_t, create_policy_mapping_enumerator, enumerator_t*, METHOD(certificate_t, destroy, void, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { if (ref_put(&this->ref)) { this->subjectAltNames->destroy_offset(this->subjectAltNames, offsetof(identification_t, destroy)); +<<<<<<< HEAD + this->crl_uris->destroy_function(this->crl_uris, free); + this->ocsp_uris->destroy_function(this->ocsp_uris, free); + this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); +======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); this->ocsp_uris->destroy_function(this->ocsp_uris, free); this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, @@ -1806,6 +2074,7 @@ METHOD(certificate_t, destroy, void, (void*)cert_policy_destroy); this->policy_mappings->destroy_function(this->policy_mappings, (void*)policy_mapping_destroy); +>>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); @@ -1827,6 +2096,56 @@ METHOD(certificate_t, destroy, void, */ static private_x509_cert_t* create_empty(void) { +<<<<<<< HEAD + private_x509_cert_t *this = malloc_thing(private_x509_cert_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; + this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; + this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; + this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; + this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; + this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; + this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; + + this->encoding = chunk_empty; + this->encoding_hash = chunk_empty; + this->tbsCertificate = chunk_empty; + this->version = 1; + this->serialNumber = chunk_empty; + this->notBefore = 0; + this->notAfter = 0; + this->public_key = NULL; + this->subject = NULL; + this->issuer = NULL; + this->subjectAltNames = linked_list_create(); + this->crl_uris = linked_list_create(); + this->ocsp_uris = linked_list_create(); + this->ipAddrBlocks = linked_list_create(); + this->subjectKeyIdentifier = chunk_empty; + this->authKeyIdentifier = chunk_empty; + this->authKeySerialNumber = chunk_empty; + this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + this->algorithm = 0; + this->signature = chunk_empty; + this->flags = 0; + this->ref = 1; + this->parsed = FALSE; + +======= private_x509_cert_t *this; INIT(this, @@ -1875,10 +2194,13 @@ static private_x509_cert_t* create_empty(void) .inhibit_any = X509_NO_CONSTRAINT, .ref = 1, ); +>>>>>>> upstream/4.5.1 return this; } /** +<<<<<<< HEAD +======= * Build a generalName from an id */ chunk_t build_generalName(identification_t *id) @@ -1909,11 +2231,16 @@ chunk_t build_generalName(identification_t *id) } /** +>>>>>>> upstream/4.5.1 * Encode a linked list of subjectAltNames */ chunk_t x509_build_subjectAltNames(linked_list_t *list) { +<<<<<<< HEAD + chunk_t subjectAltNames = chunk_empty; +======= chunk_t subjectAltNames = chunk_empty, name; +>>>>>>> upstream/4.5.1 enumerator_t *enumerator; identification_t *id; @@ -1925,7 +2252,33 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &id)) { +<<<<<<< HEAD + int context; + chunk_t name; + + switch (id->get_type(id)) + { + case ID_RFC822_ADDR: + context = ASN1_CONTEXT_S_1; + break; + case ID_FQDN: + context = ASN1_CONTEXT_S_2; + break; + case ID_IPV4_ADDR: + case ID_IPV6_ADDR: + context = ASN1_CONTEXT_S_7; + break; + default: + DBG1(DBG_LIB, "encoding %N as subjectAltName not supported", + id_type_names, id->get_type(id)); + enumerator->destroy(enumerator); + free(subjectAltNames.ptr); + return chunk_empty; + } + name = asn1_wrap(context, "c", id->get_encoding(id)); +======= name = build_generalName(id); +>>>>>>> upstream/4.5.1 subjectAltNames = chunk_cat("mm", subjectAltNames, name); } enumerator->destroy(enumerator); @@ -1939,6 +2292,8 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) } /** +<<<<<<< HEAD +======= * Encode CRL distribution points extension from a x509_cdp_t list */ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) @@ -1980,6 +2335,7 @@ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) } /** +>>>>>>> upstream/4.5.1 * Generate and sign a new certificate */ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, @@ -1987,6 +2343,14 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; +<<<<<<< HEAD + chunk_t ocspSigning = chunk_empty; + chunk_t basicConstraints = chunk_empty; + chunk_t keyUsage = chunk_empty; + chunk_t subjectAltNames = chunk_empty; + chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; + chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; +======= chunk_t ocspSigning = chunk_empty, certPolicies = chunk_empty; chunk_t basicConstraints = chunk_empty, nameConstraints = chunk_empty; chunk_t keyUsage = chunk_empty, keyUsageBits = chunk_empty; @@ -1994,6 +2358,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty; +>>>>>>> upstream/4.5.1 identification_t *issuer, *subject; chunk_t key_info; signature_scheme_t scheme; @@ -2047,8 +2412,34 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, /* encode subjectAltNames */ subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); +<<<<<<< HEAD + /* encode CRL distribution points extension */ + enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t distributionPoint; + + distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))))); + + crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, + distributionPoint); + } + enumerator->destroy(enumerator); + if (crlDistributionPoints.ptr) + { + crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); + } +======= crlDistributionPoints = x509_build_crlDistributionPoints(cert->crl_uris, OID_CRL_DISTRIBUTION_POINTS); +>>>>>>> upstream/4.5.1 /* encode OCSP URIs in authorityInfoAccess extension */ enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); @@ -2077,10 +2468,18 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; +<<<<<<< HEAD + if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + { + char pathlen = (char)cert->pathLenConstraint; + + pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); +======= if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { pathLenConstraint = asn1_integer("c", chunk_from_thing(cert->pathLenConstraint)); +>>>>>>> upstream/4.5.1 } basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_build_known_oid(OID_BASIC_CONSTRAINTS), @@ -2091,6 +2490,15 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), pathLenConstraint))); +<<<<<<< HEAD + keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm", + asn1_build_known_oid(OID_KEY_USAGE), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_BIT_STRING, "c", + chunk_from_chars(0x01, 0x06)))); +======= /* set CertificateSign and implicitly CRLsign */ keyUsageBits = chunk_from_chars(0x01, 0x06); } @@ -2105,6 +2513,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_BIT_STRING, "c", keyUsageBits))); +>>>>>>> upstream/4.5.1 } /* add serverAuth extendedKeyUsage flag */ @@ -2133,7 +2542,11 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* add subjectKeyIdentifier to CA and OCSP signer certificates */ +<<<<<<< HEAD + if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) +======= if (cert->flags & (X509_CA | X509_OCSP_SIGNER | X509_CRL_SIGN)) +>>>>>>> upstream/4.5.1 { chunk_t keyid; @@ -2161,6 +2574,17 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); } } +<<<<<<< HEAD + if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || + crlDistributionPoints.ptr) + { + extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", + asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm", + basicConstraints, keyUsage, subjectKeyIdentifier, + authKeyIdentifier, subjectAltNames, + extendedKeyUsage, crlDistributionPoints, + authorityInfoAccess)); +======= if (cert->permitted_names->get_count(cert->permitted_names) || cert->excluded_names->get_count(cert->excluded_names)) @@ -2308,6 +2732,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, extendedKeyUsage, crlDistributionPoints, authorityInfoAccess, nameConstraints, certPolicies, policyMappings, policyConstraints, inhibitAnyPolicy)); +>>>>>>> upstream/4.5.1 } cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", @@ -2390,7 +2815,10 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) certificate_t *sign_cert = NULL; private_key_t *sign_key = NULL; hash_algorithm_t digest_alg = HASH_SHA1; +<<<<<<< HEAD +======= u_int constraint; +>>>>>>> upstream/4.5.1 cert = create_empty(); while (TRUE) @@ -2434,6 +2862,15 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { enumerator_t *enumerator; linked_list_t *list; +<<<<<<< HEAD + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); +======= x509_cdp_t *in, *cdp; list = va_arg(args, linked_list_t*); @@ -2445,6 +2882,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) .issuer = in->issuer ? in->issuer->clone(in->issuer) : NULL, ); cert->crl_uris->insert_last(cert->crl_uris, cdp); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); continue; @@ -2465,6 +2903,13 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) continue; } case BUILD_PATHLEN: +<<<<<<< HEAD + cert->pathLenConstraint = va_arg(args, int); + if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) + { + cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + } +======= constraint = va_arg(args, u_int); cert->pathLenConstraint = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; @@ -2555,6 +3000,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) constraint = va_arg(args, u_int); cert->inhibit_any = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 continue; case BUILD_NOT_BEFORE_TIME: cert->notBefore = va_arg(args, time_t); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 758505ab5..3e62681f5 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -100,11 +100,14 @@ struct private_x509_crl_t { linked_list_t *revoked; /** +<<<<<<< HEAD +======= * List of Freshest CRL distribution points */ linked_list_t *crl_uris; /** +>>>>>>> upstream/4.5.1 * Authority Key Identifier */ chunk_t authKeyIdentifier; @@ -115,11 +118,14 @@ struct private_x509_crl_t { chunk_t authKeySerialNumber; /** +<<<<<<< HEAD +======= * Number of BaseCRL, if a delta CRL */ chunk_t baseCrlNumber; /** +>>>>>>> upstream/4.5.1 * Signature algorithm */ int algorithm; @@ -143,6 +149,11 @@ struct private_x509_crl_t { /** * from x509_cert */ +<<<<<<< HEAD +extern chunk_t x509_parse_authorityKeyIdentifier( + chunk_t blob, int level0, + chunk_t *authKeySerialNumber); +======= extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber); @@ -156,6 +167,7 @@ extern void x509_parse_crlDistributionPoints(chunk_t blob, int level0, * from x509_cert */ extern chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn); +>>>>>>> upstream/4.5.1 /** * ASN.1 definition of an X.509 certificate revocation list @@ -226,7 +238,11 @@ static bool parse(private_x509_crl_t *this) int objectID; int sig_alg = OID_UNKNOWN; bool success = FALSE; +<<<<<<< HEAD + bool critical; +======= bool critical = FALSE; +>>>>>>> upstream/4.5.1 revoked_t *revoked = NULL; parser = asn1_parser_create(crlObjects, this->encoding); @@ -278,6 +294,28 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: +<<<<<<< HEAD + { + int extn_oid = asn1_known_oid(extnID); + + if (revoked && extn_oid == OID_CRL_REASON_CODE) + { + if (*object.ptr == ASN1_ENUMERATED && + asn1_length(&object) == 1) + { + revoked->reason = *object.ptr; + } + DBG2(DBG_LIB, " '%N'", crl_reason_names, + revoked->reason); + } + else if (extn_oid == OID_AUTHORITY_KEY_ID) + { + this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, + level, &this->authKeySerialNumber); + } + else if (extn_oid == OID_CRL_NUMBER) + { +======= { int extn_oid = asn1_known_oid(extnID); @@ -301,12 +339,18 @@ static bool parse(private_x509_crl_t *this) object, level, &this->authKeySerialNumber); break; case OID_CRL_NUMBER: +>>>>>>> upstream/4.5.1 if (!asn1_parse_simple_object(&object, ASN1_INTEGER, level, "crlNumber")) { goto end; } this->crlNumber = object; +<<<<<<< HEAD + } + } + break; +======= break; case OID_FRESHEST_CRL: x509_parse_crlDistributionPoints(object, level, @@ -333,6 +377,7 @@ static bool parse(private_x509_crl_t *this) } break; } +>>>>>>> upstream/4.5.1 case CRL_OBJ_ALGORITHM: { this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); @@ -390,6 +435,8 @@ METHOD(crl_t, get_authKeyIdentifier, chunk_t, return this->authKeyIdentifier; } +<<<<<<< HEAD +======= METHOD(crl_t, is_delta_crl, bool, private_x509_crl_t *this, chunk_t *base_crl) { @@ -410,6 +457,7 @@ METHOD(crl_t, create_delta_crl_uri_enumerator, enumerator_t*, return this->crl_uris->create_enumerator(this->crl_uris); } +>>>>>>> upstream/4.5.1 METHOD(crl_t, create_enumerator, enumerator_t*, private_x509_crl_t *this) { @@ -454,7 +502,11 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } +<<<<<<< HEAD + if (!(x509->get_flags(x509) & X509_CA)) +======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -567,6 +619,8 @@ static void revoked_destroy(revoked_t *revoked) free(revoked); } +<<<<<<< HEAD +======= /** * Destroy a CDP entry */ @@ -577,20 +631,27 @@ static void cdp_destroy(x509_cdp_t *this) free(this); } +>>>>>>> upstream/4.5.1 METHOD(certificate_t, destroy, void, private_x509_crl_t *this) { if (ref_put(&this->ref)) { this->revoked->destroy_function(this->revoked, (void*)revoked_destroy); +<<<<<<< HEAD +======= this->crl_uris->destroy_function(this->crl_uris, (void*)cdp_destroy); +>>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); if (this->generated) { free(this->crlNumber.ptr); +<<<<<<< HEAD +======= free(this->baseCrlNumber.ptr); +>>>>>>> upstream/4.5.1 free(this->signature.ptr); free(this->tbsCertList.ptr); } @@ -624,13 +685,19 @@ static private_x509_crl_t* create_empty(void) }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD +======= .is_delta_crl = _is_delta_crl, .create_delta_crl_uri_enumerator = _create_delta_crl_uri_enumerator, +>>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, .revoked = linked_list_create(), +<<<<<<< HEAD +======= .crl_uris = linked_list_create(), +>>>>>>> upstream/4.5.1 .ref = 1, ); return this; @@ -699,7 +766,10 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, private_key_t *key, hash_algorithm_t digest_alg) { chunk_t extensions = chunk_empty, certList = chunk_empty, serial; +<<<<<<< HEAD +======= chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty; +>>>>>>> upstream/4.5.1 enumerator_t *enumerator; crl_reason_t reason; time_t date; @@ -707,7 +777,11 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, x509 = (x509_t*)cert; +<<<<<<< HEAD + this->issuer = cert->get_issuer(cert); +======= this->issuer = cert->get_subject(cert); +>>>>>>> upstream/4.5.1 this->issuer = this->issuer->clone(this->issuer); this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509)); @@ -742,6 +816,10 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, } enumerator->destroy(enumerator); +<<<<<<< HEAD + extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_SEQUENCE, "mm", +======= crlDistributionPoints = x509_build_crlDistributionPoints(this->crl_uris, OID_FRESHEST_CRL); @@ -757,6 +835,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", asn1_wrap(ASN1_SEQUENCE, "mmmm", +>>>>>>> upstream/4.5.1 asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", @@ -766,8 +845,14 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_CRL_NUMBER), asn1_wrap(ASN1_OCTET_STRING, "m", +<<<<<<< HEAD + asn1_integer("c", this->crlNumber)) + ) + )); +======= asn1_integer("c", this->crlNumber))), crlDistributionPoints, baseCrlNumber)); +>>>>>>> upstream/4.5.1 this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm", ASN1_INTEGER_1, @@ -830,6 +915,8 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) case BUILD_REVOKED_ENUMERATOR: read_revoked(crl, va_arg(args, enumerator_t*)); continue; +<<<<<<< HEAD +======= case BUILD_BASE_CRL: crl->baseCrlNumber = va_arg(args, chunk_t); crl->baseCrlNumber = chunk_clone(crl->baseCrlNumber); @@ -853,6 +940,7 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) enumerator->destroy(enumerator); continue; } +>>>>>>> upstream/4.5.1 case BUILD_END: break; default: diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index d40cc3567..a3c071f12 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -36,8 +36,15 @@ struct private_x509_plugin_t { x509_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of x509_plugin_t.x509troy + */ +static void destroy(private_x509_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_x509_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)x509_cert_gen); @@ -67,6 +74,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *x509_plugin_create() { +<<<<<<< HEAD + private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_x509_plugin_t *this; INIT(this, @@ -76,6 +88,7 @@ plugin_t *x509_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)x509_cert_gen); diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 06d7a2121..22b3c9543 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 65e88335c..19d5a03fe 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -19,8 +19,11 @@ #include "xcbc_signer.h" #include "xcbc_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "xcbc"; +>>>>>>> upstream/4.5.1 typedef struct private_xcbc_plugin_t private_xcbc_plugin_t; /** @@ -50,7 +53,10 @@ METHOD(plugin_t, destroy, void, plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -60,6 +66,17 @@ plugin_t *xcbc_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, + (prf_constructor_t)xcbc_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, + (prf_constructor_t)xcbc_prf_create); + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, + (signer_constructor_t)xcbc_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, + (signer_constructor_t)xcbc_signer_create); + +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { @@ -78,6 +95,7 @@ plugin_t *xcbc_plugin_create() lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, plugin_name, (signer_constructor_t)xcbc_signer_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 7e7045d69..1f57ffcce 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -377,8 +377,15 @@ int vstr_wrapper_vasprintf(char **str, const char *format, va_list args) } #endif +<<<<<<< HEAD +/** + * Implementation of printf_hook_t.add_handler. + */ +static void add_handler(private_printf_hook_t *this, char spec, +======= METHOD(printf_hook_t, add_handler, void, private_printf_hook_t *this, char spec, +>>>>>>> upstream/4.5.1 printf_hook_function_t hook, ...) { int i = -1; @@ -437,8 +444,15 @@ METHOD(printf_hook_t, add_handler, void, } } +<<<<<<< HEAD +/** + * Implementation of printf_hook_t.destroy + */ +static void destroy(private_printf_hook_t *this) +======= METHOD(printf_hook_t, destroy, void, private_printf_hook_t *this) +>>>>>>> upstream/4.5.1 { int i; #ifdef USE_VSTR @@ -473,6 +487,12 @@ METHOD(printf_hook_t, destroy, void, */ printf_hook_t *printf_hook_create() { +<<<<<<< HEAD + private_printf_hook_t *this = malloc_thing(private_printf_hook_t); + + this->public.add_handler = (void(*)(printf_hook_t*, char, printf_hook_function_t, ...))add_handler; + this->public.destroy = (void(*)(printf_hook_t*))destroy; +======= private_printf_hook_t *this; INIT(this, @@ -481,6 +501,7 @@ printf_hook_t *printf_hook_create() .destroy = _destroy, }, ); +>>>>>>> upstream/4.5.1 memset(printf_hooks, 0, sizeof(printf_hooks)); diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index 723aec908..6c0d9aa84 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -248,7 +248,11 @@ static void destroy(private_processor_t *this) /* * Described in header. */ +<<<<<<< HEAD +processor_t *processor_create(size_t pool_size) +======= processor_t *processor_create() +>>>>>>> upstream/4.5.1 { private_processor_t *this = malloc_thing(private_processor_t); diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index 32da194ef..f675f51f1 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -393,15 +393,23 @@ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t switch (this->type) { case TS_IPV4_ADDR_RANGE: +<<<<<<< HEAD + if (memeq(this->from4, other->from4, sizeof(this->from4))) +======= if (memeq(this->from4, other->from4, sizeof(this->from4)) && memeq(this->to4, other->to4, sizeof(this->to4))) +>>>>>>> upstream/4.5.1 { return TRUE; } break; case TS_IPV6_ADDR_RANGE: +<<<<<<< HEAD + if (memeq(this->from6, other->from6, sizeof(this->from6))) +======= if (memeq(this->from6, other->from6, sizeof(this->from6)) && memeq(this->to6, other->to6, sizeof(this->to6))) +>>>>>>> upstream/4.5.1 { return TRUE; } diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index bd279f51d..c16c6a1f1 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -19,17 +22,24 @@ #include <stdarg.h> #include <stdio.h> #include <errno.h> +<<<<<<< HEAD +======= #include <limits.h> #include <glob.h> #include <libgen.h> +>>>>>>> upstream/4.5.1 #include "settings.h" #include "debug.h" #include "utils/linked_list.h" +<<<<<<< HEAD + +======= #include "threading/rwlock.h" #define MAX_INCLUSION_LEVEL 10 +>>>>>>> upstream/4.5.1 typedef struct private_settings_t private_settings_t; typedef struct section_t section_t; @@ -51,6 +61,11 @@ struct private_settings_t { section_t *top; /** +<<<<<<< HEAD + * allocated file text + */ + char *text; +======= * contents of loaded files and in-memory settings (char*) */ linked_list_t *contents; @@ -59,6 +74,7 @@ struct private_settings_t { * lock to safely access the settings */ rwlock_t *lock; +>>>>>>> upstream/4.5.1 }; /** @@ -99,6 +115,8 @@ struct kv_t { }; /** +<<<<<<< HEAD +======= * create a key/value pair */ static kv_t *kv_create(char *key, char *value) @@ -162,6 +180,7 @@ static bool kv_find(kv_t *this, char *key) } /** +>>>>>>> upstream/4.5.1 * Print a format key, but consume already processed arguments */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) @@ -210,6 +229,16 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** +<<<<<<< HEAD + * find a section by a given key, using buffered key, reusable buffer + */ +static section_t *find_section_buffered(section_t *section, + char *start, char *key, va_list args, char *buf, int len) +{ + char *pos; + enumerator_t *enumerator; + section_t *current, *found = NULL; +======= * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -219,6 +248,7 @@ static section_t *find_section_buffered(section_t *section, { char *pos; section_t *found = NULL; +>>>>>>> upstream/4.5.1 if (section == NULL) { @@ -234,6 +264,21 @@ static section_t *find_section_buffered(section_t *section, { return NULL; } +<<<<<<< HEAD + enumerator = section->sections->create_enumerator(section->sections); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current->name, buf)) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + if (found && pos) + { + return find_section_buffered(found, start, pos, args, buf, len); +======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -247,11 +292,19 @@ static section_t *find_section_buffered(section_t *section, if (found && pos) { return find_section_buffered(found, start, pos, args, buf, len, ensure); +>>>>>>> upstream/4.5.1 } return found; } /** +<<<<<<< HEAD + * find a section by a given key + */ +static section_t *find_section(section_t *section, char *key, va_list args) +{ + char buf[128], keybuf[512]; +======= * Find a section by a given key (thread-safe). */ static section_t *find_section(private_settings_t *this, section_t *section, @@ -259,11 +312,27 @@ static section_t *find_section(private_settings_t *this, section_t *section, { char buf[128], keybuf[512]; section_t *found; +>>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } +<<<<<<< HEAD + return find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); +} + +/** + * Find the string value for a key, using buffered key, reusable buffer + */ +static char *find_value_buffered(section_t *section, + char *start, char *key, va_list args, char *buf, int len) +{ + char *pos, *value = NULL; + enumerator_t *enumerator; + kv_t *kv; + section_t *current, *found = NULL; +======= this->lock->read_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -303,6 +372,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, char *pos; kv_t *kv = NULL; section_t *found = NULL; +>>>>>>> upstream/4.5.1 if (section == NULL) { @@ -319,6 +389,22 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } +<<<<<<< HEAD + enumerator = section->sections->create_enumerator(section->sections); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current->name, buf)) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + if (found) + { + return find_value_buffered(found, start, pos, args, buf, len); + } +======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -332,6 +418,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } return find_value_buffered(found, start, pos, args, buf, len, ensure); +>>>>>>> upstream/4.5.1 } else { @@ -339,6 +426,28 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } +<<<<<<< HEAD + enumerator = section->kv->create_enumerator(section->kv); + while (enumerator->enumerate(enumerator, &kv)) + { + if (streq(kv->key, buf)) + { + value = kv->value; + break; + } + } + enumerator->destroy(enumerator); + } + return value; +} + +/** + * Find the string value for a key + */ +static char *find_value(section_t *section, char *key, va_list args) +{ + char buf[128], keybuf[512]; +======= if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find, (void**)&kv, buf) != SUCCESS) { @@ -360,11 +469,21 @@ static char *find_value(private_settings_t *this, section_t *section, { char buf[128], keybuf[512], *value = NULL; kv_t *kv; +>>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } +<<<<<<< HEAD + return find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); +} + +/** + * Implementation of settings_t.get. + */ +static char* get_str(private_settings_t *this, char *key, char *def, ...) +======= this->lock->read_lock(this->lock); kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -413,12 +532,17 @@ static void set_value(private_settings_t *this, section_t *section, METHOD(settings_t, get_str, char*, private_settings_t *this, char *key, char *def, ...) +>>>>>>> upstream/4.5.1 { char *value; va_list args; va_start(args, def); +<<<<<<< HEAD + value = find_value(this->top, key, args); +======= value = find_value(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (value) { @@ -428,6 +552,31 @@ METHOD(settings_t, get_str, char*, } /** +<<<<<<< HEAD + * Implementation of settings_t.get_bool. + */ +static bool get_bool(private_settings_t *this, char *key, bool def, ...) +{ + char *value; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); + if (value) + { + if (strcaseeq(value, "true") || + strcaseeq(value, "enabled") || + strcaseeq(value, "yes") || + strcaseeq(value, "1")) + { + return TRUE; + } + else if (strcaseeq(value, "false") || + strcaseeq(value, "disabled") || + strcaseeq(value, "no") || + strcaseeq(value, "0")) +======= * Described in header */ inline bool settings_value_as_bool(char *value, bool def) @@ -445,6 +594,7 @@ inline bool settings_value_as_bool(char *value, bool def) strcaseeq(value, "no") || strcaseeq(value, "false") || strcaseeq(value, "disabled")) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -452,6 +602,20 @@ inline bool settings_value_as_bool(char *value, bool def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_int. + */ +static int get_int(private_settings_t *this, char *key, int def, ...) +{ + char *value; + int intval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_bool, bool, private_settings_t *this, char *key, bool def, ...) { @@ -470,6 +634,7 @@ METHOD(settings_t, get_bool, bool, inline int settings_value_as_int(char *value, int def) { int intval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -482,6 +647,20 @@ inline int settings_value_as_int(char *value, int def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_double. + */ +static double get_double(private_settings_t *this, char *key, double def, ...) +{ + char *value; + double dval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_int, int, private_settings_t *this, char *key, int def, ...) { @@ -500,6 +679,7 @@ METHOD(settings_t, get_int, int, inline double settings_value_as_double(char *value, double def) { double dval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -512,6 +692,20 @@ inline double settings_value_as_double(char *value, double def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_time. + */ +static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ...) +{ + char *value, *endptr; + u_int32_t timeval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_double, double, private_settings_t *this, char *key, double def, ...) { @@ -531,6 +725,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) { char *endptr; u_int32_t timeval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -549,7 +744,11 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) timeval *= 60; break; case 's': /* time in seconds */ +<<<<<<< HEAD + default: +======= default: +>>>>>>> upstream/4.5.1 break; } return timeval; @@ -558,6 +757,8 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } +<<<<<<< HEAD +======= METHOD(settings_t, get_time, u_int32_t, private_settings_t *this, char *key, u_int32_t def, ...) { @@ -627,6 +828,7 @@ METHOD(settings_t, set_time, void, va_end(args); } +>>>>>>> upstream/4.5.1 /** * Enumerate section names, not sections */ @@ -636,24 +838,42 @@ static bool section_filter(void *null, section_t **in, char **out) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of settings_t.create_section_enumerator + */ +static enumerator_t* create_section_enumerator(private_settings_t *this, + char *key, ...) +======= METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) +>>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); +<<<<<<< HEAD + section = find_section(this->top, key, args); +======= section = find_section(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } +<<<<<<< HEAD + return enumerator_create_filter( + section->sections->create_enumerator(section->sections), + (void*)section_filter, NULL, NULL); +======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->sections->create_enumerator(section->sections), (void*)section_filter, this->lock, (void*)this->lock->unlock); +>>>>>>> upstream/4.5.1 } /** @@ -667,24 +887,53 @@ static bool kv_filter(void *null, kv_t **in, char **key, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of settings_t.create_key_value_enumerator + */ +static enumerator_t* create_key_value_enumerator(private_settings_t *this, + char *key, ...) +======= METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) +>>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); +<<<<<<< HEAD + section = find_section(this->top, key, args); +======= section = find_section(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } +<<<<<<< HEAD + return enumerator_create_filter( + section->kv->create_enumerator(section->kv), + (void*)kv_filter, NULL, NULL); +} + +/** + * destroy a section + */ +static void section_destroy(section_t *this) +{ + this->kv->destroy_function(this->kv, free); + this->sections->destroy_function(this->sections, (void*)section_destroy); + + free(this); +======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->kv->create_enumerator(section->kv), (void*)kv_filter, this->lock, (void*)this->lock->unlock); +>>>>>>> upstream/4.5.1 } /** @@ -762,6 +1011,26 @@ static char parse(char **text, char *skip, char *term, char *br, char **token) } /** +<<<<<<< HEAD + * Parse a section + */ +static section_t* parse_section(char **text, char *name) +{ + section_t *sub, *section; + bool finished = FALSE; + char *key, *value, *inner; + + static int lev = 0; + lev++; + + section = malloc_thing(section_t); + section->name = name; + section->sections = linked_list_create(); + section->kv = linked_list_create(); + + while (!finished) + { +======= * Check if "text" starts with "pattern". * Characters in "skip" are skipped first. If found, TRUE is returned and "text" * is modified to point to the character right after "pattern". @@ -832,11 +1101,20 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } continue; } +>>>>>>> upstream/4.5.1 switch (parse(text, "\t\n ", "{=#", NULL, &key)) { case '{': if (parse(text, "\t ", "}", "{", &inner)) { +<<<<<<< HEAD + sub = parse_section(&inner, key); + if (sub) + { + section->sections->insert_last(section->sections, sub); + continue; + } +======= section_t *sub; if (!strlen(key)) { @@ -866,12 +1144,19 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } DBG1(DBG_LIB, "parsing subsection '%s' failed", key); break; +>>>>>>> upstream/4.5.1 } DBG1(DBG_LIB, "matching '}' not found near %s", *text); break; case '=': if (parse(text, "\t ", "\n", NULL, &value)) { +<<<<<<< HEAD + kv_t *kv = malloc_thing(kv_t); + kv->key = key; + kv->value = value; + section->kv->insert_last(section->kv, kv); +======= kv_t *kv; if (!strlen(key)) { @@ -890,6 +1175,7 @@ static bool parse_section(linked_list_t *contents, char *file, int level, { /* replace with the most recently read value */ kv->value = value; } +>>>>>>> upstream/4.5.1 continue; } DBG1(DBG_LIB, "parsing value failed near %s", *text); @@ -901,6 +1187,80 @@ static bool parse_section(linked_list_t *contents, char *file, int level, finished = TRUE; continue; } +<<<<<<< HEAD + section_destroy(section); + return NULL; + } + return section; +} + +/** + * Implementation of settings_t.destroy + */ +static void destroy(private_settings_t *this) +{ + if (this->top) + { + section_destroy(this->top); + } + free(this->text); + free(this); +} + +/* + * see header file + */ +settings_t *settings_create(char *file) +{ + private_settings_t *this; + char *pos; + FILE *fd; + int len; + + this = malloc_thing(private_settings_t); + this->public.get_str = (char*(*)(settings_t*, char *key, char* def, ...))get_str; + this->public.get_int = (int(*)(settings_t*, char *key, int def, ...))get_int; + this->public.get_double = (double(*)(settings_t*, char *key, double def, ...))get_double; + this->public.get_time = (u_int32_t(*)(settings_t*, char *key, u_int32_t def, ...))get_time; + this->public.get_bool = (bool(*)(settings_t*, char *key, bool def, ...))get_bool; + this->public.create_section_enumerator = (enumerator_t*(*)(settings_t*,char *section, ...))create_section_enumerator; + this->public.create_key_value_enumerator = (enumerator_t*(*)(settings_t*, char *key, ...))create_key_value_enumerator; + this->public.destroy = (void(*)(settings_t*))destroy; + + this->top = NULL; + this->text = NULL; + + if (file == NULL) + { + file = STRONGSWAN_CONF; + } + fd = fopen(file, "r"); + if (fd == NULL) + { + DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); + return &this->public; + } + fseek(fd, 0, SEEK_END); + len = ftell(fd); + rewind(fd); + this->text = malloc(len + 1); + this->text[len] = '\0'; + if (fread(this->text, 1, len, fd) != len) + { + free(this->text); + this->text = NULL; + return &this->public; + } + fclose(fd); + + pos = this->text; + this->top = parse_section(&pos, NULL); + if (this->top == NULL) + { + free(this->text); + this->text = NULL; + } +======= return FALSE; } return TRUE; @@ -1167,6 +1527,7 @@ settings_t *settings_create(char *file) load_files(this, file); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index bc3df3706..9da217630 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -28,6 +31,16 @@ typedef struct settings_t settings_t; #include "utils/enumerator.h" /** +<<<<<<< HEAD + * Generic configuration options read from a config file. + * + * The syntax is quite simple: + * + * settings := (section|keyvalue)* + * section := name { settings } + * keyvalue := key = value\n + * +======= * Convert a string value returned by a key/value enumerator to a boolean. * * @see settings_t.create_key_value_enumerator() @@ -76,6 +89,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * section := name { settings } * keyvalue := key = value\n * @endcode +>>>>>>> upstream/4.5.1 * E.g.: * @code a = b @@ -95,6 +109,8 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * * Currently only a limited set of printf format specifiers are supported * (namely %s, %d and %N, see implementation for details). +<<<<<<< HEAD +======= * * \section includes Including other files * Other files can be included, using the include statement e.g. @@ -140,6 +156,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); section-two { } @endcode +>>>>>>> upstream/4.5.1 */ struct settings_t { @@ -194,6 +211,8 @@ struct settings_t { u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); /** +<<<<<<< HEAD +======= * Set a string value. * * @param key key including sections, printf style format @@ -239,6 +258,7 @@ struct settings_t { void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over subsection names of a section. * * @param section section including parents, printf style format @@ -252,13 +272,19 @@ struct settings_t { * Create an enumerator over key/value pairs in a section. * * @param section section name to list key/value pairs of, printf style +<<<<<<< HEAD + * @param ... argmuent list for section +======= * @param ... argument list for section +>>>>>>> upstream/4.5.1 * @return enumerator over (char *key, char *value) */ enumerator_t* (*create_key_value_enumerator)(settings_t *this, char *section, ...); /** +<<<<<<< HEAD +======= * Load settings from the files matching the given pattern. * * Existing sections are extended, existing values replaced, by those found @@ -293,6 +319,7 @@ struct settings_t { char *section, ...); /** +>>>>>>> upstream/4.5.1 * Destroy a settings instance. */ void (*destroy)(settings_t *this); diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 2ab061a74..357858c9e 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -247,6 +247,8 @@ bool return_false() } /** +<<<<<<< HEAD +======= * returns FAILED */ status_t return_failed() @@ -255,6 +257,7 @@ status_t return_failed() } /** +>>>>>>> upstream/4.5.1 * nop operation */ void nop() diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index ed61895ee..e07af53aa 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -57,7 +57,11 @@ #define streq(x,y) (strcmp(x, y) == 0) /** +<<<<<<< HEAD + * Macro compares two strings for equality +======= * Macro compares two strings for equality, length limited +>>>>>>> upstream/4.5.1 */ #define strneq(x,y,len) (strncmp(x, y, len) == 0) @@ -67,6 +71,8 @@ #define strcaseeq(x,y) (strcasecmp(x, y) == 0) /** +<<<<<<< HEAD +======= * Macro compares two strings for equality ignoring case, length limited */ #define strncaseeq(x,y,len) (strncasecmp(x, y, len) == 0) @@ -77,6 +83,7 @@ #define strdupnull(x) ({ char *_x = x; _x ? strdup(_x) : NULL; }) /** +>>>>>>> upstream/4.5.1 * Macro compares two binary blobs for equality */ #define memeq(x,y,len) (memcmp(x, y, len) == 0) @@ -392,11 +399,14 @@ bool return_true(); bool return_false(); /** +<<<<<<< HEAD +======= * returns FAILED */ status_t return_failed(); /** +>>>>>>> upstream/4.5.1 * Write a 16-bit host order value in network order to an unaligned address. * * @param host host order 16-bit value diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 41224e8c2..5f1318b9a 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -132,11 +132,18 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) /** * Implementation of backtrace_t.contains_function */ +<<<<<<< HEAD +static bool contains_function(private_backtrace_t *this, char *function) +{ +#ifdef HAVE_DLADDR + int i; +======= static bool contains_function(private_backtrace_t *this, char *function[], int count) { #ifdef HAVE_DLADDR int i, j; +>>>>>>> upstream/4.5.1 for (i = 0; i< this->frame_count; i++) { @@ -144,12 +151,18 @@ static bool contains_function(private_backtrace_t *this, if (dladdr(this->frames[i], &info) && info.dli_sname) { +<<<<<<< HEAD + if (streq(info.dli_sname, function)) + { + return TRUE; +======= for (j = 0; j < count; j++) { if (streq(info.dli_sname, function[j])) { return TRUE; } +>>>>>>> upstream/4.5.1 } } } @@ -183,7 +196,11 @@ backtrace_t *backtrace_create(int skip) this->frame_count = frame_count; this->public.log = (void(*)(backtrace_t*,FILE*,bool))log_; +<<<<<<< HEAD + this->public.contains_function = (bool(*)(backtrace_t*, char *function))contains_function; +======= this->public.contains_function = (bool(*)(backtrace_t*, char *function[], int count))contains_function; +>>>>>>> upstream/4.5.1 this->public.destroy = (void(*)(backtrace_t*))destroy; return &this->public; diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index e8ccfc1bd..712122afb 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -41,6 +41,14 @@ struct backtrace_t { void (*log)(backtrace_t *this, FILE *file, bool detailed); /** +<<<<<<< HEAD + * Check if the backtrace contains a frame in a specific function. + * + * @param function name + * @return TRUE if function is in the stack + */ + bool (*contains_function)(backtrace_t *this, char *function); +======= * Check if the backtrace contains a frame having a function in a list. * * @param function name array @@ -48,6 +56,7 @@ struct backtrace_t { * @return TRUE if one of the functions is in the stack */ bool (*contains_function)(backtrace_t *this, char *function[], int count); +>>>>>>> upstream/4.5.1 /** * Destroy a backtrace instance. diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 49b0bb68c..9a0f92b3c 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -186,7 +186,11 @@ static void rehash(private_hashtable_t *this) linked_list_t **old_table; u_int row, old_capacity; +<<<<<<< HEAD + if (this->capacity < MAX_CAPACITY) +======= if (this->capacity >= MAX_CAPACITY) +>>>>>>> upstream/4.5.1 { return; } @@ -249,7 +253,10 @@ METHOD(hashtable_t, put, void*, { old_value = pair->value; pair->value = value; +<<<<<<< HEAD +======= pair->key = key; +>>>>>>> upstream/4.5.1 break; } } diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index ffeebd05c..1fba6a587 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -476,10 +476,13 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) { return host_create_any_port(af ? af : AF_INET6, port); } +<<<<<<< HEAD +======= if (af == AF_INET && strchr(string, ':')) { /* do not try to convert v6 addresses for v4 family */ return NULL; } +>>>>>>> upstream/4.5.1 memset(&hints, 0, sizeof(hints)); hints.ai_family = af; @@ -568,6 +571,8 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) /* * Described in header. */ +<<<<<<< HEAD +======= host_t *host_create_from_subnet(char *string, int *bits) { char *pos, buf[64]; @@ -603,6 +608,7 @@ host_t *host_create_from_subnet(char *string, int *bits) /* * Described in header. */ +>>>>>>> upstream/4.5.1 host_t *host_create_any(int family) { private_host_t *this = host_create_empty(); diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index 0a1be6e47..b9cd81148 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -190,6 +190,8 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); /** +<<<<<<< HEAD +======= * Create a host from a CIDR subnet definition (1.2.3.0/24), return bits. * * @param string string to parse @@ -199,6 +201,7 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); host_t *host_create_from_subnet(char *string, int *bits); /** +>>>>>>> upstream/4.5.1 * Create a host without an address, a "any" host. * * @param family family of the any host diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index fd2716deb..facf9f6de 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -281,13 +281,20 @@ static void dntoa(chunk_t dn, char *buf, size_t len) chunk_t oid_data, data, printable; u_char type; int oid, written; +<<<<<<< HEAD + bool finished = FALSE; +======= bool finished = FALSE, empty = TRUE; +>>>>>>> upstream/4.5.1 e = create_rdn_enumerator(dn); while (e->enumerate(e, &oid_data, &type, &data)) { +<<<<<<< HEAD +======= empty = FALSE; +>>>>>>> upstream/4.5.1 oid = asn1_known_oid(oid_data); if (oid == OID_UNKNOWN) @@ -331,11 +338,15 @@ static void dntoa(chunk_t dn, char *buf, size_t len) break; } } +<<<<<<< HEAD + if (!finished) +======= if (empty) { snprintf(buf, len, ""); } else if (!finished) +>>>>>>> upstream/4.5.1 { snprintf(buf, len, "(invalid ID_DER_ASN1_DN)"); } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 52e92951b..ef2ea8e14 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -218,6 +218,27 @@ char *whitelist[] = { "gcry_create_nonce", /* NSPR */ "PR_CallOnce", +<<<<<<< HEAD +}; + +/** + * check if a stack frame contains functions listed above + */ +static bool is_whitelisted(backtrace_t *backtrace) +{ + int i; + for (i = 0; i < sizeof(whitelist)/sizeof(char*); i++) + { + if (backtrace->contains_function(backtrace, whitelist[i])) + { + return TRUE; + } + } + return FALSE; +} + +/** +======= /* libapr */ "apr_pool_create_ex", /* glib */ @@ -235,6 +256,7 @@ char *whitelist[] = { }; /** +>>>>>>> upstream/4.5.1 * Report leaks at library destruction */ static void report(private_leak_detective_t *this, bool detailed) @@ -246,8 +268,12 @@ static void report(private_leak_detective_t *this, bool detailed) for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { +<<<<<<< HEAD + if (is_whitelisted(hdr->backtrace)) +======= if (hdr->backtrace->contains_function(hdr->backtrace, whitelist, countof(whitelist))) +>>>>>>> upstream/4.5.1 { whitelisted++; } diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index e51780290..fe3d37966 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -61,8 +61,16 @@ struct private_options_t { char *buffers[MAX_USES]; }; +<<<<<<< HEAD +/** + * Defined in header + */ +bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], + int optind) +======= METHOD(options_t, from, bool, private_options_t *this, char *filename, int *argcp, char **argvp[], int optind) +>>>>>>> upstream/4.5.1 { int newargc; int next; /* place for next argument */ @@ -179,8 +187,15 @@ METHOD(options_t, from, bool, return good; } +<<<<<<< HEAD +/** + * Defined in header + */ +void destroy(private_options_t *this) +======= METHOD(options_t, destroy, void, private_options_t *this) +>>>>>>> upstream/4.5.1 { while (this->nuses >= 0) { @@ -195,6 +210,19 @@ METHOD(options_t, destroy, void, */ options_t *options_create(void) { +<<<<<<< HEAD + private_options_t *this = malloc_thing(private_options_t); + + /* initialize */ + this->newargv = NULL; + this->room = 0; + this->nuses = -1; + memset(this->buffers, '\0', MAX_USES); + + /* public functions */ + this->public.from = (bool (*) (options_t*,char*,int*,char***,int))from; + this->public.destroy = (void (*) (options_t*))destroy; +======= private_options_t *this; INIT(this, @@ -205,6 +233,7 @@ options_t *options_create(void) }, .nuses = -1, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 93e8b4a9b..8eeed98b3 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -195,7 +195,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -234,8 +240,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libtls/tls.h b/src/libtls/tls.h index e2c377ad3..f929f43fc 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -202,7 +202,11 @@ struct tls_t { /** * Check if TLS negotiation completed successfully. * +<<<<<<< HEAD + * @return TRUE if TLS negotation and authentication complete +======= * @return TRUE if TLS negotiation and authentication complete +>>>>>>> upstream/4.5.1 */ bool (*is_complete)(tls_t *this); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index b4eaf4d79..14eb270a2 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -626,6 +626,17 @@ static void filter_suite(private_tls_crypto_t *this, suite_algs_t suites[], int *count, int offset, enumerator_t*(*create_enumerator)(crypto_factory_t*)) { +<<<<<<< HEAD + suite_algs_t current; + int i, remaining = 0; + enumerator_t *enumerator; + + memset(¤t, 0, sizeof(current)); + for (i = 0; i < *count; i++) + { + enumerator = create_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, ((char*)¤t) + offset)) +======= const char *plugin_name; suite_algs_t current; int *current_alg, i, remaining = 0; @@ -638,6 +649,7 @@ static void filter_suite(private_tls_crypto_t *this, { enumerator = create_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, current_alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { if ((suites[i].encr == ENCR_NULL || !current.encr || current.encr == suites[i].encr) && @@ -1063,11 +1075,18 @@ METHOD(tls_crypto_t, get_signature_algorithms, void, enumerator_t *enumerator; hash_algorithm_t alg; tls_hash_algorithm_t hash; +<<<<<<< HEAD + + supported = tls_writer_create(32); + enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &alg)) +======= const char *plugin_name; supported = tls_writer_create(32); enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { switch (alg) { diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index 8204a3441..2f3627485 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -303,13 +303,23 @@ METHOD(tls_eap_t, process, status_t, DBG2(DBG_TLS, "received %N acknowledgement packet", eap_type_names, this->type); status = build_pkt(this, pkt->identifier, out); +<<<<<<< HEAD + if (status == INVALID_STATE && + this->tls->is_complete(this->tls)) +======= if (status == INVALID_STATE && this->tls->is_complete(this->tls)) +>>>>>>> upstream/4.5.1 { return SUCCESS; } return status; } status = process_pkt(this, pkt); +<<<<<<< HEAD + if (status != NEED_MORE) + { + return status; +======= switch (status) { case NEED_MORE: @@ -318,6 +328,7 @@ METHOD(tls_eap_t, process, status_t, return this->tls->is_complete(this->tls) ? SUCCESS : FAILED; default: return status; +>>>>>>> upstream/4.5.1 } } status = build_pkt(this, pkt->identifier, out); diff --git a/src/libtls/tls_reader.c b/src/libtls/tls_reader.c index 2b3cd8cac..f13cdc931 100644 --- a/src/libtls/tls_reader.c +++ b/src/libtls/tls_reader.c @@ -52,8 +52,13 @@ METHOD(tls_reader_t, read_uint8, bool, { if (this->buf.len < 1) { +<<<<<<< HEAD + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", + this->buf.len, 8); +======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int8 data", this->buf.len); +>>>>>>> upstream/4.5.1 return FALSE; } *res = this->buf.ptr[0]; @@ -66,8 +71,13 @@ METHOD(tls_reader_t, read_uint16, bool, { if (this->buf.len < 2) { +<<<<<<< HEAD + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", + this->buf.len, 16); +======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int16 data", this->buf.len); +>>>>>>> upstream/4.5.1 return FALSE; } *res = untoh16(this->buf.ptr); @@ -80,8 +90,13 @@ METHOD(tls_reader_t, read_uint24, bool, { if (this->buf.len < 3) { +<<<<<<< HEAD + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", + this->buf.len, 24); +======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int24 data", this->buf.len); +>>>>>>> upstream/4.5.1 return FALSE; } *res = untoh32(this->buf.ptr) >> 8; @@ -94,8 +109,13 @@ METHOD(tls_reader_t, read_uint32, bool, { if (this->buf.len < 4) { +<<<<<<< HEAD + DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", + this->buf.len, 32); +======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int32 data", this->buf.len); +>>>>>>> upstream/4.5.1 return FALSE; } *res = untoh32(this->buf.ptr); @@ -108,7 +128,11 @@ METHOD(tls_reader_t, read_data, bool, { if (this->buf.len < len) { +<<<<<<< HEAD + DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data", +======= DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes of data", +>>>>>>> upstream/4.5.1 this->buf.len, len); return FALSE; } diff --git a/src/libtls/tls_writer.c b/src/libtls/tls_writer.c index e87c2efea..d7382e3fd 100644 --- a/src/libtls/tls_writer.c +++ b/src/libtls/tls_writer.c @@ -226,7 +226,11 @@ tls_writer_t *tls_writer_create(u_int32_t bufsize) .get_buf = _get_buf, .destroy = _destroy, }, +<<<<<<< HEAD + .increase = bufsize ?: 32, +======= .increase = bufsize ? max(bufsize, 4) : 32, +>>>>>>> upstream/4.5.1 ); if (bufsize) { diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 2e139f839..f2def7d98 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -236,7 +236,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -275,8 +281,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 9c9662f7f..cc8fc02af 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in index ec4657e55..b551d6a7b 100644 --- a/src/openac/Makefile.in +++ b/src/openac/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index c6651fdf5..701413f8f 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -197,7 +197,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -236,8 +242,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pki/command.c b/src/pki/command.c index 0142b4ab7..245b22af3 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -201,7 +201,11 @@ int command_usage(char *error) } for (i = 0; cmds[active].options[i].name; i++) { +<<<<<<< HEAD + fprintf(out, " --%-8s (-%c) %s\n", +======= fprintf(out, " --%-15s (-%c) %s\n", +>>>>>>> upstream/4.5.1 cmds[active].options[i].name, cmds[active].options[i].op, cmds[active].options[i].desc); } diff --git a/src/pki/command.h b/src/pki/command.h index a6f8bc758..70a26f712 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -29,7 +29,11 @@ /** * Maximum number of options in a command (+1) */ +<<<<<<< HEAD +#define MAX_OPTIONS 20 +======= #define MAX_OPTIONS 32 +>>>>>>> upstream/4.5.1 /** * Maximum number of usage summary lines (+1) diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 6a5686d92..c6fd50029 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -18,13 +18,18 @@ #include "pki.h" #include <debug.h> +<<<<<<< HEAD +======= #include <asn1/asn1.h> +>>>>>>> upstream/4.5.1 #include <utils/linked_list.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/pkcs10.h> /** +<<<<<<< HEAD +======= * Free cert policy with OID */ static void destroy_cert_policy(x509_cert_policy_t *policy) @@ -53,6 +58,7 @@ static void destroy_cdp(x509_cdp_t *this) } /** +>>>>>>> upstream/4.5.1 * Issue a certificate using a CA certificate and key */ static int issue() @@ -66,26 +72,38 @@ static int issue() char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; char *error = NULL, *keyid = NULL; identification_t *id = NULL; +<<<<<<< HEAD + linked_list_t *san, *cdps, *ocsp; + int lifetime = 1095; + int pathlen = X509_NO_PATH_LEN_CONSTRAINT; +======= linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; x509_flag_t flags = 0; x509_t *x509; +<<<<<<< HEAD +======= x509_cdp_t *cdp = NULL; x509_cert_policy_t *policy = NULL; +>>>>>>> upstream/4.5.1 char *arg; san = linked_list_create(); cdps = linked_list_create(); ocsp = linked_list_create(); +<<<<<<< HEAD +======= permitted = linked_list_create(); excluded = linked_list_create(); policies = linked_list_create(); mappings = linked_list_create(); +>>>>>>> upstream/4.5.1 while (TRUE) { @@ -147,6 +165,8 @@ static int issue() case 'p': pathlen = atoi(arg); continue; +<<<<<<< HEAD +======= case 'n': permitted->insert_last(permitted, identification_create_from_string(arg)); @@ -220,6 +240,7 @@ static int issue() case 'A': inhibit_any = atoi(arg); continue; +>>>>>>> upstream/4.5.1 case 'e': if (streq(arg, "serverAuth")) { @@ -229,10 +250,13 @@ static int issue() { flags |= X509_CLIENT_AUTH; } +<<<<<<< HEAD +======= else if (streq(arg, "crlSign")) { flags |= X509_CRL_SIGN; } +>>>>>>> upstream/4.5.1 else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -241,6 +265,13 @@ static int issue() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { +<<<<<<< HEAD + return command_usage("invalid output format"); + } + continue; + case 'u': + cdps->insert_last(cdps, arg); +======= error = "invalid output format"; goto usage; } @@ -258,6 +289,7 @@ static int issue() goto usage; } cdp->issuer = identification_create_from_string(arg); +>>>>>>> upstream/4.5.1 continue; case 'o': ocsp->insert_last(ocsp, arg); @@ -270,6 +302,15 @@ static int issue() } break; } +<<<<<<< HEAD + + if (!pkcs10 && !dn) + { + error = "--dn is required"; + goto usage; + } +======= +>>>>>>> upstream/4.5.1 if (!cacert) { error = "--cacert is required"; @@ -280,7 +321,11 @@ static int issue() error = "--cakey or --keyid is required"; goto usage; } +<<<<<<< HEAD + if (dn) +======= if (dn && *dn) +>>>>>>> upstream/4.5.1 { id = identification_create_from_string(dn); if (id->get_type(id) != ID_DER_ASN1_DN) @@ -425,12 +470,15 @@ static int issue() goto end; } +<<<<<<< HEAD +======= if (!id) { id = identification_create_from_encoding(ID_DER_ASN1_DN, chunk_from_chars(ASN1_SEQUENCE, 0)); } +>>>>>>> upstream/4.5.1 not_before = time(NULL); not_after = not_before + lifetime * 24 * 60 * 60; @@ -442,6 +490,9 @@ static int issue() BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_CRL_DISTRIBUTION_POINTS, cdps, +<<<<<<< HEAD + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); +======= BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_PERMITTED_NAME_CONSTRAINTS, permitted, BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded, @@ -451,6 +502,7 @@ static int issue() BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping, BUILD_POLICY_INHIBIT_ANY, inhibit_any, BUILD_END); +>>>>>>> upstream/4.5.1 if (!cert) { error = "generating certificate failed"; @@ -475,11 +527,15 @@ end: DESTROY_IF(public); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); +<<<<<<< HEAD + cdps->destroy(cdps); +======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); cdps->destroy_function(cdps, (void*)destroy_cdp); +>>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); free(encoding.ptr); free(serial.ptr); @@ -493,11 +549,15 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); +<<<<<<< HEAD + cdps->destroy(cdps); +======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); cdps->destroy_function(cdps, (void*)destroy_cdp); +>>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); return command_usage(error); } @@ -511,6 +571,30 @@ static void __attribute__ ((constructor))reg() issue, 'i', "issue", "issue a certificate using a CA certificate and key", {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex", +<<<<<<< HEAD + " --cacert file --dn subject-dn [--san subjectAltName]+", + "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", + "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+", + "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "public key/request file to issue, default: stdin"}, + {"type", 't', 1, "type of input, default: pub"}, + {"cacert", 'c', 1, "CA certificate file"}, + {"cakey", 'k', 1, "CA private key file"}, + {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"}, + {"dn", 'd', 1, "distinguished name to include as subject"}, + {"san", 'a', 1, "subjectAltName to include in certificate"}, + {"lifetime",'l', 1, "days the certificate is valid, default: 1095"}, + {"serial", 's', 1, "serial number in hex, default: random"}, + {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"pathlen", 'p', 1, "set path length constraint"}, + {"flag", 'e', 1, "include extendedKeyUsage flag"}, + {"crl", 'u', 1, "CRL distribution point URI to include"}, + {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + {"outform", 'f', 1, "encoding of generated cert, default: der"}, +======= " --cacert file [--dn subject-dn] [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+", "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+", @@ -547,6 +631,7 @@ static void __attribute__ ((constructor))reg() {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, +>>>>>>> upstream/4.5.1 } }); } diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index ee6f30c98..b2716f6a8 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -15,7 +15,10 @@ #include "pki.h" +<<<<<<< HEAD +======= #include <asn1/asn1.h> +>>>>>>> upstream/4.5.1 #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -73,11 +76,16 @@ static void print_x509(x509_t *x509) chunk_t chunk; bool first; char *uri; +<<<<<<< HEAD + int len; + x509_flag_t flags; +======= int len, explicit, inhibit; x509_flag_t flags; x509_cdp_t *cdp; x509_cert_policy_t *policy; x509_policy_mapping_t *mapping; +>>>>>>> upstream/4.5.1 chunk = x509->get_serial(x509); printf("serial: %#B\n", &chunk); @@ -109,10 +117,13 @@ static void print_x509(x509_t *x509) { printf("CA "); } +<<<<<<< HEAD +======= if (flags & X509_CRL_SIGN) { printf("CRLSign "); } +>>>>>>> upstream/4.5.1 if (flags & X509_AA) { printf("AA "); @@ -141,15 +152,27 @@ static void print_x509(x509_t *x509) first = TRUE; enumerator = x509->create_crl_uri_enumerator(x509); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &uri)) + { + if (first) + { + printf("CRL URIs: %s\n", uri); +======= while (enumerator->enumerate(enumerator, &cdp)) { if (first) { printf("CRL URIs: %s", cdp->uri); +>>>>>>> upstream/4.5.1 first = FALSE; } else { +<<<<<<< HEAD + printf(" %s\n", uri); + } +======= printf(" %s", cdp->uri); } if (cdp->issuer) @@ -157,6 +180,7 @@ static void print_x509(x509_t *x509) printf(" (CRL issuer: %Y)", cdp->issuer); } printf("\n"); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -176,12 +200,19 @@ static void print_x509(x509_t *x509) } enumerator->destroy(enumerator); +<<<<<<< HEAD + len = x509->get_pathLenConstraint(x509); + if (len != X509_NO_PATH_LEN_CONSTRAINT) +======= len = x509->get_constraint(x509, X509_PATH_LEN); if (len != X509_NO_CONSTRAINT) +>>>>>>> upstream/4.5.1 { printf("pathlen: %d\n", len); } +<<<<<<< HEAD +======= first = TRUE; enumerator = x509->create_name_constraint_enumerator(x509, TRUE); while (enumerator->enumerate(enumerator, &id)) @@ -281,6 +312,7 @@ static void print_x509(x509_t *x509) } } +>>>>>>> upstream/4.5.1 chunk = x509->get_authKeyIdentifier(x509); if (chunk.ptr) { @@ -324,6 +356,16 @@ static void print_crl(crl_t *crl) crl_reason_t reason; chunk_t chunk; int count = 0; +<<<<<<< HEAD + char buf[64]; + struct tm tm; + + chunk = crl->get_serial(crl); + printf("serial: %#B\n", &chunk); + chunk = crl->get_authKeyIdentifier(crl); + printf("authKeyId: %#B\n", &chunk); + +======= bool first; char buf[64]; struct tm tm; @@ -359,6 +401,7 @@ static void print_crl(crl_t *crl) } enumerator->destroy(enumerator); +>>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &chunk, &ts, &reason)) { diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index c7788ff62..7f46d3324 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -20,6 +20,8 @@ #include <utils/linked_list.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> +<<<<<<< HEAD +======= #include <asn1/asn1.h> /** @@ -40,6 +42,7 @@ static void destroy_policy_mapping(x509_policy_mapping_t *mapping) free(mapping->subject.ptr); free(mapping); } +>>>>>>> upstream/4.5.1 /** * Create a self signed certificate. @@ -54,23 +57,35 @@ static int self() public_key_t *public = NULL; char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL, *keyid = NULL; identification_t *id = NULL; +<<<<<<< HEAD + linked_list_t *san, *ocsp; + int lifetime = 1095; + int pathlen = X509_NO_PATH_LEN_CONSTRAINT; +======= linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; x509_flag_t flags = 0; +<<<<<<< HEAD +======= x509_cert_policy_t *policy = NULL; +>>>>>>> upstream/4.5.1 char *arg; san = linked_list_create(); ocsp = linked_list_create(); +<<<<<<< HEAD +======= permitted = linked_list_create(); excluded = linked_list_create(); policies = linked_list_create(); mappings = linked_list_create(); +>>>>>>> upstream/4.5.1 while (TRUE) { @@ -130,6 +145,8 @@ static int self() case 'p': pathlen = atoi(arg); continue; +<<<<<<< HEAD +======= case 'n': permitted->insert_last(permitted, identification_create_from_string(arg)); @@ -203,6 +220,7 @@ static int self() case 'A': inhibit_any = atoi(arg); continue; +>>>>>>> upstream/4.5.1 case 'e': if (streq(arg, "serverAuth")) { @@ -212,10 +230,13 @@ static int self() { flags |= X509_CLIENT_AUTH; } +<<<<<<< HEAD +======= else if (streq(arg, "crlSign")) { flags |= X509_CRL_SIGN; } +>>>>>>> upstream/4.5.1 else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -224,8 +245,12 @@ static int self() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { +<<<<<<< HEAD + return command_usage("invalid output format"); +======= error = "invalid output format"; goto usage; +>>>>>>> upstream/4.5.1 } continue; case 'o': @@ -310,6 +335,9 @@ static int self() BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san, +<<<<<<< HEAD + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); +======= BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_PERMITTED_NAME_CONSTRAINTS, permitted, BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded, @@ -319,6 +347,7 @@ static int self() BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping, BUILD_POLICY_INHIBIT_ANY, inhibit_any, BUILD_END); +>>>>>>> upstream/4.5.1 if (!cert) { error = "generating certificate failed"; @@ -341,10 +370,13 @@ end: DESTROY_IF(public); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); +<<<<<<< HEAD +======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); +>>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); free(encoding.ptr); free(serial.ptr); @@ -358,10 +390,13 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); +<<<<<<< HEAD +======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); +>>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); return command_usage(error); } @@ -377,6 +412,25 @@ static void __attribute__ ((constructor))reg() {"[--in file | --keyid hex] [--type rsa|ecdsa]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", +<<<<<<< HEAD + "[--flag serverAuth|clientAuth|ocspSigning]+", + "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "private key input file, default: stdin"}, + {"keyid", 'x', 1, "keyid on smartcard of private key"}, + {"type", 't', 1, "type of input key, default: rsa"}, + {"dn", 'd', 1, "subject and issuer distinguished name"}, + {"san", 'a', 1, "subjectAltName to include in certificate"}, + {"lifetime",'l', 1, "days the certificate is valid, default: 1095"}, + {"serial", 's', 1, "serial number in hex, default: random"}, + {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"pathlen", 'p', 1, "set path length constraint"}, + {"flag", 'e', 1, "include extendedKeyUsage flag"}, + {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + {"outform", 'f', 1, "encoding of generated cert, default: der"}, +======= "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+", "[--nc-permitted name] [--nc-excluded name]", "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+", @@ -407,6 +461,7 @@ static void __attribute__ ((constructor))reg() {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, +>>>>>>> upstream/4.5.1 } }); } diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 4b1c12e5c..07e4add48 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -98,6 +98,8 @@ static int read_serial(char *file, char *buf, int buflen) } /** +<<<<<<< HEAD +======= * Destroy a CDP */ static void cdp_destroy(x509_cdp_t *this) @@ -107,6 +109,7 @@ static void cdp_destroy(x509_cdp_t *this) } /** +>>>>>>> upstream/4.5.1 * Sign a CRL */ static int sign_crl() @@ -119,12 +122,22 @@ static int sign_crl() x509_t *x509; hash_algorithm_t digest = HASH_SHA1; char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL; +<<<<<<< HEAD +======= char *basecrl = NULL; +>>>>>>> upstream/4.5.1 char serial[512], crl_serial[8], *keyid = NULL; int serial_len = 0; crl_reason_t reason = CRL_REASON_UNSPECIFIED; time_t thisUpdate, nextUpdate, date = time(NULL); int lifetime = 15; +<<<<<<< HEAD + linked_list_t *list; + enumerator_t *enumerator, *lastenum = NULL; + chunk_t encoding = chunk_empty; + + list = linked_list_create(); +======= linked_list_t *list, *cdps; enumerator_t *enumerator, *lastenum = NULL; x509_cdp_t *cdp; @@ -132,6 +145,7 @@ static int sign_crl() list = linked_list_create(); cdps = linked_list_create(); +>>>>>>> upstream/4.5.1 memset(crl_serial, 0, sizeof(crl_serial)); @@ -202,6 +216,8 @@ static int sign_crl() reason = CRL_REASON_UNSPECIFIED; continue; } +<<<<<<< HEAD +======= case 'b': basecrl = arg; continue; @@ -211,6 +227,7 @@ static int sign_crl() ); cdps->insert_last(cdps, cdp); continue; +>>>>>>> upstream/4.5.1 case 'r': if (streq(arg, "key-compromise")) { @@ -283,9 +300,15 @@ static int sign_crl() goto error; } x509 = (x509_t*)ca; +<<<<<<< HEAD + if (!(x509->get_flags(x509) & X509_CA)) + { + error = "CA certificate misses CA basicConstraint"; +======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) { error = "CA certificate misses CA basicConstraint / CRLSign keyUsage"; +>>>>>>> upstream/4.5.1 goto error; } public = ca->get_public_key(ca); @@ -323,6 +346,8 @@ static int sign_crl() thisUpdate = time(NULL); nextUpdate = thisUpdate + lifetime * 24 * 60 * 60; +<<<<<<< HEAD +======= if (basecrl) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -339,6 +364,7 @@ static int sign_crl() lastcrl = NULL; } +>>>>>>> upstream/4.5.1 if (lastupdate) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -352,10 +378,13 @@ static int sign_crl() min(lastcrl->get_serial(lastcrl).len, sizeof(crl_serial))); lastenum = lastcrl->create_enumerator(lastcrl); } +<<<<<<< HEAD +======= else { lastenum = enumerator_create_empty(); } +>>>>>>> upstream/4.5.1 chunk_increment(chunk_create(crl_serial, sizeof(crl_serial))); @@ -365,12 +394,20 @@ static int sign_crl() BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, BUILD_SERIAL, chunk_create(crl_serial, sizeof(crl_serial)), BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate, +<<<<<<< HEAD + BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_DIGEST_ALG, digest, + lastenum ? BUILD_REVOKED_ENUMERATOR : BUILD_END, lastenum, + BUILD_END); + enumerator->destroy(enumerator); + DESTROY_IF(lastenum); +======= BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest, BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber, BUILD_END); enumerator->destroy(enumerator); lastenum->destroy(lastenum); +>>>>>>> upstream/4.5.1 DESTROY_IF((certificate_t*)lastcrl); if (!crl) @@ -395,9 +432,13 @@ error: DESTROY_IF(ca); DESTROY_IF(crl); free(encoding.ptr); +<<<<<<< HEAD + list->destroy_function(list, (void*)revoked_destroy); +======= free(baseCrlNumber.ptr); list->destroy_function(list, (void*)revoked_destroy); cdps->destroy_function(cdps, (void*)cdp_destroy); +>>>>>>> upstream/4.5.1 if (error) { fprintf(stderr, "%s\n", error); @@ -407,7 +448,10 @@ error: usage: list->destroy_function(list, (void*)revoked_destroy); +<<<<<<< HEAD +======= cdps->destroy_function(cdps, (void*)cdp_destroy); +>>>>>>> upstream/4.5.1 return command_usage(error); } @@ -420,13 +464,30 @@ static void __attribute__ ((constructor))reg() sign_crl, 'c', "signcrl", "issue a CRL using a CA certificate and key", {"--cacert file --cakey file | --cakeyid hex --lifetime days", +<<<<<<< HEAD +======= "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+", +>>>>>>> upstream/4.5.1 "[ [--reason key-compromise|ca-compromise|affiliation-changed|", " superseded|cessation-of-operation|certificate-hold]", " [--date timestamp]", " --cert file | --serial hex ]*", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { +<<<<<<< HEAD + {"help", 'h', 0, "show usage information"}, + {"cacert", 'c', 1, "CA certificate file"}, + {"cakey", 'k', 1, "CA private key file"}, + {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"}, + {"lifetime",'l', 1, "days the CRL gets a nextUpdate, default: 15"}, + {"lastcrl", 'a', 1, "CRL of lastUpdate to copy revocations from"}, + {"cert", 'z', 1, "certificate file to revoke"}, + {"serial", 's', 1, "hex encoded certificate serial number to revoke"}, + {"reason", 'r', 1, "reason for certificate revocation"}, + {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + {"outform", 'f', 1, "encoding of generated crl, default: der"}, +======= {"help", 'h', 0, "show usage information"}, {"cacert", 'c', 1, "CA certificate file"}, {"cakey", 'k', 1, "CA private key file"}, @@ -441,6 +502,7 @@ static void __attribute__ ((constructor))reg() {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated crl, default: der"}, +>>>>>>> upstream/4.5.1 } }); } diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index 1428854ee..eb7f2c28a 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -304,7 +304,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -343,8 +349,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pluto/ca.c b/src/pluto/ca.c index add85def8..713d56ef1 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -629,7 +629,11 @@ void add_ca_info(const whack_message_t *msg) if (strncasecmp(msg->ocspuri, "http", 4) == 0) ca->ocspuri = clone_str(msg->ocspuri); else +<<<<<<< HEAD + plog(" ignoring ocspuri with unkown protocol"); +======= plog(" ignoring ocspuri with unknown protocol"); +>>>>>>> upstream/4.5.1 } /* add crl uris */ diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 1c9c9a8cc..d8f962501 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -352,7 +352,11 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, x509crl_t *x509crl; ca_info_t *ca; enumerator_t *enumerator; +<<<<<<< HEAD + char *point; +======= x509_cdp_t *cdp; +>>>>>>> upstream/4.5.1 ca = get_ca_info(issuer, authKeyID); @@ -376,9 +380,15 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &point)) + { + add_distribution_point(crluris, point); +======= while (enumerator->enumerate(enumerator, &cdp)) { add_distribution_point(crluris, cdp->uri); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -416,9 +426,15 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &point)) + { + add_distribution_point(x509crl->distributionPoints, point); +======= while (enumerator->enumerate(enumerator, &cdp)) { add_distribution_point(x509crl->distributionPoints, cdp->uri); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index f01966c72..695035ea1 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -26,6 +26,16 @@ static struct encrypt_desc encrypt_desc_3des = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_3DES_CBC, + algo_next: NULL, + + enc_blocksize: DES_BLOCK_SIZE, + keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, + keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, + keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_3DES_CBC, plugin_name: NULL, @@ -35,6 +45,7 @@ static struct encrypt_desc encrypt_desc_3des = keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, +>>>>>>> upstream/4.5.1 }; #define AES_KEY_MIN_LEN 128 @@ -43,6 +54,16 @@ static struct encrypt_desc encrypt_desc_3des = static struct encrypt_desc encrypt_desc_aes = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_AES_CBC, + algo_next: NULL, + + enc_blocksize: AES_BLOCK_SIZE, + keyminlen: AES_KEY_MIN_LEN, + keydeflen: AES_KEY_DEF_LEN, + keymaxlen: AES_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, plugin_name: NULL, @@ -52,6 +73,7 @@ static struct encrypt_desc encrypt_desc_aes = keyminlen: AES_KEY_MIN_LEN, keydeflen: AES_KEY_DEF_LEN, keymaxlen: AES_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define CAMELLIA_KEY_MIN_LEN 128 @@ -60,6 +82,16 @@ static struct encrypt_desc encrypt_desc_aes = static struct encrypt_desc encrypt_desc_camellia = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_CAMELLIA_CBC, + algo_next: NULL, + + enc_blocksize: CAMELLIA_BLOCK_SIZE, + keyminlen: CAMELLIA_KEY_MIN_LEN, + keydeflen: CAMELLIA_KEY_DEF_LEN, + keymaxlen: CAMELLIA_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_CAMELLIA_CBC, plugin_name: NULL, @@ -69,6 +101,7 @@ static struct encrypt_desc encrypt_desc_camellia = keyminlen: CAMELLIA_KEY_MIN_LEN, keydeflen: CAMELLIA_KEY_DEF_LEN, keymaxlen: CAMELLIA_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define BLOWFISH_KEY_MIN_LEN 128 @@ -76,6 +109,16 @@ static struct encrypt_desc encrypt_desc_camellia = static struct encrypt_desc encrypt_desc_blowfish = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_BLOWFISH_CBC, + algo_next: NULL, + + enc_blocksize: BLOWFISH_BLOCK_SIZE, + keyminlen: BLOWFISH_KEY_MIN_LEN, + keydeflen: BLOWFISH_KEY_MIN_LEN, + keymaxlen: BLOWFISH_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, plugin_name: NULL, @@ -85,6 +128,7 @@ static struct encrypt_desc encrypt_desc_blowfish = keyminlen: BLOWFISH_KEY_MIN_LEN, keydeflen: BLOWFISH_KEY_MIN_LEN, keymaxlen: BLOWFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define SERPENT_KEY_MIN_LEN 128 @@ -93,6 +137,16 @@ static struct encrypt_desc encrypt_desc_blowfish = static struct encrypt_desc encrypt_desc_serpent = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_SERPENT_CBC, + algo_next: NULL, + + enc_blocksize: SERPENT_BLOCK_SIZE, + keyminlen: SERPENT_KEY_MIN_LEN, + keydeflen: SERPENT_KEY_DEF_LEN, + keymaxlen: SERPENT_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_SERPENT_CBC, plugin_name: NULL, @@ -102,6 +156,7 @@ static struct encrypt_desc encrypt_desc_serpent = keyminlen: SERPENT_KEY_MIN_LEN, keydeflen: SERPENT_KEY_DEF_LEN, keymaxlen: SERPENT_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; #define TWOFISH_KEY_MIN_LEN 128 @@ -110,6 +165,16 @@ static struct encrypt_desc encrypt_desc_serpent = static struct encrypt_desc encrypt_desc_twofish = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_TWOFISH_CBC, + algo_next: NULL, + + enc_blocksize: TWOFISH_BLOCK_SIZE, + keydeflen: TWOFISH_KEY_MIN_LEN, + keyminlen: TWOFISH_KEY_DEF_LEN, + keymaxlen: TWOFISH_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, plugin_name: NULL, @@ -119,10 +184,21 @@ static struct encrypt_desc encrypt_desc_twofish = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; static struct encrypt_desc encrypt_desc_twofish_ssh = { +<<<<<<< HEAD + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_TWOFISH_CBC_SSH, + algo_next: NULL, + + enc_blocksize: TWOFISH_BLOCK_SIZE, + keydeflen: TWOFISH_KEY_MIN_LEN, + keyminlen: TWOFISH_KEY_DEF_LEN, + keymaxlen: TWOFISH_KEY_MAX_LEN, +======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC_SSH, plugin_name: NULL, @@ -132,13 +208,17 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, +>>>>>>> upstream/4.5.1 }; static struct hash_desc hash_desc_md5 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, +<<<<<<< HEAD +======= plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; @@ -147,7 +227,10 @@ static struct hash_desc hash_desc_sha1 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, +<<<<<<< HEAD +======= plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -155,7 +238,10 @@ static struct hash_desc hash_desc_sha1 = static struct hash_desc hash_desc_sha2_256 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_256, +<<<<<<< HEAD +======= plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA256, }; @@ -163,7 +249,10 @@ static struct hash_desc hash_desc_sha2_256 = { static struct hash_desc hash_desc_sha2_384 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_384, +<<<<<<< HEAD +======= plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA384, }; @@ -171,12 +260,119 @@ static struct hash_desc hash_desc_sha2_384 = { static struct hash_desc hash_desc_sha2_512 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_512, +<<<<<<< HEAD +======= plugin_name: NULL, +>>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA512, }; const struct dh_desc unset_group = { +<<<<<<< HEAD + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_NONE, + algo_next: NULL, + ke_size: 0 +}; + +static struct dh_desc dh_desc_modp_1024 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1024_BIT, + algo_next: NULL, + ke_size: 1024 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_1536 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1536_BIT, + algo_next: NULL, + ke_size: 1536 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_BIT, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_3072 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_3072_BIT, + algo_next: NULL, + ke_size: 3072 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_4096 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_4096_BIT, + algo_next: NULL, + ke_size: 4096 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_6144 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_6144_BIT, + algo_next: NULL, + ke_size: 6144 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_8192 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_8192_BIT, + algo_next: NULL, + ke_size: 8192 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_256 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_256_BIT, + algo_next: NULL, + ke_size: 2*256 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_384 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_384_BIT, + algo_next: NULL, + ke_size: 2*384 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_521 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_521_BIT, + algo_next: NULL, + ke_size: 2*528 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_1024_160 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1024_160, + algo_next: NULL, + ke_size: 1024 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_224 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_224, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_256 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_256, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_ecp_192 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: ECP_192_BIT, + algo_next: NULL, + ke_size: 2*192 / BITS_PER_BYTE +======= algo_type: IKE_ALG_DH_GROUP, algo_id: MODP_NONE, plugin_name: NULL, @@ -293,14 +489,20 @@ static struct dh_desc dh_desc_ecp_192 = { plugin_name: NULL, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE +>>>>>>> upstream/4.5.1 }; static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, algo_id: ECP_224_BIT, +<<<<<<< HEAD + algo_next: NULL, + ke_size: 2*224 / BITS_PER_BYTE +======= plugin_name: NULL, algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE +>>>>>>> upstream/4.5.1 }; bool init_crypto(void) @@ -309,12 +511,19 @@ bool init_crypto(void) encryption_algorithm_t encryption_alg; hash_algorithm_t hash_alg; diffie_hellman_group_t dh_group; +<<<<<<< HEAD +======= const char *plugin_name; +>>>>>>> upstream/4.5.1 bool no_md5 = TRUE; bool no_sha1 = TRUE; enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &hash_alg)) +======= while (enumerator->enumerate(enumerator, &hash_alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct hash_desc *desc; @@ -340,7 +549,11 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD + ike_alg_add((struct ike_alg *)desc); +======= ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -354,7 +567,11 @@ bool init_crypto(void) } enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &encryption_alg)) +======= while (enumerator->enumerate(enumerator, &encryption_alg, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct encrypt_desc *desc; @@ -374,8 +591,12 @@ bool init_crypto(void) break; case ENCR_TWOFISH_CBC: desc = &encrypt_desc_twofish; +<<<<<<< HEAD + ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh); +======= ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh, plugin_name); +>>>>>>> upstream/4.5.1 break; case ENCR_SERPENT_CBC: desc = &encrypt_desc_serpent; @@ -383,12 +604,20 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD + ike_alg_add((struct ike_alg *)desc); +======= ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &dh_group)) +======= while (enumerator->enumerate(enumerator, &dh_group, &plugin_name)) +>>>>>>> upstream/4.5.1 { const struct dh_desc *desc; @@ -442,7 +671,11 @@ bool init_crypto(void) default: continue; } +<<<<<<< HEAD + ike_alg_add((struct ike_alg *)desc); +======= ike_alg_add((struct ike_alg *)desc, plugin_name); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); return TRUE; diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 249e645ed..22976fe9a 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -1147,7 +1147,11 @@ read_packet(struct msg_digest *md) } else if (from_ugh != NULL) { +<<<<<<< HEAD + plog("recvfrom on %s returned misformed source sockaddr: %s" +======= plog("recvfrom on %s returned malformed source sockaddr: %s" +>>>>>>> upstream/4.5.1 , ifp->rname, from_ugh); return FALSE; } diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index a36b5ce4e..eabe6c86e 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -72,7 +72,11 @@ static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id, /** * "raw" ike_alg list adding function */ +<<<<<<< HEAD +int ike_alg_add(struct ike_alg* a) +======= int ike_alg_add(struct ike_alg* a, const char *plugin_name) +>>>>>>> upstream/4.5.1 { if (a->algo_type > IKE_ALG_MAX) { @@ -96,7 +100,10 @@ int ike_alg_add(struct ike_alg* a, const char *plugin_name) e = *ep; } *ep = a; +<<<<<<< HEAD +======= a->plugin_name = plugin_name; +>>>>>>> upstream/4.5.1 a->algo_next = e; return 0; } @@ -305,6 +312,8 @@ fail: } /** +<<<<<<< HEAD +======= * Print the name of an algorithm plus the name of the plugin that registered it */ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, @@ -325,21 +334,74 @@ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, } /** +>>>>>>> upstream/4.5.1 * Show registered IKE algorithms */ void ike_alg_list(void) { +<<<<<<< HEAD + char buf[BUF_LEN]; + char *pos; + int n, len; +======= rng_quality_t quality; enumerator_t *enumerator; const char *plugin_name; char buf[BUF_LEN]; int len; +>>>>>>> upstream/4.5.1 struct ike_alg *a; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered IKEv1 Algorithms:"); whack_log(RC_COMMENT, " "); +<<<<<<< HEAD + pos = buf; + *pos = '\0'; + len = BUF_LEN; + for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) + { + n = snprintf(pos, len, " %s", enum_name(&oakley_enc_names, a->algo_id)); + pos += n; + len -= n; + if (len <= 0) + { + break; + } + } + whack_log(RC_COMMENT, " encryption:%s", buf); + + pos = buf; + *pos = '\0'; + len = BUF_LEN; + for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next) + { + n = snprintf(pos, len, " %s", enum_name(&oakley_hash_names, a->algo_id)); + pos += n; + len -= n; + if (len <= 0) + { + break; + } + } + whack_log(RC_COMMENT, " integrity: %s", buf); + + pos = buf; + *pos = '\0'; + len = BUF_LEN; + for (a = ike_alg_base[IKE_ALG_DH_GROUP]; a != NULL; a = a->algo_next) + { + n = snprintf(pos, len, " %s", enum_name(&oakley_group_names, a->algo_id)); + pos += n; + len -= n; + if (len <= 0) + { + break; + } + } + whack_log(RC_COMMENT, " dh-group: %s", buf); +======= len = sprintf(buf, " encryption:"); for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) { @@ -370,6 +432,7 @@ void ike_alg_list(void) } enumerator->destroy(enumerator); whack_log(RC_COMMENT, "%s", buf); +>>>>>>> upstream/4.5.1 } /** diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h index c3ce8bb38..7ee2ca808 100644 --- a/src/pluto/ike_alg.h +++ b/src/pluto/ike_alg.h @@ -22,14 +22,20 @@ struct ike_alg { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; }; struct encrypt_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t enc_blocksize; @@ -41,7 +47,10 @@ struct encrypt_desc { struct hash_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t hash_digest_size; @@ -50,7 +59,10 @@ struct hash_desc { struct dh_desc { u_int16_t algo_type; u_int16_t algo_id; +<<<<<<< HEAD +======= const char *plugin_name; +>>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t ke_size; @@ -61,7 +73,11 @@ struct dh_desc { #define IKE_ALG_DH_GROUP 2 #define IKE_ALG_MAX IKE_ALG_DH_GROUP +<<<<<<< HEAD +extern int ike_alg_add(struct ike_alg *a); +======= extern int ike_alg_add(struct ike_alg *a, const char *plugin_name); +>>>>>>> upstream/4.5.1 extern struct hash_desc *ike_alg_get_hasher(u_int alg); extern struct encrypt_desc *ike_alg_get_crypter(u_int alg); extern struct dh_desc *ike_alg_get_dh_group(u_int alg); diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 104b6c2d4..7d54b9e8e 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -1183,7 +1183,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ipcomp_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD + mark, <_none, ENCR_UNDEFINED, chunk_empty, +======= mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, +>>>>>>> upstream/4.5.1 AUTH_UNDEFINED, chunk_empty, mode, st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, inbound, NULL, NULL) != SUCCESS) @@ -1292,7 +1296,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, esp_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD + mark, <_none, enc_alg, enc_key, +======= mark, 0, <_none, enc_alg, enc_key, +>>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, encap, inbound, NULL, NULL) != SUCCESS) { @@ -1325,7 +1333,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ah_spi, said_next->proto, c->spd.reqid, +<<<<<<< HEAD + mark, <_none, ENCR_UNDEFINED, chunk_empty, +======= mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, +>>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, FALSE, inbound, NULL, NULL) != SUCCESS) { diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index c82c376f8..41155c619 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -397,6 +397,13 @@ struct sadb_alg* kernel_alg_esp_sadb_alg(u_int alg_id) return sadb_alg; } +<<<<<<< HEAD +void kernel_alg_list(void) +{ + char buf[BUF_LEN]; + char *pos; + int n, len; +======= /** * Print the name of a kernel algorithm */ @@ -419,33 +426,71 @@ void kernel_alg_list(void) { char buf[BUF_LEN]; int len; +>>>>>>> upstream/4.5.1 u_int sadb_id; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered ESP Algorithms:"); whack_log(RC_COMMENT, " "); +<<<<<<< HEAD + pos = buf; + *pos = '\0'; + len = BUF_LEN; +======= len = sprintf(buf, " encryption:"); +>>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++) { if (ESP_EALG_PRESENT(sadb_id)) { +<<<<<<< HEAD + n = snprintf(pos, len, " %s", + enum_name(&esp_transform_names, sadb_id)); + pos += n; + len -= n; + if (len <= 0) + { + break; + } + } + } + whack_log(RC_COMMENT, " encryption:%s", buf); + + pos = buf; + *pos = '\0'; + len = BUF_LEN; +======= print_alg(buf, &len, &esp_transform_names, sadb_id); } } whack_log(RC_COMMENT, "%s", buf); len = sprintf(buf, " integrity: "); +>>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++) { if (ESP_AALG_PRESENT(sadb_id)) { u_int aaid = alg_info_esp_sadb2aa(sadb_id); +<<<<<<< HEAD + n = snprintf(pos, len, " %s", enum_name(&auth_alg_names, aaid)); + pos += n; + len -= n; + if (len <= 0) + { + break; + } + } + } + whack_log(RC_COMMENT, " integrity: %s", buf); +======= print_alg(buf, &len, &auth_alg_names, aaid); } } whack_log(RC_COMMENT, "%s", buf); +>>>>>>> upstream/4.5.1 } void kernel_alg_show_connection(connection_t *c, const char *instance) diff --git a/src/pluto/keys.c b/src/pluto/keys.c index 86b46c6c1..e2c52fab0 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -902,7 +902,10 @@ static void process_secret(secret_t *s, int whackfd) { loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s" , flp->filename, flp->lino, ugh); +<<<<<<< HEAD +======= s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy)); +>>>>>>> upstream/4.5.1 free(s); } else if (flushline("expected record boundary in key")) @@ -1011,11 +1014,16 @@ static void process_secret_records(int whackfd) if (!shift()) { /* unexpected Record Boundary or EOF */ +<<<<<<< HEAD + loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end of id list" + , flp->filename, flp->lino); +======= loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end" " of id list", flp->filename, flp->lino); s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy)); free(s); +>>>>>>> upstream/4.5.1 break; } } diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index a3694b7b5..14e5cbb96 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -1045,8 +1045,13 @@ static bool valid_ocsp_response(response_t *res) ) /* check path length constraint */ +<<<<<<< HEAD + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && +======= pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen_constraint != X509_NO_CONSTRAINT && +>>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", diff --git a/src/pluto/plugins/xauth/Makefile.in b/src/pluto/plugins/xauth/Makefile.in index 358805cc4..793a0e88d 100644 --- a/src/pluto/plugins/xauth/Makefile.in +++ b/src/pluto/plugins/xauth/Makefile.in @@ -218,7 +218,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -257,8 +263,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8 index 9ac537bd9..1efb1a6f7 100644 --- a/src/pluto/pluto.8 +++ b/src/pluto/pluto.8 @@ -1,8 +1,14 @@ .TH IPSEC_PLUTO 8 "28 March 1999" .SH NAME +<<<<<<< HEAD +ipsec pluto \- IPsec IKE keying daemon +.br +ipsec whack \- control interface for IPSEC keying daemon +======= pluto \- IPsec IKE keying daemon and control interface .PP whack \- control interface for IKE keying daemon +>>>>>>> upstream/4.5.1 .SH SYNOPSIS .na .nh @@ -1009,7 +1015,11 @@ specifies the name of the operation to be performed \fBup-host\fP, \fBup-client\fP, \fBdown-host\fP, or \fBdown-client\fP). If the address family for security gateway to security gateway communications is IPv6, then +<<<<<<< HEAD +a suffix of -v6 is added to the verb. +======= a suffix of \-v6 is added to the verb. +>>>>>>> upstream/4.5.1 .TP \fBPLUTO_CONNECTION\fP is the name of the connection for which we are routing. @@ -1571,7 +1581,11 @@ rejected with ECONNREFUSED (kernel supplied no details)''. John Denker suggests that this command is useful for tracking down the source of these problems: .br +<<<<<<< HEAD + tcpdump -i eth0 icmp[0] != 8 and icmp[0] != 0 +======= tcpdump \-i eth0 icmp[0] != 8 and icmp[0] != 0 +>>>>>>> upstream/4.5.1 .br Substitute your public interface for eth0 if it is different. .LP diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 7e2aca862..b76f02845 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -255,8 +255,13 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until) unlock_authcert_list("verify_x509cert"); /* check path length constraint */ +<<<<<<< HEAD + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && +======= pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen_constraint != X509_NO_CONSTRAINT && +>>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", @@ -450,8 +455,13 @@ void list_x509cert_chain(const char *caption, cert_t* cert, } /* list optional pathLenConstraint */ +<<<<<<< HEAD + pathlen = x509->get_pathLenConstraint(x509); + if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) +======= pathlen = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen != X509_NO_CONSTRAINT) +>>>>>>> upstream/4.5.1 { whack_log(RC_COMMENT, " pathlen: %d", pathlen); } diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 623585f65..880715697 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -228,7 +228,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,8 +273,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/scepclient/scepclient.8 b/src/scepclient/scepclient.8 index 72750e155..d717ba309 100644 --- a/src/scepclient/scepclient.8 +++ b/src/scepclient/scepclient.8 @@ -239,12 +239,20 @@ Log raw hex dumps. .PP .B \-C, \-\-debug\-control .RS 4 +<<<<<<< HEAD +Log informations about control flow. +======= Log information about control flow. +>>>>>>> upstream/4.5.1 .RE .PP .B \-M, \-\-debug\-controlmore .RS 4 +<<<<<<< HEAD +Log more detailed informations about control flow. +======= Log more detailed information about control flow. +>>>>>>> upstream/4.5.1 .RE .PP .B \-X, \-\-debug\-private diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index f05aeca22..29cdccbed 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -25,6 +25,10 @@ AM_CFLAGS = \ starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf +<<<<<<< HEAD +dist_man_MANS = starter.8 +======= +>>>>>>> upstream/4.5.1 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR=$(top_srcdir)/src/pluto @@ -58,6 +62,18 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : +<<<<<<< HEAD + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true +======= test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true @@ -68,4 +84,5 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true +>>>>>>> upstream/4.5.1 diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index f1c370ad9..e38324f4a 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -39,7 +39,12 @@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON @USE_LOAD_WARNING_TRUE@am__append_3 = -DLOAD_WARNING subdir = src/starter +<<<<<<< HEAD +DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +======= DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in +>>>>>>> upstream/4.5.1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -55,7 +60,11 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +<<<<<<< HEAD +am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" +======= am__installdirs = "$(DESTDIR)$(ipsecdir)" +>>>>>>> upstream/4.5.1 PROGRAMS = $(ipsec_PROGRAMS) am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ starterwhack.$(OBJEXT) starterstroke.$(OBJEXT) \ @@ -84,6 +93,33 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) +<<<<<<< HEAD +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man_MANS) +======= +>>>>>>> upstream/4.5.1 ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -206,7 +242,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -245,8 +287,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -279,6 +324,10 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ $(am__append_2) $(am__append_3) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf +<<<<<<< HEAD +dist_man_MANS = starter.8 +======= +>>>>>>> upstream/4.5.1 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR = $(top_srcdir)/src/pluto SCEPCLIENTDIR = $(top_srcdir)/src/scepclient @@ -412,6 +461,47 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +<<<<<<< HEAD +install-man8: $(dist_man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +======= +>>>>>>> upstream/4.5.1 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -466,6 +556,22 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) +<<<<<<< HEAD + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi +======= +>>>>>>> upstream/4.5.1 @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -497,9 +603,15 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am +<<<<<<< HEAD +all-am: Makefile $(PROGRAMS) $(MANS) +installdirs: + for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \ +======= all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(ipsecdir)"; do \ +>>>>>>> upstream/4.5.1 test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -551,7 +663,11 @@ info: info-am info-am: +<<<<<<< HEAD +install-data-am: install-ipsecPROGRAMS install-man +======= install-data-am: install-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 install-dvi: install-dvi-am @@ -567,7 +683,11 @@ install-info: install-info-am install-info-am: +<<<<<<< HEAD +install-man: install-man8 +======= install-man: +>>>>>>> upstream/4.5.1 install-pdf: install-pdf-am @@ -597,7 +717,13 @@ ps: ps-am ps-am: +<<<<<<< HEAD +uninstall-am: uninstall-ipsecPROGRAMS uninstall-man + +uninstall-man: uninstall-man8 +======= uninstall-am: uninstall-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 .MAKE: install-am install-strip @@ -608,12 +734,22 @@ uninstall-am: uninstall-ipsecPROGRAMS install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-exec-local \ install-html install-html-am install-info install-info-am \ +<<<<<<< HEAD + install-ipsecPROGRAMS install-man install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-man uninstall-man8 +======= install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS +>>>>>>> upstream/4.5.1 lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h @@ -632,6 +768,18 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : +<<<<<<< HEAD + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true +======= test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true @@ -642,6 +790,7 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true +>>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/starter/args.c b/src/starter/args.c index 87307f1aa..0c1a835ae 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -239,7 +239,10 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MARK */ }, { ARG_MISC, 0, NULL /* KW_MARK_IN */ }, { ARG_MISC, 0, NULL /* KW_MARK_OUT */ }, +<<<<<<< HEAD +======= { ARG_MISC, 0, NULL /* KW_TFC */ }, +>>>>>>> upstream/4.5.1 /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -273,7 +276,10 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, rsakey), NULL }, { ARG_STR, offsetof(starter_end_t, cert), NULL }, { ARG_STR, offsetof(starter_end_t, cert2), NULL }, +<<<<<<< HEAD +======= { ARG_STR, offsetof(starter_end_t, cert_policy), NULL }, +>>>>>>> upstream/4.5.1 { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert }, { ARG_STR, offsetof(starter_end_t, ca), NULL }, { ARG_STR, offsetof(starter_end_t, ca2), NULL }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 1e7daa6a9..f48843750 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -705,6 +705,8 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg cfg->err++; } break; +<<<<<<< HEAD +======= case KW_TFC: if (streq(kw->value, "%mtu")) { @@ -722,6 +724,7 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg } } break; +>>>>>>> upstream/4.5.1 case KW_KEYINGTRIES: if (streq(kw->value, "%forever")) { diff --git a/src/starter/confread.h b/src/starter/confread.h index 4f9c5f7d0..ba17d0b9a 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -64,7 +64,10 @@ struct starter_end { char *ca; char *ca2; char *groups; +<<<<<<< HEAD +======= char *cert_policy; +>>>>>>> upstream/4.5.1 char *iface; ip_address addr; u_int ikeport; @@ -126,7 +129,10 @@ struct starter_conn { u_int32_t reqid; mark_t mark_in; mark_t mark_out; +<<<<<<< HEAD +======= u_int32_t tfc; +>>>>>>> upstream/4.5.1 sa_family_t addr_family; sa_family_t tunnel_addr_family; bool install_policy; diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 340b7131d..78c243f7e 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,12 +54,21 @@ struct kw_entry { kw_token_t token; }; +<<<<<<< HEAD +#define TOTAL_KEYWORDS 127 +#define MIN_WORD_LENGTH 3 +#define MAX_WORD_LENGTH 17 +#define MIN_HASH_VALUE 12 +#define MAX_HASH_VALUE 238 +/* maximum key range = 227, duplicates = 0 */ +======= #define TOTAL_KEYWORDS 130 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 18 #define MAX_HASH_VALUE 249 /* maximum key range = 232, duplicates = 0 */ +>>>>>>> upstream/4.5.1 #ifdef __GNUC__ __inline @@ -75,6 +84,34 @@ hash (str, len) { static const unsigned char asso_values[] = { +<<<<<<< HEAD + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 2, + 104, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 15, 239, 20, 14, 58, + 51, 1, 7, 1, 81, 1, 239, 132, 47, 4, + 1, 49, 10, 9, 23, 1, 20, 48, 4, 239, + 239, 35, 1, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239 +======= 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, @@ -101,6 +138,7 @@ hash (str, len) 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250 +>>>>>>> upstream/4.5.1 }; register int hval = len; @@ -124,6 +162,134 @@ hash (str, len) static const struct kw_entry wordlist[] = { {"pfs", KW_PFS}, +<<<<<<< HEAD + {"uniqueids", KW_UNIQUEIDS}, + {"rightgroups", KW_RIGHTGROUPS}, + {"lifetime", KW_KEYLIFE}, + {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, + {"rightnatip", KW_RIGHTNATIP}, + {"esp", KW_ESP}, + {"rightnexthop", KW_RIGHTNEXTHOP}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"right", KW_RIGHT}, + {"leftupdown", KW_LEFTUPDOWN}, + {"leftnexthop", KW_LEFTNEXTHOP}, + {"left", KW_LEFT}, + {"keep_alive", KW_KEEP_ALIVE}, + {"rightsubnet", KW_RIGHTSUBNET}, + {"rightikeport", KW_RIGHTIKEPORT}, + {"rightsendcert", KW_RIGHTSENDCERT}, + {"leftcert", KW_LEFTCERT,}, + {"interfaces", KW_INTERFACES}, + {"lifepackets", KW_LIFEPACKETS}, + {"leftsendcert", KW_LEFTSENDCERT}, + {"leftgroups", KW_LEFTGROUPS}, + {"eap", KW_EAP}, + {"rightprotoport", KW_RIGHTPROTOPORT}, + {"leftnatip", KW_LEFTNATIP}, + {"keyingtries", KW_KEYINGTRIES}, + {"type", KW_TYPE}, + {"keylife", KW_KEYLIFE}, + {"mark_in", KW_MARK_IN}, + {"lifebytes", KW_LIFEBYTES}, + {"leftca", KW_LEFTCA}, + {"margintime", KW_REKEYMARGIN}, + {"marginbytes", KW_MARGINBYTES}, + {"leftrsasigkey", KW_LEFTRSASIGKEY}, + {"marginpackets", KW_MARGINPACKETS}, + {"certuribase", KW_CERTURIBASE}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, + {"rightid", KW_RIGHTID}, + {"rightupdown", KW_RIGHTUPDOWN}, + {"compress", KW_COMPRESS}, + {"leftprotoport", KW_LEFTPROTOPORT}, + {"overridemtu", KW_OVERRIDEMTU}, + {"reqid", KW_REQID}, + {"inactivity", KW_INACTIVITY}, + {"leftfirewall", KW_LEFTFIREWALL}, + {"rightfirewall", KW_RIGHTFIREWALL}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"mobike", KW_MOBIKE}, + {"lefthostaccess", KW_LEFTHOSTACCESS}, + {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, + {"rightrsasigkey", KW_RIGHTRSASIGKEY}, + {"pfsgroup", KW_PFSGROUP}, + {"me_peerid", KW_ME_PEERID}, + {"crluri", KW_CRLURI}, + {"leftsourceip", KW_LEFTSOURCEIP}, + {"crluri1", KW_CRLURI}, + {"mediation", KW_MEDIATION}, + {"dumpdir", KW_DUMPDIR}, + {"forceencaps", KW_FORCEENCAPS}, + {"leftsubnet", KW_LEFTSUBNET}, + {"rightca", KW_RIGHTCA}, + {"rightcert", KW_RIGHTCERT}, + {"ocspuri", KW_OCSPURI}, + {"dpdaction", KW_DPDACTION}, + {"ocspuri1", KW_OCSPURI}, + {"dpdtimeout", KW_DPDTIMEOUT}, + {"installpolicy", KW_INSTALLPOLICY}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, + {"ldapbase", KW_LDAPBASE}, + {"also", KW_ALSO}, + {"leftallowany", KW_LEFTALLOWANY}, + {"force_keepalive", KW_FORCE_KEEPALIVE}, + {"keyexchange", KW_KEYEXCHANGE}, + {"hidetos", KW_HIDETOS}, + {"klipsdebug", KW_KLIPSDEBUG}, + {"plutostderrlog", KW_PLUTOSTDERRLOG}, + {"rightauth", KW_RIGHTAUTH}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {"charondebug", KW_CHARONDEBUG}, + {"rightid2", KW_RIGHTID2}, + {"leftid", KW_LEFTID}, + {"mediated_by", KW_MEDIATED_BY}, + {"fragicmp", KW_FRAGICMP}, + {"mark_out", KW_MARK_OUT}, + {"auto", KW_AUTO}, + {"leftcert2", KW_LEFTCERT2,}, + {"nat_traversal", KW_NAT_TRAVERSAL}, + {"cacert", KW_CACERT}, + {"plutostart", KW_PLUTOSTART}, + {"eap_identity", KW_EAP_IDENTITY}, + {"prepluto", KW_PREPLUTO}, + {"packetdefault", KW_PACKETDEFAULT}, + {"xauth_identity", KW_XAUTH_IDENTITY}, + {"charonstart", KW_CHARONSTART}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL}, + {"rightauth2", KW_RIGHTAUTH2}, + {"ike", KW_IKE}, + {"aaa_identity", KW_AAA_IDENTITY}, + {"leftca2", KW_LEFTCA2}, + {"authby", KW_AUTHBY}, + {"leftauth", KW_LEFTAUTH}, + {"cachecrls", KW_CACHECRLS}, + {"ldaphost", KW_LDAPHOST}, + {"rekeymargin", KW_REKEYMARGIN}, + {"rekeyfuzz", KW_REKEYFUZZ}, + {"dpddelay", KW_DPDDELAY}, + {"ikelifetime", KW_IKELIFETIME}, + {"auth", KW_AUTH}, + {"xauth", KW_XAUTH}, + {"postpluto", KW_POSTPLUTO}, + {"plutodebug", KW_PLUTODEBUG}, + {"modeconfig", KW_MODECONFIG}, + {"nocrsend", KW_NOCRSEND}, + {"leftauth2", KW_LEFTAUTH2}, + {"leftid2", KW_LEFTID2}, + {"leftikeport", KW_LEFTIKEPORT}, + {"rightca2", KW_RIGHTCA2}, + {"rekey", KW_REKEY}, + {"rightcert2", KW_RIGHTCERT2}, + {"mark", KW_MARK}, + {"crluri2", KW_CRLURI2}, + {"reauth", KW_REAUTH}, + {"ocspuri2", KW_OCSPURI2}, + {"pkcs11module", KW_PKCS11MODULE}, + {"pkcs11initargs", KW_PKCS11INITARGS}, + {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, + {"pkcs11proxy", KW_PKCS11PROXY} +======= {"right", KW_RIGHT}, {"rightgroups", KW_RIGHTGROUPS}, {"left", KW_LEFT}, @@ -253,11 +419,37 @@ static const struct kw_entry wordlist[] = {"pkcs11proxy", KW_PKCS11PROXY}, {"modeconfig", KW_MODECONFIG}, {"postpluto", KW_POSTPLUTO} +>>>>>>> upstream/4.5.1 }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +<<<<<<< HEAD + -1, -1, 0, 1, -1, 2, -1, -1, 3, -1, + -1, 4, -1, 5, 6, 7, 8, 9, -1, 10, + 11, -1, 12, 13, 14, 15, 16, 17, -1, 18, + 19, 20, 21, 22, -1, -1, 23, 24, -1, 25, + 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, -1, 52, 53, 54, + 55, -1, 56, 57, -1, 58, 59, 60, -1, 61, + 62, 63, 64, -1, -1, 65, -1, 66, -1, 67, + 68, 69, 70, 71, -1, -1, 72, -1, -1, 73, + 74, 75, 76, 77, 78, 79, 80, -1, 81, 82, + 83, 84, 85, 86, 87, -1, 88, -1, 89, 90, + -1, 91, 92, 93, 94, -1, 95, 96, 97, 98, + -1, -1, -1, -1, 99, 100, 101, -1, 102, 103, + 104, 105, 106, 107, 108, 109, -1, 110, -1, -1, + 111, -1, -1, -1, -1, -1, -1, 112, -1, 113, + 114, 115, 116, 117, 118, -1, -1, -1, -1, 119, + -1, -1, 120, -1, -1, -1, -1, -1, -1, 121, + -1, -1, -1, -1, 122, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 123, -1, 124, 125, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 126 +======= -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, -1, -1, -1, 2, 3, -1, 4, -1, 5, 6, 7, 8, 9, -1, 10, 11, 12, 13, 14, -1, @@ -282,6 +474,7 @@ static const short lookup[] = -1, -1, -1, 122, -1, -1, 123, -1, 124, -1, 125, 126, -1, -1, -1, -1, 127, -1, 128, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 129 +>>>>>>> upstream/4.5.1 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 9f46a8b4b..23f6fd24b 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -102,10 +102,16 @@ typedef enum { KW_MARK, KW_MARK_IN, KW_MARK_OUT, +<<<<<<< HEAD + +#define KW_CONN_FIRST KW_CONN_SETUP +#define KW_CONN_LAST KW_MARK_OUT +======= KW_TFC, #define KW_CONN_FIRST KW_CONN_SETUP #define KW_CONN_LAST KW_TFC +>>>>>>> upstream/4.5.1 /* ca section keywords */ KW_CA_NAME, @@ -142,7 +148,10 @@ typedef enum { KW_RSASIGKEY, KW_CERT, KW_CERT2, +<<<<<<< HEAD +======= KW_CERTPOLICY, +>>>>>>> upstream/4.5.1 KW_SENDCERT, KW_CA, KW_CA2, @@ -172,7 +181,10 @@ typedef enum { KW_LEFTRSASIGKEY, KW_LEFTCERT, KW_LEFTCERT2, +<<<<<<< HEAD +======= KW_LEFTCERTPOLICY, +>>>>>>> upstream/4.5.1 KW_LEFTSENDCERT, KW_LEFTCA, KW_LEFTCA2, @@ -201,7 +213,10 @@ typedef enum { KW_RIGHTRSASIGKEY, KW_RIGHTCERT, KW_RIGHTCERT2, +<<<<<<< HEAD +======= KW_RIGHTCERTPOLICY, +>>>>>>> upstream/4.5.1 KW_RIGHTSENDCERT, KW_RIGHTCA, KW_RIGHTCA2, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 2c0e5de3d..608981472 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -93,7 +93,10 @@ reqid, KW_REQID mark, KW_MARK mark_in, KW_MARK_IN mark_out, KW_MARK_OUT +<<<<<<< HEAD +======= tfc, KW_TFC +>>>>>>> upstream/4.5.1 cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE @@ -121,9 +124,14 @@ leftid2, KW_LEFTID2 leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 leftrsasigkey, KW_LEFTRSASIGKEY +<<<<<<< HEAD +leftcert, KW_LEFTCERT, +leftcert2, KW_LEFTCERT2, +======= leftcert, KW_LEFTCERT leftcert2, KW_LEFTCERT2 leftcertpolicy, KW_LEFTCERTPOLICY +>>>>>>> upstream/4.5.1 leftsendcert, KW_LEFTSENDCERT leftca, KW_LEFTCA leftca2, KW_LEFTCA2 @@ -147,7 +155,10 @@ rightauth2, KW_RIGHTAUTH2 rightrsasigkey, KW_RIGHTRSASIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 +<<<<<<< HEAD +======= rightcertpolicy, KW_RIGHTCERTPOLICY +>>>>>>> upstream/4.5.1 rightsendcert, KW_RIGHTSENDCERT rightca, KW_RIGHTCA rightca2, KW_RIGHTCA2 diff --git a/src/starter/starter.8 b/src/starter/starter.8 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/src/starter/starter.8 diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index f251667c7..45d407384 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -171,7 +171,10 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->id2 = push_string(msg, conn_end->id2); msg_end->cert = push_string(msg, conn_end->cert); msg_end->cert2 = push_string(msg, conn_end->cert2); +<<<<<<< HEAD +======= msg_end->cert_policy = push_string(msg, conn_end->cert_policy); +>>>>>>> upstream/4.5.1 msg_end->ca = push_string(msg, conn_end->ca); msg_end->ca2 = push_string(msg, conn_end->ca2); msg_end->groups = push_string(msg, conn_end->groups); @@ -267,7 +270,10 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mark_in.mask = conn->mark_in.mask; msg.add_conn.mark_out.value = conn->mark_out.value; msg.add_conn.mark_out.mask = conn->mark_out.mask; +<<<<<<< HEAD +======= msg.add_conn.tfc = conn->tfc; +>>>>>>> upstream/4.5.1 starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index d621f21ca..978841438 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -197,7 +197,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -236,8 +242,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index a88fa10d7..4d1b8e7db 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -197,6 +197,8 @@ static int terminate_connection_srcip(char *start, char *end) return send_stroke_msg(&msg); } +<<<<<<< HEAD +======= static int rekey_connection(char *name) { stroke_msg_t msg; @@ -207,6 +209,7 @@ static int rekey_connection(char *name) return send_stroke_msg(&msg); } +>>>>>>> upstream/4.5.1 static int route_connection(char *name) { stroke_msg_t msg; @@ -286,8 +289,11 @@ static int reread(stroke_keyword_t kw) static int purge_flags[] = { PURGE_OCSP, PURGE_IKE, +<<<<<<< HEAD +======= PURGE_CRLS, PURGE_CERTS, +>>>>>>> upstream/4.5.1 }; static int purge(stroke_keyword_t kw) @@ -385,10 +391,13 @@ static void exit_usage(char *error) printf(" stroke rereadsecrets|rereadcrls|rereadall\n"); printf(" Purge ocsp cache entries:\n"); printf(" stroke purgeocsp\n"); +<<<<<<< HEAD +======= printf(" Purge CRL cache entries:\n"); printf(" stroke purgecrls\n"); printf(" Purge X509 cache entries:\n"); printf(" stroke purgecerts\n"); +>>>>>>> upstream/4.5.1 printf(" Purge IKE_SAs without a CHILD_SA:\n"); printf(" stroke purgeike\n"); printf(" Export credentials to the console:\n"); @@ -459,6 +468,8 @@ int main(int argc, char *argv[]) } res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL); break; +<<<<<<< HEAD +======= case STROKE_REKEY: if (argc < 3) { @@ -466,6 +477,7 @@ int main(int argc, char *argv[]) } res = rekey_connection(argv[2]); break; +>>>>>>> upstream/4.5.1 case STROKE_ROUTE: if (argc < 3) { @@ -514,8 +526,11 @@ int main(int argc, char *argv[]) res = reread(token->kw); break; case STROKE_PURGE_OCSP: +<<<<<<< HEAD +======= case STROKE_PURGE_CRLS: case STROKE_PURGE_CERTS: +>>>>>>> upstream/4.5.1 case STROKE_PURGE_IKE: res = purge(token->kw); break; diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index b43f4b475..3b2426a42 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -54,12 +54,21 @@ struct stroke_token { stroke_keyword_t kw; }; +<<<<<<< HEAD +#define TOTAL_KEYWORDS 34 +#define MIN_WORD_LENGTH 2 +#define MAX_WORD_LENGTH 15 +#define MIN_HASH_VALUE 3 +#define MAX_HASH_VALUE 39 +/* maximum key range = 37, duplicates = 0 */ +======= #define TOTAL_KEYWORDS 37 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 15 #define MIN_HASH_VALUE 2 #define MAX_HASH_VALUE 42 /* maximum key range = 41, duplicates = 0 */ +>>>>>>> upstream/4.5.1 #ifdef __GNUC__ __inline @@ -75,6 +84,34 @@ hash (str, len) { static const unsigned char asso_values[] = { +<<<<<<< HEAD + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 18, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 0, 4, 1, + 1, 0, 40, 17, 40, 20, 40, 3, 0, 40, + 40, 12, 19, 40, 6, 3, 20, 12, 40, 40, + 10, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, + 40, 40, 40, 40, 40, 40 +======= 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, @@ -101,6 +138,7 @@ hash (str, len) 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43 +>>>>>>> upstream/4.5.1 }; register int hval = len; @@ -125,6 +163,20 @@ hash (str, len) static const struct stroke_token wordlist[] = { +<<<<<<< HEAD + {"add", STROKE_ADD}, + {"del", STROKE_DEL}, + {"down", STROKE_DOWN}, + {"leases", STROKE_LEASES}, + {"listall", STROKE_LIST_ALL}, + {"loglevel", STROKE_LOGLEVEL}, + {"listcrls", STROKE_LIST_CRLS}, + {"listacerts", STROKE_LIST_ACERTS}, + {"route", STROKE_ROUTE}, + {"listaacerts", STROKE_LIST_AACERTS}, + {"listcacerts", STROKE_LIST_CACERTS}, + {"up", STROKE_UP}, +======= {"up", STROKE_UP}, {"add", STROKE_ADD}, {"del", STROKE_DEL}, @@ -136,12 +188,31 @@ static const struct stroke_token wordlist[] = {"listaacerts", STROKE_LIST_AACERTS}, {"listcacerts", STROKE_LIST_CACERTS}, {"statusall", STROKE_STATUSALL}, +>>>>>>> upstream/4.5.1 {"rereadall", STROKE_REREAD_ALL}, {"listcerts", STROKE_LIST_CERTS}, {"rereadcrls", STROKE_REREAD_CRLS}, {"rereadacerts", STROKE_REREAD_ACERTS}, {"rereadaacerts", STROKE_REREAD_AACERTS}, {"rereadcacerts", STROKE_REREAD_CACERTS}, +<<<<<<< HEAD + {"status", STROKE_STATUS}, + {"rereadsecrets", STROKE_REREAD_SECRETS}, + {"listocsp", STROKE_LIST_OCSP}, + {"statusall", STROKE_STATUSALL}, + {"listalgs", STROKE_LIST_ALGS}, + {"exportx509", STROKE_EXPORT_X509}, + {"delete", STROKE_DELETE}, + {"listocspcerts", STROKE_LIST_OCSPCERTS}, + {"purgeocsp", STROKE_PURGE_OCSP}, + {"purgeike", STROKE_PURGE_IKE}, + {"unroute", STROKE_UNROUTE}, + {"listcainfos", STROKE_LIST_CAINFOS}, + {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}, + {"listpubkeys", STROKE_LIST_PUBKEYS}, + {"down-srcip", STROKE_DOWN_SRCIP}, + {"listgroups", STROKE_LIST_GROUPS} +======= {"leases", STROKE_LEASES}, {"unroute", STROKE_UNROUTE}, {"listocsp", STROKE_LIST_OCSP}, @@ -162,14 +233,21 @@ static const struct stroke_token wordlist[] = {"loglevel", STROKE_LOGLEVEL}, {"listgroups", STROKE_LIST_GROUPS}, {"purgecerts", STROKE_PURGE_CERTS} +>>>>>>> upstream/4.5.1 }; static const short lookup[] = { +<<<<<<< HEAD + -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, 33 +======= -1, -1, 0, 1, 2, 3, -1, 4, 5, 6, -1, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, -1, -1, 35, 36 +>>>>>>> upstream/4.5.1 }; #ifdef __GNUC__ diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index ff2ba36ef..76f6c1be3 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -25,7 +25,10 @@ typedef enum { STROKE_UP, STROKE_DOWN, STROKE_DOWN_SRCIP, +<<<<<<< HEAD +======= STROKE_REKEY, +>>>>>>> upstream/4.5.1 STROKE_LOGLEVEL, STROKE_STATUS, STROKE_STATUSALL, @@ -49,8 +52,11 @@ typedef enum { STROKE_REREAD_CRLS, STROKE_REREAD_ALL, STROKE_PURGE_OCSP, +<<<<<<< HEAD +======= STROKE_PURGE_CRLS, STROKE_PURGE_CERTS, +>>>>>>> upstream/4.5.1 STROKE_PURGE_IKE, STROKE_EXPORT_X509, STROKE_LEASES, diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index dafd1ab08..fcc2ba558 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -32,7 +32,10 @@ unroute, STROKE_UNROUTE up, STROKE_UP down, STROKE_DOWN down-srcip, STROKE_DOWN_SRCIP +<<<<<<< HEAD +======= rekey, STROKE_REKEY +>>>>>>> upstream/4.5.1 loglevel, STROKE_LOGLEVEL status, STROKE_STATUS statusall, STROKE_STATUSALL @@ -56,8 +59,11 @@ rereadacerts, STROKE_REREAD_ACERTS rereadcrls, STROKE_REREAD_CRLS rereadall, STROKE_REREAD_ALL purgeocsp, STROKE_PURGE_OCSP +<<<<<<< HEAD +======= purgecrls, STROKE_PURGE_CRLS purgecerts, STROKE_PURGE_CERTS +>>>>>>> upstream/4.5.1 purgeike, STROKE_PURGE_IKE exportx509, STROKE_EXPORT_X509 leases, STROKE_LEASES diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 3af2b7042..b5fdacc00 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -107,10 +107,13 @@ enum purge_flag_t { PURGE_OCSP = 0x0001, /** purge IKE_SAs without a CHILD_SA */ PURGE_IKE = 0x0002, +<<<<<<< HEAD +======= /** purge CRL cache entries */ PURGE_CRLS = 0x0004, /** purge X509 cache entries */ PURGE_CERTS = 0x0008, +>>>>>>> upstream/4.5.1 }; typedef enum export_flag_t export_flag_t; @@ -149,7 +152,10 @@ struct stroke_end_t { char *ca; char *ca2; char *groups; +<<<<<<< HEAD +======= char *cert_policy; +>>>>>>> upstream/4.5.1 char *updown; char *address; u_int16_t ikeport; @@ -188,8 +194,11 @@ struct stroke_msg_t { STR_TERMINATE, /* terminate connection by peers srcip/virtual ip */ STR_TERMINATE_SRCIP, +<<<<<<< HEAD +======= /* rekey a connection */ STR_REKEY, +>>>>>>> upstream/4.5.1 /* show connection status */ STR_STATUS, /* show verbose connection status */ @@ -222,7 +231,11 @@ struct stroke_msg_t { /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */ struct { char *name; +<<<<<<< HEAD + } initiate, route, unroute, terminate, status, del_conn, del_ca; +======= } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca; +>>>>>>> upstream/4.5.1 /* data for STR_TERMINATE_SRCIP */ struct { @@ -248,7 +261,10 @@ struct stroke_msg_t { int proxy_mode; int install_policy; u_int32_t reqid; +<<<<<<< HEAD +======= u_int32_t tfc; +>>>>>>> upstream/4.5.1 crl_policy_t crl_policy; int unique; diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in index b51056a38..7bab6b6e8 100644 --- a/src/whack/Makefile.in +++ b/src/whack/Makefile.in @@ -196,7 +196,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -235,8 +241,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ |